-
The choice of Cyrillic “counterparts” is pretty hilarious :-) For example the old Russian letter “ѵ” which we tried to get rid of since about 3 centuries ago and succeeded in that after 2 centuries since then :-)
-
As I read this I thought about my experiences with Diaspora and Mastodon. Pages like this one or this one (click “Get Started”, I couldn’t do a deep link because JavaScript) are, IMHO, a big part of the reason these services don’t take off. How can an average user be expected to choose from a basically random list of nodes? How can I, a reasonably “technical” person, even be expected to do so?
So then why not host my own node? First, I don’t have time and most people I know don’t either. If I was 15 again I totally would because I had nothing better to do. I also don’t want to play tech support for a good chunk of my social network, and providing a service to someone has a tendency to make them view you as the tech support.
Second, if I do that I’m now in charge of security for my data. As terrible as Twitter and Facebook are, they’re probably still a lot better at securing my data than I am (at the very least they probably patch their systems more often than I would). Even worse, if some non-technical person decides to bite the bullet and create a node for his/her friends, how secure do you think that’s going to be?
Further, what are the odds that I, or whoever is maintaining the node, basically gets bored of it one day and kills the whole thing? Pretty damn high (maybe I and all my friends are assholes, though, so whatever).
Anyway, this post really spoke to me because I’ve been trying to escape Evil companies for awhile now and “federated” just doesn’t seem to be the answer. I now believe that centralized is here to stay, but that we should start looking at the organizations that control the data instead of the technology. For example, if Facebook were an open non-profit with a charter that legally prevented certain kinds of data “sharing” and “harvesting” maybe I wouldn’t have any problem with it.
-
How can an average user be expected to choose from a basically random list of nodes?
How did they choose their email provider? Not be carefully weighing the technical options, surely. They chose whatever their friends or parents used, because with working federation it doesn’t matter.
what are the odds that I, or whoever is maintaining the node, basically gets bored of it one day and kills the whole thing?
Same as what happened with many early email providers: when they died, people switched to different ones and told their friends their new addresses.
Really, all this argument of “what if federation isn’t a holy grail” is pointless because we all already use a federated system — email — and we know for a fact that it works for humans, despite all its flaws.
-
How did they choose their email provider? Not be carefully weighing the technical options, surely. They chose whatever their friends or parents used, because with working federation it doesn’t matter.
In contrast to mastodon instances - which are very alike - email providers have differentiated on the interface and guarantees they provide and market that. People react to that.
-
In contrast to mastodon instances
While this was largely true in the beginning, many Fediverse nodes now do market themselves based on default interface, additional features (e.g. running the GlitchSoc fork or something like it), or even using non-Mastodon software like Pleroma. I suspect this will only increase as additional implementations (Rustodon) and forks (#ForkTogether) take off and proliferate.
-
-
How did they choose their email provider?
I think federated apps like Mastodon are fundamentally different than email providers. Most email providers are sustainable businesses, they earn money with adds or paid plans or whatever and have their own emails servers and clients with specific features. Self-hosted email servers are a minority. Please tell if I wrong, but I don’t think one can easily earn money with a Mastodon instance.
However I agree that both are federated.
-
-
You’re certainly not wrong, though I would argue that email, particularly as it was 20+ years ago when it went “mainstream”, is much simpler (for instance, it doesn’t require any long-term persistence or complicated access control) and therefore easier to federate successfully (in a way that humans can handle) than social networking.
-
-
-
-
-
Email is basically fire and forget. You download it to your computer and then you’ve got it forever (modern email does more, but also includes more of the privacy / data issues that come with other social networks). But most users can’t easily give other people on-demand access to their emails, which is the case with Facebook, Twitter, etc. Email is really meant for private communication (possibly with a large group, but still private), Facebook and company are for private, semi-private, and even public communication, and they require a user to be able to easily retroactively grant or retract permissions. Email doesn’t handle these other use-cases (this isn’t a fault of email, it doesn’t try to).
