Threads for gerikson

  1. 5

    It seems to me like everything that would fit in ‘fediverse’ would also fit under a broader ‘social media’ tag. So why not that? They’re alike in their potential for discussion about all kinds of nerd topics, they’re both made out of computer, they have the same problems categorically.

    I think we can agree that ‘social media’ wouldn’t be a good tag to add, but it’d certainly be welcome if there was a post about, say, why Twitter wasn’t going to immediately break even after errywon got fired. That fits because it is appropriate for other tags. Imagine an article that is appropriate for ‘social media’ but not for any other tags. Bad fit, right?

    Is there a difference between ‘fediverse’ and ’social media’ that would make an article with only that tag be a good fit?

    1. 16

      Personally I would rather see an ActivityPub tag, it’s much more technical and has narrower focus. I’m not sure if we’d have enough stories for it, though.

      1. 7

        But what about the dozens of people using Diaspora and Ostatus?

        1.  

          That’s not very Zot of you.

          1.  

            I mean I considered including Zot but there’s only red links about it on the wiki article.

            And in fact, searching for “Zot” here turns up this comment, pointing to a repo site that’s currently closed for new acccounts: https://framagit.org/zot/zap/blob/master/spec/Zot6/Messages.md

            This seems to be the canonical site: https://getzot.com/, which is empty.

    1. 26

      Makes sense to me. Given that it’s a topic with interest that’s only about to grow.

      1. 4

        I’m all for a tag, but I suspect that normies aren’t going to stay on the fediverse. They’ll either go back to Twitter or some other corporate social media product. Fediverse just feels like people and bots shouting into the void with relatively little interaction/diaglogue. I’m sure you can curate your experience, but I don’t think most people want to go through the hassle. My suspicion is that the Fediverse enthusiasm will fade in a few months.

        1. 11

          Fediverse just feels like people and bots shouting into the void with relatively little interaction/diaglogue.

          I have the complete opposite experience. Maybe you are holding it wrong?

          My suspicion is that the Fediverse enthusiasm will fade in a few months.

          How is that relevant at all? We have tags for fortran or dragonflybsd which are niches of niches sure we can have one for fediverse.

          1.  

            I have the complete opposite experience. Maybe you are holding it wrong?

            Maybe? I’ve tried it a lot on several different servers over the years, and tried to make it work, but there was rarely any interaction.

            How is that relevant at all? We have tags for fortran or dragonflybsd which are niches of niches sure we can have one for fediverse.

            My post literally opened with “I’m all for a tag”. 🙄 This bit was relevant because the parent claimed that fediverse was going to continue growing in popularity, and I was expressing that it’s unlikely to continue growing in popularity beyond the next month or two. You’re welcome to disagree, but I’m still on-topic.

          2. 4

            What do you mean by “normies”, if I might ask?

            1. 6

              I assumed “normal people”/Non-tech people.

              1.  

                People who stick to the mainstream as it pertains to some dimension. In this case the dimension is social media platforms, but it could be politics or something else.

                1.  

                  It is pseudo elitist speak of people who define their identity via the obscure technologies they use.

                  1.  

                    It’s also popular among racists and otherwise antisocial online communities.

                    1.  

                      You know who else drinks water? Hitler.

                      It’s a common phrase all over the Internet. I’m sure some racist somewhere has used it, but that doesn’t imply that it’s particularly affiliated with racists.

                      1.  

                        Indeed; I’ve also heard it in LGBT+ & neurodivergent communities a fair bit.

                        It more broadly suggests “yes, we’re different, and that’s not a bad thing (maybe even a good one).”

                      2.  

                        I get that terms like “normie”, “muggle”, or “civilian” may be derogatory depending on context but I’m curious: what racist & antisocial groups are using that term, and what groups do they target with it?

                        1.  

                          I found this paper by googling “how to redpill normies”

                          Redpilling Normies: An Ethnography of Alt-Right 4chan Discourse.

                          Sounds like it should be a good entry point for your research.

                          1.  

                            It really got moving on 4chan. Now, some people will say that not everyone on 4chan is that way, but if someone made a racist joke at Thanksgiving dinner and you laughed, it’s both of you. I don’t break bread with those types, personally.

                1.  

                  This is the same project as described in https://lobste.rs/s/qingh6/efficient_activitypub_server_for_small so this submission can be folded into that. @pushcx

                  1. 8

                    “ To quote publicly available data, by 2020, we had around 2000 engineers with 20M lines of hand-written code (10x more including the generated code) in the monorepo alone, ”

                    Every time I read stats like this I think - surely there must be a better way to write software!

                    1. 6

                      I agree! I hear a lot of good things about twitter’s culture (before Musk took over, that is). A kernel team, a culture of excellence, etc. But honestly, the actual service they offer is hosting a bunch of tweets, pictures, and videos. Their site fails to work very regularly.

                      Surely there must be some challenges with scaling, but from the outside it just seems very crappy.

                      1. 19

                        I haven’t experienced a significant Twitter outage in years.

                        I think you underestimate the challenges of running a near real-time many-to-many messaging service, to be honest.

                        1. 12

                          I think you underestimate the challenges of running a near real-time many-to-many messaging service, to be honest.

                          And an analytics platform, a (very) high-volume data API platform for data customers, multiple search systems (some are paid-access only), an advertising platform, a content moderation system (across many countries, in compliance with local laws), probably a copyright infringement system, anti-abuse systems, internal monitoring and reporting, mobile applications, internationalization and localization systems, …

                          People have this incredibly reductive view of what Twitter, in particular, actually does, that I find really frustrating. It’s not simple.

                          1. 4

                            People have this incredibly reductive view of what Twitter, in particular, actually does

                            I have a vague memory of, possibly, a JWZ thing where he points out that browsers are huge now because, whilst you only use 10% of the functionality, B uses a different 10%, C uses a different 10% again, etc., and that leads to a complex system which is, by necessity, big.

                            (But I cannot currently find the article / rant itself.)

                          2. 4

                            Nothing should require 20 million lines of code to accomplish.

                            1. 8

                              Why not?

                            2. 2

                              Not an outage but we’ve all experienced breakage.

                              1.  

                                I’m starting to have weird issues on my “Latest Tweets” timeline since a few days (on mobile).

                                1.  

                                  I am excluding issues after the Musk takeover.

                            3. 4

                              So happy you said this. It seems like FAANGs get praised for their scale, when really it’s a completely pathological case of inefficiency that requires that many engineers to begin with. There is a better way, we can’t give up on that.

                              What’s interesting is that works out to 10,000 LOC per engineer, which doesn’t sound like much but realistically how much code can a single human actually comprehend? LOC is not useful in many ways, but there is certainly an upper bound on how many LOC a human brain can reasonably work with.

                              1. 5

                                You can definitely write something that provides similar functionality in much fewer lines of code. I guarantee you won’t enjoy the on-call rotations, though.

                                1. 2

                                  We just had a post from someone who has a game with 58,000 LOC so 10,000 is likely to small: https://lobste.rs/s/lsspr7/porting_58000_lines_d_c_jai_part_0_why_how

                                2. 3

                                  I think the first step is to understand why it’s 20M lines in the first place. Is it lots of test code? Sad-path handling? Boilerplate? Features? Regulatory compliance? Maybe most of it actually is necessary!

                                  1.  

                                    They had a kernel team and their own linux fork. I would bet on them having multiple MLoC of other forked / vendored deps too.

                                  2.  

                                    It seems so, but I think it’s largely an illusion. Of course at 20M there’s probably a few M lines of code that could be cut, but I don’t think you could easily reduce it by an order of magnitude without losing something important.

                                    Just like institutions grow bureaucratic processes out of past pains and failures, they grow code out of past pains and reaching breaking points with simple or out-of-the-box solutions.

                                    For example, the original Twitter may have used off-the-shelf memcached, but grew to the point that its limitations around cache fragmentation and eviction strategies that don’t matter for most users, did matter to Twitter. Suddenly it’s a big step: from “just install memcached” it becomes “develop and maintain a custom cache cluster tuned to your workload”. Repeat that a few times, and you have millions lines of code that seem like they could be replaced with “simple” solutions, but actually everything would fall over if you tried.

                                    Apart from scalability/performance, also resilience is a code multiplier. You not only develop feature X, but also error handling, lots of error handling, automated tests, healthchecks, fallbacks for every failure scenario, error handling for the fallbacks, rate limiting and circuit breakers for errors to avoid cascading failures, monitoring and logging, aggregation and alerting for the monitoring, and supporting infra for all of the extra code and tooling.

                                  1. 4

                                    I loved everything about this - the cars, the constant smoking, the punched cards, the paperwork, casual littering… well worth your time.

                                    1. 4

                                      obvious solution is just email right? and you can link it from the web page with mailto:

                                        1. 1

                                          fediverse is architecturally similar to email, with each party having a provider who may store metadata. so you have to weigh the risks introduced by email clients against the risk of using new JavaScript crypto implementations.

                                          1. 1

                                            Or just move the private messaging to Signal.

                                            1. 4

                                              Signal has an instant-messaging UX, which is different from a mail UX and not suitable for the same use cases. Also, key management is lacking: I can change my phone whenever, and the worst my recipient will get is a small note saying “oh by the way Loup changed its phone”, without explicitly warning them that my previous keys are now invalid, and they probably want to authenticate me all over again.

