1. 2

    Thus in most programming languages certain data types such as numbers are a special case which does not fit well into the general type system of the language, and hardware details such as the number of bits supported by an integer add instruction show through in the language semantics.

    It does not reflect the realities of modern hardware, where computation is almost free, memory size is almost unlimited (although programmers’ ingenuity in creating bloated software apparently knows no bounds), and the principal limit to performance is the cost of communication. For example, one cache miss might take as much time as a hundred add instructions. If it does not noticeably increase the size of the data or program, quite a large amount of extra run-time computation can be added to most programs with no effect on their total running time. This computation can be invested to give the programming language a more rational semantics and to remove common sources of hard-to-find errors.

    I think this is just inconsistent. If you want to reduce cache misses, you’re going to have to care about how tightly you can pack your data.

    Maybe there’s some way to get bigints in most cases, with the option to drop down to small types like i32/u32 where necessary, but I have the feeling it would end up being inconvenient in exactly the ways the author dislikes.

    1. -6

      I stopped reading this as I rejected the premise early on, the example I had in mind was chess, try get in top 5% on Chess.com or Lichess. “Isn’t that good”? Well, it’s about a 2150 or 2200 chess rating.

      1. 24

        I think bragging about not reading the article is not a good habit to encourage on lobsters, but you’ve also misread–and the clarification was in the second paragraph.

        The relevant comparison isn’t players on chess.com, it’s people who play chess, and that’s a larger group. For instance, I’ve played games against my daughter in the past year, and against a friend or two within the past few years, but I’m not active on chess.com.

        Similarly, I’m about 50th percentile in people who play Go tournaments (maybe a little lower even, I can’t remember), but I’m well above average (at least for players in the US. I don’t know what the distribution is like in China/Japan/Korea–they have tons of strong players, but also millions of players overall). I don’t know if I’m 95% percentile, but definitely not near 50th.

        1. 2

          I skimmed the article, and it’s a rambling mess. There’s some nuggets there but they’re really hard to sift.

          I liked the author’s coinage(?) of the word “ridiculable”.

          It would generally be considered absurd to operate a complex software system without metrics or tracing, but it’s normal to operate yourself without metrics or tracing, even though you’re much more complex and harder to understand than the software you work on.

          This is a good observation, slightly marred by the existence of a plethora of products designed to track employee’s every move on screen. I guess a programmer interested in improving their productivity can get an evaluation license of this kind of software.

          Also this link looks interesting:

          1. 5

            I wonder if it’s the game analogy that’s giving people trouble, because it immediately clicked for me. My game of choice is different – Magic: The Gathering, which first came out right as I was a teenager likely to be able to pick it up and enjoy it – but my experience with it absolutely lines up with the article.

            There’s a very large population of people who play Magic. And reaching 95th percentile within that population is something literally anyone could do by putting in the work. It seems like a high bar, but it really isn’t, because even things like reading a few introductory articles on competitive strategy and practicing what you learn from that will quickly advance you past the average kitchen-table Magic playgroup. Not that much more effort will put you up to the level of being able to win at a typical Friday-night tournament in a local game shop. And at that point you are undeniably going to be 95th percentile, if not higher!

            Even within the specifically competitive-focused subset of the Magic-playing population I think this holds up. Within the last couple years a new digital version of the game (called “Arena”) has come out and been promoted heavily, and it has competitive play with a ladder of ranks and tiers. It’s attracted a fair number of streamers who are new to the game, and again it seems that anyone willing to put in some effort and practice can start consistently reaching the higher ranks, which again put them into the 95th percentile or higher of Magic players, and even of that specific subset who play on Arena.

            Though I think some of the problem here is also perspective: people won’t compare themselves to the general population, or even to the subset who do things like go to tournaments or participate in ranked play on Arena, where it would be clear just how low the skill-level bar of 95th-percentile really is. Instead they compare themselves to the population of established elite professional players, and see a huge skill gulf between themselves and the pros and draw the wrong conclusion. Being only 1% as good as a top-level pro (assuming we could quantify that) does not mean being only in the 1st-percentile of all players, simply because the pros are such a microscopically tiny subset of a very large population, but people often think about it in those terms.

            1. 1

              I guess it’s only applicable to fields where casual and enjouable participation is possible.

              On the one hand we have fields like algebraic geometry that you cannot participate in without extensive preparation. For someone with high school math level, it will take years to even start understanding the papers. Even then you are are only ready to start doing any research of your own at all.

              On the other hand we have fields where, until some point of profiency, it doesn’t matter if you are are better than N% participants. There are many people (mostly kids) who play the violin. You can get better than most of them just by learning not to tune the strings to diminished fifths. It will take years of dedicated practice until anyone will genuinely want to listen to your playing though.

            2. 3

              The existance of personal tracking software doesn’t imply that it is not “normal to operate yourself without metrics or tracing”. A fairly small proportion of the population use such software.

              1. 2

                I’m thinking of software that allows an employer to track how much time their employees spend in different windows and applications, so they can take action against “incorrect” behavior.

            3. 0

              But 2200 is top 5% of people who have ever played chess online, including those 4 or 5 games and so on. As in top 5% of participation metric “has played chess online before”, I thought

            4. 12

              This is explicitly addressed in the beginning of the article:

              Note that when I say 95%-ile, I mean 95%-ile among people who participate, not all people (for many activities, just doing it at all makes you 99%-ile or above across all people). I’m also not referring to 95%-ile among people who practice regularly. The “one weird trick” is that, for a lot of activities, being something like 10%-ile among people who practice can make you something like 90%-ile or 99%-ile among people who participate.

              1. -1

                But this is for people who participate. 2200 is top 5% of people who have ever played more than, say, 5 or 10 games of chess online.

                1. 9

                  This is triply incorrect and once misleading.

                  First, many chess players never play online. I’d even guess that most don’t, so that is not the correct population to compare to.

                  Second, chess.com’s displayed percentiles are not for every player who’s ever played, only for active players. There was a change was a number of years ago, before this chart was made.

                  Third, if you look at that chart, top 5% among active players is roughly 1600 on chess.com, not 2150 or 2200.

                  Fourth, when you say it’s an X chess rating without qualification, I think this would imply to people in the U.S. that this is a FIDE or USCF rating. 1600 on chess.com from when that table was made converts to 1500 USCF and, again, that’s an overestimate because that’s only active players on chess.com which is going to be overweighted towards players who have put more time in.

                  Your stated number, 2200, is in the top 0.2% of active chess.com rapid players. 2200 must come from lichess blitz ratings. At the top of their blitz ratings graph, it notes that it’s for players active this week, so that also has the incorrectness mentioned above. Additionally, it’s well known that lichess generally has inflated ratings and blitz is particularly inflated even for lichess. It is extremely misleading to say that top 5% is “2200 chess rating” when referring to lichess blitz ratings.

                  Even if you look at people with USCF ratings, which is a tiny subset of the people who have played or play chess in the U.S. (roughly 85k USCF players, out of probably over 100M people who have played in the U.S.; that chart is old and has 65k but the distribution shouldn’t be wildly different), top 5% is still only 2000 USCF. “2200 chess rating”, as you put it, is someone roughly in the top 1000 USCF. Across all U.S. players, even accounting for strong players who don’t maintain a USCF rating, that’s probably at least the top 0.001%.

              2. 3

                I got to around 1900 in lichess classical in about a year without any specific effort starting from scratch, but a lot of play time.

                https://lichess.org/@/acham/perf/classical

                My greatest victory is against a 2314 rated player.

                In school I was about 90th percentile, so in general I think for a lot of tasks, with practice you just slot into where your intelligence level is, with deviation around quality and amount of practice.

                I think looking at the graph of all time rating of players is really fun.

              1. 5

                I have seen a number of offensive security researchers argue that antivirus is a major source of vulnerabilities (they do a lot of parsing with elevated privileges, which is a recipe for trouble).

                Windows Defender seems to have a decent reputation among them, though I believe it was still subject to a significant vulnerability a year or two ago.

                Here’s a thread collecting a few opinions: https://news.ycombinator.com/item?id=22160620.

                1. 4

                  The extent of my knowledge on safely wiping data from SSDs is that this patent exists: https://patents.google.com/patent/US20170050190A1/en.

                  1. 2

                    Lmao this patent is basically “throw it in a blender.”

                    1. 3

                      With chunks of ice. Not to make an SSD smoothie, just so you don’t breath in the dust.

                  1. 1

                    I’d thoroughly recommend https://gatling.io/ as we’re using it across both Java-based and non-Java-based APIs, and have found it pretty great.

                    I know we’re not using nearly the power it affords, but it’s very good!

                    You don’t need to know that much Scala too, it has a straightforward DSL before you get there

                    (originally posted at https://www.jvt.me/mf2/2020/01/utfz2/ and hand syndicated)

                    1. 1

                      I’ve also used Gatling, and it should do what you need.

                      I’m not as thrilled about it: parts of the API are a little hard to make work the way you want, but it has all the major capabilities I’ve needed.

                      I also agree about Scala not being a huge obstacle if you work in Java, though when I’ve had to dig into the Gatling code to understand things, it has slowed me down a bit.

                    1. 2

                      Embedding a scripting language into a C99 application for scripting program behavior (startup configuration will be done using these scripts too). I’m not entirely sure which one I’m going to use, right now I’m torn between lua, python, or just handwriting a LISP. I’m leaning towards Lua right now, but I’m sure someone here has done this before and I’m open to recommendations.

                      1. 3

                        Lua is definitely easier to deal with when integrating stuff, but then you’re left writing Lua (it’s fun for scripts but less fun for bigger programs I think).

                        I don’t know your usecase, but you might be able to “invert the stack”, where your entry point is written in Python, and it calls into your application via the Python FFI. This is what stuff like Mercurial does, and lets you more easily manage the dynamic nature of a program entry point and give you a good amount of expressive power.

                        The Python FFI with C is really straightforward, I’d recommend it.

                        1. 1

                          I don’t know your usecase, but you might be able to “invert the stack”, where your entry point is written in Python, and it calls into your application via the Python FFI. This is what stuff like Mercurial does, and lets you more easily manage the dynamic nature of a program entry point and give you a good amount of expressive power.

                          This is for my game engine. There’s an engine API exposed for export as a shared library and games/demos are loaded at runtime from shared objects (or DLLs) by the engine driver (a separate executable) during development. It should be possible to easily generate Python or Lua bindings based on this engine API.

                          File parsers (.ini, or XML or JSON data conversions) and script interpreters (C-like or LISP) in my experience become massive time sinks with poor documentation and breed many, many bugs, especially for mapping to/from JSON–“What are the keys this thing accepts?”, “Which parser version is this using and when did this key change?”. Scripts should be able to access engine behavior permitted by the security settings of their runtime environment, so they can be used for engine configuration, scripting gameplay behavior, and asset description (during development).

                          Asset descriptions should be human-readable, diff-tool comprehendable, and text searchable until compiled into optimized formats by the asset conditioning pipeline for distribution. Asset descriptions will rely on engine functions to piece together assets for use to simplify debugging, error checking, and to make behavior easily searchable to avoid the “oh, that thing I need is actually in some descendant tree of some binary-based object in the editor!” I’ve seen this done very well with LISPs before, which is why I had been thinking that way.

                          This creating binary dependencies–one of the next steps prior to this work is automatically creating and verifying semantic versions based on the symbols generated and function signatures of engine or game dlls. This will identify breakages automatically based on when symbols are added, removed or changed as part of CI/CD (diff can also be used to identify which C functions changed between commits) and simplifying this process is actually part of the reason I’m using C, since it generates consistent symbol names for analysis.