-
-
-
The ability for interested parties to interact without reply all. I can post a picture of a beautiful burrito, and people can comment or ignore at their leisure, and then reply to each other. I guess there’s some preposterous email solution where I mail out a link to an ad hoc mailing list with every update and various parties subscribe, but… meh.
-
-
-
-
In the case of Mastodon, which instance you pick does matter. Users can make posts that are only visible to others in the same instance. If you pick the “wrong” home instance, you’ll have to make another account in another instance to see the instance-private posts there. If you’re a new Mastodon user, you might not know that one instance is good for artists and another good for musicians, etc. In any case, this is as easily solvable problem by adding descriptions and user-provided reviews to each instance.
-
-
-
Second, if I do that I’m now in charge of security for my data. As terrible as Twitter and Facebook are, they’re probably still a lot better at securing my data than I am
Setting a price tag on your datas doesn’t secure them. There are enough scams and hoaxes on Facebook to share your information with other companies that I have to disagree with you. And since those social networks are collecing more data than necessary, it is easier to lose data.
-
Facebook and Twitter also present single valuable targets and are thus more likely to be targeted. A hundred mastodon instances may be individually less secure due to the operators having fewer resources or less experience, but compromising a single server won’t get you as much.
-
-
-
-
Here’s me feeling pangs of guilt for not ever finishing my draft of “Why OpenID has failed”… As well as loads of other incredibly insightful and impactful posts I could’ve blogged.
-
As one insignificant user of this language, please stop adding these tiny edge case syntax variations and do something about performance. But I am one small insignificant user …
-
This is exactly the attitude that leads to maintainers’ burn outs.
Do realize this:
- Adding syntax variations is not done at the expense of performance, different volunteers are working on what’s more interesting to them.
- Python is not a product, and you’re not a paying customer, you don’t get to say “do this instead of that” because none of the volunteer maintainers owes you to produce a language for you. Just walking by and telling people what to do with their project is at the very least impolite.
- If you want something to happen in an open source project, volunteer to do it.
(None of this is aimed at you personally, I don’t know who you are. I’m dissecting an attitude that you’ve voiced, it’s just all too common.)
-
Python is not a product, and you’re not a paying customer, you don’t get to say “do this instead of that” because none of the volunteer maintainers owes you to produce a language for you. Just walking by and telling people what to do with their project is at the very least impolite.
I agree with the general direction of your post, but Python is a product and it is marketed to people, through the foundation and advocacy. It’s not a commercial product (though, given the widespread industry usage, you could argue it somewhat is). It’s reasonable of users to form expectations.
Where it goes wrong is when individual users claim that this also means that they need to be consulted or their consultation will steer the project to the better. http://www.ftrain.com/wwic.html has an interesting investigation of that.
-
Where it goes wrong is when users claim that this also means that they need to be consulted or their consultation will steer the project to the better.
Wait, who is the product being built for, if not the user? You can say I am not a significant user, so my opinion is not important, as opposed to say Google which drove Python development for a while before they focused on other things, but as a collective, users’ opinions should matter. Otherwise, it’s just a hobby.
-
Sorry, I clarified the post: “individual users”. There must be a consultation process and some way of participation. RFCs or PEPs provide that.
Yet, what we regularly see is people claiming how the product would be a better place if we listened to them (that, one person we never met). Or, alternatively, people that just don’t want to accept a loss in a long-running debate.
I don’t know if that helps clarifying, it’s a topic for huge articles.
-
I often find what people end up focusing on - like this PEP - is bike shedding. It’s what folks can have an opinion on after not enough sleep and a zillion other things to do and not enough in depth knowledge. Heck I could have an opinion on it. As opposed to hard problems like performance where I would not know where to start, much less contribute any code, but which would actually help me and, I suspect, many other folks, who are with some sighing, migrating their code to Julia, or, like me, gnashing their teeth at the ugliness of Cython.
-
Yeah, it’s that kind of thing. I take a harsh, but well-structured opinion any time and those people are extremely important. What annoys me is people following a tweet-sized mantra to the end, very much showing along the path that they have not looked at what is all involved or who would benefit or not knowing when to let go off a debate.
-
-
-
-
-
Adding syntax variations is not done at the expense of performance, different volunteers are working on what’s more interesting to them.
