1. 2

    I really want to run Fedora but 25 years of dpkg & apt are hard to get over. Maybe I’ll try it again when I next get a new laptop. But I’m just so comfortable on Debian…

    1. 2

      I just switched this year, after a few years of debian. It’s probably not the same experience, but for basic things, dnf is practically equivalent to apt. My personal intuition is that it might not be worth it, unless you’re also interested in GNOME (strictly speaking, the Fedora spins aren’t real Fedora releases, and usually aren’t as polished).

      1. 3

        the Fedora spins aren’t real Fedora releases, and usually aren’t as polished

        I concur with this sentiment. I’m pretty steeped in the Red Hat universe for some time, so I really like Fedora on the systems I have to touch most. As an experiment, I tried the KDE spin for a year. It was OK, but had lots of paper cuts that the standard workstation edition just doesn’t have. They’re generally very minor, like needing to use the command line for firmware updates instead of getting alerted to them by the system tooling. Since I was mostly in KDE for kwin-tiling and a few other things that are much less integrated than that, I switched back to the standard workstation edition once Pop Shell shipped and got easy to integrate with the standard Fedora GNOME installation.

        1.  

          I like Debian and I’ll run it on servers but for desktop use, I want things to Just Work out of the box. My experience with Debian on the desktop is that you have to know all the packages you need in order to get the same out-of-the-box experience as Ubuntu or Fedora. At least, that’s what it was like when I tried Debian with XFCE.

          You might also be interested in PopOS and Linux Mint, both of which are based on Ubuntu but strip out most of the annoyances like snapd.

          1. 2

            My personal intuition is that it might not be worth it, unless you’re also interested in GNOME

            To me, the most interesting subproject of Fedora, even though it may not be ready for wide use yet, is Silverblue. Having an immutable base system with atomic upgrades/rollbacks is really nice. This really sets it apart from other Linux distributions (outside NixOS/Guix). Sure, Ubuntu is trying to offer something similar by doing ZFS snapshots on APT operations, but that looks like another hack piled upon other hacks, rather than a proper re-engineering.

            1. 2

              Then again, I haven’t head good things about trying to use Silverblue with XFCE or other WMs.

          2.  

            I’d like to add that rpm command is similar to dpkg

            for example: dpkg -l > rpm -qa

            1. 1

              A couple years ago I went through a distro jumping phase. Fedora worked fine but I didn’t find any particular advantages of running it over - say - running Ubuntu. The one thing setting it apart from other distros was Wayland as default.

              I ended up on Manjaro, and it’s been a breath of fresh air: most software is a click away (thanks AUR!), things just work out of the box and in general their configuration of Plasma and Gnome feel snappier than Fedora and Ubuntu.

              1. 2

                The one thing setting it apart from other distros was Wayland as default.

                The one thing setting Fedora apart from other distros is often getting bleeding edge stuff as default. Most of the times it works out super.

                1. 2

                  You are not wrong. What I meant was on the ‘experience’ front. Most of the time - if I’m lucky and the hardware obliges - I don’t bother remembering what version of the kernel, Mesa, etc. I am using, so being on the bleeding edge doesn’t introduce a lot of advantages.

                  BTW, the last time I tried Fedora was when Intel introduced their Iris driver and I wanted to see if it’d improve the sluggish performance I was experiencing on Gnome.

            1. 3

              but without the security mess

              The security mess is just offloaded to some proprietary dongle.

              It isn’t gone.

              1. 4

                I wonder how vulnerable the usb stack is once you’ve escalated privileges on the dongle over bluetooth…

                1. 4

                  USB (before USB4) has the mitigating feature that all transfers are host initiated: A device can DoS the bus by sending when it’s not supposed to (usually limited because there are tons of USB buses in a device, often one per port), but it can’t send data to the host or other devices when it’s not supposed to. Even when the device is allowed to send, it’s on the host to decide how much data it receives and where in memory it stores it.

                  So even if the bluetooth dongle is taken over, it needs to play by USB’s rules to communicate with the rest of the device.

                  1. 6

                    But it might fake-disconnect, reconnect, pretend to be a keyboard.

                2. 2

                  Yep. He probably meant that he did not have to cope with all the configuration settings of Bluetooth on a UNIX system. Its really hit and miss on FreeBSD and even if you will be able to configure Bluetooth on FreeBSD for your device - the suspend/resume will be broken until you disable Bluetooth in the BIOS :D

                1. 2

                  Do the other mainstream BSDs already have gettimeofday without a context switch? I assumed everyone already did this years ago.