                          1. 1

                            I can’t speak to this from experience, but some years ago, I came across this page advocating for extending python with your library, rather than embedding: https://twistedmatrix.com/users/glyph/rant/extendit.html, and thought the arguments made sense. On the other hand, I have a sense Lua was made to be embeddable, and your own LISP would presumably be fine.

                            1. 1

                              That’s a great link! It has a lot of ideas I hadn’t thought about. I commented on another post why I’m doing embedding since it’s doing low-level control, not high level program flow. I should have been more clear about this in my original comment.

                          2. 1

                            Writing your own lisp or any PL implementation is a deep rabbit hole, approach with caution :) It also taught me a lot about programming though.

                            If the goal is actually finishing the main program: Lua; there’s also a few small lisps made with embeddability as a goal, chibi scheme to name one.

                            1. 1

                              Writing your own lisp or any PL implementation is a deep rabbit hole, approach with caution :) It also taught me a lot about programming though.

                              Yeah, I’ve written one before, that’s definitely a problem! :)

                              If the goal is actually finishing the main program: Lua

                              This is consistent with what I’m finding else in my research.

                              1. 1

                                I’m kinda in love with Lua since I first learnt about it some 15 (or more?) years ago, so I may not be exactly objective… generally, Lua excels at being an embedded language; also, historically, it evolved in part from a configuration language, so “glorified config” usage is deeply in its DNA, should you want it for this purpose (I like it as an escape hatch from Greenspun’s Tenth Rule whenever I’m tempted to consider adding some logic/templating to JSON). The language (and its implementation) is very simple yet powerful, the API is small, simple, robust, and designed for being embedded. If you are planning to use it for a game, the added benefit is that it’s basically an industry standard for scripting in games. Other than tons of games, it’s also used in a lot of other stuff, including: LuaTeX, Wireshark (IIRC), NetBSD has support for Lua-based drivers (!), and more.

                                On the other hand, the elephant in the room is, that Lua has a relatively small ecosystem of third-party libraries; definitely not anywhere near Python. There’s basically LuaRocks, and sometimes some fringe stuff not in Rocks. Alternatively, you can consider embedding LuaJIT instead of vanilla (a.k.a. PUC-Rio) Lua; it has awesome LuaFFI which can make it easier for people/you to do some integrations in the future; this might also allow you to reuse some third-party libraries created by the Love 2D community, though I never tried doing that. One thing to know here, is that LuaJIT’s creator stepped down, and although kinda handed over since, the project seems to me to be slowly stagnating (though, it can also be seen as basically “feature complete”). It wasn’t upgraded to Lua 5.3 (in all fairness, on purpose), though Lua 5.1 from which it was forked is already a very mature language.

                                As to writing “huge apps”, I never personally did that in Lua; my assumption here is, that possible issues around that would probably boil down to Lua being dynamically typed (less protections), and an interpreted language (speed). I think one would have similar problems in JS, Python, or LISP. As to speed, all of the languages I listed try to mitigate it to some extent through JIT interpreter(s), and Lua also has one in LuaJIT.

                                As to writing your own LISP… yeah, can do, as long as your main goal is to write your own LISP ;) I am sure this is very educating and enlightening, however it will definitely distract you form the game itself for long (if not forever…). Also, as far as ecosystem, I claim you’ll be much, much worse than with Lua, not to even speak about Python; one more dialect of LISP in a world where even mainstream LISPs are kinda fringe…

                          1. 2

                            It seems to me that this is not really about APIs in general, but about newsworthy information that’s meant to be redistributed and relied upon by parties who don’t know anything about the original caller of the API. Of course, that’s just a subset of APIs. It might also be relevant as defense in depth for very sensitive APIs.

                            For an “ordinary” (non-news, non-critical) API, you often can just rely on things like HTTPS to verify that you’re talking to the right server, and you’re not republishing the data, so there’s no question about whether third parties should trust it (or perhaps you’re republishing the data to other systems within your company).

                            Maybe I’m on the wrong side of this, like people who used to argue that HTTPS everywhere was excessive. However, I think not, because I think the pervasive use of HTTPS is already a significant protection, and that debate was about having zero verification vs. some, while this is about adding an additional level of verification.

                            1. 2

                              Work: Today, I’m revisiting some code I wrote a few years ago and getting an abject lesson in 1) how much I still have to improve at writing code, and 2) the perils of inheritance.

                              There’s a basic algorithm that collects objects that are connected in a graph. Then there’s a second algorithm that does does the same thing, except it dynamically ignores some edges in the graph based on information about the objects. I wrote the two algorithms so that the second inherits from the first, and that inheritance makes it much harder to reason about. Also, just in general, it was extremely hard for me to write the second algorithm, and it ended up not very clear or maintainable. There’s now a bug, I’m coming back to it after about two years, and it took me about a day to fully understand what I’d written, and how it works, and to try and make a modification. So I’m trying to figure out what I can do to make it comprehensible.

                              Not Work: going to set up a mac mini as a build/benchmark server. The full run of benchmarks for my regex project is relatively slow, so I’d like an isolated environment where I can run them on every git commit to master, and then publish them. I’m not sure what tools I should use.

                              I’ve also been trying to implement inlinining for the regex to bytecode compiler (previously: https://lobste.rs/s/sjymn9/what_are_you_doing_this_week#c_yjkmxx). My first attempt actually hurt performance, so I have to go back to the drawing board. I hand wrote the code that I’d ideally like to generate, and it does improve performance, so I just have to work on how I achieve that.

                              1. 70

                                Windows 10 has ads in the start menu, ads masquerading as security alerts, ads masquerading as software updates, uninstallable bloatware, a bizarre distinction between Metro and everything else (exemplified by the bifurcation of Settings and the Control Panel)….

                                So, I’m all for you doing you, but I can’t bring myself to run it.

                                1. 31

                                  The amount of Windows apologia in this thread is astonishing.

                                  Usage patterns, convenience or “brains”, I don’t care. Windows is a non-free operating system, and as such inherently user-unfriendly. The developments of the last few years are just an example of what you get when you’re OS is a service, you’re permitted to use.

                                  1. 22

                                    inherently user-unfriendly

                                    One of the main “Windows apologists” in this thread (@feoh) has stated that they have to run Windows to get a usable computing environment considering their eyesight. So in this case Windows is more “friendly” than a FLOSS alternative.

                                    Most Linux user interfaces I’ve seen just ape GUI conventions (many based on research) from closed systems (Windows and Mac).

                                    1. 5

                                      One of the main “Windows apologists” in this thread (@feoh) has stated that they have to run Windows to get a usable computing environment considering their eyesight. So in this case Windows is more “friendly” than a FLOSS alternative.

                                      As someone with terrible vision that’s only getting worse (including complete blindness in one eye), this is the kind of argument I can absolutely understand. Windows is, from what I understand, the most accessible of all the major operating systems.

                                      But defending ads in the Start Menu, well….them’s fightin’ words. :)

                                      1. 11

                                        My communications skills are clearly lacking because I cannot comprehend a set of perceived statements from me that are farther from the truth.

                                        As a matter of fact, I also run desktop Linux and as of Ubuntu 16/17 they’ve added key chorded full screen zoom which is an accessibility feature I need to make a computing environment usable.

                                        What I actually said is that at the time I bought my laptop, I need a 17” screen and there were no AMD chipset laptops in that size available that I could see. Operating system didn’t even come into that aspect of the discussion.

                                        And I’m not a Windows apologist. Honestly I think this typifies the kind of all or nothing thinking that hamstrings progress in the wider computing community. Either you’re with us or you’re against us. Some of us are willing to adopt a more nuanced view.

                                        Windows is a tool. It serves some people’s needs admirably, others not so much. That is the alpha and omega of this situation, and all the meaningless bluster and back and forth is utterly pointless.

                                    2. 12

                                      The amount of Windows apologia in this thread is astonishing.

                                      Not really. The lobste.rs community is designed with a lot of goals in mind, but if the About page is anything to go by, it was never explicitly designed to be a site for the promotion of Free Software. And, as they say in the TDD tribe, if you don’t explicitly test for it, it doesn’t happen.

                                      (for context’s sake, I have a Windows VM and a few machines that I explicitly run it on, but I recently switched my main laptop back to Linux because I just couldn’t get used to how SLOW the filesystem operations were; I still have a Windows 10 VM that I occasionally boot up to test Windows software on and make sure it’s properly up-to-date)

                                      1. 13

                                        The lobste.rs community is designed with a lot of goals in mind, but if the About page is anything to go by, it was never explicitly designed to be a site for the promotion of Free Software.

                                        If it were I would never have joined. I value a diversity of opinions.

                                        1. 14

                                          I can’t speak to the original intent since I wasn’t there, but it is certainly my personal opinion that it’s important to have a variety of perspectives on this topic. I would bring that opinion to my moderation if it ever became relevant.

                                        2. 4

                                          Of course, I know there are different opinions and I know that there are windows users, all I am saying is that after being a member for over two years and visiting the page for much longer, I was surprised to see how many people use windows, let’s say “willingly” (as opposed to the usual “I have to because of Software X/Job Y/Requirement Z/…”), as I rarely encountered this opinion until now. It’s kind of like if suddenly a lot of corporate COBOL enthusiasts would pop up.

                                          1. 9

                                            I was surprised to see how many people use windows, let’s say “willingly”

                                            Why is that surprising? It provides drivers for most hardware. You can run Microsoft Office (which a lot of people have to, to deal with paperwork at their day job), arguably the user interface is more usable/stable than GNOME/KDE, and you can run Linux programs via WSL [1].

                                            There are a lot of technical people who just optimize their environment for whatever they work on and want boring/predictable/mainstream/least-friction for the rest.

                                            I don’t see why people would have to apologize or defend themselves for using Windows, writing articles about Windows, or discussing Windows on lobste.rs.

                                            Disclaimer: I haven’t used Windows since Windows 3.1, outside for installing Windows every 2-3 years in a VM to observer what the state of that ecosystem is.

                                            [1] I work for a university, a lot of paperwork, collaboration on research project proposals, etc. requires Microsoft Office. Or to give a practical anecdote: when one of my students had problems using the university’s VPN, they literally said “oh, you try to use the VPN with Linux, you probably shouldn’t do that”.

                                            1. 8

                                              Why is that surprising? It provides drivers for most hardware. You can run Microsoft Office (which a lot of people have to, to deal with paperwork at their day job), arguably the user interface is more usable/stable than GNOME/KDE, and you can run Linux programs via WSL [1].

                                              I think this is a window into a very common personality attribute for technologists. We tend to hold our opinions so strongly that they come to be seen as concrete facts. I’ve fallen into this pattern innumerable times myself.

                                              1. 2

                                                Or to give a practical anecdote: when one of my students had problems using the university’s VPN, they literally said “oh, you try to use the VPN with Linux, you probably shouldn’t do that”.

                                                You used to be able to VPN into my university from Linux. Then they added 2FA and broke everything.

                                                1. 1

                                                  You used to be able to VPN into my university from Linux. Then they added 2FA and broke everything.

                                                  :(

                                                  Our university actually supports three different VPNs. The easiest solution from Linux is the AnyConnect VPN, which works with openconnect. However, the VPN server returns incorrect incorrect routes, which breaks things by default with openconnect. I worked around this by using a custom openconnect script that sets the routes correctly.

                                                  I have been using this without issues since I have started working remotely > 1 year ago. But now they are going to remove the AnyConnect support on April 1. Guess I have to figure out one of the two other VPN options, last time I tried, they didn’t work out of the box.

                                                  Of course, using OpenVPN or Wireguard would be to easy ;).