                                              Oh, and Signal requires your phone number. They try their hardest not to misuse it, but that’s still a deal breaker for some people.

                                              1. 1

                                                We’re discussing direct messages here, which are a good fit for Signal.

                                                The way I see it, for E2EE DMs in fedi, we have

                                                1. the proposal from @soatak (to be implemented)
                                                2. Signal/Whatsapp side-band
                                                3. encrypted email that works (still haven’t been informed what that is)

                                                ….

                                                99. security LARPing using PGP.

                                                1. 3

                                                  You mean short direct messages?

                                                  Signal is explicitly only distributed through official palmtop stores (Google’s or Apple’s), to get it anywhere else you are supposed to compile it yourself. This means a phone keyboard and a small screen.

                                                  1. 1

                                                    Any future solution has to be mobile first for any meaningful mass adoption.

                                                    I already see people referring to Mastodon, like Twitter before it, as “an app”.

                                                    1. 6

                                                      My point is, Signal is mobile only.

                                                      1. 4

                                                        Signal has desktop apps for Mac, Windows, and Linux. It needs a mobile to create an account, because they outsource identity management to the phone network, but you can still use it on a big computer with a keyboard. Video conferencing also works on the desktop app.

                                                        1. 5

                                                          It’s not just the phone network. They only have apps for the ‘primary’ application on Android and iOS. You can’t use a Linux phone, KaiOS, etc. I very much dislike giving into this duopoly. As such, I don’t think it’s as suitable as folks act (and I’m someone that convince friends and family to use Signal to get them off of Messenger, LINE, and SMS).

                                                          1. 1

                                                            Oh… I stand corrected then.

                                                            1. 1

                                                              Thise aren’t real apps, they forward everything through the phone, and can’t access message history at all.

                                                              1. 1

                                                                Uh, no. I can use the Signal app on my desktop and on my iPad when my phone is turned off. I can send and receive messages and use voice and video calling, and inspect my message history, all without my phone being turned on.

                                                                The desktop apps do not get copies of messages sent before they were trusted. This is also true of the mobile apps, because Signal does not store message history server side and so you need to back it up and restore it to the new device. Until very recently, the backups were tied to a specific app, so you couldn’t move between Android and iOS and keep message history. That is now fixed for the mobile apps but there is not yet a mechanism for importing message history into the desktop apps.

                                                                Everything that you said is true of the WhatsApp desktop clients.

                                                                1. 1

                                                                  Everything that you said is true of the WhatsApp desktop clients.

                                                                  That hasn’t been true in a long while, those can run without your phone nowadays, and get full message history.

                                                                  Considering I have to re-pair the Signal Desktop app every single day, because it claims it’s been too long, I get no message history on Signal Desktop at all. I’ve moved entirely away from Signal because it’s utterly unusable.

                                                                  1. 2

                                                                    Considering I have to re-pair the Signal Desktop app every single day, because it claims it’s been too long, I get no message history on Signal Desktop at all. I’ve moved entirely away from Signal because it’s utterly unusable.

                                                                    Have you filed a bug report? I have the Signal deskop on two Windows PCs and a Mac, and the Signal iPad client installed. I needed to re-pair when I put my phone through the washing machine by mistake, but the only messages that aren’t in my history on the other devices are the handful that were received in between installing Signal on the new phone and re-pairing the other devices. I don’t know what’s going wrong for you, but I can confirm that this is not a problem that I have encountered, or seen anyone else encounter, so you’d be likely get help on the issue tracker if you can help narrow down the root cause.

                                                                    1. 1

                                                                      From what I can tell from my own debugging, it’s intended behavior. If you stop using a device for a few days/weeks, it’s supposed to automatically log you out.

                                                                      It just so happens that I’ve got many devices logged into signal, and only open signal desktop when I actually need to read/write messages, which can be several weeks apart for a single device.

                                                            2. 1

                                                              This will still cover maybe 90% of use cases.

                                                              Anyway, what working encrypted email solutions exist?

                                                              1. 2

                                                                Nothing. And from the look of it nothing ever will. But I do believe we could have a similar UX experience to email (federated servers & native clients), only secure. The Fediverse actually looks promising, though I know very little of it.

                                                                1. 3

                                                                  I think if we manage to pull off E2EE in the fediverse, those solutions can be applied to email as well!

                                                                  1. 2

                                                                    seems more natural to start with email, rather than something like mastodon which bundles a lot more cuntionality.

                                                        2. 3

                                                          How about using matrix? The protocol supports E2EE and handles federated servers much better than Signal. And it’s free software.

                                                          1. 5

                                                            Everyone keeps suggesting Matrix, but I strongly urge everyone to read up on the design flaws and reconsider strongly.

                                                            1. 2

                                                              What about OMEMO?

                                                              1. 2

                                                                I’d rather implement MLS.

                                                              2. 1

                                                                Most of those findings are implementation bugs and have already been fixed. Genuine issues in the spec are rare, and afaik already being worked.

                                                                A new matrix implementation integrated into mastodon would be unlikely to make the same implementation mistakes.

                                                        3. 1

                                                          you can’t use Signal if you don’t have a smartphone.

                                                    2. 1

                                                      Um, you just used the word “email” in a thread about security. 🤯

                                                      (I know about PGP and S/MIME, but the fraction of people using those, or able to install them without expert help, is indistinguishable from 0.0.)

                                                    1. 28

                                                      Why Twitter didn’t go down … yet

                                                      I was hoping for some insights into the failure modes and timelines to expect from losing so many staff.

                                                      This thread https://twitter.com/atax1a/status/1594880931042824192 has some interesting peeks into some of the infrastructure underneath Mesos / Aurora.

                                                      1. 12

                                                        I also liked this thread a lot: https://twitter.com/mosquitocapital/status/1593541177965678592

                                                        And yesterday it was possible to post entire movies (in few-minute snippets) in Twitter, because the copyright enforcement systems were broken.

                                                        1. 5

                                                          That tweet got deleted. At this point it’s probably better to archive them and post links of that.

                                                          1. 11

                                                            It wasn’t deleted - there’s an ongoing problem over the last few days where the first tweet of a thread doesn’t load on the thread view page. The original text of the linked tweet is this:

                                                            I’ve seen a lot of people asking “why does everyone think Twitter is doomed?”

                                                            As an SRE and sysadmin with 10+ years of industry experience, I wanted to write up a few scenarios that are real threats to the integrity of the bird site over the coming weeks.

                                                            1. 12

                                                              It wasn’t deleted - there’s an ongoing problem over the last few days where the first tweet of a thread doesn’t load on the thread view page.

                                                              It’s been a problem over the last few weeks at least. Just refresh the page a few times and you should eventually see the tweet. Rather than the whole site going down at once, I expect these kinds of weird problems will start to appear and degrade Twitter slowly over time. Major props to their former infrastructure engineers/SREs for making the site resilient to the layoffs/firings though!

                                                              1. 2

                                                                Not only to the infra/SREs but also to the backend engineers. Much of the built-in fault-tolerance of the stack was created by them.

                                                            2. 2

                                                              https://threadreaderapp.com/thread/1593541177965678592.html

                                                              I have this URL archived too, but it seems to still be working.

                                                              1. 1

                                                                hm, most likely someone would have a mastodon bridge following these accounts RT-ing :-)

                                                              2. 2

                                                                FWIW, I just tried to get my Twitter archive downloaded and I never received an SMS from the SMS verifier. I switched to verify by email and it went instantly. I also still haven’t received the archive itself. God knows how long that queue is…

                                                                1. 2

                                                                  I think it took about 2 or 3 days for my archive to arrive last week.

                                                              3. 2

                                                                oh, so they still run mesos? thought everyone had by now switched to k8s…

                                                                1. 11

                                                                  I used to help run a fairly decent sized Mesos cluster – I think at our pre-AWS peak we were around 90-130 physical nodes.

                                                                  It was great! It was the definition of infrastructure that “just ticked along”. So it got neglected, and people forgot about how to properly manage it. It just kept on keeping on with minimal to almost no oversight for many months while we got distracted with “business priorities”, and we all kinda forgot it was a thing.

                                                                  Then one day one of our aggregator switches flaked out and all of a sudden our nice cluster ended up partitioned … two, or three ways? It’s been years, so the details are fuzzy, but I do remember

                                                                  • some stuff that was running still ran – but if you had dependencies on the other end of the partition there was lots of systems failing health checks & trying to get replacements to spin up
                                                                  • Zookeeper couldn’t establish a quorum and refused to elect a new leader so Mesos master went unavailable, meaning you didn’t get to schedule new jobs
                                                                  • a whole bunch of business critical batch processes wouldn’t start
                                                                  • we all ran around like madmen trying to figure out who knew enough about this cluster to fix it

                                                                  It was a very painful lesson. As someone on one of these twitter threads posted, “asking ‘why hasn’t Twitter gone down yet?’ is like shooting the pilot and then saying they weren’t needed because the plane hasn’t crashed yet”.

                                                                  1. 7

                                                                    Twitter is well beyond the scale where k8s is a plausible option.

                                                                    1. 2

                                                                      I wonder what is the largest company that primarily runs on k8s. The biggest I can think of is Target.

                                                                      1. 3

                                                                        There’s no limit to the size of company that can run on kube if you can run things across multiple clusters. The problem comes if you routinely have clusters get big rather than staying small.