                  1. 5

                    OpenBSD is pretty defensive with optimizations, because i they typically lead to complexity, which results in bugs, which cause security issues. I think one of the main drivers here were things like browser performance becoming unbearably bad.

                    1. 3

                      Makes sense. Also since gettimeofday is ~free on Linux it’s going to be used freely in Unix software and platforms where it’s expensive will suffer. Kind of like how stat is extremely cheap on Unixes and then when you try and run Unix software on Windows everything sucks badly.

                  1. 2

                    Neat! I’ve learned some verilog and have been playing with nmigen but it was interesting to see chisel.

                    1. 2

                      Thank you. nMigen has very similar objectives. I wonder how dynamic vs static type system trade offs work for these new HDLs.

                    1. 14

                      That’s the complaint I had too in ~2013. The then chair of the w3c webappsec working group convinced me (and my collaborators) to create and specify Subresource Integrity. The lesson is, never complain about stuff :P

                      On a more serious note, maybe we ought to reconsider CDNs and SRI now that browsers are all going to stop sharing caches and double key every cache entry by its first party origin.

                      Firefox has a pref, “first party isolation”, that you can experiment with.

                      1. 3

                        I wonder what the perf hit here is. Has Mozilla collected any metrics? With http2 the cost of establishing additional connections to the origin are gone but bytes still take time.

                        I guess with SRI you need to wait until all the bytes are down to start processing but without (eg: same origin) parsing and evaluation can happen in parallel…

                        1. 2

                          Can’t speak from an implementors perspective here. I’m not involved on these specific bits, but I believe some things privacy & security are worth it, as long as the cost isn’t totally off the scale.

                        2. 2

                          now that browsers are all going to stop sharing cache

                          This would also make adding dependencies no longer zero cost, because you can’t expect e.g. jquery to be cached?

                        1. 17

                          Rust has some nice quality-of-life improvements that make up for the toil of memory management. Even when I don’t strictly need a systems programming language, I still use Rust, because I like sum types, pattern matching, foolproof resource cleanup, and everything-is-an-expression so much.

                          So for glue code in GUI apps or CRUD webapps I’d love some Rustified TypeScript, Rustscript on the Golang runtime, or a Rust/Swift hybrid.

                          1. 10

                            Pretty much all of the ‘quality-of-life improvements’ you mention came to rust by way of ocaml, and are also present in other functional languages like haskell and scala. For webapps, try purescript or possibly elm.

                            1. 5

                              ocaml won’t be a “higher level rust” until multicore ocaml has matured.

                              1. 3

                                To any other readers: I wouldn’t ignore the language based solely on this, especially since multicore parallelism wasn’t one of the criteria in the top comment. Lwt and async give you concurrency if you want it.

                              2. 5

                                Pedantic nitpicking: resource cleanup (RAII) is a big one, and it‘s from C++. Everything else is indeed from ML.

                                1. 4

                                  And traits are from haskell, and single ownership is from cyclone.

                                  But a large part of rust was directly inspired by ocaml.

                                  1. 5

                                    I was specifically referring to the list in the top comment. For fuller list, I would consult the reference.

                                    Cyclone doesn’t have single ownership/affine types. It has first-class support for arena-based memory management, which is a weaker form of rust‘s lifetimes, and is a different feature.

                                    See http://venge.net/graydon/talks/rust-2012.pdf for list of influences for both ownership and borrowing parts.

                                      1. 2

                                        I stand corrected, thanks a lot!

                                2. 1

                                  Or reasonml since it is a front end for ocaml. Or bucklescript since it is ocaml that targets Javascript.

                                  Disclaimer: never used them myself.

                                3. 3

                                  Rustified TypeScript

                                  I write a lot of TypeScript but have only written a few hundred lines of Rust. I’m curious, which features of Rust do you miss when using TypeScript? The obvious one is traits, but I’m curious if there’s anything else.

                                  1. 5

                                    Not the person you replied to, but true sum types, especially Option. It’s much cleaner than undefined, even with all of the nice chaining operators. And not having to worry about exceptions thanks to Result.