                                              2. 8

                                                If you’re so surprised that people have this opinion, then it’s probably worth looking into why people have this opinion. Like for me, I’ve made it clear: I love Windows because it has AutoHotKey. I can easily tweak the computer to work exactly how I want. Below, I asked “how do I write a keyboard shortcut for ∃ in Linux?” the two answers I got were 1) use emacs, 2) install a library that doesn’t work on Wayland. Whereas with AutoHotKey I just write

                                                >^e:: Send, ∃
                                                

                                                Now right ctrl + e gives me ∃. This works anywhere and doesn’t require me to change the fundamentals of my OS.

                                                1. 2

                                                  I love Windows because it has AutoHotKey.

                                                  I don’t quite see what about AutoHotKey is intrinsically limited to windows. I have until yesterday never heard of it, but I don’t see why this couldn’t be ported to other operating systems. That aside, it’s not an OS feature, but in our world would rather be a counted as a window manager feature, and as such it’s not surprising that there is an X tool and a Wayland tool.

                                                  Below, I asked “how do I write a keyboard shortcut for ∃ in Linux?”

                                                  I gave the first answer, since you’re basically just doing a paler version of Emacs for the windows UI. But more importantly, you’re example really looks like a gimmick, or at least something very specific to a particular workflow. I could just as well ask you

                                                  • how do you run shell scripts using at(1)
                                                  • how do you pin a window to stay above others
                                                  • how do you create dynamic workspaces
                                                  • how do I install my own tool bar
                                                  • how do I add a debian repository
                                                  • how do I manage all updates centrally*
                                                  • etc.

                                                  I don’t think that most of these things are intrinsically possible or impossible because of the operating system – certainly don’t require the fundamentals of an operating system to change. Most of these questions work in favour of my argument, because the software has already been written for or by the system/users. But this is mostly a contingent fact. Whereas the principal values of the two systems, one being open to inspection and change the other being hidden from the public and it’s users, seems like a much more decisive factor if you ask me.


                                                  Necessary rant: * without having each tool permanently prompting me to go download some updater from some wierd website I have to trust and run permanently, hoping it doesn’t install a toolbar I will not be able to get rid of, and conflicting with my permanently running anti virus program that wastes 80% of my CPU.

                                                  1. 9

                                                    I don’t quite see what about AutoHotKey is intrinsically limited to windows. I have until yesterday never heard of it, but I don’t see why this couldn’t be ported to other operating systems. That aside, it’s not an OS feature, but in our world would rather be a counted as a window manager feature, and as such it’s not surprising that there is an X tool and a Wayland tool.

                                                    The difference is it hasn’t been. If you look for an equivalent on linux you find a mess of abandoned projects that only partially work. For Mac, there’s hammerspoon, which is significantly more complex.

                                                    I’m also unsurprised you haven’t heard of AHK. You said earlier you’re astonished that people are defending Windows, which means you probably don’t know very much about how people actually use Windows.

                                                    I gave the first answer, since you’re basically just doing a paler version of Emacs for the windows UI.

                                                    The difference is that I now have to use Emacs, when AHK works for all windows. AHK acts as an overlay on top of everything else, so I can use it to hack in the behavior I want to any app.

                                                    And I can still keep using Vim.

                                                    But more importantly, you’re example really looks like a gimmick, or at least something very specific to a particular workflow.

                                                    That’s because I gave one example of how I use AHK, where the answer to that by itself requires me to understand Linux and window managers pretty well. It’s specific to a particular workflow, but that’s the point: I can immediately customize the OS to my particular workflow without a deep understanding of how the OS works. I can give you a bunch other things I do with AHK:

                                                    • Start and stop recording videos from my presentation clicker.
                                                    • Make GUI for saving notes from clipboards into multiple seconds without it disrupting my current workspace view or losing my attention.
                                                    • Switch between specific windows without alt-tabbing
                                                    • Copy a url and title as a markdown link for easy transfer to another window
                                                    • Firefox doesn’t have a keyboard shortcut for “start a screenshot”. Add one.
                                                    • Add a bunch of unavailable shortcuts to the TLA+ IDE
                                                    • Fave or unfave a song in spotify without having to switch to the spotify app
                                                    • Clone a file (foo.md to foo.md.1) without having to stop editing the file, or remember how many copies I made
                                                    • Toggle youtube playback from 1x and 1.25x tempo
                                                    • Quickly drop hashtags into a twitter thread while trying to livetweet a conference, without messing up my clipboard

                                                    I set up hotkeys for all of these. I’m sure I could do the same in Mac or Linux, but it wouldn’t be easy. I’d have to get a much deeper understanding of these systems than I already had, as opposed to using AutoHotKey, where the most complex of those features took me an hour. Are they gimmicks? Maybe! But they’re gimmicks that make my life much, much better.

                                                    Sure, Windows might be “hidden from the public and it’s users”, but AHK made it easy to get work done. Reading XDG specifications did not.

                                                    EDIT: Also, just to be clear about my background, I’ve used Linux as my only OS for several years, and yes I tried to do some of these things in Linux, too.

                                                    1. 1

                                                      The difference is it hasn’t been. If you look for an equivalent on linux you find a mess of abandoned projects that only partially work. For Mac, there’s hammerspoon, which is significantly more complex.

                                                      Again, this is a particular problem, not something you can use to sustain your general claim. The fact that it hasn’t been until now means nothing to me, since this could just as well change tomorrow, but from your argument up to now, I don’t think that would instantly make you switch.

                                                      Also, the fact that these projects aren’t being maintain, is somewhat of a sign to me that there isn’t a big need for them either? Or is it mere luck that AHK is being properly maintained on Windows?

                                                      I’m also unsurprised you haven’t heard of AHK. You said earlier you’re astonished that people are defending Windows, which means you probably don’t know very much about how people actually use Windows.

                                                      I know plenty of people who use windows, and I always hear the same issues, the same problems. When I watch them I mostly see them struggle, having issues or obvious inefficiencies. If they were not held hostage by propitiatory software developed exclusively for Windows, I am absolutely certain they would have a better user experience on other platforms.

                                                      The difference is that I now have to use Emacs, when AHK works for all windows.

                                                      Well that’s your problem: You leave Emacs ;^)

                                                      (It’s kind of off-topic, but my point was that Emacs-like environments should allow users to configure keybidnings to whatever function one wishes, all of them inspectable by the user, and mostly redefinable during the run-time. This is the essence of a user-programmable system I argue is superior and neither hides nor distorts the users relation to the device)

                                                      It’s specific to a particular workflow, but that’s the point: I can immediately customize the OS to my particular workflow without a deep understanding of how the OS works. […]

                                                      Again, this is an entirely contingent argument for Windows, as you don’t explain why Linux cannot have this. I guess it’s cool, but I don’t see what makes it technically unique/exclusive.

                                                      1. 5

                                                        Also, the fact that these projects aren’t being maintain, is somewhat of a sign to me that there isn’t a big need for them either? Or is it mere luck that AHK is being properly maintained on Windows?

                                                        From what I understand from my research the challenge is making something that works for everyone. Like the Wayland/X11 split by itself makes things tough. Sure, it’s technically feasible, but it’s going to be so much effort that people give up.

                                                        Again, this is an entirely contingent argument for Windows, as you don’t explain why Linux cannot have this.

                                                        Linux could have this. Windows already has this. I’m not going to switch back to Linux because it could eventually have a tool that I already use every day.

                                                        1. 1

                                                          I responded to the first point in a sibling response to @feoh, but just to reiterate it here: AHK is a DE/WM feature, not a OS feature. A cross-DE implementation of a AHK-like would be like requiring a cross-Version implementation of AHK on windows. If the format is standardized, there’s no reason why each DE/WM couldn’t have something like this for itself, if it’s users want it.

                                                          Regarding the second point, I’m not asking anyone to switch because of a potential ability (in our case I don’t have to care), I only want to make the point that this isn’t a real argument for Windows as such.

                                                          1. 4

                                                            If the format is standardized, there’s no reason why each DE/WM couldn’t have something like this for itself, if it’s users want it.

                                                            The point is it doesn’t exist, and (if how much you dismiss the value is any indication) probably won’t exist. At best there will be “you get this subset of features with DE/WM A, this subset with DE/WM B”, etc. Which doesn’t help me.

                                                            “Windows has this feature that could exist for some Linux distro but doesn’t yet” is, in fact, a good argument for me continuing to use Windows. To make the argument problem a bit more clear:

                                                            “I like London better than Los Angeles.”

                                                            “Why? There’s nothing intrinsically better than London, and Los Angeles has better weather.”

                                                            “The public transit in London is better.”

                                                            “But Los Angeles could build better public transit, so your argument is invalid.”

                                                      1. 1

                                                        Thanks for the pointer. I’d heard hints about this on podcasts and other reading but concrete citations are always super helpful.

                                                        From where I sit being able to say “Windows Defender is all you need, and it’s free and comes bundled with Windows 10” is a substantial quality of life boost from the bad old days when you had to trepidatiously choose and pay for some incredibly heavyweight antivirus package that would bog your system and throw up all kinds of annoying dialogs in the name of protecting you :)

                                                        It’s just another example of aspects of “living” in Windows that used to be horrible and just aren’t anymore.

                                                        That doesn’t mean Windows is superior or that everyone should run Windows as opposed to Linux or anything else, it’s just a data point which you can use to pick the tool set that works best for you.

                                                      2. 4

                                                        I don’t quite see what about AutoHotKey is intrinsically limited to windows. I have until yesterday never heard of it, but I don’t see why this couldn’t be ported to other operating systems. That aside, it’s not an OS feature, but in our world would rather be a counted as a window manager feature, and as such it’s not surprising that there is an X tool and a Wayland tool.

                                                        Respectfully, you’re rules lawyering his personal preference. Think about whether that actually makes sense.

                                                        1. 3

                                                          I actually don’t understand what you’re trying to say in response to that paragraph. I would appreciate if you could reword it.

                                                          1. 3

                                                            OK thanks. I won’t re-edit the original so anyone who cares to see the context can. Basically, the OP was saying “I love Windows because AutoHotKey gives me the flexibility I need to be able to configure all the important aspects of my system’s human interface.”

                                                            The reason Windows different from, say Linux is exactly as the OP said, Windows represents a single point of configurability for any given thing. There is ONE Windows desktop and ONE Windows API.

                                                            On Linux there are innumerable desktop environments, window managers, and even low level graphics toolkits or whatever X and Wayland actually are :)

                                                            It’s not that it’s impossible in LInux, but the diversity inherent in the platform makes it difficult and very inconvenient.

                                                            For them, and their preferences, that ease and convenience of the interface and implementation available to them today with zero work is what they in particular love about Windows.

                                                            By saying “There’s nothing special about Windows. You could do this all in Linux” it reads to me like you’re invalidating his preference with the existence of a theoretical possibility.

                                                            1. 0

                                                              I think the issue here is that you’re comparing Windows to all the various ways Linux can be used, which are basically all different systems. Just because by virtue of being a Kernel it can be used to run an OS, that in turn has multiple desktop environments, doesn’t mean that when you discuss something like AHK, a GUI extension, you get to argue via the kernel that this is a general issue of Linux. It might be seen as a deficiency of each DE, on it’s own, but this has no essential implication on the superiority of Windows in itself.

                                                              By saying “There’s nothing special about Windows. You could do this all in Linux” it reads to me like you’re invalidating his preference with the existence of a theoretical possibility.

                                                              The only think I am “invalidating” (a weird phrase) is the argument that the specific, contingent feature of AHK is a universal, essential argument for Windows/against “Linux”. You might call this theoretical, I call it clean.

                                                              1. 5

                                                                Your reply typifies a kind of closed mindedness I see as very unfortunate.

                                                                NOBODY is saying that Windows is superior and LInux is inferior! The OP simply said “These are reasons I find Windows meets my needs best.”

                                                                This is a community of crazy bright people, why can’t we seem to wrap our heads around the idea that not everything is a fight to the death, only one of us comes out alive, good versus evil argument?