Regrettably, a lot of languages and ecosystems suffer greatly from the incoherence that this sort of permissive attitude creates.
Software is just as much about what gets left out as what gets put in, and just because Jane Smith and John Doe have a pet feature they are excited about doesn’t mean they should automatically be embraced when there are more important things on fire.
-
the incoherence that this sort of permissive attitude creates
The Haskell community would’ve just thrown PEP 572 behind
{-# LANGUAGE Colonoscopy #-}and been done with it.Sure, this doesn’t get us out of jail free with regard to incoherence, but it kicks down the problem from the language to the projects that choose to opt-in.
-
I find it hard to see this as a good thing. For me, it mostly highlights why Haskell is a one-implementation language… er, 2 ^ 227 languages, if
ghc --supported-extensions | wc -lis to be taken literally. Of course, some of those extensions are much more popular than others, but it really slows down someone trying to learn “real world” Haskell by reading library code.-
Of course, some of those extensions are much more popular than others
Yeah, this is a pretty interesting question! I threw some plots together that might help explore it, but it’s not super conclusive. As with most things here, I think a lot of this boils down to personal preference. Have a look:
https://gist.github.com/atondwal/ee869b951b5cf9b6653f7deda0b7dbd8
-
-
-
Yes. Exactly this. One of the things I value about Python is its syntactic clarity. It is the most decidedly un-clever programming language I’ve yet to encounter.
It is that way at the expense of performance, syntactic compactness, and probably some powerful features that could make me levitate and fly through the air unaided if I learned them, but I build infrastructure and day in, day out, Python gets me there secure in the knowledge that I can pick up anyone’s code and at the VERY LEAST understand what the language is doing 99% of the time.
-
-
I find that “people working on what interests them” as opposed to taking a systematic survey of what use cases are most needed and prioritizing those is a hard problem in software projects, and I find it curious that people think this is not a problem to be solved for open source projects that are not single writer/single user hobby projects.
Python is interesting because it forms core infrastructure for many companies, so presumably they would be working on issues related to real use cases. Projects like numpy and Cython are examples of how people see an important need (performance) and go outside the official language to get something done.
“If you want something to happen in an open source project, volunteer to do it.” is also one of those hostile attitudes that I find curious. In a company with a paid product of course that attitude won’t fly, but I suspect that if an open source project had that attitude as a default, it would gradually lose users to a more responsive one.
As an example, I want to use this response from a library author as an example of a positive response that I value. This is a library I use often for a hobby. I raised an issue and the author put it in the backlog after understanding the use case. They may not get to it immediately. They may not get to it ever based on prioritization, but they listened and put it on the list.
Oddly enough, I see this kind of decent behavior more in the smaller projects (where I would not expect it) than in the larger ones. I think the larger ones with multiple vendors contributing turn into a “pay to play” situation. I don’t know if this is the ideal of open source, but it is an understandable outcome. I do wish the hostility would decrease though.
-
Performance has never been a priority for Python and this probably won’t change, because as you said, there are alternatives if you want Python’s syntax with performance. Also its interoperability with C is okeish and that means that the small niche of Python’s users that use it for performance critical operations that are not already supported by Numpy, Numba and so on, will always be free to go that extra mile to optimize their code without much trouble compared to stuff like JNI.
If you want raw performance, stick to C/C++ or Rust.
-
I also observe the same tendency of smaller projects being more responsive, but I think the issue is scale, not “pay to play”. Big projects get so much more issue reports but their “customer services” are not proportionally large, so I think big projects actually have less resource per issue.
-
-
-
-
-
Have you tried Pypy? Have you tried running your code through Cython?
Have you read any of the zillion and one articles on improving your Python’s performance?
If the answer to any of these is “no” then IMO you lose the right to kvetch about Python’s performance.
And if Python really isn’t performant enough for you, why not use a language that’s closer to the metal like Rust or Go or C/C++?