                                    1. 3

                                      Ah, I see your point. TypeScript discriminated unions are used frequently to overcome this limitation, but I agree it would be preferable to have proper sum types with pattern-matching.

                                      type Square {
                                          type: "square";
                                          width: number;
                                          height: number;
                                      }
                                      
                                      type Circle {
                                          type: "circle";
                                          radius: number;
                                      }
                                      
                                      type Shape = Square | Circle;
                                      
                                      1. 2

                                        Oh god I miss TypeScript’s sum types so much when I’m writing Rust. When I context switch back to Rust after writing some TypeScript I with I could do

                                        type Foo = Bar | Baz;
                                        

                                        Eventually I get over it but I find TypeScript so much nicer for describing the types of my programs.

                                        1. 3

                                          Oh yes. I wish TypeScript had more Rust, but I also wish Rust had row-level polymorphism.

                                          1. 2

                                            Maybe someday https://github.com/tc39/proposal-pattern-matching will happen. That will be a great day.

                                          2. 1

                                            same here, but on the other hand, those cool union types without pattern matching makes the call site uglier, and almost removes the nicety of the union type declaration

                                            1. 1

                                              Yes, you can relax a function that returns Foo | undefined to return Foo only, but in most “maybe” systems you can’t return a naked Foo without the Maybe<Foo> box

                                        2. 1

                                          In that Rust/Swift hybrid, what parts of Rust would you want added to Swift to make the hybrid? I read this article thinking Swift wouldn’t be a bad start.

                                          1. 6

                                            In Swift I miss “everything is an expression”. I have mixed feelings about Swift’s special-casing of nullability and exceptions. Terser syntax is nice, but OTOH it’s more magical and less flexible/generalizable than Rust’s enums. Swift inherited from ObjC multiple different ways of handling errors (boolean, **NSError, exceptions) — that’d be an obvious candidate for unification if it could start from scratch.

                                            And if it was a “smaller Swift”, then I’d prefer a mark-and-sweep GC. With memory management Swift is neither here nor there: you need to be careful about reference cycles and understand lifetimes for bridging with FFI, but it doesn’t have a borrow checker to help.

                                        1. 3

                                          I’ve never worked out how to get tmux to play nicely with terminal scrollback so I end up avoiding running it when I don’t need it. I’ve started using dtach for the keep-running-when-ssh-goes-down features paired with some trickery to automatically connect the right terminal tabs to the right dtach sessions and that works quite nicely thank you very much.

                                          1. 1

                                            The tmux team decided that this was a feature and intentionally broke the work-arounds in recent releases. I switched to abduco in most cases as a result.

                                          1. 2

                                            Oh wow I haven’t used CTWM since the mid 90s.

                                            1. 7

                                              While I hate using XML for config files or other human readable documents, I’ve been a big fan of using XML as an RPC serialization format (or as a way to interact with REST APIs). It’s easy to construct through string concatenation, it’s fairly easy to whip up a quick parser, and there’s tons of high quality, fast implementations out there. Along with schematization it makes it fast and easy to send/verify XML payloads.

                                              1. 9

                                                I hate XML plenty but I keep finding myself and people I work with reinventing basic features of XML like comments or namespaces or query languages on top of our JSON configuration files. Or people try to use TOML or YAML which become harder to understand or reason about as the complexity increases.

                                                I don’t have an answer. It’s just an observation. We threw out the baby with the bathwater.

                                                1. 5

                                                  Along with schematization it makes it fast and easy to send/verify XML payloads.

                                                  This is the big win for me. You can pass a set on XML schemas to any business partner and they can quickly and generically validate the message on any platform. And with facets and comments, the meaning and properties of the message can be conveyed implicitly and in great detail.

                                                  1. 2

                                                    I really have trouble understanding this. Why use XML for serialization, especially in RPC or anything going over the network? It’s ludicrously inefficient for that (json is, too, but slightly less so). Just do yourself a favor and pick msgpack/cbor/bencode/protobuf/… or anything really that doesn’t require complicated escaping of the payload. If you want something easy to parse, bencode is much easier than XML anyway.

                                                    1. 4

                                                      In terms of verbosity, transport encoding (gzip or whatever) probably gets rid of most of the difference. The great thing about XML is that a lot has been invested in efficient implementations of encoders and decoders. Theoretically others could be more performant but are they? And there’s a proliferation of different XML codec implementations - do you want a DOM interface or streaming or something that maps to native objects? Being old and popular has a lot of upsides.