                                                                        1. 1

                                                                          Alibaba, probably.

                                                                          1. 1

                                                                            Oh, I didn’t realize that was their main platform.

                                                                          2. 1
                                                                            1. 2

                                                                              I was thinking about that too, but I’m guessing that CFA has a fraction of the traffic of Target (especially this time of year). Love those sandwiches though…

                                                                        2. 1

                                                                          Had they done so, I bet they’d already be down :D

                                                                        1. 2

                                                                          You mean mainstream internet? :)

                                                                          1. 1

                                                                            I mean the one that was developed since 1996, officially launched over a decade ago, is used by the majority of home (so non-office or servers) users on the planet, the one that didn’t run out of addresses yet, that has been supported by all major OSs for decades, the one that RIPE is telling everyone to use for over a decade.

                                                                            But it was mostly a pun on how the people that like to call everything they don’t do, cause it isn’t trendy and hyped “legacy”. But I guess with how old, widely supported, used and stable it is IPv6 is probably legacy as well.

                                                                          2. 2

                                                                            There’s a hipster internet?! I knew it!

                                                                            1. 1

                                                                              I think I was an IPv6 hipster before the term hipster was widely used. ;-)

                                                                          1. 4

                                                                            Yup, I’d be glad if it’s added. Some time ago I added my mastodon profile link in the “About” section of my profile (and just recently removed the twitter profile link). Probably a specific sequence of events occurring with greater frequency lately, I’d guess.

                                                                            BTW, my suggestion would be to call it an “ActivityPub” link, or something, because maybe the federated social platform the user wants to link is PixelFed, PeerTube, Pleroma or something else (not necessarily Mastodon). Just my $0.02.

                                                                            1. 1

                                                                              Doesn’t “Fediverse” include all ActivityPub implementations?

                                                                              1. 3

                                                                                Ideally yes, but most of the suggestions in the above linked GitHub Issue are mostly Mastodon specific.

                                                                                1. 2

                                                                                  Kiiiind of but not exactly. ActivityPub is one of four currently-noteworthy federated networks[0], and is the one that’s the most popular (and most likely to warrant linking in one’s profile). You could indeed call the link a “Fediverse” link but that makes it ambiguous as to what actual protocol/network the profile would be for. Saying ActivityPub explicitly would scope it to that specific network, ensuring potential connectivity with certainty (rather than having to click through and not knowing until you see the profile).

                                                                                  Then again, it also depends, you could totally just call it “Fediverse profile”. The only downside being that occasionally someone might be surprised when it’s a Diaspora profile rather than Mastodon, for example. Not a big deal, but for me I prefer to just make it very explicit, reducing uncertainty. /shrug

                                                                                  1. 1

                                                                                    Thanks for expanding. I see your point.

                                                                                    I believe you’ve missed a reference as you have included a ‘[0]’ footnote reference that’s not pointing to anything.

                                                                                    1. 2

                                                                                      haha sorry! This is why I usually add the links the moment I make a reference to them! :’D

                                                                                      The link was supposed to be to: https://en.wikipedia.org/wiki/Fediverse

                                                                              1. 21

                                                                                Oh is it time to hype dsls again? That makes sense as we’re starting to all get a little embarrassed about the levels of hype for functional programming.

                                                                                I guess next we’ll be hyping up memory safe object oriented programming.

                                                                                1. 16

                                                                                  I’m just sitting here with my Java books waiting for the pendulum to swing back…

                                                                                  1. 9

                                                                                    I’m going to go long on eiffel books.

                                                                                    1. 5

                                                                                      I think a language heavily inspired by Eiffel, while fixing all of its (many, many) dumb mistakes, could go really far.

                                                                                      1. 2

                                                                                        I’ve just started learning Eiffel and like what ive seen so far, just curious what do you consider its mistakes?

                                                                                        1. 8
                                                                                          1. CAT-calling
                                                                                          2. Bertrand Meyer’s absolute refusal to use any standard terminology for anything in Eiffel. He calls nulls “voids”, lambdas “agents”, modules “clusters”, etc.
                                                                                          3. Also his refusal to adopt any PL innovations past 1995, like all the contortions you have to do to get “void safety” (null safety) instead of just adding some dang sum types.
                                                                                        2. 1

                                                                                          Racket!

                                                                                    2. 14

                                                                                      I, personally, very much doubt full on OOP will ever come back in the same way it did in the 90s and early 2000s. FP is overhyped by some, but “newer” languages I’ve seen incorporate ideas from FP and explicitly exclude core ideas of OOP (Go, Zig, Rust, etc.).

                                                                                      1. 5

                                                                                        I mean, all of those languages have a way to do dynamic dispatch (interfaces in Go, trait objects in Rust, vtables in Zig as of 0.10).

                                                                                        1. 13

                                                                                          And? They also all support first-class functions from FP but nobody calls them FP languages. Inheritance is the biggest thing missing, and for good reason.

                                                                                          1. 12

                                                                                            This, basically. Single dynamic dispatch is one of the few things from Java-style OO worth keeping. Looking at other classic-OO concepts: inheritance is better off missing most of the time (some will disagree), classes as encapsulation are worse than structs and modules, methods don’t need to be attached to classes or defined all in one batch, everything is not an object inheriting from a root object… did I miss anything?

                                                                                            Subtyping separate from inheritance is a useful concept, but from what I’ve seen the world seldom breaks down into such neat categories to make subtyping simple enough to use – unsigned integers are the easiest example. Plus, as far as I can tell it makes most current type system math explode. So, needs more theoretical work before it wiggles back into the mainstream.

                                                                                            1. 8

                                                                                              I’ve been thinking a lot about when inheritance is actually a good idea, and I think it comes down to two conditions:

                                                                                              1. The codebase will instantiate both Parent and Child objects
                                                                                              2. Anything that accepts a Parent will have indistinguishable behavior when passed a Child object (LSP).

                                                                                              IE a good use of Inheritance is to subclass EventReader with ProfiledEventReader.

                                                                                              1. 10

                                                                                                Take a cookie from a jar for using both LSP and LSP in a single discussion!

                                                                                                1. 4

                                                                                                  Inheritance can be very useful when it’s decoupled from method dispatch.

                                                                                                  Emacs mode definitions are a great example. Nary a class nor a method in sight, but the fact that markdown-mode inherits from text-mode etc is fantastically useful!

                                                                                                  On the other hand, I think it’s fair to say that this is so different from OOP’s definition of inheritance that using the same word for it is just asking for confusion. (I disagree but it’s a reasonable argument.)

                                                                                                  1. 2

                                                                                                    Inheritance works wonderfully in object systems with multiple dispatch, although I’m not qualified to pinpoint what is it that makes them click together.

                                                                                                    1. 1

                                                                                                      I’ve lately come across a case where inheritance is a Good Idea; if you’re plotting another of your fabulous blog posts on this, I’m happy to chat :)

                                                                                                      1. 1

                                                                                                        My impression is that inheritance is extremely useful for a peculiar kind of composition, namely open recursion. For example, you write some sort of visitor-like pattern in a virtual class, then inherit it, implement the visit method or what have you, and use this to recurse between the abstract behavior of traversing some structure, and your use-case-specific code. Without recursion you have to basically reimplement a vtable by hand and it sucks.

                                                                                                        Well, that’s my only use of inheritance in OCaml. Most of the code is just functions, sum types, records, and modules.

                                                                                                        1. 1

                                                                                                          Forrest for the trees? When you want to create a framework that has default behaviour that can be changed, extended or overridden?

                                                                                                        2. 4
                                                                                                          • obj.method syntax for calling functions — a decent idea worth keeping.
                                                                                                          • bundling behavior, mutable state, and identity into one package — not worth doing unless you are literally Erlang.
                                                                                                          1. 3

                                                                                                            IMO there is a fundamental difference between Erlang OO and Java OO to the point that bringing them up in the same conversation is rarely useful. Erlang actively discourages you from having pellets of mutable state scattered around your program: sure, threads are cheap, but that state clump is still a full-blown thread you need to care for. It needs rules on supervision, it needs an API of some kind to communicate, etc, etc. Erlang is at it’s best when you only use threads when you are at a concurrency boundary, and otherwise treat it as purely functional. Java, in contrast, encourages you to make all sorts of objects with mutable state all over the place in your program. I’d wager that MOST non-trivial methods in Java contain the “new” keyword. This results in a program with “marbled” state, which is difficult to reason about, debug, or apply any kind of static analysis to.

                                                                                                          2. 2

                                                                                                            In all honesty, you sound quite apologetic to what could be arguably considered objectively bad design.

                                                                                                            Attaching methods to types essentially boils down to scattering data (state) all over the code and writing non pure functions. Why honestly cannot understand how anyone would think this is a good idea. Other than being influenced by trends or cults or group thinking.

                                                                                                            Almost the same could be said about inheritance. Why would fiting a data model in a unique universal tree be a good idea? Supposedly to implicitly import functionality from parent classes without repeating yourself. Quite a silly way to save a line of code. Specially considering the languages that do it are rather verbose.

                                                                                                            1. 4

                                                                                                              Why honestly cannot understand how anyone would think this is a good idea. Other than being influenced by trends or cults or group thinking.