-
Yes to all of the above. But not understanding where all the personal hostility is coming from. Apparently having the opinion that “Should := be part of Python” is much less important than “Let’s put our energies towards getting rid of the GIL and creating a kickass implementation that rivals C++” raises hackles. I am amused, entertained but still puzzled at all the energy.
-
There was annoyance in my tone, and that’s because I’m a Python fan, and listening to people kvetch endlessly about how Python should be something it isn’t gets Ooooold when you’ve been listening to it for year upon year.
I’d argue that in order to achieve perf that rivals C++ Python would need to become something it’s not. I’d argue that if you need C++ perf you should use C++ or better Rust. Python operates at a very high level of abstraction which incurs some performance penalties. Full stop.
-
This is an interesting, and puzzling, attitude.
One of the fun things about Cython was watching how the C++ code generated approaches “bare metal” as you add more and more type hints. Not clear at all to me why Python can not become something like Typed Racket, or LISP with types (I forget what that is called) that elegantly sheds dynamism and gets closer to the metal the more type information it gets.
Haskell is a high level language that compiles down to very efficient code (barring laziness and thunks and so on).
Yes, I find this defense of the slowness of Python (not just you but by all commentators here) and the articulation that I, as one simple, humble user, should just shut up and go away kind of interesting.
I suspect that it is a biased sample, based on who visits this post after seeing the words “Guido van Rossum”
-
-
-
Not clear at all to me why Python can not become something like Typed Racket, or LISP with types (I forget what that is called) that elegantly sheds dynamism and gets closer to the metal the more type information it gets.
Isn’t that what mypy is attempting to do? I’ve not been following Python for years now, so really have no horse in this race. However, I will say that the number of people, and domains represented in the Python community is staggering. Evolving the language, while keeping everyone happy enough to continue investing in it is a pretty amazing endeavor.
I’ll also point out that Python has a process for suggesting improvements, and many of the core contributors are approachable. You might be better off expressing your (valid as far as I can see) concerns with them, but you might also approach this (if you care deeply about it) by taking on some of the work to improve performance yourself. There’s no better way to convince people that an idea is good, or valid than to show them results.
-
Not really. Mypy’s goal is to promote type safety as a way to increase program correctness and reduce complexity in large systems.
It doesn’t benefit performance at all near as I can tell, at least not in its current incarnation.
Cython DOES in fact do this, but the types you hint with there are C types.
-
Ah, I thought maybe MyPy actually could do some transformation of the code, based on it’s understanding, but it appears to describe itself as a “linter on steroids,” implying that it only looks at your code in a separate phase before you run it.
Typed Racket has some ability to optimize code, but it’s not nearly as sophisticated as other statically typed languages.
-
-
-
-
In no way did I imply that you should “shut up and go away”.
What I want is for people who make comments about Python’s speed to be aware of the alternatives, understand the trade-offs, and generally be mindful of what they’re asking for.
I may have made some false assumptions in your case, and for that I apologize. I should have known that this community generally attracts people who have more going on than is the norm (and the norm is unthinking end users posting WHY MY CODE SO SLOW?
-
Hey, no problem! I’m just amused at the whole tone of this set of threads set by the original response (not yours) to my comment, lecturing me on a variety of things. I had no idea that (and can’t fathom why) my brief comment regarding prioritization decisions of a project would be taken so personally and raise so much bile. What I’m saying is also not so controversial - big public projects have a tendency to veer into big arguments over little details while huge gaps in use cases remain. I saw this particular PEP argument as a hilarious illustration of this phenomenon in how Python is being run.
-
Thinking about this a little more - sometimes, when languages ‘evolve’ I feel like they forget themselves. What makes this language compelling for vast numbers of programmers? What’s the appeal?
In Python’s case, there are several, but two for sure are a super shallow learning curve, and its tendency towards ‘un-clever’ syntax.
I worry that by morphong into something else that’s more to your liking for performance reasons, those first two tenets will get lost in the shuffle, and Python will lose its appeal for the vast majority of us who are just fine with Python’s speed as is.
-
Yes, though we must also remember that as users of Python, invested in it as a user interface for our code ideas, we are resistant to any change. Languages may lose themselves, but changes are sometimes hugely for the better. And it can be hard to predict.