                                                                The world is painted in shades of gray, and tool choices are the grayest !

                                                                1. 1

                                                                  I would like to emphasise that I am not arguing as a linux fanboy. I have in the past made multiple critiques of Unix and Unix-like systems that makes it harder for me to defend the position you are pushing me into.

                                                                  I will reiterate my point once more: Convenience and gimmicks are not worth trading in software freedom and user control in for. (“Necessity”, as in “I need windows because software X because of job”, is another debate).

                                                                2. 2

                                                                  The only think I am “invalidating” (a weird phrase) is the argument that the specific, contingent feature of AHK is a universal, essential argument for Windows/against “Linux”. You might call this theoretical, I call it clean.

                                                                  Re-reading his statements, I don’t see anything anywhere about it being a ‘universal, esssential’ argument for Windows and against LInux. The OP was stating a preference based on how easily they could customize *their” system in ways that tailored to their exact needs.

                                                          2. 0

                                                            I gave the first answer, since you’re basically just doing a paler version of Emacs for the windows UI.

                                                            I missed this in all the chop yesterday. This is a prime example of how you are perhaps unintentionally shoehorning someone else’s tool choice preferences into your rather constrained version of reality.

                                                            In my opinion there is exactly zero correlation between customizing a Windows system with AutoHotkey (Or an OSX system with Alfred, for example) and emacs.

                                                            In one case, we’re adding layers of nuanced refinement into a very rich and diverse existing ecosystem (AutoHotKey/Alfred) and in the other (emacs) we’re supplanting the entire operating system and its accompanying ecosystem and replacing ith with another paradigm entirely (which is incredibly powerful in its own right.)

                                                            1. 1

                                                              In one case, we’re adding layers of nuanced refinement into a very rich and diverse existing ecosystem (AutoHotKey/Alfred) and in the other (emacs) we’re supplanting the entire operating system and its accompanying ecosystem and replacing ith with another paradigm entirely (which is incredibly powerful in its own right.)

                                                              Correct my if I am wrong, but doesn’t AHK provide the ability to programmatically extend your system-interaction? If yes, then the results seem to go in the same direction as Emacs does, if not then the entire discussion was pointless.

                                                          3. 1

                                                            how do I write a keyboard shortcut for ∃ in Linux?

                                                            Maybe I’m just completely missing the point … but … what’s exactly the problem with “you add it to the keymap” that you encountered?

                                                          4. 6

                                                            Open your mind. Different people have different needs.

                                                            Also, just because I say that Windows is fitting my needs in a particular context doesn’t mean that I’m a Windows ‘apologist’ (Honestly I find that whole idea rather insulting. I’m an open source advocate and have been since before FLOSS was a thing.)

                                                            1. 4

                                                              I consider Windows harmful, not only to it’s users but to the user’s friends, colleagues and their work environments. It promotes a usage-paradigm and human-computer relation that I do not think should exist. I am dogmatic about this, and I know some people don’t like it, but until convinced otherwise, I will do everything I can to fight this problem, and at best grudgingly tolerate it.

                                                              1. 3

                                                                Respectfully this is exactly the kind of dogmatism that in my opinion slows the forward progress of our community and our field.

                                                                There are very few opinions in life one should be dogmatic about in my view. On the order of “Every human will die.” and maybe a handful of others.

                                                                1. 2

                                                                  Well if we’re going to discuss dogmatism and it’s necessity, i think we’ve gone off-topic. Either way, I don’t think there’s much of a point in it.

                                                                  1. 2

                                                                    I don’t think it does. Linux and the ecosystem necessary to use it effectively wouldn’t have existed without the dogmatism of people who weren’t prepared to compromise with closed source software.

                                                                    1. 3

                                                                      Oh I couldn’t disagree more. Linux is rife with pragmatic decisions!

                                                                      There is a vast difference between dogmatism and fervent dedication to a cause.

                                                            2. 5

                                                              I’m not sure what’s your point here. The OP argues that software centric person (such as visitor of this website) should clearly identify the faults of a closed operating system when this thread indicates otherwise.

                                                              It has nothing to do with the “purpose of lobste.rs”.

                                                            3. 7

                                                              OS is a service, you’re permitted to use.

                                                              Especially when they do stuff like prevent local account creation. I’m firmly convinced this is a step towards putting all users on a monthly Windows subscription.

                                                              The amount of Windows apologia in this thread is astonishing.

                                                              I use Windows for work, because I’m required to use Windows. I don’t hate it, but when I have a choice, I choose Linux (or a Mac). Windows just has a lot of enterprise business-like stuff tacked on and in my way, and bizarre and overcomplicated APIs written for it. It feels like the C++ of operating systems–folks starting bringing things into it without a clear vision and now it feels incoherent and overcomplicated with a lot of implicit behavior.

                                                              1. 4

                                                                See my comments elsewhere in this thread. I personally feel that the era of the commercial desktop computing operating system as we know it is slowly drawing to a close. Both Microsoft and Apple are transitioning towards models that map more cleanly to the tablet space where the computer is a black box appliance that allows for very little user configurability, but on the other hand provides very little surface area for people who WANT an appliance to confidently use the device without fear of going someplace they don’t understand how to get back from.

                                                                This is why, despite my personal choice to use Windows 10 as my “get work done” environment, I am staunchly committed to the advancement of LInux on the desktop, because once the commercial OSen become utterly hostile to tinkerers like us, it and other FLOSS environments like it will literally be the only show in town.

                                                              2. 5

                                                                It is however an incredibly accessible operating system, compared to whatever hodge-podge linux atrocity you’d prefer to torture someone with. Besides maybe Elementary OS, there is essentially no comparison in the usability of open source alternatives, which are designated “alternatives” correctly, because nobody that’s really honest with themselves would ever name them as a primary choice for a normal person’s graphical system.

                                                                1. 2

                                                                  Windows issues aide, I’ve never understood the Elementary craze. I’ve tried it ( probably an early version) and half the things were unfinished, the other half wrong for me. Yet people adore it and compare it with the macos. I’ll have to try again, I guess.

                                                                  1. 4

                                                                    It’s probably just not the OS for you, and I’d really only compare the UX language to Windows because at the end of the day it’s still a Linux hodge-podge nightmare

                                                                    1. 4

                                                                      Yep, I’m a veteran user, past most of the distro hopping affinities and stuff. I still change things up now and then, but my primary interestis to have a stable environment. Don’t wanna fiddle with details as much.

                                                                    2. 3

                                                                      Funny thing - this is one of the points where I actually remember when starting with Linux.

                                                                      If it wasn’t in the start menu, it didn’t exist. This was at a time when internet access wasn’t readily available and pre-Google. elementary does remind me of the first KDE/Gnome desktops of RedHat/SuSE 5/6 - everything kinda worked and it came with a good amount of stuff preinstalled that a person completely new to the system could just do stuff.

                                                                      Looking at it from my current point of view (has it been 21 years of using Linux? damn) I think - compared to Windows - it has kept a bit of simplicity and is less in-your-face flashy and weird. But maybe it’s just me getting really familiar with computers at the time of Windows 95, where everything looked kinda spartan. I didn’t use it long enough to notice things being broken, though, just a few hours at a time.

                                                                2. 5

                                                                  I installed Win 10 on my machine over a year ago and have not done anything special to it. It does not have any ads and there are no bloatware I have noticed, Metro is practically speaking non-existent for my user experience, and let’s not kid ourselves and say any Linux distro actually has a serviceable settings/control panel.

                                                                  I’m all for using Linux and I use it practically every day, but from a usability standpoint, Linux doesn’t hold a candle to Windows. I wish it did, but you have to be delusional if you believe any Linux distros provide a comparable desktop experience.

                                                                  2020 is still not the year of the Linux desktop.

                                                                  1. 1

                                                                    I agree, Desktops are a losing game anyway, butt Linux holds the mobile market. But all trolling aside, Windows is the unusable system for me, slow, clunky and gets in the way.

                                                                  2. 14

                                                                    Windows 10 has ads in the start menu, ass masquerading as security alerts, ads masquerading as software updates

                                                                    All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                    uninstallable bloatware

                                                                    I’m going to pick on you for a moment here in the hopes that you have broad shoulders and can take it in the name of raising the level of discussion here. What do you mean by this? I’ve begun treating any use at all of the word “bloat” as tantamount to pointless trolling.

                                                                    Does it use too much memory? Is it inefficient in terms of CPU usage? Does it take up too much storage?

                                                                    Let’s at least all consider being a bit more specific in our complaints that we might be able to learn something from them.

                                                                    a bizarre distinction between Metro and everything else (exemplified by the bifurcation of Settings and the Control Panel)….

                                                                    Windows has always suffered from the lengths it goes to in the name of retaining compatibility. How much do you feel this actually impacts end users? (Honest question.)

                                                                    1. 39

                                                                      All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                      Be that as it may, I shouldn’t have to disable ads in my operating system. I definitely don’t appreciate getting a “ding!” every so often (which sounds like a real notification) to remind me to sign up for OneDrive…

                                                                      I’m going to pick on you for a moment here in the hopes that you have broad shoulders and can take it in the name of raising the level of discussion here. What do you mean by this? I’ve begun treating any use at all of the word “bloat” as tantamount to pointless trolling.

                                                                      Does it use too much memory? Is it inefficient in terms of CPU usage? Does it take up too much storage?

                                                                      Things like Xbox Games (or whatever it’s called), Paint, etc. They don’t take up too much space, or too much CPU…they just exist. They take up too much attention for something that I’m never going to use…and I should be able to install or uninstall any software I want on my computer, without resorting to unapproved hacks.

                                                                      Windows has always suffered from the lengths it goes to in the name of retaining compatibility. How much do you feel this actually impacts end users? (Honest question.)

                                                                      There’s a difference between backwards compatibility and “I want to do this, but the setting isn’t in Settings, it’s in Control Panel, and I don’t know when to use one or the other.” At least last time I used Windows 10 (within the last year or so), they would sometimes direct you from one to the other, but not always. So it definitely impacted me at least once.

                                                                      1. 6

                                                                        Just like I think an OS should ship with a text-editor that won’t be what most programmers use, I think it should ship with an image app with roughly the complexity of Paint. On both my work Macs, I found myself needing to make a trivial graphic, and not knowing what to use. GIMP was vastly over complicated for me, other apps were too paid for irregular use (and I didn’t know if I’d understand them).

                                                                        1. 2

                                                                          Things like Xbox Games (or whatever it’s called), Paint, etc. They don’t take up too much space, or too much CPU…they just exist. They take up too much attention for something that I’m never going to use…and I should be able to install or uninstall any software I want on my computer, without resorting to unapproved hacks.

                                                                          I don’t mean to invalidate your perceptions here but.. Remove them from the start menu? At that point they’re invisible to you other than bits on the disk.

                                                                          There’s a difference between backwards compatibility and “I want to do this, but the setting isn’t in Settings, it’s in Control Panel, and I don’t know when to use one or the other.” At least last time I used Windows 10 (within the last year or so), they would sometimes direct you from one to the other, but not always. So it definitely impacted me at least once.

                                                                          That’s interesting. Whenever I want to change something, I type an approximation of that thing into the start menu and get the setting I need. I don’t try to guess where it is, I let the mechanism the OS provides guide me. YMMV of course.

                                                                          1. 11

                                                                            I don’t mean to invalidate your perceptions here but.. Remove them from the start menu? At that point they’re invisible to you other than bits on the disk.

                                                                            They tended to return after an update for me.

                                                                            In hope that this topic will amount to something more interesting than a Windows/Linux flame war, I would like to refer anyone who have not read this piece yet to do so now: Practical Ethics: Why It’s OK to Block Ads

                                                                            It’s important to note that the essential question here is not whether we as users are being manipulated by design. That is precisely what design is. The question is whether or not the design is on our side.