                                                      1. 3

                                                        XML is useful in this case when both of the following are true:

                                                        • The sender and receiver are different organizations
                                                        • The payload is more like a document than a serialized data structure

                                                        In these cases, an XML schema of one sort or another is very useful for keeping both sides “honest.” The encodings you mention are not typically all that extensible, so you wind up versioning your data structures. You do more work up-front with the XML to save yourself some pain as the years drag on. The pain isn’t worth it if your data structures are small and simple. But sometimes you have one or many external parties that want to do data interchange with you, and defining a common schema in XML gives you a lingua franca that is both richer and harder to screw up than IDL-like binary encodings or ad-hoc JSON or its binary analogs.

                                                        It may seem like this never happens, but it may be that there is a document-like object being served out piecemeal by a family of nested REST APIs. If the REST calls are almost always performed in a certain order (get the main thing, get the pieces of the thing, get the pieces of the pieces…) then efficiency might be improved by just doing one call to get the complex thing. You might be able to improve the robustness of the handling on both sides by using XML in cases like that because it’s just easier to extend it without changing the shape in a way that will break the existing parsers.

                                                        All this said, if I had my druthers, I’d still probably use XML for a new system once or twice a year, versus using REST+JSON on a weekly basis.

                                                        1. 1

                                                          That’s a good point, thanks. XML makes a lot of sense for content that is more document-like. Someone on IRC mentioned DocBook as an example where XML is adequate.

                                                        2. 2

                                                          For REST API’s, I would just use JSON. Sure, the format itself is inefficient, but if you’re using the REST API from inside a web browser (and if you expect other people to use this API, then you ought to be using it yourself) it’s hard to beat the efficiency of having a JSON codec already included.

                                                          You might be able to design your server to use HTTP content negotiation to simultaneously support JSON and Msgpack. Their data models are pretty similar.

                                                          1. 1

                                                            It’s ludicrously inefficient for that (json is, too, but slightly less so). Just do yourself a favor and pick msgpack/cbor/bencode/protobuf/

                                                            Have you done any measurements to come to this conclusion? Especially compared to using EXI envelopes. SOAP is standardized and widespread, so you’d need a very good reason to use anything else.

                                                            When you get into fields like HPC, where RPC performance actually matters, you don’t actually use any of these formats.

                                                            1. 1

                                                              Indeed not, I didn’t know about EXI. Is that… a binary encoding for XML?! It seems less inefficient indeed. But also note how a lot of “modern” RPC is done via thrift, gRPC, finagle, etc. all of which rely on underlying binary encodings to be efficient. And even then they try to optimize for variable length integers and 0-copy decoding.

                                                              I can’t even articulate my point properly. In big companies using SOAP, I’m sure there’s tons of good tooling around XML. But if you’re not already using it, it seems to have very little appeal for RPC compared to, say, thrift. Thrift will be faster, smaller on the wire, and also comes with a schema.

                                                        1. 4

                                                          I know that individual tweets aren’t really worthy of submission, but this is a long Twitter thread with pictures and references, so I’d consider it more like a staccato blog post. :)

                                                          1. 4

                                                            Example of a funny tweet further down:

                                                            Interestingly the Logitech Harmony Remote Software it uses seems to be java + embedded firefox [sic]. Seems kinda like they invented Electron, but in 2009.

                                                            1. 3

                                                              XULRunner was a thing - applications like Songbird used it. Unfortunately, Mozilla never really took advantage of embedding, allowing CEF to run away with the ball.

                                                              1. 3

                                                                I worked on Songbird. Mozilla was fairly hostile to non-Firefox software of all sorts. They gaslighted us about their commitment to XULRunner.

                                                            2. 2

                                                              Isn’t there like a thread reader web app or two or three for exactly this purpose?

                                                              1. 2

                                                                And linking to the threads themselves actually works nicely on the first of those three…

                                                                I’m leaving these here because I don’t see a way other than commenting to suggest that the link be changed. Changing the main link to the first of these might make it easier to read for those who don’t click through to the comments first, while still preserving all attribution of the original thread.

                                                            1. 12

                                                              I find the whole Zig / Zen thing super annoying. Zig is MIT licensed meaning closed source forks entirely part of the social contract. There was an apparently a disruptive community member who was banned and that former community member started a fork.