                                                                                                              Here’s a pro tip that has served me well over many years. Whenever I see millions of otherwise reasonable people doing a thing that is obviously a terribly stupid idea, it is always a lack of understanding on my part about what’s going on. Either I am blind to all of the pros of what they are doing and only see the cons, or what they’re doing is bad at one level but good at a different level in a way that outbalances it, or they are operating under constraints that I don’t see or pretend can be ignored, or something else along those lines.

                                                                                                              Billions of lines of successful shipped software have been written in object-oriented languages. Literally trillions of dollars of economic value have been generated by this software. Millions of software developers have spent decades of their careers doing this. The though that they are all under some sort of collective masochistic delusion simply does pass Hanlon’s Razor.

                                                                                                              1. 1

                                                                                                                To be honest, the more I study OOP (or rather, the hodgepodge of features and mechanisms that are claimed by various groups to be OOP), the less room I see for a genuine advantage.

                                                                                                                Except one: instantiation.

                                                                                                                Say you have a piece of state, composed of a number of things (say a couple integers, a boolean and a string), that represent some coherent whole (say the state of a lexer). The one weird trick is that instead of letting those be global variables, you put them in a struct. And now you can have several lexers running at the same time, isn’t that amazing?

                                                                                                                Don’t laugh, before OOP was popular very prominent people thought it was a good idea to have global state in Lex, Yacc, or error handling (errno). So here’s my current guess: the success we attribute to OOP doesn’t really come from any of its overly hyped features. It comes from a couple very mundane, yet very good programming practices it adopted along the way. People attributed to the hyped stuff (such as inheritance) a success they have earned mostly by avoiding global variables.

                                                                                                                Abstract data types are amazing, and used everywhere for decades, including good old C. The rest of OOP though? Contextual at best.

                                                                                                              2. 3

                                                                                                                Many decisions are only clearly good or bad in retrospect.

                                                                                                            2. 6

                                                                                                              Inheritance is the biggest thing missing, and for good reason.

                                                                                                              That reason being “inheritance was the very first mechanism for subtyping, ADTs, and code-reuse, and people using it got ideas for better mechanisms from it.” ;)

                                                                                                              1. 1

                                                                                                                Exactly!

                                                                                                              2. 3

                                                                                                                The first versions of Simula and Smalltalk didn’t have inheritance either. Self and other prototypal object-oriented languages don’t use traditional inheritance either. We still call all of them object-oriented.

                                                                                                                Honestly, it’s well beyond time that we retire all programming language paradigm terms. Modern languages simply aren’t organized into paradigms they way older simpler languages were.

                                                                                                                It’s like we’re looking at a Honda Accord and arguing over whether it’s a penny farthing or a carriage. The taxonomy no longer makes sense.

                                                                                                            3. 1

                                                                                                              Ah yes and that’s why it’s ripe to have a come back. :)

                                                                                                              Seriously though I expect that the next incarnation will be “oop without inheritance” or something. Probably combined with some large corporation “inventing” gc-less memory management.

                                                                                                              1. 2

                                                                                                                The good parts of OOP never really left. We already have that exact language: Rust. It has formal interfaces (Traits), encapsulation, polymorphism, and gc-less memory management.

                                                                                                                1. 10

                                                                                                                  The main thing about OOP that needs to die is the idea that OOP is a coherent concept worth discussing on its own. Talk about the individual concepts as independent things! It’s much more productive.

                                                                                                                  1. 1

                                                                                                                    Talk about the individual concepts as independent things!

                                                                                                                    IMO OOP these days really means inheritance and an object lifecycle. All the other concepts aren’t really unique to OOP.

                                                                                                                    1. 3

                                                                                                                      I think “OOP” generally means “features of object-oriented languages that I don’t like” to a lot of people. The people using those languages don’t generally get into paradigm arguments.

                                                                                                                      (Personally, I consider inheritance to be common in OOP languages but not a particularly interesting or salient part of them. Many early OOP languages didn’t have inheritance and prototypal ones have an entirely different code reuse model.)

                                                                                                                      1. 1

                                                                                                                        For some people “OOP” means “features of languages I do like”. For instance I’ve seen people include templates/generics/parametric polymorphism and unnamed functions as core parts of OOP… having learned CamlLight (OCaml without the “O”) in college, I confessed I was quite astonished.

                                                                                                                      2. 2

                                                                                                                        You say that but it means different things to different people. I don’t disagree that your definition would be a good one if you could get people to agree on it, but I can’t assume that when other people say “OOP” that’s what they’re talking about.

                                                                                                                2. 1

                                                                                                                  I think it will come back, rediscovered as something new by a new generation disillusioned with whatever has been the cool solves-everything paradigm of the previous half decade. Perhaps this time as originally envisaged with a “Scandinavian school” modeling approach.

                                                                                                                  Of course it never left as the first choice for one genre of software… the creation of frameworks featuring default behavior that can be overridden, extended or changed.

                                                                                                                  Those languages you mention (Go, Zig, Rust) are primarily languages solving problems in the computer and data sciences, computing infrastructure and technical capability spaces. Something is going to be needed to replace or update all those complex aging ignored line-of-business systems.

                                                                                                                3. 10

                                                                                                                  There isn’t really any need to “hype” DSLs because they’re already widely used in all domains of programming:

                                                                                                                  • front end: HTML / CSS / JavaScript, and most JS web frameworks introduce a new DSL (multiple JSX-like languages, Svelte, etc.)
                                                                                                                  • back end: a bajillion SQL variants, a bazillion query languages like Redis
                                                                                                                  • builds: generating Ninja, generating Make (CMake, Meson, etc.)
                                                                                                                    • there at least 10 CI platforms with their own YAML DSLs, with vars, interpolation, control flow, etc.
                                                                                                                  • In games: little scripting languages for every popular game
                                                                                                                  • Graphics: scene description languages, shader languages
                                                                                                                  • Compilers: LLVM has its own TableGen language, languages for describing compiler optimizations and architecture (in the implementation of Go, a famously “not DSL” language), languages for describing VMs (Ruby)
                                                                                                                  • Machine Learning: PyTorch, TensorFlow, etc. (these are their own languages, on top of Python)
                                                                                                                  • Distributed computing: at least 10 MapReduce-derived frameworks/languages; there are internal DSLs in Scala for example, as well as external ones
                                                                                                                  • Mathematics and CS: Coq, Lem, etc.

                                                                                                                  All of these categories can be fractally expanded, e.g. I didn’t mention the dozens of languages here: https://github.com/oilshell/oil/wiki/Survey-of-Config-Languages – many of which are commonly used and featured on this site

                                                                                                                  If you think you don’t use DSLs, then you’re probably just working on a small part of a system, and ignoring the parts you’re not working on.

                                                                                                                  ALL real systems use tons of DSLs. I think the real issue is to mitigate the downsides

                                                                                                                  1. 1

                                                                                                                    Oh yes but at the same time if you haven’t seen the hype for DSLs then you haven’t spent long enough in the industry to go through that part of the hype cycle. DSLs are what they are and it looks like we might be entering a hype cycle where people want to make them out to be much more.

                                                                                                                    1. 3

                                                                                                                      I don’t agree, I’ve been in the industry for 20+ years, there are plenty of things more hyped than DSLs (cloud, machine learning, etc.)

                                                                                                                      DSLs are accepted standard practice, and widely used, but often poorly understood

                                                                                                                      I’m not getting much light from your comments on the subject – you’ve made 2 claims of hype with no examples

                                                                                                                      1. 2

                                                                                                                        Here’s an example of recent hype https://www.codemag.com/Article/0607051/Introducing-Domain-Specific-Languages

                                                                                                                        Here’s some hype from the year 2000 https://www.researchgate.net/publication/276951339_Domain-Specific_Languages

                                                                                                                        Arguably the hype for 4GLs was the prior iteration of that specific hype.

                                                                                                                        I’m not arguing that DSLs are bad - I’m saying that they’re one of the things on the roster of perfectly good things that periodically get trumpeted as the next big thing that will revolutionize computing. These hype cycles are characterized by attempts to make lots of DSLs when there isn’t a strong need for it or any real payoff to making a language rather than a library.

                                                                                                                  2. 4

                                                                                                                    I know it might sound a bit controversial, but the way I see it we need to reach a new level of abstraction in order for large-scale software development to be sustainable. Some people might say AI is the way forward, or some other new programming technique. Either way I don’t think we’ll get there by incrementally improving on the paradigms we have—in order to reach the next level we’ll have to drop some baggage on the way up.

                                                                                                                    1. 4

                                                                                                                      I mean, humans aren’t getting better at groking abstraction, so I don’t know that “new levels of abstraction” are the way forward. Personally, I suspect it means more rigor about the software development process–if you’re building a tall tower, maybe the base shouldn’t be built with a “move fast and break things” mentality.

                                                                                                                      1. 3

                                                                                                                        Groking abstractions isn’t the problem, at the end of the day abstractions are just making decisions for the users of an abstraction. Over-abstraction is the root of many maintainability woes IMO, the more a programmer knows what’s actually going on underneath the better, but only to the degree that it’s relevant.

                                                                                                                      2. 3

                                                                                                                        I’ve heard it before. DSLs have their place, and some people love them while others hate them. This is one of a rotating cast of concepts that you’ll eventually see rehyped in 10 years.