                                                                            I tend to prefer user agents that I can reasonably believe will not betray me.

                                                                            1. 10

                                                                              I don’t mean to invalidate your perceptions here but.. Remove them from the start menu? At that point they’re invisible to you other than bits on the disk.

                                                                              Bits on my disk. If I want them off of there, I should be able to do so trivially…especially when it’s code that I don’t know if it’s phoning home, monitoring my browsing, contains an RCE vuln, or doing whatever. Even if it’s just sitting there, if I want it gone, well…it’s my computer.

                                                                              1. 7

                                                                                Bits on the disk matter. Windows takes forever to update. Part of that surely is it updating the crapware it comes with.

                                                                                I’m going to pick on you for a moment here in the hopes that you have broad shoulders and can take it in the name of raising the level of discussion here. What do you mean by this? I’ve begun treating any use at all of the word “bloat” as tantamount to pointless trolling.

                                                                                Windows search is the worst search interface I think I’ve ever used. It almost never gives me what I want to search for, but web searches for it instead…

                                                                                1. 4

                                                                                  That’s interesting, I haven’t noticed since Windows moved the update process to only happen when I login/logout or restart.

                                                                                  It’s a different world from my wife’s old Windows 7 laptop which could sit for HOURS updating if you’d not turned it on in a bit.

                                                                            2. 22

                                                                              I shouldn’t have to disable it. It shouldn’t exist in the first place. It shouldn’t even be able to be enabled.

                                                                              1. 7

                                                                                I’m sure plenty of engineers at MS would love for you to tell this to the executives and shareholders.

                                                                                1. 9

                                                                                  That’s exactly the problem, isn’t it?

                                                                                  This tension between what the business wants and what the users want is precisely what leaves a nasty taste in my mouth (and many other people too, judging from the comments). Even if I wasn’t already completely brain-washed into the UNIX way of working (and preferring the command line in general, since I got started with Commodore BASIC and DOS), I’d still happily use a less shiny, less polished UI just to get rid of all that bullshit.

                                                                                  The computer exists purely to serve me, not some corporate agenda. And with all the global spying that’s going on I feel even less inclined to use an OS that has unknown other goals aside from being the most efficient platform to run applications (because that’s the only thing an OS should do).

                                                                                  1. 2

                                                                                    The computer exists purely to serve me, not some corporate agenda

                                                                                    The free software movement exists because of affordable hardware created by corporate activity.

                                                                                    Edit I should expand -

                                                                                    • Linux was created because Linus T + friends had access to cheap x86 hardware. This was because of the IBM PC era dominated by MSFT/Intel
                                                                                    • Before Linux, most free software was created in universities, many of who relied on corporate largesse/donations/taxes to function and buy the hardware to develop on.
                                                                                    1. 4

                                                                                      Pure hardware companies arguably have much less opportunity to make the computer do things that are opposed to the user’s desires. In a sense, we got very lucky that the IBM PC was designed as an open system and got so incredibly popular. Otherwise we’d be stuck in a situation like the Apple or game console ecosystems, where the software companies control the entire stack down to the hardware and running alternative software isn’t really supported (or even possible).

                                                                                    2. 1

                                                                                      How did you acquire your computer?

                                                                                2. 21

                                                                                  All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                  I’m not a heavy Windows user. But I have tried to disable the advertised apps in the start menu, and I have not found any lasting success. Every time I think I’ve effectively removed them, a few days/weeks later, Candy Crush Saga or its ilk reappears in my start menu.

                                                                                  I don’t doubt your statement that there’s a way to disable them long-term or even permanently. And I’d not be surprised if you’re correct that such disablement is easily executed.

                                                                                  But that process is certainly not trivially discoverable, for me, anyway. And judging from the number of start menus I see those tiles in, I don’t think it is for most people.

                                                                                  1. 8

                                                                                    Hate to be that person, but my start menu has only had the tiles I’ve put on it for over a year now, and I haven’t once had those things “return”.

                                                                                    1. 3

                                                                                      OK. My Win 10 install dates from before they brought back the start menu. As soon as they did, it had tiles for candy crush saga and a few other similar things on it. I right-clicked those tiles and removed them. They went away. Then they came back after an update or two. I removed them again. Since then, more games have come back despite that Win 10 Pro install never having been used to sign into the store, let alone play a game.

                                                                                      I’ve tried every trick google shows to stop that from happening. Games keep coming back. Different games each time, I think, but games being advertised from the store all the same.

                                                                                      Maybe the problem is that I’m using Win10 Pro and I need a different SKU to be able to tell it “this is an install for compiling software. keep all games away.”

                                                                                      1. 3

                                                                                        Strange, I’m only on W10 Home. Maybe in your attempts to make these things go away you’ve accidentally flipped a registry variable that says please make me suffer with more game promotions 😅

                                                                                        1. 1

                                                                                          I have the vague impression that a clean installation might help. i.e. some setting that used to be more persistent in early versions of W10 got locked in for me and wouldn’t if I started fresh. But getting my scripted builds of OpenSSL and Boost back to where they should be is just enough of a headache that I’d rather give the games a dirty look and then move on (for now).

                                                                                          I do really want to get my head around what people consider good practices for a (mostly non-interactive) Windows build box these days. I find it hard to believe Win 10 Pro with Visual Studio is the current state of the art, but figuring out what is just hasn’t bubbled up to the top of my to-do list yet.

                                                                                          1. 4

                                                                                            At a previous $job we had to deal with these things since a lot of our infra (including things that honestly shouldn’t have been, such as in the embedded space) was windows, but for the sake of lending advice I was sadly never put to task working on the powershell script used to initialize windows images. I can tell you just that, though; if it’s professional Windows management there’s always powershell involved.

                                                                                    2. 1

                                                                                      Thank you that’s a very good point. I’ll admit I Googled and found an article which signposted them all :)

                                                                                      1. 1

                                                                                        I did that too. If the first one you found has continued to keep them out of that menu through a few “feature updates” you found a better one than I did.

                                                                                    3. 9

                                                                                      All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                      That’s nice they can be disabled now, but

                                                                                      1. they might not be in the future

                                                                                      2. do you really want to trust a company that implements this as opt-in by default

                                                                                      3. since it’s proprietary, you don’t really know if they are honoring your settings completely (especially around ‘telemetry’)

                                                                                      1. 1

                                                                                        As I’ve said ad infinitum in this thread - I am making the pragmatic choice to use Windows today, but I’m convinced that the era of the commercial desktop operating system is coming to a close, so I’m committed to ensuring that desktop Linux improves over time, because ultimately I think that and other FLOSS environments like it will be the ONLY choice for tinkerers like us.

                                                                                        I run both. I use Windows 10 and Ubuntu 19.10 and love them both in different ways for different tasks.

                                                                                        I love the fact that people are building so many amazing creative wonderful things in the Linux space, but I can’t reliably use that as my bedrock ‘production’ environment because, depending on which package I install and what it does, I might easily render my Linux partition unbootable.

                                                                                        So I treat my Linux install like a mad scientist’s lab that might explode at any moment but might also product the next wonder of the world, and my Windows install as the rock solid place where my cushy hyper configured environment lives along with my productivity tools, IDE, etc.

                                                                                        That works very well for me right now.

                                                                                      2. 8

                                                                                        The problem is that starting with Windows 8, Microsoft tried to shoehorn their entire userbase into a mobile operating system. Thats fine if your device is a phone.

                                                                                        But some users device is a desktop computer, and a mobile operating system isnt, never was, and never will be appropriate for that use case.

                                                                                        Until that is understood, and two different flavors of Operating System are allowed to exist and flourish, Windows wont be as good as it once was.

                                                                                        Windows is my primary Operating System. But until this Metro stuff is over and dead I am afraid that Windows 7 might be my last Windows OS.

                                                                                        1. 6

                                                                                          Have you tried a modern windows 10 os? If you remove the tiles from the start menu, you get a classic start experience exactly like what you are used to. Beyond that touch oriented features have been integrated in such a way that they don’t ever get in your way. I don’t think the argument that Windows 10 is a “touch oriented os” holds any water anymore.

                                                                                          1. 3

                                                                                            ok and what about Cortana?

                                                                                            1. 4

                                                                                              What about it? It takes two clicks to hide the search bar and I’ve never seen Cortana since.

                                                                                                1. 2

                                                                                                  That’s only if you want to rip it out of the system completely, not sure why you’d even do that other than on principle. You can just not open it.

                                                                                              1. 1

                                                                                                Again. Try a modern version of win 10. The Cortana crap can be easily hidden and you get a start menu just like the good old days.

                                                                                            2. 4

                                                                                              How does this materially impact you? I’m interested in things you need to do that it scuppers, or blocks completely.

                                                                                              1. 13

                                                                                                I know you didn’t mean it this way, but it sounds like victim blaming. “Microsoft changed how they do things you are paying money for, but are you sure you’re inconvenienced enough to complain?”

                                                                                                1. 3

                                                                                                  I’m sorry it came off that way, especially with the use of “materially.” The original post threw around a number of fairly abstract reasons for not liking it and I was looking for more concrete examples of how this causes a breakdown. There is also an argument to made that the terminology used isn’t accurate for Windows 10, but soliciting more detail is probably the best response.

                                                                                                2. 3

                                                                                                  An example that bit me (though a couple years ago, so may have changed since I last set up a new machine):

                                                                                                  The Onenote UWP app from the windows store is preinstalled and difficult to remove. However it isn’t completely compatible with the win32 app included with office – if you’re sharing notebooks with office users and setting permissions w/ AD you can’t use the windows store version. You can install the office version, and it sort of takes over, but not quite 100%. So you end up with some onenote links working correctly in your win32 app, but others sometimes opening the store app instead. And when that happens it then tries to take over as the default onenote app again, screwing everything up in the process, and you need to clean up a bunch of prefs that get changed out from under you.

                                                                                                  I finally found some combination of settings in both apps, the system default apps settings, and a manual registry hack that seems to have permanently fixed it. But, until I found that, using Onenote was a daily struggle due to the preinstalled nonsense that I didn’t want to use.

                                                                                                  1. 1

                                                                                                    Its not just what I listed. Its other problems, like making people resort to registry hack to remove unwanted features:

                                                                                                    https://www.howtogeek.com/265027/how-to-disable-cortana-in-windows-10

                                                                                                    or blocking local account creation (LOL?):

                                                                                                    https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation

                                                                                                    its these comically bad, user hostile decisions that keep me from upgrading.

                                                                                                  2. 3

                                                                                                    A lot of people have said that this bifurcation has been all but healed in Windows 10. Clearly remnants remain, but they certainly haven’t gotten in my way so your mileage clearly varies.

                                                                                                  3. 8

                                                                                                    All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                                    This is not an excuse for user-hostile behaviour.

                                                                                                    1. 1

                                                                                                      All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                                      …. and the next time they come back it takes 20 minutes. And after that it involves kernel pacthes. And then firmware hacks.

                                                                                                      At least for me, this is a matter of self-respect, not a matter of time. But I guess some people strongly prefer being pushovers to drawing a line in the sand and accepting whatever slight inconvenience comes with it.

                                                                                                    2. 3

                                                                                                      For anyone looking for a power user’s alternative to control panel I recommend creating an empty folder, naming it LobsterMode.{ED7BA470-8E54-465E-825C-99712043E01C}, and then clicking it to see what happens.

                                                                                                    1. 4

                                                                                                      One important meta-point: the bar for new languages is only going to rise over time.