                                                              THIS IS HOW IT’S SUPPOSED TO WORK!

                                                              If you want derivative works to be open source then you can chose a license that requires that. If you don’t want any derivative works at all then you can make your project source available with a license that restricts forks, but that’s not open source definitely not free software.

                                                              I wish Andrew would celebrate the fact that his creation is successful enough to inspire forks rather than obsess about them.

                                                              1. 26

                                                                Reading the statement implies that there is no problem with Zen being closed-source code. Seems the foundation Is concerned with false statements used to advocate Zen. Maybe I’m missing more context.

                                                                1. 3

                                                                  This is exactly how I read it. They address the fork from their side.

                                                                2. 23

                                                                  https://news.ycombinator.com/item?id=24483162

                                                                  As a Japanese-speaking software engineer

                                                                  Many of my friends didn’t actually know until this statement was made that Zen is a fork of Zig

                                                                  And there you have it. Did you want me to celebrate the fact that people were being tricked?

                                                                  Also check out the license section of Zig’s readme. The law is a blunt weapon and not always the most appropriate tool for the job.

                                                                  1. 19

                                                                    I think the point being made is more that these kind of issues are largely solved by the GPL, which I wholeheartedly agree with - not to say that you deserve the trickery and abuse that’s going on here, which you clearly don’t.

                                                                    However, GPL having fallen by the wayside in recent years for new projects does make things like this kind of inevitable for those projects that use permissive licenses.

                                                                    1. 13

                                                                      GPL being suppressed coincided with the adoption (usurption) of Open Source by corporations. Greed leads to FUD.

                                                                    2. 4

                                                                      The law is a blunt weapon and not always the most appropriate tool for the job.

                                                                      What a great way to put it. I need to save this quote somewhere.

                                                                      It’s also a weapon that seems extremely difficult to wield. As a regular person open source developer, how would you even start an international lawsuit against a license violator?! How much are all the fees? How do these even work? What if the countries are not friendly? What would you even achieve with the lawsuit other than lots of stress for everyone involved?

                                                                      I know there are non-commercial foundations that help with copyleft enforcement, but they probably aren’t going to help every small project ever.

                                                                      1. 3

                                                                        The law is a blunt weapon and not always the most appropriate tool for the job.

                                                                        It is, but it’s also worth highlighting that there’s a big discrepancy between what we expect open source to be, and what the Open Source licenses actually require.

                                                                        1. 4

                                                                          That’s why I’ve stopped contributing to open source.

                                                                        2. 3

                                                                          This may be off topic, but I feel like it’s the only appropriate thing to add to this conversation: Thanks for your work on Zig, it’s super neat!

                                                                          1. 4

                                                                            If you think it’s important for users of your code to know your name and/or the name you chose for the software you should choose a license that embodies that value. The original BSD license is a popular example. The BSD copyright owners chose to change the license to remove that requirement and now people who fork their code don’t mention them at all. Many macOS users have no idea that much of the system they’re using is derived from BSD Unix. Maybe that’s good, maybe that’s bad, but it’s the intended behavior.

                                                                            1. 8

                                                                              If you think it’s important for users of your code to know your name and/or the name you chose for the software you should choose a license that embodies that value.

                                                                              Not at all. This presupposes that you’re comfortable using the legal system to enforce what you think is important. I can think it’s important not to plagiarize work (for example) while simultaneously putting my code into the public domain, which legally allows plagiarism simply because I don’t think the legal system is the right way to solve those kinds of problems. Laws != Ethics.

                                                                              1. 4

                                                                                Yeah, but you can’t enforce ethics.

                                                                                So when someone comes across a project that is licensed like this, and (rightfully) essentially does whatever they want with it, They have the legal high ground.

                                                                                So the best you can do at that point is public shame them. It just sounds like people want their cake and eat it too. You wanna use a permissive license to get that sweet wide adoption? Great, but accept the risks, or start with copyleft.

                                                                                1. 13

                                                                                  So the best you can do at that point is public shame them

                                                                                  bruh

                                                                                  1. 6

                                                                                    I feel like you read my comment, ignored it, and just decided to say, “use laws or STFU and stop complaining.” That’s a lame response.

                                                                                    So the best you can do at that point is public shame them.

                                                                                    Yeah that is one method. What do you think is happening here?