                                                                                                                    1. 3

                                                                                                                      I recently moved into an apartment with symmetrical 1 Gbps fiber internet so acquired an older (but still punchy!) intel NUC off ebay to sit in the fiber closet and host things. It would be fun (?) to host my own mastodon instance, but I wonder whether standing up an instance and federating with others actually makes things worse for those instances, resource-wise, compared to just setting up an account on one of them.

                                                                                                                      1. 4

                                                                                                                        I mean, it can, but federation is also sort of the point of them existing, and owning your own domain is a substantial advantage.

                                                                                                                        1. 4

                                                                                                                          You could also try one of the lighter-weight alternatives. I’ve been running a GotoSocial node out of my home for a few months and it’s only used around 100MB compared to 4GB for Mastodon. Much easier to set up too, since it’s just one self-contained binary.

                                                                                                                          1. 2

                                                                                                                            I’ve been debating doing that, but their docs right now are screaming that they’re only alpha and not to use them. What’s your take been? Not too many bugs?

                                                                                                                            1. 1

                                                                                                                              I’ve got a gotosocial up and the main thing I’ve noticed is that it seems to have weird federation / follow / etc. glitches - probably because whilst ActivityPub is a nominal standard, people seem to have implemented things differently (basically “implement the Mastodon API”). e.g. I can’t find one of my Pleroma accounts from the gotosocial one; the follow I have to a Mastodon server doesn’t show any posts on the gotosocial one. But they’re aware of these issues and seem to be actively working on fixing things.

                                                                                                                              1. 1

                                                                                                                                I have only seen one bug so far, in the rate limiting system. I’m behind two layers of NAT so the client IP address identification is not reliable. Disabling rate limiting didn’t work; I had to raise the limit to 999999 instead. The maintainers have been very responsive so far, so I believe it will be fixed soon.

                                                                                                                                There are not that many bugs but a lot of missing features. I have a PR open here to make them clearer so people know what they’re getting into: https://github.com/superseriousbusiness/gotosocial/pull/1086

                                                                                                                                The most annoying is the lack of backfill; sometimes you have to rely on permalinks to read conversations that your server isn’t fully aware of.

                                                                                                                              2. 2

                                                                                                                                Did you evaluate Pleroma as well? I’ve been playing with that in on a free Oracle cloud ARM instance and it seems pretty performant. 1 GB memory total used for entire VM (FreeBSD, Postgres, app). It could certainly run on a RaspberryPi

                                                                                                                                1. 2

                                                                                                                                  I used to run Pleroma on my Raspberry Pi (in fact I have implemented new features for it: https://technomancy.us/191) but I can no longer recommend that project due to its association with certain high-profile bigots. I am watching the Akkoma project with interest, which forked the Pleroma codebase and has a more sensible maintainer, but it’s still early days.

                                                                                                                                  1. 1

                                                                                                                                    Thanks!

                                                                                                                                  2. 1

                                                                                                                                    run on a RaspberryPi

                                                                                                                                    And there’s PleromaPi for that.

                                                                                                                                2. 1

                                                                                                                                  I think all you’d miss out on from a community perspective is you wouldn’t have anyone else in the “local” section, you’d still have the federated section, trending if you enable it and anyone you follow.

                                                                                                                                  1. 1

                                                                                                                                    I guess I could convince some of my friends to join. Only if I can come up with a good name (I have historically been bad at this).

                                                                                                                                  2. 1

                                                                                                                                    I don’t think it’s obviously better for the big instance to handle a new local account compared to a new remote instance.

                                                                                                                                    With the remote instance, they only have to send you events once for each activity of some of the people with accounts there. If you start an account there on the other hand, they have to start listening to and storing data from anyone you follow.

                                                                                                                                    1. 1

                                                                                                                                      I don’t think it’s obviously better for the big instance to handle a new local account compared to a new remote instance.

                                                                                                                                      I don’t think it is but, if I understand the moderation model correctly, it is easier for them to handle a new user on a remote server than a new remote server. In all cases, if the new user is benign then it’s fairly easy. There’s a bit more c2s traffic if the new user is local and s2s if the new user is remote and communicates with local users (follows in either direction, direct messages, and so on). For a malicious user, it’s different:

                                                                                                                                      • A local account needs the local admin to do something, to either close the account or educate the user.
                                                                                                                                      • A remote account on an existing server will be handled by the moderator(s) on that server. If they don’t do anything, then you can block their server and the problem goes away.
                                                                                                                                      • A new user on a new remote server requires handling in the same way as a new federated server with malicious users.

                                                                                                                                      I don’t know how scalable the server block lists are, but the Mastodon instances that I’ve seen are typically blocking 2-3 servers and list them publicly. If ActivityPub becomes as popular as Twitter, then the easiest thing for a spammer will be creating a new server and then following a load of accounts and then sending them spam. If the only way that this is handled is by every single server needing to manually block the server, then I don’t see any way that this doesn’t turn into a massive problem.

                                                                                                                                      The alternative is generally some form of reputation system. For example, I allow any messages from server A until someone on my server or someone on a server I trust follows someone from A (or until some number of people do). That would work, but provides some friction for new servers: you either know someone who is running one and ask them to trust you at the start, or you need to communicate that you have good people out of band and then have people on other servers follow them. I don’t know if existing Fediverse servers have anything like this.

                                                                                                                                      1. 1

                                                                                                                                        The alternative is generally some form of reputation system. […] That would work, but provides some friction for new servers: you either know someone who is running one and ask them to trust you at the start, or you need to communicate that you have good people out of band and then have people on other servers follow them.

                                                                                                                                        So basically the same issue as with SMTP servers, then.

                                                                                                                                        1.  

                                                                                                                                          following a load of accounts and then sending them spam.

                                                                                                                                          Pleroma, at least, offers you a “following-only” timeline view - a spammer following me couldn’t get any spam in front of me. I could also write a filter which hides/content-warnings posts from previously unseen or “I am not following anyone on” instances using the MRF system.

                                                                                                                                          I don’t know if existing Fediverse servers have anything like this.

                                                                                                                                          I’ve not seen anything regarding “reputation” - but yeah, it would be exceedingly handy to have the ability to assign scores for posts / accounts / instances (+10 for mutual follow, +5 for I am following, -10 for a new instance I am not following anyone on, -100 for “account posts every 5 seconds bloody hell” etc.) much like SMTP spam scores.

                                                                                                                                          1.  

                                                                                                                                            Pleroma, at least, offers you a “following-only” timeline view - a spammer following me couldn’t get any spam in front of me

                                                                                                                                            Does that prevent them from being able to send you direct messages? I guess that’s fine for some uses, but it means that people that follow you can’t reach you via the Fediverse.

                                                                                                                                            1.  

                                                                                                                                              Done some testing - looks like people you don’t follow can’t send to you, either public or direct posts. Which definitely cuts down on the spam angle. But yes, it does limit interaction from people you don’t follow.

                                                                                                                                      2. 1

                                                                                                                                        Better check your ISP’s terms of use first. As I heard, a lot of ISP’s deny the use of their service for server hosting and you can end up with your contract broken :(

                                                                                                                                        1. 1

                                                                                                                                          Yeah I’m on google fiber which as far as I can tell allows hosting for non-business stuff. No static IP though.

                                                                                                                                      1. 4

                                                                                                                                        Also, why is there an option for GitHub, but not for other software forges?

                                                                                                                                        1. 2

                                                                                                                                          I think it’s because when that feature was implemented the choice of software development hosting platform was not the socio-cultural shibboleth it is now.

                                                                                                                                          1. 2

                                                                                                                                            And? People still used other forges.

                                                                                                                                          2. 2

                                                                                                                                            Maybe it’s that GitHub is a social media platform and the others are just code forges?

                                                                                                                                            1. 3

                                                                                                                                              That’s some people’s definition I guess, for the rest of us it’s a code forge.

                                                                                                                                              1. 1

                                                                                                                                                It is something that distinguishes GitHub, as the alternatives provide a simpler and often more performant user experience.

                                                                                                                                          1. 6

                                                                                                                                            I saw a post on HN about an instance (Oulipo.social) that disallows the use of “e” in posts. Its a schtick, but an interesting way to force people to think about what they are trying to say, and it probably helps limit hateful interactions.

                                                                                                                                            1. 10

                                                                                                                                              And don’t forget dolphin.town where you can only use the letter “e”.

                                                                                                                                              1. 2

                                                                                                                                                Get one account on each for the full alphabet experience

                                                                                                                                                1. 1

                                                                                                                                                  That’s incredibly funny. Oulipo and it’s legacy are well-represented by tech nerds. I wouldn’t join that instance though, lest it ends with me joining instances in order to find the instance I meant to join initially.

                                                                                                                                                1. 11

                                                                                                                                                  When I chose a server, I considered their federation policy, because I didn’t want to out-source deciding which accounts I should be allowed to follow.

                                                                                                                                                  https://fosstodon.org/about and https://hachyderm.io/about/more both have long lists of suspended servers: “No data from these servers will be processed, stored or exchanged, making any interaction or communication with users from these servers impossible”.

                                                                                                                                                  I prefer the federation policy of https://qoto.org/about/more, which doesn’t suspend any servers. There’s a few others like that.

                                                                                                                                                  1. 8

                                                                                                                                                    The unfortunate reality of being on an instance like qoto.org is other, “heavily moderated” instances will suspend/silence you because of the lax moderation policy.