                                                                                                      I see at least two responses pointing to C/C++ not having package managers. But those languages came into existence a long time ago, found a big niche, and have momentum. The fact that they don’t have package managers doesn’t mean a new language can get momentum without one, any more than JavaScript’s prominence means you’ll get a warm reception if your language is full of strange implicit coercions.

                                                                                                      1. 1

                                                                                                        Programming language package managers are actively harmful. They promote the kind of absurdity you see wherever they exist. Look at Cargo and NPM. Hundreds or thousands of dependencies for very simple programs.

                                                                                                      1. 1

                                                                                                        Parts of this essay fit with my personal axe to grind: I don’t think modeling objects on real world objects is particularly helpful. It may be useful as a way of getting intuitions working in an OO 101 tutorial, but I’m not even sure about that.

                                                                                                        Objects are a way or organizing code to achieve the goals of understandability, maintenance, extensibility, etc. It’s a further hypothesis that modeling them based on real world objects is generally a good way to achieve those goals, and I’ve never seen anyone really try to demonstrate that hypothesis, as opposed to assuming it.

                                                                                                        1. 1

                                                                                                          Consider an object… What is an object? Philosophers are always saying, “Well, just take a chair for example.” The moment they say that, you know that they do not know what they are talking about. Atoms are evaporating from it from time to time; dirt falls on it and gets dissolved in the paint; so to define a chair precisely, to say exactly which atoms are chair, and which atoms are air, or which atoms are dirt, or which atoms are paint is impossible…

                                                                                                          There are not any single, left-alone objects in the world—every object is a mixture of a lot of things, so we can deal with it only as a series of approximations and idealizations.

                                                                                                          The trick is the idealizations. One may prefer a mathematical definition; but those can never work in the real world. A mathematical definition will be good for mathematics, in which all the logic can be followed out completely, but the physical world is [too] complex. When we try to isolate pieces of it, to talk about one mass, the wine and the glass, how can we know which is which, when one dissolves in the other?

                                                                                                          A system of discourse about the real world must involve approximations of some kind. This is quite unlike the case of mathematics, in which everything can be defined.

                                                                                                          The Feynman Lectures on Physics, Vol. 1: p. 12-2; some phrases omitted for concision.

                                                                                                          1. 3

                                                                                                            The idea that ordinary objects are impermanent or unreal goes back a long way in philosophy. That line was a bit silly.

                                                                                                            1. 3

                                                                                                              Indeed! The philosophy of identity is literally ancient, and that includes its poster-child thought experiment, the ship of Theseus. However, I believe that despite his silliness, Feynman provides an excellent and approachable introduction to the abstract concepts of objects and identity for the modern-day programmer; hence why I shared the above excerpt.

                                                                                                          1. 2

                                                                                                            Something about this article itched at me, and on the orange site user danShumway said this which hit the nail on the head for me:

                                                                                                            If you’re looking at [another] ecosystem and saying, “the number of dependencies is problematic because it takes a long time to review them”, I agree with you. If you’re looking at the Go ecosystem and saying, “there are fewer dependencies, so I don’t need to review them”, then that’s a security antipattern.

                                                                                                            For example, the Rust standard library was kept small by design because they acknowledge that something in the standard library it shouldn’t be “trusted” just for simply being part of std.

                                                                                                            1. 1

                                                                                                              I think it depends what sort of security you’ve hoping the standard library gives you.

                                                                                                              A standard library might make poor crypto choices, do funny things with deserialization, or have any number of other security sensitive code that can be a risk, so the presence in the standard library isn’t anything like a full seal of approval.

                                                                                                              I still think that presence in most languages’ standard library give you some assurance against the kinds of “supply chain” attacks we’ve recently seen in NPM and PyPi. For many libraries, those supply chain attacks are the primary security issue the library raises.

                                                                                                              1. 2

                                                                                                                I still think that presence in most languages’ standard library give you some assurance against the kinds of “supply chain” attacks we’ve recently seen in NPM and PyPi.

                                                                                                                I don’t think you should be conflating those last two.

                                                                                                                The thing people seem to worry about in a “supply chain” attack is that they’re depending on a particular package – let’s say foolib – and one day an evil person compromises the package-registry account of foolib’s maintainer, and uploads new packages containing malicious code, which are then pulled automatically by the build processes of people depending on foolib. I believe that has happened a few times to packages on npm.

                                                                                                                But as far as I’m aware, that’s not a thing that has happened to PyPI. All the alleged “supply chain attack” stories I’ve seen about PyPI involved typosquatters who’d register a similarly-named package and hope to trick people into installing it instead of the real thing. So, say, someone registering foo-lib or foo-library and hoping you’d not look too closely and conclude their package was what you wanted. While that’s a thing that definitely needs to be policed by the package registry, anyone with foolib in their dependency list is never at risk of receiving a malicious package in that case. Only someone who adds the malicious typosquat as a dependency is in trouble.

                                                                                                                (it’s also something difficult to police in an automated way, because it’s somewhat common for package registries to end up with multiple similarly-named but legitimate packages)

                                                                                                                1. 1

                                                                                                                  Thanks, I thought PyPi had both types of attacks, but it appears it’s only been typosquatting.

                                                                                                            1. 13

                                                                                                              An interesting metric if you want to make a short-living utility with low latency to output.

                                                                                                              Pretty useless if you are interested in throughput or latency of a long living process.

                                                                                                              1. 3

                                                                                                                If you’re interested in latency, the relationship between syscalls and latency is so scattered that you’re better off just measuring the latency. Otherwise, you might conclude that JIT compiled Java is as good for quick command line programs as go.

                                                                                                                1. 6

                                                                                                                  It also provides a datapoint on unnecessary complexity and bloat.

                                                                                                                  Pity Nim is not in the article (yet).

                                                                                                                  1. 8

                                                                                                                    “Unnecessary complexity and bloat.” in the context of a useless program.

                                                                                                                    1. 3

                                                                                                                      Isn’t it roughly equivalent to the quite non-useless true program?

                                                                                                                      1. 2

                                                                                                                        Oh god, people will be “beating” GNU true in all manners of programming languages next…

                                                                                                                      2. 1

                                                                                                                        Well, the more unnecessary syscalls, the more of a runtime there is. Those additional syscalls never go away.

                                                                                                                        1. 7

                                                                                                                          And?

                                                                                                                          If the runtime is long enough this syscalls at start get negligible.

                                                                                                                          Once again - this metrics are useful in one context and totally useless in others. The important stuff is to know if they are relevant to your situation.

                                                                                                                          1. 3

                                                                                                                            Not all of these syscalls are strictly startup-related, though.

                                                                                                                            Part of Rust’s overhead is from stdout locking, and that means additional syscalls every time you print, not just at startup.

                                                                                                                            1. 3

                                                                                                                              If Rust generates syscalls for an uncontested lock, that’s bananas. Every decent lock implementation uses an atomic instruction in userspace, and only falls back to the kernel when it finds the lock held by another thread. For example, pthread_mutex_lock in musl libc tries an atomic compare and swap before resorting to the syscall implementation.

                                                                                                                            2. 1

                                                                                                                              I meant the language runtime. As we can see, the “slower” and more abstracted languages make more syscalls. The more control you have, the less syscalls are called.

                                                                                                                              1. 1

                                                                                                                                This may be true but it can’t be tested the way the linked blogpost does.

                                                                                                                      3. 2

                                                                                                                        A commenter on HackerNews made a test with Nim: https://news.ycombinator.com/item?id=21957476

                                                                                                                        1. 2

                                                                                                                          A lot of people in this thread seems to be focusing on startup time and ignoring the point of the article hinted more by the amount of disk space used and, secondarily, the number of syscalls:

                                                                                                                          These numbers are real. This is more complexity that someone has to debug, more time your users are sitting there waiting for your program, less disk space available for files which actually matter to the user.”

                                                                                                                          This was not an objective test, this is just an approximation that I hope will encourage readers to be more aware of the consequences of their abstractions, and their exponential growth as more layers are added.

                                                                                                                          Unnecessary complexity translates into cognitive load for those who want to understand what happens under the hood.

                                                                                                                          Especially when contributing to the compiler or porting it to a different architecture.

                                                                                                                          1. 17

                                                                                                                            I read the entire article and understood the point.

                                                                                                                            I don’t think the point is valid, that’s all - at least not when it comes to “real-world” software development.

                                                                                                                            For example, you can’t throw a pebble on this site without hitting a comment decrying C’s lack of memory safety. “But my users will thank me when they count the low number of syscalls my code is using!” isn’t much use when your program is crashing or their box is getting rooted because you messed up memory management.

                                                                                                                            Likewise, if your code is spending most of its time waiting for data to come down the wire, or for something to be fetched from a database, why optimize for syscall count?

                                                                                                                            1. -1

                                                                                                                              Umm, you do realize the database fetching the data is a program using syscalls, and the routers transmitting the data also use syscalls. If everything in the chain is slower, you will be waiting longer…

                                                                                                                              1. 5

                                                                                                                                Any database system can be coded as lean and mean as possible, and still be brought down by someone mistyping a query and performing a full-table scan.

                                                                                                                                A power outage can knock out a datacenter, forcing traffic to go via slower pipes. So users will be waiting longer, despite routers being lean and mean.

                                                                                                                                More syscalls contribute to slower performance, but they’re generally dwarfed by other factors.

                                                                                                                          2. 1

                                                                                                                            I would not be surprised if the ‘useless’ results carry through proportionally to real programs.

                                                                                                                            1. 8

                                                                                                                              A month or two ago there was a spate of posts where people “beat” GNU wc using a plethora of languages. It would be interesting to see the results of a program that read a 1MB Unicode text file and reported number of lines, bytes, characters etc, and compare using this metric.

                                                                                                                          1. 15

                                                                                                                            Maybe some folk don’t understand what’s going on here, but this is in direction violation of Postel’s law:

                                                                                                                            They’re blocking access from old devices for absolutely no technical reason; they’re blocking read-only access from folks that might not have any other devices at their disposal.

                                                                                                                            If you have an old iPod lying around, why on earth should you not be able to read Wikipedia on it? Absolutely no valid technical reason to deny access. Zilch. None. Nada.

                                                                                                                            There’s no reason it shouldn’t be possible to read Wikipedia over straight HTTP, for that matter.

                                                                                                                            1. 9

                                                                                                                              I know next to nothing about security so correct me if I’m wrong, but doesn’t leaving old protocols enabled make users vulnerable to downgrade attacks?

                                                                                                                              1. 14

                                                                                                                                You’re applying bank-level security to something that’s public information and should be accessible to everyone without a licence or access control in the first place. I don’t even know what sort of comparison to make here best, because in my view requiring HTTPS in the first place here was a misguided decision that’s based on politics, corporate interests and fear, not on rational facts. Postel’s law is also a well-known course of action in telecommunication, even Google still follows it — www.google.com still works just fine over straight HTTP, as does Bing, no TLS mandated from those who don’t want it.

                                                                                                                                1. 5

                                                                                                                                  I agree with you, I’d like to be able to access Wikipedia with HTTP, but this is in my opinion a different issue from disabling old encryption protocols.

                                                                                                                                  Accessing Wikipedia with secure and up to date protocols might not be necessary to you but it might be for people who live under totalitarian regimes. One could argue that said regimes have better ways to snoop on their victims (DNS tracking, replacing all certificates with one they own…) but I still believe that if enforcing the use of recent TLS versions can save even a single life, this is a measure worth taking. It would be interesting to know if Wikipedia has data on how much it is used by people living in dictatorships and how much dropping old TLS versions would help these people.

                                                                                                                                  1. 4

                                                                                                                                    totalitarian regimes

                                                                                                                                    It’s funny you mention it, because this actually would not be a problem under a totalitarian regime with a masquerading proxy and a block return policy for the https port and/or their own certificates and a certificate authority. See https://www.xkcd.com/538/.