In Python’s 2.x period, what we now consider key features of the language, like list comprehensions and generator expressions and generators, were “evolved” over a base language that lacked those features altogether, and conservatives in the community were doubtful they’d get much use or have much positive impact on code. Likewise for the class/type system “unification” before that. Python has had a remarkable evolutionary approach over its long 3-decade life, and will continue to do so even post-GvR. That may be his true legacy.
-
-
-
-
-
-
-
-
-
-
voronoipotato
1 month ago
|
link
| on:
We shouldn't let people get used to the idea that software fails
Software correctness is not a developer decision, it’s largely a business decision guided by cost management. I mean depending on where you work and what you work on the software may be so stable that when you try to point out a problem the business will simply point out that the software is correct because it’s always correct and that you’re probably just not understanding why it is correct. Apps are buggy mostly when the costs of failure to the business are low or not felt by management.
-
Came here to say exactly this.
There is no barrier to entry or minimum bar for consideration in software.
So you end up with thousands of businesses saying variations of “our budget is $1000 and we want you to make a software that …”.
Then of course you are going to see lots of failure in the resulting software.
The choice often ends up being “spend 10,000x and make it super robust” or “live with bugs”.
No business chooses the first option when you can say “oops sorry that was a bug we just fixed it. thank you! :)”.
This pattern persists even as the cost of developing software comes down. Meaning if you reduce the cost of producing flawless software to $X the market will choose a much more buggy version that costs a fraction of $X because the cost of living with those bugs is still much lower than the cost of choosing a flawless one.
-
I recently moved to financial software development, and it seems everybody has real life experience of losing huge sums of money to a bug, and everybody, including management and trading, is willing to try practice to reduce bugs. So I became more convinced that it is the cost of bugs that matters.
-
-
Not really.
Would you like your mobile phone screen to be made bullet proof and have it cost $150M?
Would you like an atomic bedside alarm clock for $500k?
A light bulb that is guaranteed to not fail for 200 years for $1,000?
It’s a real trade-off and there’s a line to be drawn about how good/robust/reliable/correct/secure you want something to be.
Most people/businesses can live with software with bugs and the cost of aiming for no bugs goes up real fast.
Taking serious steps towards improving software quality is very time consuming and expensive so even those basic first steps wont be taken unless it’s for something critical such as aircraft or rocket code.
For non-critical software often there’s no huge difference between 0 bugs or 5 bugs or 20 bugs. So there isn’t a strong incentive to try so hard to reduce the bugs from their initial 100 to 10 (and to keep it there).
The case that compels us to eliminate bugs is where it is something to the effect of “no bugs or the rocket crashes”.
Also you have to consider velocity of change/iteration in that software. You can spend tons of resources and have your little web app audited and certified ast it is today but you have to think of something for your future changes and additions too.
As the technology improves the average software should become better in the same way that the average pair of shoes or the average watch or the average tshirt becomes better.
-
Would you like your mobile phone screen to be made bullet proof and have it cost $150M?
Quite exaggerated, but I get your point. The thing is — yes, I personally would like to pay 2-3x for a phone if I can be SURE it won’t degrade software-wise. I’m not worried about hardware (as long as the battery is replaceable), but I know that in 2-3 major OS updates it will feel unnecessarily slow and clunky.
Also you have to consider velocity of change/iteration in that software
Oh, man, that’s whole other story… I can’t remember the last time I wanted software to update. And the only two reasons I do update usually are:
- It annoys me until I do;
- It will hopefully fix some bugs introduced due to this whole crazy update schedule in the first place.
Most people/businesses can live with software with bugs and the cost of aiming for no bugs goes up real fast.
Which brings us back to my original point: we got used to it and we don’t create any significant pressure.
-
-
-
Businesses that allow buggy code to ship should probably be shamed into better behavior. They exist because the bar is low, and would cease to exist with a higher bar. Driving them out of business would be generally desirable.
A boycott would need to start or be organized by developers, since developers are the only people who know the difference between a circumstance where a high-quality solution is possible but difficult, a circumstance where a high-quality solution is trivial but rare for historical reasons, and a situation where all solutions are necessarily going to run up against real, mathematical restrictions.