                                                                                                                                                    1. 6

                                                                                                                                                      The qoto.org admin notes:

                                                                                                                                                      Thankfully the servers blocking us are few and far between and are limited to only the most excessive and aggressive block lists. As I said, QOTO has one of the largest federation footprints on the fediverse,

                                                                                                                                                      https://qoto.org/@freemo/109319817943835261

                                                                                                                                                      1. 1

                                                                                                                                                        Anecdotally, every other server I’ve seriously looked at joining has had QOTO completely blocked/suspended/filtered. There are some things about it I found attractive but it seems like I’d be cut off from a lot of the community I’m looking to find on the fediverse based on where my twitter follows/followers have migrated.

                                                                                                                                                        Alright, should have double checked before posting. It looks like this is correcting, as at least Hachyderm and infosec.exchange do allow it now. (Still appears blocked at Hachyderm but the issue removing it is closed)

                                                                                                                                                      2. 2

                                                                                                                                                        It seems to have a lax federation policy, not a lax moderation policy. It doesn’t block other instances, but it moderates its members’ behavior.

                                                                                                                                                      3. 3

                                                                                                                                                        I can understand your line of thought, but often times there are good reasons to defederate certain instances. For example pawoo.net (japanese instance) allows content which is illegal in other countries. And since mastodon caches content of remote servers, this makes defederation or at least restrictions almost a must.

                                                                                                                                                        1. 3

                                                                                                                                                          Yes, qoto.org’s policy is:

                                                                                                                                                          We do not silence or block other Fediverse instances based on agenda, politics, or opinions held by their staff or users. We only require servers we federate with to follow one simple rule: respect a user’s right to disengage. Offending servers will only be silenced, not blocked, blocks will be reserved for technical assaults only such as DDoS attacks, or legal issues such as sexual abuse and child porn.

                                                                                                                                                          qoto.org doesn’t currently block any servers, but is willing to if needed for the above technical/legal reasons.

                                                                                                                                                          Other instances blocklists go beyond these technical/DDoS reasons. The advantage of a federated protocol is being able to pick.

                                                                                                                                                          1. 1

                                                                                                                                                            I was on mastodon.technology, but the whole time I just wanted my own instance. Now when it shut down, I finaly have one. Then I can deal with my own policies.

                                                                                                                                                          2. 2

                                                                                                                                                            Wow, I didn’t know Mastodon instances are censoring each other already.

                                                                                                                                                            I just tried to send a message from qoto.org to hachyderm.io and it did not arrive.

                                                                                                                                                            No error message on the sending side.

                                                                                                                                                            Then I sent a message from indiehackers.social to hachyderm.io and it arrived immediately.

                                                                                                                                                            1. 5

                                                                                                                                                              hachyderm.io has recently removed qoto.org from its blocklist: https://github.com/hachyderm/hack/issues/8

                                                                                                                                                              1. 1

                                                                                                                                                                But the direct message never arrived.

                                                                                                                                                                1. 1

                                                                                                                                                                  Why is it still listed on their /about/more page?

                                                                                                                                                                  1. 2

                                                                                                                                                                    Possibly a mistake and/or the lifted ban hasn’t taken effect yet.

                                                                                                                                                                2. 4

                                                                                                                                                                  Instances have blocked/silenced other instances for a long time. It’s a core part how the Fediverse views federation.

                                                                                                                                                                  1. 3

                                                                                                                                                                    One of the core ideas of Mastodon is that instances control who they federate with.

                                                                                                                                                                    So you are free to create an account on any instance you like and post anything that stays within the instance’s rules. You just aren’t guaranteed an audience – other people may block you, or other instances my choose not to federate with the instance you’re posting on. This is freedom of speech in its purest form: you can say what you like, and other people can ignore you if they like. Or if they dislike their instance’s policies, they can move to another one or set up their own. But you can never, ever, a million billion times never, force another instance to federate with you or show your posts, or force another user to listen to you.

                                                                                                                                                                1. 10

                                                                                                                                                                  I believe society simply doesn’t need social networks federated or not. Sites like this, hn, even Reddit are ok, but when it comes to the likes of Twitter, Instagram, TikTok and the rest are literally eating people’s time and act as gateways to procrastination. It amazes how people are paralysed in front of the infinite wall of bogus information, commenting and debating over nothing.

                                                                                                                                                                  /rant over

                                                                                                                                                                  1. 16

                                                                                                                                                                    You think sites like HN are somehow not full of bogus information too?

                                                                                                                                                                    Social networks at least have some good social aspects!

                                                                                                                                                                    1. 3

                                                                                                                                                                      I am not necessarily speaking about the information we get, but the addiction it creates. I don’t feel addicted visiting hn or lob a few times a day. But when I using Facebook, the first thing in the morning, even before washing was to check the notification bell.

                                                                                                                                                                      1. 9

                                                                                                                                                                        First thing I check in the morning is Lobste.rs /comments, no lie.

                                                                                                                                                                    2. 4

                                                                                                                                                                      “The curious task of Social Media is to demonstrate to men how little they really know about what they imagine they can design.”

                                                                                                                                                                      • Internet F.A. Hayek

                                                                                                                                                                      It’s not up to you to tell society what it can and can’t have. If people want to have their time eaten, if people are doing something they enjoy, who are you to tell them they’re using their time incorrectly? Are you made of a finer clay than the rest of mankind?

                                                                                                                                                                      1. 8

                                                                                                                                                                        If people like something it doesn’t make it good. If people like cocaine, slot machines and get drunk during the weekends it doesn’t mean I cannot formulate an opinion about their behaviour through my personal filter.

                                                                                                                                                                        If I am allowed to formulate an opinion, there’s no sufficient reason I cannot share it with others. It’s not like I am going to seize power, form a world government and forbid social media.

                                                                                                                                                                        Also, the discussion is not about the properties of the clay, but the form it gets. Clay is very sensitive to feedback.

                                                                                                                                                                        1. 4

                                                                                                                                                                          I feel this is somewhat unfair.

                                                                                                                                                                          The developers of said social network do have the influence and do use the psychological tricks to nudge people towards certain behaviors.

                                                                                                                                                                          Oftentimes the only reason they can do so is not due to their platform being somehow attractive by itself, but merely by virtue of their platform being the first one to penetrate respective social networks of it’s then future users to the point these users feel that they have to be present so as not to miss out.

                                                                                                                                                                          People do lament their kids spending real money on Fortnite skins.

                                                                                                                                                                          But you might believe (and I would agree) that it’s more productive to devise new ways for others to spend their time than to criticize their current preferences.

                                                                                                                                                                        2. 5

                                                                                                                                                                          It’s worse than wasting time, it’s an aliterate medium. An arbitrary limit on how many characters you can fit in a post is an arbitrary limit on how much depth or insight you can fit into a post. I see images posted of screenshots of news summaries because the platform only allows enough text for clickbait titles and not shallow summaries. It’s a stupid medium created for stupid people by stupid developers.

                                                                                                                                                                          1. 4

                                                                                                                                                                            I agree, but that’s kind of Twitter-specific (maybe Mastodon too?) Other social networks don’t have that limit.

                                                                                                                                                                        1. 4

                                                                                                                                                                          It took me a bit to notice that the “ronna-” and “quetta” prefixes are for extremely large values, while the “ronto-” and “quecto-” prefixes are for extremely small values.

                                                                                                                                                                          1. 9

                                                                                                                                                                            It’s like that for everything larger/smaller than exa/atto; we already have zetta and zepto for 10^21 and 10^-12, and yotta and yocto for 10^24 and 10^-24.

                                                                                                                                                                            Would’ve been kinda cool if it applied to everything maybe? kila/kilo, mega/mecto, giga/gecto, tera/tetro, peta/pento, exa/exo, zetta/zepto, yotta/yocto, ronna/ronto, quetta/quecto.

                                                                                                                                                                            I noticed that “tetro”, the 4th power of 1/1000, looks suspiciously like a word based on the “tetra-” prefix meaning four, so I looked at the other prefixes. We have penta- meaning five, which looks a lot like “peta”, hexa- meaning six, which looks a lot like “exa”, “octa-” which looks like “yocto” if you squint, and “nona-” which looks a little like “ronna”. I wonder how much of this is coincidence and how much is on purpose.

                                                                                                                                                                            1. 1

                                                                                                                                                                              gecto- would also need to drop hecto-, though — although of course it would be dropped just because it ends in -o-.

                                                                                                                                                                              Femto- already sounds not so far from pento-, and the comments cited seem to confirm it is intentional: https://phys.org/news/2022-11-earth-ronnagrams-metric-prefixes-voted.html

                                                                                                                                                                              1. 1

                                                                                                                                                                                I wonder how much of this is coincidence and how much is on purpose.

                                                                                                                                                                                It’s intentional. From https://phys.org/news/2022-11-earth-ronnagrams-metric-prefixes-voted.html:

                                                                                                                                                                                “The only letters that were not used for other units or other symbols were R and Q,” Brown said.

                                                                                                                                                                                Convention dictates that the larger prefixes end in an A, and the smaller ones in an O.

                                                                                                                                                                                And “the middle of the words are very, very loosely based on the Greek and Latin for nine and 10,” Brown said.