                                                                                                                                    Also, are you suggesting that Wikipedia is basically blocking my access for my own good, even though it’s highly disruptive to me, and goes against my own self-interests? Yet they tell me it is in my own interest that my access is blocked? Isn’t that exactly what a totalitarian regime would do? Do you not find any sort of an irony in this situation?

                                                                                                                                    1. 3

                                                                                                                                      “Isn’t that exactly what a totalitarian regime would do?”

                                                                                                                                      I think you may have overstated your case here.

                                                                                                                                      1. 2

                                                                                                                                        this actually would not be a problem under a totalitarian regime with a masquerading proxy and a block return policy for the https port and/or their own certificates and a certificate authority.

                                                                                                                                        Yes, this is what I meant when I wrote “One could argue that said regimes have better ways to snoop on their victims”.

                                                                                                                                        Also, are you suggesting that Wikipedia is basically blocking my access for my own good

                                                                                                                                        No, here’s what I’m suggesting: there are Wikipedia users who live in countries where they could be thrown in jail/executed because of pages they read on Wikipedia. These users are not necessarily technical, do not know what a downgrade attack is and this could cost them their lives. Wikipedia admins feel they have a moral obligation to do everything they can to protect their lives, including preventing them from accessing Wikipedia if necessary. This is a price they are willing to pay even if it means making Wikipedia less convenient/impossible to use for other users.

                                                                                                                                  2. 1

                                                                                                                                    If they left http, yeah, sure. But I don’t think any attack that downgrades ssl encryption method exists, both parties always connect using the best they have. If there exists one, please let me know.

                                                                                                                                    There is no technical reason I’m aware of. Why does wikipedia do this? It’s not like I need strong encryption to begin with, I just want to read something on the internet.

                                                                                                                                    I still have usable, working smartphone with android Gingerbread, it’s the first smartphone I ever used. It’s still working flawlessly and I’m using it sometimes when I want to quickly find something when my current phone has no battery and I don’t want to turn on my computer.

                                                                                                                                    This move will for no reason kill my perfectly working smartphone.

                                                                                                                                    1. 9

                                                                                                                                      But I don’t think any attack that downgrades ssl encryption method exists,

                                                                                                                                      Downgrade attacks are possible with older versions of SSL e.g. https://www.ssl.com/article/deprecating-early-tls/

                                                                                                                                      It’s not like I need strong encryption to begin with, I just want to read something on the internet.

                                                                                                                                      Which exact page you’re looking at may be of interest, e.g. if you’re reading up on medical stuff.

                                                                                                                                      1. 1

                                                                                                                                        Which exact page you’re looking at may be of interest, e.g. if you’re reading up on medical stuff.

                                                                                                                                        Are you suggesting that we implement access control in public libraries, so that noone can browse or checkout any books without strict supervision, approvals and logging by some central authority? (Kinda like 1984?)

                                                                                                                                        Actually, are you suggesting that people do medical research and trust information from Wikipedia, literally edited by anonymous people on the internet?! HowDareYou.gif. Arguably, this is the most misguided security initiative in existence if thought of in this way; per my records, my original accounts on Wikipedia were created before they even had support for any TLS at all; which is not to say it’s not needed at all, just that it shouldn’t be a mandatory requirement, especially for read-only access.

                                                                                                                                        P.S. BTW, Jimmy_Wales just responded to my concerns — https://twitter.com/jimmy_wales/status/1211961181260394496.

                                                                                                                                        1. 10

                                                                                                                                          Are you suggesting that we implement access control in public libraries, so that noone can browse or checkout any books without strict supervision, approvals and logging by some central authority? (Kinda like 1984?)

                                                                                                                                          I’m saying that you may not wish other people to infer what medical conditions you may have based on your Wikipedia usage. So TLS as the default is desirable here, but whether it should be mandatory is another question.

                                                                                                                                          1. 2

                                                                                                                                            Are you suggesting that we implement access control in public libraries, so that noone can browse or checkout any books without strict supervision, approvals and logging by some central authority? (Kinda like 1984?)

                                                                                                                                            PSST, public libraries in the western world already do this to some extent. Some countries are more central than others thanks to the US PATRIOT Act.

                                                                                                                                            1. 1

                                                                                                                                              public libraries in the western world

                                                                                                                                              Not my experience at all; some private-university-run libraries do require ID for entry; but most city-, county- and state-run libraries still allow free entry without having to identify yourself in any way. This sometimes even extends to making study-room reservations (can often be made under any name) and anonymous computer use, too.

                                                                                                                                        2. 8

                                                                                                                                          I still have usable, working smartphone with android Gingerbread, it’s the first smartphone I ever used. It’s still working flawlessly and I’m using it sometimes when I want to quickly find something when my current phone has no battery and I don’t want to turn on my computer.

                                                                                                                                          This move will for no reason kill my perfectly working smartphone.

                                                                                                                                          It’s not working flawlessly, the old crypto protocols and algorithms it uses have been recalled like a Takata airbag, and you’re holding on because it hasn’t blown up in your face yet.

                                                                                                                                          1. 2

                                                                                                                                            This move will for no reason kill my perfectly working smartphone.

                                                                                                                                            (my emphasis)

                                                                                                                                            So you just use this phone to access Wikipedia, and use it for nothing else?

                                                                                                                                            If so, that’s unfortunate, but your ire should be directed to the smartphone OS vendor for not providing needed updates to encryption protocols.

                                                                                                                                            1. 2

                                                                                                                                              our ire should be directed to the smartphone OS vendor for not providing needed updates to encryption protocols

                                                                                                                                              I think it’s pretty clear that the user does not need encryption in this use-case, so, I don’t see any reason to complain to the OS vendor about encryption when you don’t want to be using any encryption in the first place. Like, seriously, what sort of arguments are these? Maybe it’s time to let go of the politics in tech, and provide technical solutions to technical problems?

                                                                                                                                              1. 1

                                                                                                                                                As per my comment, I do believe that the authentication provisions of TLS are applicable to Wikipedia.

                                                                                                                                                Besides, the absolute outrage if WP had not offered HTTPS would be way bigger than now.

                                                                                                                                        3. 15

                                                                                                                                          I find the connection to Postel’s law only weak here, but in any case: This is the worst argument you could make.

                                                                                                                                          It’s pretty much consensus among security professionals these days that Postel’s law is a really bad idea: https://tools.ietf.org/html/draft-iab-protocol-maintenance-04

                                                                                                                                          1. 3

                                                                                                                                            I don’t think what passes for “postel’s law” is what Postel meant, anyway.

                                                                                                                                            AFAICT, Postel wasn’t thinking about violations at all, he was thinking about border conditions etc. He was the RFC editor, he didn’t want anyone to ignore the RFCs, he wanted them to be simple and easy to read. So he wrote “where the maximum line length is 65” and meant 65. He omitted “plus CRLF” or “including CRLF” because too many dotted i’s makes the prose heavy, so you ought to be liberal in what you accept and conservative in what you generate. But when he wrote 65, he didn’t intend the readers to inter “accept lines as long as RAM will allow”.

                                                                                                                                            https://rant.gulbrandsen.priv.no/postel-principle is the same argument, perhaps better put.

                                                                                                                                            IMO this is another case of someone wise saying something wise, being misunderstood, and the misunderstanding being a great deal less wise.

                                                                                                                                            1. 2

                                                                                                                                              I can’t really understand advocating laws around protocols except for “the protocol is the law”. Maybe you had to be there at the time.

                                                                                                                                            2. 6

                                                                                                                                              As I understand it, they’re protecting one set of users from a class of attack by disabling support for some crypto methods. That seems very far from “absolutely no technical reason”.

                                                                                                                                              As for HTTP, if that were available, countries like Turkey would be able to block Wikipedia on a per-particle basis, and/or surveil its citizens on a per-article basis. With HTTPS-only, such countries have to open/close Wikipedia in toto, and cannot surveil page-level details. Is that “no reason”?

                                                                                                                                              1. 1

                                                                                                                                                As for HTTP, if that were available, countries like Turkey would be able to block Wikipedia on a per-particle basis, and/or surveil its citizens on a per-article basis. With HTTPS-only, such countries have to open/close Wikipedia in toto, and cannot surveil page-level details. Is that “no reason”?

                                                                                                                                                I don’t understand why people think this is an acceptable argument for blocking HTTP. It reminds me of that jealous spouse scenario where someone promises to inflict harm, either to themselves or to their partner, should the partner decide to leave the relationship. “I’ll do harm if you censor me!”

                                                                                                                                                So, Turkey wants to block Wikipedia on a per-article business? That’s their decision, and they’ll go about it one way or another, I’m sure the politicians they don’t particularly care about the tech involved anyways (and again, it’s trivial for any determined entity to block port 443, and do a masquerade proxy on port 80, and if this is done on all internet connections within the country, it’ll work rather flawlessly, and noone would know any better). So, it’s basically hardly a deterrent for Turkey anyways. Why are you waging your regime-change wars on my behalf?

                                                                                                                                                1. 1

                                                                                                                                                  Well, Wikipedia is a political project, in much the same way that Stack Overflow is. The people who write have opinions on whether their writings should be available to people who want to read.

                                                                                                                                                  You may not care particularly whether all of or just some of the information on either Wikipedia or SO are available to all Turks, but the people who wrote that care more, of course. They wouldn’t spend time writing if they didn’t care, right? To these people, wanting to suppress information about the Turkish genocide of 1915 is an affront.

                                                                                                                                                  So moving to HTTPS makes sense to them. That way, the Turkish government has to choose between

                                                                                                                                                  • allowing Turks to read about the genocide
                                                                                                                                                  • not allowing Turks any use of Wikipedia

                                                                                                                                                  The Wikipedians are betting that the second option is unpopular with the Turks.

                                                                                                                                                  It’s inconvenient for old ipad users, but if you ask the people who spend time writing, I’m sure they’ll say that being able to read about your country’s genocide at all is vastly more important than being able to read using old ipads.

                                                                                                                                              2. 4

                                                                                                                                                I can think of several reasons:

                                                                                                                                                • not letting people know what you are reading
                                                                                                                                                • not letting people censor some articles
                                                                                                                                                • not letting people modify some articles (for example putting an incorrect download link for a popular software without being detected)
                                                                                                                                                • making an habit that everything should be HTTPS (for example for people to not be fooled by phishing sites with the lockpad in the URL bar)
                                                                                                                                                1. 2

                                                                                                                                                  So what’s to stop a totalitarian regime from doing the following?

                                                                                                                                                  • Redirect all DNS queries to their own DNS servers? The root DNS servers use fixed IP addresses, so it would be easy enough to reroute those addresses to return any address they want.
                                                                                                                                                  • Redirect all DoH to 1.1.1.1 (or other well known DoH addresses) to again, their own server? Is the CloudFlare public key installed on all browsers? How would you know you are hitting CloudFlare, and not TotallyCloudFlare served by TotallyLegitCA?
                                                                                                                                                  • Given control over DNS, redirect users to TotallyWikipedia? Again, do you know what CA Wikipedia uses? They can then decode (doesn’t matter if it’s SSL/1.0 or TLS/1.3) the request and proxy it or send out security to question the loyalty of the citizen. Or you know, download the entirety of Wikipedia (which anyone can do), and serve up a cleaned up version to their citizens.
                                                                                                                                                  1. 1

                                                                                                                                                    The difficulty is to setup/enrole TotallyLegitCA. How do you do that? If TotallyLegitCA is public, the transparency log will quickly reveal what they are doing. The only way to pull that seems to force people to have your CA installed, like Kazakhstan is doing.

                                                                                                                                                    1. 2

                                                                                                                                                      We’re talking about a totalitarian regime (or you know, your standard corporation who install their own CA in the browser).