(Also, most code in existence isn’t being developed in a capitalist-corporate context, and the most important code – code used by everybody – isn’t being developed in that context either. We can and should expect high quality from it, because there’s no point at which improving quality becomes “more than my job’s worth”.)
-
-
it’s largely a business decision guided by cost management.
I don’t agree about the cost management reasoning. Rather it is a business decision that follows what customers actually want. And customers actually do prefer features over quality. No matter how much it hurts our pride in craftsmanship…
The reason we didn’t see it before software is that other fields simply don’t have this trade off as an option: buildings and cars can’t constantly grow new physical features.
-
Speed / Quality / Cost
Pick two
You can add on features to cars, and buildings, and the development process does sometimes go on and on forever. The difference is if your cow clicker game has a game breaking bug, typically nobody literally dies. There exists software where people do die if there are serious bugs and in those scenarios they either compromise in speed or cost.
We’ve seen this before software in other fields, and they do have this trade off as an option, you just weren’t in charge of building it. The iron triangle predates software though I do agree scope creep is a bigger problem in software it is also present in other industries.
-
-
-
It’s not business or management who made us build seemingly infinite layers and abstractions.
Oh it definitely was. The waterfall process, banking on IBM/COBOL/RPG, CORBA, endless piles of objects everywhere, big company apps using obfuscated formats/protocols, Java/.NET… these were middle managers and consultants forcing bullshit on developers. Those bandwagons are still going strong. Most developers stuck on them move slower as a result. The management solution is more bullshit that looked good in a PowerPoint or sounded convincing in a strip club with costs covered by a salesperson. The developers had hardly any say in it at all.
With that status quo, we typically are forced to go with two options: build the new thing on top of or within their pile of bullshit; find new niches or application areas that let us clean slate stuff. Then, we have to sell them on these whether internally or externally. Doing that for stuff that’s quality-focused rather than feature/buzzword-focused is always an uphill battle. So, quality-focused software with simple UI’s aren’t the norm. Although developers and suppliers cause problems, vast majority of status quo is from demand side of consumers and businesses.
-
It isn’t? Most managers I’ve met come and see me saying, we dont want to have to think about this, so build on top of this abstraction of it. They definitely do not want us wiping the slate clean and spending a lot of time rebuilding it anew, that would be bad for business.
-
-
-
What does this do better than the canvas element? And why is it specifically part of CSS?
-
The
houdiniproject aims to let you polyfill (future) CSS features rather than waiting for them to be implemented everywhere.Once
houdinisupport rolls out to all your target browsers, you won’t have to write a bunch of fallback CSS. -
This is what happens when excitement overrules sane design principles. People seem to have all but forgotten about why we tried to separate HTML, CSS and JS. Now it seems to converge on the idea of everything being a JS library and JS being a structure of the Web, instead of HTML.
-
I don’t see it that way at all. The practical implication of the Houdini features (viewed in total, not just this piece of them), at least aspirationally, will be that it’s easier to factor custom design elements into their declarative parts and their procedural parts. There’s a lot of black-box complexity within CSS as it currently stands, and it makes sense to open that up so it can be extended and modified.
-
-
-
-
I’m pretty much totally in support of this thesis. Simplicity is imperative.
Interesting cultural note: the Hacker News crowd pretty much disagreed (https://news.ycombinator.com/item?id=17489934). Most of the commenters there thought that correctness should be first.
-
-
Complicated software breaks. Simple software is more easily understood and far less prone to breaking: there are less moving pieces, less lines of code to keep in your head, and fewer edge cases.
Sometimes code is complicated because the problem is complicated.
And sometimes the simple solution is wrong, even for something as basic as averaging two numbers.
-
But there’s a difference here: a code is simple when it doesn’t introduce (too much of) its own accidental complexity. The innate complexity of the field is out of the equation, can’t do anything about it. But the code must strive to express its intent as simple as possible. It’s not a contradictory goal.