                                                                                    1. 1

                                                                                      nothing is happening here… I doubt Zen feels shamed

                                                                                      1. 5

                                                                                        Zen feeling shamed is not necessary for ostracization tactics to be effective.

                                                                                  2. 3

                                                                                    It’s not plagiarism to fork a MIT licensed project. It’s not unethical to take a work whose authors have explicitly asked not to be credited, make changes and not credit them. MIT licensed its software like this so that proprietary Unix vendors could take X11 and fork it. When you start a project and choose a license like this you’re making a clear statement about what your expectations are.

                                                                                    1. 8

                                                                                      Plagiarism is the representation of another author’s language, thoughts, ideas, or expressions as one’s own original work. This is absolutely plagiarism. It may be legal (I’m not convinced; it’s probably illegal in Europe), but it’s definitely unethical.

                                                                                      Being on the right side of the law but the wrong side of your friends sounds like something only a real loser would celebrate.

                                                                                      1. 3

                                                                                        Okay, then you’re making the argument that Laws == Ethics. Why not just come out and say it?

                                                                                        It’s not unethical to take a work whose authors have explicitly asked not to be credited, make changes and not credit them.

                                                                                        This is disingenuous because that’s not the argument I’m making. A license is about what’s lawful. So the only thing a public domain (for example) declaration says is that “I will not use the legal system against you if you do bad things like plagiarize.” That is nowhere near saying “I’ve explicitly asked not to be given credit.”

                                                                                2. 7

                                                                                  The license, sure, but the issue here is more ethics than legal. The article didn’t even once mention legality, but was focused on the ethics of what is going on, and rightfully warning other developers so they don’t get caught the same way others have.

                                                                                1. 3

                                                                                  I think this is less a compilers thing and more of a law thing. And programming is just redundant.

                                                                                  1. 2

                                                                                    Good idea, I changed the tags to law.

                                                                                    1. 5

                                                                                      Why law? Zen seems to be following the letter and the spirit of Zig’s MIT license.

                                                                                      1. 5

                                                                                        The law tag encompasses “Law, patents, and licensing”.

                                                                                        1. 3

                                                                                          Dude, stop. You are basically starting arguments based on a misunderstanding of the linked article.

                                                                                    1. 7

                                                                                      Wow redbpf looks amazing.

                                                                                      1. 1

                                                                                        I am excited about this project!

                                                                                        At first glance it appears to be an easy way to describe what I want an FPGA to do, and produce a design that’s easily integrated into other software I’m building.

                                                                                        I’ve tried and failed to learn enough Verilog to build my own FPGA designs. My ‘sentinel’ question has always been “When FPGAs can be used to accelerate their own synthesis, FPGAs have reached usefulness”. This might be the thing I want!

                                                                                        1. 2

                                                                                          When FPGAs can be used to accelerate their own synthesis, FPGAs have reached usefulness

                                                                                          This reminds me of Wirth, who had a similar mindset on compiler optimizations…

                                                                                          1. 1

                                                                                            I’ve been playing with nmigen and I want to give this a try too.

                                                                                          1. 4

                                                                                            Looks really good. I like that the syntax is basically rust/ML, on the Beam runtime. I wonder if there’ll be a way to write reasonably self-contained programs with it (a bit like deno does for javascript), especially since the compiler is in rust?

                                                                                            1. 5

                                                                                              You still will need BEAM runtime. Doesn’t matter what is the language the compiler is written in, the output is what matters

                                                                                              1. 2

                                                                                                Maybe the beam runtime can be linked against a rust-compiled binary? Deno uses bindings to V8 to do the equivalent with javascript.

                                                                                                1. 2

                                                                                                  I couldn’t say whats possible there, I’m not a C programmer and I’ve not looked into this. It would be a very cool feature though! Maybe one day

                                                                                                  1. 2

                                                                                                    I have been meaning to see if Gleam will run on https://github.com/lumen/lumen a BEAM VM written in Rust that targets Wasm.

                                                                                                    1. 2

                                                                                                      I intend to investigate this future. I’ve had some quick chats with the Lumen devs and it sounds like it would work nicely.

                                                                                                      One of the main things I’m interested in is providing additional type information to Lumen so that they can enable type based optimsations. This would make Gleam on Lumen outperform Erlang on Lumen, which is an exciting idea!