                                                                                                                                                2. 3

                                                                                                                                                  That’s actually incorrect. There are various technical reasons. But also remember that they need to operate on a vast scale as a non-profit. This is hard.

                                                                                                                                                  Here are some technical reasons. I’m sure others will chime in as there are likely many more.

                                                                                                                                                  • some attacks on TLSv1.0 can compromise key material which is used for the newer, secure versions of TLS
                                                                                                                                                  • attacks only get better
                                                                                                                                                  • removing old code reduces complexity
                                                                                                                                                  1. 0

                                                                                                                                                    providing a read-only version without login over HTTP shouldn’t really add any new code except they’d be on a HTTP-2-only webserver if I’m not mistaken.

                                                                                                                                                  2. 2

                                                                                                                                                    There are arguments for an inverse-postel’s law given in https://m.youtube.com/watch?v=_mE_JmwFi1Y

                                                                                                                                                    1. 0

                                                                                                                                                      But I hear all the time that I must ensure my personal site uses HTTPS and that soon browsers will refuse to connect to “insecure” sites. Isn’t this a good thing Wikipedia is doing? /s

                                                                                                                                                      Edit also see this discussion: https://lobste.rs/s/xltmol/this_page_is_designed_last#c_keojc6

                                                                                                                                                      1. 7

                                                                                                                                                        I have HTTPS on my completely static website mostly so that no one asks why I don’t have HTTPS, but on the other hand, the “completely static” part is only relevant as long as there are only Eves in the middle and no Mallories.

                                                                                                                                                        If serving everything over HTTPS will make the life of ISPs injecting ads and similar entities harder, it’s a good thing, until there’s a legal rather than technical solution to that.

                                                                                                                                                        1. 2

                                                                                                                                                          I actually think that HTTPS is reasonable for Wikipedia, if for nothing else to hinder 3rd parties for capture your embarrassing edits to “MLP: FIM erotica” and tracing it to back to you. For a static, read-only site it just adds cost and/or a potential point of failure.

                                                                                                                                                          1. 1

                                                                                                                                                            For a static, read-only site it just adds cost and/or a potential point of failure.

                                                                                                                                                            dmbaturin just said what the value add is. HTTPS prevents third parties from modifying the content of your static site.

                                                                                                                                                    1. 6

                                                                                                                                                      Swift nailed it with contextual enums.

                                                                                                                                                      fetch(url, FetchOptions::History)fetch(url, .History)

                                                                                                                                                      1. 1

                                                                                                                                                        Do you have a link? I couldn’t find what I needed in the Swift enumerations docs, or by googling “contextual enums”.

                                                                                                                                                        1. 4

                                                                                                                                                          The best source I could find after a little searching is this Swift Evolution proposal that became part of the language in Swift 3. It’s specifically about requiring periods before the names of enum cases, but it alludes to the fact that you can often use case names without needing to include the type name:

                                                                                                                                                          Swift infers the enclosing type for a case on a developer’s behalf when the use is unambiguously of a single enumeration type. Inference enables you to craft switch statements like this:

                                                                                                                                                          switch Coin() {
                                                                                                                                                          case .heads: print("Heads")
                                                                                                                                                          case .tails: print("Tails")
                                                                                                                                                          }
                                                                                                                                                          
                                                                                                                                                          1. 3

                                                                                                                                                            In Swift docs it’s introduced as a “shorter dot syntax”: https://docs.swift.org/swift-book/LanguageGuide/Enumerations.html

                                                                                                                                                        1. 2

                                                                                                                                                          I won’t argue that booleans are better than enums. However, the reason we keep gravitating to booleans is that they are lightweight, even though they end up costing more later. Btw: that cost isn’t just to the author, it’s to everyone else who has to remember which enum we’re using, where it’s defined, etc. If it’s a sufficient pervasive enum, that’s ok, but there’s a gap where the enum doesn’t represent a concept with a clearly defined home.

                                                                                                                                                          In some cases, you almost want to define the enum inline. Here’s a hypothetical syntax. It’s probably not actually good, but I want that level of simplicity.

                                                                                                                                                          function fetch(int accountId, ::IncludeDisabled, ::History, {::Shallow, ::Full, ::IncludeRelations}) {
                                                                                                                                                          }
                                                                                                                                                          
                                                                                                                                                          // includes details, doesn't include history or disabled accounts
                                                                                                                                                          fetch(0)
                                                                                                                                                          
                                                                                                                                                          // includes historical records, excludes disabled accounts, only ids/links
                                                                                                                                                          fetch(0, ::History, ::Shallow)
                                                                                                                                                          // ditto, but includes normal data
                                                                                                                                                          fetch(0, ::Full)
                                                                                                                                                          // ditto, but includes some kind of related data
                                                                                                                                                          fetch(0, ::IncludeRelations)
                                                                                                                                                          
                                                                                                                                                          1. 2

                                                                                                                                                            ‘Inline enums’ are a great idea :) Their generalisation - anonymous sum types - is often called a ‘variant’ if you’re interested in reading up about it.

                                                                                                                                                          1. 3

                                                                                                                                                            This comment might sound very critical, but that’s not my point. I agree with the author that load testing is very hard and if you’re going to do it wrong, you might as well not do it at all. This comment is meant to further illustrate how many nuances there are that need to be considered.

                                                                                                                                                            Some other things that are hard and not explicitly mentioned in the article:

                                                                                                                                                            • actually generating load the way you think you do;
                                                                                                                                                            • reporting something more informative than just a mean value, or a percentile, or something equally over-simplified; and
                                                                                                                                                            • gathering enough samples to back up your data.

                                                                                                                                                            This has been my pet peeve the last few months and I’m planning on expanding it into an article but haven’t gotten that far yet.

                                                                                                                                                            You don’t have continuous load, i.e. your traffic is bursty […]

                                                                                                                                                            Essentially all open systems have bursty traffic. Some would argue Pareto distributed, others lognormal, but the point is that when your requests come from independent clients, they will sometimes bunch up and arrive really close to each other by chance. (Note that lognormal is more bursty than nice, simple Poisson arrivals. This could vary from system to system though.)

                                                                                                                                                            I.e. this point, which is presented almost as a rare occurrence, is probably the common case for many people.

                                                                                                                                                            If you don’t have good metrics, you won’t be able to prove that the LT workload is similar to prod and interpreting LT results will be an uphill battle.

                                                                                                                                                            I agree with this in spirit, but in practise I’ve found the uphill battle to be interpreting results when the load generation tries to mimick production traffic. It is, in a sense, easier to interpret what happens at sustained loads because that gives a hint about in what ways the system will need to recover after peaks in traffic.

                                                                                                                                                            The way systems tend to react to high loads is by building up some sort of computational debt, be it by buffering/queueing, memory allocations, algorithms with good amortized performance but awful worst cases, and so on. The system does a bunch of things cheaply and then normally has time to recover and repay this debt, but under sustained high loads further requests will be stalled while the computational debt is repaid. This is also the way you get large performance variance in production when the system becomes loaded, but it’s much, much easier to spot with sustained high loads.

                                                                                                                                                            It’s also worth mentioning that local metrics are a good diagnostic tool, but they are often deceptive when it comes to system performance, because of interdependent operations, queuing effects, and whatnot. The author touches on this in the next section, though.

                                                                                                                                                            What does it mean for your LT to pass?

                                                                                                                                                            I don’t agree load tests have to have go/no-go requirements. It might be even more useful to do them to keep an eye on how the performance of your system changes over time. If your system performs predictably at given loads, you know a lot about what will happen in prod.

                                                                                                                                                            You might be trying for a fail, i.e. instead of saying yes/no can I handle traffic T, trying to solve for the T at which your system falls over.

                                                                                                                                                            You might, but this is rarely a useful metric. So what if the system falls over at 3751 load? a) you’ll never operate anywhere near that in production, because that’s where even a tiny hiccup will break everything, and b) the specific number depends on so many other things it might just as well be 3524 had you measured a day earlier or later.

                                                                                                                                                            Knowing that the LT system is in a bad state is more art than science

                                                                                                                                                            This is very true, and a good reason to keep an XmR control chart over the results. Significant deviations should be explainable, or they are likely a bad load test.

                                                                                                                                                            1. 1

                                                                                                                                                              I do think there’s a difference between types of bursty traffic. In my particular corner of the enterprise world, our traffic comes from customers that we have a contractual relationship with, executing business processes that don’t double overnight. Of course, traffic is bursty at a micro-level, but I don’t need to think about “can I handle 5x as many users without provisioning a new database?”

                                                                                                                                                              That’s in contrast to a lot of areas where going viral could, in principle, lead to traffic increasing by an order of magnitude from one day to the next.

                                                                                                                                                              1. 1

                                                                                                                                                                Here’s some examples of what you’re describing / examples of applications that can expect to see bursts far outside normal traffic patterns:

                                                                                                                                                                • e commerce site on black Friday
                                                                                                                                                                • MMO login server on the day a new patch drops which adds rideable ponies
                                                                                                                                                                • survey website which gets iframed on the front page of a national newspaper’s website

                                                                                                                                                                Any of the above would be far outside the 99% confidence interval for arrivals drawn from a Poisson distribution at those applications’ normal day to day traffic levels.

                                                                                                                                                                1. 1

                                                                                                                                                                  Yes, what you are describing does not sound to me like a completely open system. I don’t know if closed is the right word either, so semi-open? I think Poisson arrivals could be a meaningful model there – same as the classical phone line subscribers.

                                                                                                                                                              1. 12

                                                                                                                                                                Worth mentioning that Linode has had a history of severe security incidents, including two that gave attackers access to customer VPSs. I have not seen a detailed comparison that shows no other providers have had similar incidents, but I haven’t heard similar things about any of them.

                                                                                                                                                                1. 4

                                                                                                                                                                  I think one of those was a Xen vulnerability that affected some of the AWS data centers as well.

                                                                                                                                                                1. 8

                                                                                                                                                                  So you think you have a power law - well isn’t that special and the papers linked therein is still one of the things I’m glad I found early in my career. It provides some ways to avoid the mistakes described in the OP.

                                                                                                                                                                  1. 4

                                                                                                                                                                    To me, this is the key line in that paper:

                                                                                                                                                                    Ask yourself whether you really care. Maybe you don’t. A lot of the time, we think, all that’s genuine important is that the tail is heavy, and it doesn’t really matter whether it decays linearly in the log of the variable (power law) or quadratically (log-normal) or something else

                                                                                                                                                                    1. 3

                                                                                                                                                                      That seems irrelevant at a glance, because it’s mainly about physics where there are natural limits to things. I thought power laws where much more characteristic of processes without natural limits, like file sizes, money owned, etc. I will still dig deeper into the papers linked there, because it’s highly relevant to me, I just want to hear your thoughts on the above.

                                                                                                                                                                      In part, OP seems to confirm my hypothesis: Twitter follows a power law, and Facebook only nearly does. But apparently Facebook also has a maximum connectedness of 5000! A truncated power law is obviously not a strict power law.

                                                                                                                                                                      1. 1

                                                                                                                                                                        All of the stuff about statistical and analysis technique is completely relevant, and using poor technique is how we ended up with the situation the OP describes.

                                                                                                                                                                        1. 1

                                                                                                                                                                          Page 22 of their paper describes the data sets they consider. Eyeballing it, about half are from the social sciences.

                                                                                                                                                                          1. 1

                                                                                                                                                                            Yes! I have started reading the paper now and it’s almost exactly what I’ve been looking for in this area!

                                                                                                                                                                        2. 2

                                                                                                                                                                          For other readers: the linked blog post in SteveH’s comment is by one of the authors of the paper and highlights several key takeaways. Recommended!