                                                                                                                                                                            1. 2

                                                                                                                                                                              Many of the lessons of The Mythical Man-Month are true nearly 50 years later. I consider it mandatory reading for new engineers, and I often encourage engineering managers to read it.

                                                                                                                                                                              1. 1

                                                                                                                                                                                It’s a sad statement about the software engineering industry that people still need to learn these lessons.

                                                                                                                                                                                1. 3

                                                                                                                                                                                  I’m not sure if I agree - some of it is not obvious. Hey I’m not saying the industry isn’t a shit show :)

                                                                                                                                                                                  I am saying that I don’t think people are taught (very often anyway) the engineering part of software engineering: how to work on a team, why accountability and dependability really matters, how to concisely and accurately communicate to both tech and non tech colleagues… so much more.

                                                                                                                                                                              1. 19

                                                                                                                                                                                I wouldn’t have deleted that key on their behalf. If it was running some kind of critical service it would now be failing, and services might be at risk, services potentially critical to human life. It’s also Unauthorized Access to a Computer and you shouldn’t trust a corporation to not take legal action against you when it has the opportunity.

                                                                                                                                                                                1. 5

                                                                                                                                                                                  The blog appears to be ran by a British citizen who lives in London, so short of the US govt getting involved, there isn’t likely much Infosys could do, even if they got super duper upset about it.

                                                                                                                                                                                  US laws do not apply outside of the US, despite the US not always acting like that’s the case.

                                                                                                                                                                                  That said, I agree it wasn’t the best action they could have done, but hindsight is 20/20 and all.

                                                                                                                                                                                  1. 2

                                                                                                                                                                                    US laws do not apply outside of the US, despite the US not always acting like that’s the case.

                                                                                                                                                                                    If you hack into something that’s hosted on US soil, or route traffic across US soil to do it, you can bet US law applies. The only question is whether the country you’re currently in will extradite you.

                                                                                                                                                                                    Or, more simply: laws still apply just fine on the internet and you probably rely on that being true, whether you realize it or not.

                                                                                                                                                                                    1. 6

                                                                                                                                                                                      I completely agree that US laws apply on US soil, obviously they do. They just don’t apply outside the US at all, unless the other countries want them to apply. It’s the treaties and the UK’s willingness that matter here. It’s hard to say how the UK would handle this particular case, assuming the US govt got upset enough to bother the UK about it.

                                                                                                                                                                                      My comment that you are quoting was more about: The US govt can generally bully their way into whatever they want in most places on the planet, since they currently have the largest military and economy around.

                                                                                                                                                                                      1. 5

                                                                                                                                                                                        The current UK prime minister is the son-in-law of the founder of infosys. So I don’t think it would take too much to inflict pain on the author of this blog.

                                                                                                                                                                                        1. 3

                                                                                                                                                                                          Wow, that’s unfortunate for the OP. Though at the rate the UK is currently going through prime minsters, that may change tomorrow.

                                                                                                                                                                                          1. 2

                                                                                                                                                                                            My first reaction would be “surely they wouldn’t do anything so petty?” but then I remember who is running the UK at the moment and now I’m not so sure.

                                                                                                                                                                                          2. 2

                                                                                                                                                                                            Any type of network or equipment that’s on US soil is, well, on US soil. Any sort of entity you affect that’s on US soil is on US soil. Lots of things are actually on US soil.

                                                                                                                                                                                            “But the person sending the bytes over the wire wasn’t in the US” doesn’t change that. At best it just means now two countries can each carry out a prosecution, and the person hopes the one they’re currently in won’t do that and won’t extradite.

                                                                                                                                                                                            This isn’t some sort of completely new unheard-of never-before-considered untested thing, either. Extradition treaties, and other procedures for handling people who think they’ll evade punishment by being on the other side of a border, is something that literally goes back millennia.

                                                                                                                                                                                            1. 1

                                                                                                                                                                                              The only part I disagree with is: “At best it just means now two countries can each carry out a prosecution”.

                                                                                                                                                                                              This assumes the action is illegal in both countries. In this case, where the OP deleted the AWS key, that’s possible, but I wouldn’t say it’s certain. That’s for lawyers to fight over, if it ever gets that far.

                                                                                                                                                                                          3. 4

                                                                                                                                                                                            US law does not apply outside the US, some Americans just think it does.

                                                                                                                                                                                            1. 3

                                                                                                                                                                                              If what you do passes through wires, networks, servers, routers, anything on US soil, then it was not “outside the US”.

                                                                                                                                                                                              Like I said to the other person: you probably, whether you realize/like it or not, rely on the fact that wherever you reside can in fact enforce its laws in this fashion, regardless of which country you reside in.

                                                                                                                                                                                              1. 2

                                                                                                                                                                                                If this comes as a surprise to anyone, consider the story of CSE TransTel, a telecom company, and its parent company CSE Global Limited, both based in Singapore. CSE TransTel signed a contract to install communications equipment inside Iran, and paid purchase orders to Iranian companies to support delivery & installation of their equipment. They made their payments out of a Singapore-based bank.

                                                                                                                                                                                                What’s the problem, you ask? They made payments out of an account denominated in US dollars. These payments were processed through the US financial system: as a result, the US government argued that the actions of an entirely foreign company using entirely foreign banks resulted in financial institutions in the US handling payments to Iranian companies, which violates sanctions against Iran. This created a US nexus that made otherwise totally legal actions impermissible under US laws.

                                                                                                                                                                                                CSE TransTel settled with OFAC for twelve million dollars. Why? They’re based in Singapore?! If they didn’t, they’d end up listed as a specially designated national and any US company or person would be legally barred from working with them or risk OFAC sanctions of their own.

                                                                                                                                                                                                The US legal system and enforcement regimes will take a very broad determination of jurisdiction, and any company – web hosting, infrastructure, payments – with a US connection are legally required to fall in line.

                                                                                                                                                                                                1. 2

                                                                                                                                                                                                  From my other comment: The US govt can generally bully their way into whatever they want in most places on the planet, since they currently have the largest military and economy around.

                                                                                                                                                                                                  Here CSE TransTel had to have known it was a bad idea to sell to Iran, since even their own government is less than pleased with Iran’s nuclear weapons program. They probably thought about it, and figured it was worth trying, got caught and eventually gave in, knowing their own govt wasn’t really on their side either.

                                                                                                                                                                                                  I’m not necessarily against the US Govt’s bullying tactics, it helps the world just get stuff done sometimes, but it is a power they can(and arguably have) over-used sometimes.

                                                                                                                                                                                                  1. 1

                                                                                                                                                                                                    You seem to have a very specific political axe to grind, but it’s not applicable here.

                                                                                                                                                                                                    To see why, imagine there’s a building near an international border, and someone on the other side of the border throws a rock across and breaks a window in the building. The country the building was in can call it a violation of their laws, even though the person who threw the rock wasn’t on their soil. Whether the person who threw the rock will actually be punished by the country the building was in depends on the existence and details of extradition treaties, but nobody should be surprised if that person gets extradited to face consequences in the country where the building was.

                                                                                                                                                                                                    The internet didn’t change anything about this. If you send bits over wires, and some of those wires are in another country, that country’s laws apply. It’s not “bullying” or some sort of new, unique, just-made-up recent thing. Like I already said in another reply, we’re talking about things that political and legal systems have been dealing with for literally thousands of years at this point. Rather: a lot of people hoped and wished and wanted the internet to somehow provide a new, never-before-seen type of extraterritorial place where those political and legal systems couldn’t reach, but their wanting and wishing didn’t and hasn’t made it so. Instead, long-existing frameworks have been adapted as needed, and that’s that.

                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                      You seem to have a very specific political axe to grind, but it’s not applicable here.

                                                                                                                                                                                                      no? You seem to be misunderstanding what I’m saying perhaps? I’m a little confused by this comment.

                                                                                                                                                                                                      Anyways, The US and the UK have an extradition treaty, and the UK government is happy to publish it here: https://www.gov.uk/government/publications/extradition-treaty-between-the-uk-and-the-usa-with-exchange-of-notes

                                                                                                                                                                                                      I’m not currently an international lawyer and I haven’t read the whole thing, but skimming through it, it seems to say, In general, if it’s against the law in both countries, then they will automatically extradite people either direction. Which seems totally reasonable to me.

                                                                                                                                                                                                      Nowhere in there does it say that US laws apply in the UK, as that is straight up ridiculous. An easy example of how ridiculous that is: Guns are generally illegal in the UK and are generally not illegal in the US.

                                                                                                                                                                                                      1. 1

                                                                                                                                                                                                        You seem to be misunderstanding what I’m saying perhaps?

                                                                                                                                                                                                        Over and over you single out one and only one country and talk about “bullying”.

                                                                                                                                                                                                        Nowhere in there does it say that US laws apply in the UK, as that is straight up ridiculous.

                                                                                                                                                                                                        The issue here is you are the one who is trying to argue that this is somehow “US law applying in the UK”. Not me.

                                                                                                                                                                                                        I’ve explained to you multiple times now that it is an extremely normal and banal and accepted and uncontroversial idea that you can break the law of a country by committing acts that involve or have effect on entities or infrastructure in that country, even if your physical body was not physically within that country’s borders at the time.