                                                                                                      1. 1

                                                                                                        What are some mechanisms to deliver type information to the VM? Could it be generalized so that other languages on the BEAM could also benefit?

                                                                                                        1. 1

                                                                                                          At present there’s no type based optimisations AFAIK on the BEAM or Lumen, but Lumen’s dev team said they may be able to add an API for this at a later date. Gleam and Lumen are both written in Rust so I could imagine Gleam having a backend that generated type annotated Lumen IR.

                                                                                                          1. 1

                                                                                                            Right, but I was thinking of a how to encode the type information in-band so that other typed languages on the Beam could also take advantage of any possible speedups.

                                                                                                            Like if a module had a Map(Fn => TypeTuple{}) if it exists, the alternative Beam implementation (Lumen in this case) could use it, it might even be a way to provide entirely alternate implementations for functions, it could be a Map(Fn => WasmBlob) and implement BIFS.

                                                                                                  2. 1

                                                                                                    There is no fully working BEAM runtime implemented in Rust right now. AFAIK Lumen is still in progress and other implementations didn’t lift off.

                                                                                                    EDIT: And releases (the deployment units in Erlang) often contains BEAM implementation provided, so if you build release for your target machine and the external libraries have compatible versions (libc and OpenSSL) then it should work with plain tarball of release.

                                                                                                    1. 2

                                                                                                      I was more thinking of binding against an existing BEAM runtime, like deno does with V8 :-)

                                                                                                      1. 3

                                                                                                        The BEAM was not designed to be embeddable like JS engines.

                                                                                                        If you just want self-contained apps, “releases” are that.

                                                                                                        1. 1

                                                                                                          They’re not really self contained in the way that a static binary is, they depend on libraries being installed on the host.

                                                                                                2. 2

                                                                                                  What’s the appeal of shipping a completely static binary? I don’t think it’s hard to just install Erlang or include in your package.

                                                                                                  1. 5

                                                                                                    A lot of people say that their favorite feature of Go is that it gives you a single static binary, which is easy to copy around. I think that’s a good argument, particularly after seeing what node_modules and pip directories look like.

                                                                                                    1. 3

                                                                                                      Hmmmm, maybe I’m from a different world here, where foopkg add libfoo or tar cvf foo.tar foo.js node_modules/npm install isn’t a hard thing to do, and shipping libraries/vendoring them if you REALLY hate that is common practice on Windows anyways.

                                                                                                      1. 6

                                                                                                        If you are to redistribute your solution (in binary form) to into various, separate, customer (or internal enterprise) environment running, different versions or patches of OSes,

                                                                                                        would > foopkg add libfoo or tar cvf foo.tar foo.js node_modules/npm install isn’t a hard thing to do, and shipping libraries/vendoring them

                                                                                                        be as convenient as a single binary distribution ?

                                                                                                        1. 2

                                                                                                          That approach is possible but you’d also need to ensure that the right C libraries are installed on the target machine too. It’s all doable but it requires additional work and a degree of technical knowledge compared to “copy this to your computer and double click on it”

                                                                                                        2. 3

                                                                                                          isn’t this what containers are for these days? Can’t you just ship a docker or flatpak (or the mac/windows equivalent) and be done with it?

                                                                                                          1. 3

                                                                                                            They do a good job for many uses cases but there are limitations. They require more technical knowledge to install and run than a file you can double click on, and there are performance + access implications of running software inside a container.

                                                                                                          2. 1

                                                                                                            after seeing what node_modules […] directories look like

                                                                                                            On a related tangent, we’re starting to use webpack to bundle files for NodeJS apps at work, which so far seems to be worth it for us. (No minification though, that would be awful.)

                                                                                                            I’ve seen a couple hundred MB node_modules result in around 10-20MB unminified bundle files. Deployment goes faster with one moderately big file than 100ks of tiny files. In the process we dropped the need for production to run npm install --production. Also in particular we see Azure app service is really slow at reading lots of small files: bundling reduced start up time for some services from ~30s to ~5s.

                                                                                                            So I think bundling things into a smaller number of files makes deployments nicer even when that smaller number isn’t as small as 1.

                                                                                                            In both the before-bundling and after-bundling states we have been doing installations using a single zip file: what changed is mainly the number of files in it.

                                                                                                      1. 2

                                                                                                        That was really interesting. In all the various arguments I’ve seen for and against C, nobody ever brought up the stable and controllable ABI before.