-
-
-
Funny as he is, there were systems- and performance-oriented variants of LISP that either stayed low-level or produced C output that was low-level. They were really fast with many advantages of LISP-like languages. PreScheme was an early one. My current favorite, since they beat me to my idea of C-like Scheme, was ZL where authors did C/C++ in Scheme. With Scheme macros, one might pick the numeric representation that worked best from safest to fastest. Even change it over time if you had to start with speed on weak hardware but hardware got better.
These days, we even have type-safe and verified schemes for metaprogramming that might be mixed with such designs. So, you get clean-looking code that generates the messy, high-performance stuff maybe in verified or at least type-checked way. People are already doing similar things for SIMD. And you’re still using x86! And if you want, you can also use a VIA x86 CPU so you can say hardware itself was specified and verified in LISP-based ACL2. ;)
-
-
-
-
-
Is complicated code that solves complicated problems immune from breaking?
It’s more that some problem cannot be solved with simple code, because you can’t capture the whole complexity of the problem without writing a lot of code to capture it.
Consider tax code. Accurately following tax law is going to be messy because tax law itself is messy.
-
Definitely not. If you have simple but wrong, it’s no good by definition. You can “not have” fast, but essentially, you still need “fast enough”. If you can accomplish the task, and you can do so simply and correctly, but can’t work it quick enough for real-life workloads, then in those cases you might as well call it broken.
-
I am put in mind of the quote:
You can make simple software with obviously no defects, or complicated software with no obvious defects.
I don’t even think “correct” software is required–for many lucrative things, you have a human being interpreting the results, and oftentimes incorrect or wrong output can still be of commercial value.
That’s why we have customer support folks. :)
-
This is a misquote of C.A.R. Hoare:
I conclude there are two ways of constructing software design: one way is to make it so simple there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies.
Nothing wrong with a misquote btw, as it means you internalized the statement rather than regurgitating the words :).
-
-
-
If I understand correctly (hah), his point is that if you aim for simplicity, it’s easier to ensure correctness.
-
-
Given that most popular email clients these days are awful and can’t handle basic tasks like “sending email” properly
I agree with the sentiment in general, but once you’re in the position where everybody else does it wrong and you’re the last person on the planet that does it right, then maybe it’s time to acknowledge that the times have changed and that the old way has been replaced by the new way and that maybe it is you who is wrong and not everybody else.
And I’m saying this as a huge fan of plain-text only email, message threading and inline quotes using nested > to define the quote level.
It’s just that I acknowledge that I have become a fossil as the times have changed.
-
once you’re in the position where everybody else does it wrong and you’re the last person on the planet that does it right
Thankfully we haven’t reached this position for email usage on technical projects. Operating systems, browsers, and databases still use developer mailing lists, and system programmers know how to format emails properly for the benefit of precise line-oriented tools.
I acknowledge that I have become a fossil as the times have changed
If the technology and processes you prefer have intrinsic merit, then why regretfully and silently abandon them? I’m not saying we should refuse to cooperate on interesting new projects simply because they use slightly worse development processes. But we should let people know about the existence of other tools and ways to collaborate, and explain the pros and cons.
-
If the technology and processes you prefer have intrinsic merit, then why regretfully and silently abandon them?
Because when I didn’t, people were complaining about my quoting style, not understanding which part of the message was mine and which wasn’t and complaining that me stripping off all the useless bottom quote caused them to lose context.
This was a fight it didn’t feel worth fighting.
I can still use my old usenet quoting habits when talking to other old people on mailing lists (which is another technology on the way out it seems), but I wouldn’t say that the other platforms and quoting styles the majority of internet users use these days are wrong.
After all, if the maiority uses them, it might as well be the thing that finally helped the “other” people to get online to do their work, so it might very well be time for our “antiquated” ways to die off.
-
-
I’d like to try to convince you that it’s _good* that plain text email is no longer the norm.
First, let’s dispense with a false dichotomy: I’m not a fan of HTML emails that are heavy on layout tables and (especially) images with no text equivalents. Given my passion for accessibility (see my profile), that should come as no surprise.