                                                                                                                                                                                                        But this is not the same as saying a particular country’s laws apply everywhere – thus the example of throwing a rock over the border and causing damage on the other side, which hopefully is a pretty clear and common-sense example of the underlying principle.

                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                          Over and over you single out one and only one country and talk about “bullying”.

                                                                                                                                                                                                          Would s/bullying/interfering/g be a better word for you? The US is far from the only ones that do this type of behaviour. Generally it’s larger countries relative to smaller countries, that the US is the largest just makes them more effective at it.

                                                                                                                                                                                                          The issue here is you are the one who is trying to argue that this is somehow “US law applying in the UK”. Not me.

                                                                                                                                                                                                          Then I apologize for my part in our miscommunication. Though I find it very confusing that you think my position is that US law applies in the UK. Clearly we don’t seem to be communicating well during this course of conversation. With such gross miscommunication, it’s probably easier to just stop. Especially since the stakes for you and me are at worst some feelings being hurt. Have a pleasant and wonderful weekend!

                                                                                                                                                                                        2. 4

                                                                                                                                                                                          I mean, it’s sketchy, but it does seem to be a key used for development, and which had been inactive for a whole year. Granted, anyone who screws up by issuing AdministratorAccess keys to individual developers might also run some critical service under them, but given the context (running some statistical models over externally-hosted records from several sources) it appears rather unlikely that it was used to run anything critical to human life. The key was, after all, used by Infosys to run things at their end, not by JH.

                                                                                                                                                                                          I don’t wanna defend what the author did, I’m, not sure I would’ve done it that way, either, but I do think it was quite safe to do from a technical standpoint. From a legal standpoint, based on my experience working with (and, sadly for my mental sanity, occasionally in) outsourcing companies, I doubt there is anyone at Infosys’ end who can a) read logs and b) is not on the verge of ragequitting, so there’s probably no one to notify the Legal team about it :-).

                                                                                                                                                                                          1. 6

                                                                                                                                                                                            It might seem that way, but there was no way for the author to know. They should have reported to infosys and Johns Hopkins.

                                                                                                                                                                                            As it is, the author has potentially harmed people and/or incurred liability.

                                                                                                                                                                                            1. 13

                                                                                                                                                                                              It seems like the author ended up doing that precisely because they couldn’t contact either JH or Infosys. There’s obviously no way to verify that, but I have been at the receiving end of the problem. Someone went public with several issues in a program that the company I was working for sold. The higher-ups got very butthurt, nasty press release came out…

                                                                                                                                                                                              …turned out the researcher had tried to contact them through several separate channels, but messages got ignored each time because they weren’t read by anyone who actually understood what was being said to them. One of the official channels for reporting security issues was mostly unused, because people usually went through unofficial channels. IIRC the people who supposedly monitored that channel weren’t even working there anymore. Dude ended up going public because he thought it was likely the only way to actually prevent anyone from getting harmed, despite incurring liability.

                                                                                                                                                                                              1. 1

                                                                                                                                                                                                Were there any legal consequences?

                                                                                                                                                                                                1. 3

                                                                                                                                                                                                  AFAIK no, and the whole thing was dropped like a very hot potato the moment people realized there had been as much as one attempt at responsible disclosure. I mean it’s not 1992, companies are legitimately expected to make this no more complicated than a couple of Google searches and an email.

                                                                                                                                                                                                  Management is rarely inclined to litigate when there’s a looming PR disaster in it. A lawsuit moves slowly, even when coaxed with money and connections, whereas social media and the press operate on an hourly timetable. Realistically, there’s barely anything to gain from a lawsuit on a matter like this, and potentially a lot to lose in terms of PR and community relations – they only move forward if someone in the legal team really needs to prove themselves. Even the financial incentives are practically zero, the kind of sum they could get is probably in the sort of amount that companies like Infosys regularly write off for government bribes.

                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                    That’s my view as well. Infosys would be very stupid to raise a legal stink about this, as it would shine a light at their alleged incompetence at deploying code and responding to disclosures.

                                                                                                                                                                                              2. 3

                                                                                                                                                                                                You’re right, but the flip side is reporting it properly, having them not do anything about it, and then a bad actor finds and uses it. Not much to recommend one over the other imo.

                                                                                                                                                                                                1. 8

                                                                                                                                                                                                  From what I’ve seen, you may run into careless business associates / sub-associates, but covered entities are often very wary of the risk around HIPAA violations. It sounded like the author attempted to report to Infosys directly so I’m not surprised he hit a wall.

                                                                                                                                                                                                  So again, if you find PHI – "Johns Hopkins Hospital" "general counsel" into your favorite search engine took me straight to their legal department, including direct contacts to HIPAA lawyers. Even without specialist lawyers, just get in touch with someone in their legal / leadership chain. The magic happens when you say “I’d like to report a HIPAA violation” to a human, preferably a human on a legal team.

                                                                                                                                                                                                  And if you truly can’t get anyone to act, HHS has a process to report complaints directly to them. It’ll likely take longer for them to act, but they have broad leeway to sanction bad actors and will get the attention of the offender.

                                                                                                                                                                                                  1. 1

                                                                                                                                                                                                    On the other hand, people not living in USA might not be be so intimately familiar with USA laws and compliance culture.

                                                                                                                                                                                            2. 1

                                                                                                                                                                                              All access to remote computers is unauthorized. Maybe we should stop allowing corporations to hurt themselves and others, even if it means violating their privacy.

                                                                                                                                                                                            1. 11

                                                                                                                                                                                              it looks intersting but the the crypto bro part immediately turned me off

                                                                                                                                                                                              1. 9

                                                                                                                                                                                                Our company has nothing to do with cryptocurrencies! We’re building HVM, a massively parallel functional runtime developed in Rust, based on a new model of computation (Interaction Nets), that is outperforming Haskell’s compiler in some cases by an order of magnitude. I believe it is a groundbreaking technology that has the potential to change the tech industry by making massive parallelism accessible. It is the first “automatic parallelization” project with remarkable real-world success and numbers to back it up.

                                                                                                                                                                                                Yes, we’re building a p2p computer too, but it is just a secondary product we made mostly to showoff the performance of the HVM. Specifically, we replaced Ethereum’s EVM by the HVM, and managed to hit ~100x increased throughput for many opcodes. But that’s just it, a p2p virtual machine. It isn’t cryptocurrency. It doesn’t even have a currency! I share the hate, but not every p2p project is a cryptocurrency. Torrent and DNS existed way before Bitcoin, and are fundamental to the internet as we know it!

                                                                                                                                                                                                That said, this webpage is a draft and we’re due to some massive rework of it, because it is clearly not showing our intents properly, so that’s not your fault. We need to communicate better.

                                                                                                                                                                                                1. 2

                                                                                                                                                                                                  I would be very interested a p2p computer. I think having a shared computer with state is a key building block for a lot of services. I’m also interested in replicating the experience/vibe of having a shared machine that multiple (trusted) people can SSH into. No interest in having money involved here.

                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                    Exactly! That’s the spirit/point of our chain: you do NOT need a cryptocurrency to have a worldwide shared computer, and such a thing would be so useful as a technological primitive that projects can rely on, just like internet protocols and whatnot. But I’m almost regretting developing it because people immediately jump to the conclusion that we’re a crypto project, even though the chain isn’t nearly as important as HVM and don’t even have a currency!

                                                                                                                                                                                                    1. 4

                                                                                                                                                                                                      Don’t call it a chain IMO. That nearly lost my interest when I saw it.

                                                                                                                                                                                                      1. 2

                                                                                                                                                                                                        To be clear, does the chain use proof-of-work or other energy-wasting mechanisms?

                                                                                                                                                                                                    2. 2

                                                                                                                                                                                                      If you don’t want people to think it’s a cryptocurrency thing, you badly need to redesign the marketing. The very first thing I see when I look at this is a picture of a chain. You’ve already turned off everyone who dislikes cryptocurrency at this point.

                                                                                                                                                                                                      The fact that there’s text on that next page that says it’s not a cryptocurrency thing doesn’t help you much because you already created a bad first impression and some readers have already left by this point.

                                                                                                                                                                                                      A second problem I have is this:

                                                                                                                                                                                                      It is PoW-based, forever. In fact, PoS isn’t even possible, since there is no built-in currency.

                                                                                                                                                                                                      This is one of the specific aspects of cryptocurrencies that has made people dislike them.

                                                                                                                                                                                                      Could you not cut out the PoW waste entirely by having some TTPs sign blocks, acting like notaries?

                                                                                                                                                                                                    3. 5

                                                                                                                                                                                                      Looks like a less banana-pants crazy variation on the Urbit idea.

                                                                                                                                                                                                      1. 4

                                                                                                                                                                                                        to be clear the parts that look interesting to me are Kind2 and HVM

                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                          Me too. I am also interested in the ‘Interaction Combinators’ mentioned in the manifesto. It is unclear to me how it relates to HVM. Any hint?

                                                                                                                                                                                                          1. 1

                                                                                                                                                                                                            HVM is the first real-world efficient implementation of Interaction Nets! We took this new model of computation, which was invented in 1997, developed a memory-efficient representation for it, called Symmetric Interaction Calculus, and, based on that, we implemented the High-order Virtual Machine (HVM), a massively parallel runtime. Right now it only targets functional languages, and it is already outperforming Haskell’s GHC by 9.2x in some cases (!), but it isn’t limited to FP.