                                                                                                        1. 8

                                                                                                          It’s like the one key benefit over basically everything else.

                                                                                                          1. 4

                                                                                                            This is mostly because on Unix, C is the lowest common denominator. Many other platforms define cross-language ABIs or define runtime low-level late binding like COM.

                                                                                                            1. 2

                                                                                                              I would be really interested in the slightly-higher/newer abstraction that was alluded to in the blog article.

                                                                                                              I’m contributing to a new language, and I’m less than motivated to work on some full-blown C FFI to be honest.

                                                                                                            2. 3

                                                                                                              Many languages have stable ABIs, it’s an artifact of not-large-scale-system languages that results in unstable ABI - pascal, C, objective-c, C++, Swift, etc have stable ABIs because all of them are expected to be useable for core system libraries.

                                                                                                              C++ is the only really problematic child as the language makes it super easy to accidentally bollocks up an API exposed binary detail (accidentally reordering vtables) - but if you know to be careful around virtual methods in the same way you are with struct fields then your guaranteed that the same definition will always compile to the same binary interface, across all compilers targeting a given platform.

                                                                                                              Languages like rust make no such guarantee, so their use as a system language is severely limited.

                                                                                                              1. 3

                                                                                                                I partially agree, but I think that holding up ABI compatibility as such a strong requirement is a severely outdated stance.

                                                                                                                I don’t see anything wrong with building software for a specific library/version configuration on-demand, either by package archives, or on users’ machines.

                                                                                                                The only reason why this wasn’t possible done in the past is because building C software is a huge mess.

                                                                                                                This is a reasonable option with Rust (and other languages), but I think it’s more reasonable to migrate to a slightly higher-level interface description format (as mentioned already) than “whatever fell out of a C compiler 30 years ago”.

                                                                                                                1. 1

                                                                                                                  For an OS - which is where a lot of the critical frameworks that are attacked live - ABI stability is critical.

                                                                                                                  You can’t mandate that a user updates all their software concurrently with the OS, or N-boot for every version of the OS that each piece of software they use is compiled for.

                                                                                                                  That’s why Swift being ABI stable was so critical - Apple couldn’t use Swift for system frameworks unless it was stable, and so all the system frameworks are still C, Objective-C, and unfortunately IOKit which is C++ (C++ is deterministically and by spec ABI stable, but it’s super easy to change ABI without realising)

                                                                                                            1. 1

                                                                                                              What ever happened to just analyzing server log. We did that in the 90s and it was fine. If you’re using 3rd party hosting or CDNs you’re already giving someone else access to all your users’ activity so you might as well use an off the shelf sophisticated analytics tool.

                                                                                                              1. 7

                                                                                                                FYI, some history: GnuTLS was created at a time when OpenSSL had a GPL incompatible license. Eventually RedHat (I think) did the hard work to fix OpenSSL licensing.

                                                                                                                1. 3

                                                                                                                  https://www.openssl.org/source/license.html says that OpenSSL 3.0.0 and newer are published under Apache License V2 which is GPLv3 compatible (see https://www.apache.org/licenses/GPL-compatibility.html). It’s still not GPLv2 compatible, so some projects like Linux that are “GPLv2 only” still can’t use OpenSSL. On the other hand they can also not use (recent versions of) GnuTLS because that’s GPLv3 these days which is also not GPLv2-compatible.

                                                                                                                    1. 1

                                                                                                                      Right, and that added GPLv3 compatibility. For GPLv2, both OpenSSL (no matter the version) and GnuTLS (recent versions, and you shouldn’t use old crypto code) still are not an option.

                                                                                                                      I wouldn’t called OpenSSL licensing “fixed”.

                                                                                                                1. 11

                                                                                                                  Random historical factoid: when I joined Twitter there were no usernames. Identity was through your phone number. First names were used unless there was ambiguity and then it would fall back to full names. After a month or two they switched to usernames.

                                                                                                                  1. 2

                                                                                                                    It strikes me that this is a variant of the general class of cache side-channel attacks made famous by Spectre and Meltdown. This isn’t a timing side-channel (though those are possible on the web too) but still a side-channel due to performance optimizations.

                                                                                                                    Just like in CPUs, if caches were completely disabled the side-channels would go, but so would the performance we’ve come to know and love.