But HTML emails are good for one thing: providing hyperlinks without exposing URLs to people. As much as good web developers aim for elegant URLs, the fact remains that URLs are for machines, not people. A hyperlink with descriptive text, where the URL is available if and only if the reader really wants it, is more humane.
For longer emails, HTML is also good for conveying the structure of the text, e.g. headingsg and lists.
Granted, Markdown could accomplish the same things. But HTML email actually took off. Of course, you could hack together a system that would let you compose an email in Markdown and send it in both plain text and HTML. For folks like us that don’t prefer WYSIWYG editors, that might be the best of all worlds.
-
But HTML emails are good for one thing: providing hyperlinks without exposing URLs to people.
That doesn’t come without a huge cost. People don’t realize that they need to know the underlying URL and don’t care to pay attention to it. That leads to people going places they didn’t expect or getting phished and the like.
Those same people probably wouldn’t notice the difference between login.youremail.com and login.yourema.il.com either, though. So I’m not saying the URL is the solution but at least, putting it in front of you, gives you a chance.
-
As much as good web developers aim for elegant URLs, the fact remains that URLs are for machines, not people.
I’m not sure about this… at least the whole point of DNS is to allow humans to understand URLs. Unreadable URLs seem to be a relatively recent development in the war against users.
-
Not only do I completely agree with you but you are also absolutely right about that.
Excerpt from section 4.5 of the RFC3986 - Uniform Resource Identifier (URI): Generic Syntax:
Such references are primarily intended for human interpretation rather than for machines, with the assumption that context-based heuristics are sufficient to complete the URI [...]BTW, the above
URLis a perfect example of how one should look like.
-
-
Personally, I hate
HTMLin email - I don’t think it belongs there. Mainly, for the very reasons you had just mentioned.Let’s take phishing, for example - and spear phishing in particular. At an institution where I work, people - especially those at the top - are being targeted. And it’s no longer click here-type of emails - institutional
HTMLlayouts are being used to a great effect to collect people’s personal data (passwords, mainly). With the whole abstraction people cannot distinguish whether an email, or even a particular link, is genuine.When it comes it the structure itself, all of that can be achieved with plain text email - the conventions used predate Markdown, BTW, and are just as readable as they were several decades ago.
-
-
-
-
-
Thank you.
-
Rust on the 7th place with 1 million LOC is actually pretty cool for Firefox! Didn’t think it has taken over that much already.
-
Huh, I didn’t realize the 8086 only had a 20 pin address bus. Makes everything seem a bit more sane, although why make the segments overlap? I can’t see the benefit and it makes expanding the address space that much harder.
-
I guess one (tiny) benefit of having segments overlap every 16 bytes is that a malloc() implementation could return pointers of XXXX:0000 format, i.e. only concern itself with segments? And then, if you want to index into such an array, you can put the array element’s index/offset in a register without having to add a base address offset, since the array always starts at 0000 (within the given segment).
-
-
More silly trivia: All wintel PCs boot with line 20 disabled, in order to default to 8086 mode. And if you turn it on, you talk to the keyboard controller. Some quick googling led me to an example here: https://github.com/Clann24/jos/blob/master/lab2/code/obj/boot/boot.asm#L29
Of course these days all these devices exist on-die, but back in the day they would have been discrete ASICs.
-
-
There’s two really nice things here:
- The “number of versions” is a fantastic metric and Microsoft Research observed something similar spending a little more time on this point. If you’re changing a module many times, perhaps you (the programmer) don’t know what it is supposed to do?
- The “size” is another good metric, but I think the authors don’t go far enough: Lines of code and number of statements are nowhere near as good as “source code bytes”. Arthur is supposed to have said only a short program has any chance of being correct, but really it’s scrolling that is getting you into trouble: When data is produced and consumed out of view of each other you literally cannot see the opportunity for the bug.
But maybe something not so nice: testing has a negative correlation with defects, but not very much. This is consistent with a lot of other empirical examinations on the subject that had a lot less data, but it still sounds bonkers. People who swear by test driven development know it’s helping them write better code, but the numbers don’t lie, so what is it?
My theory is that when you tell someone they need to write tests, they write crappy tests, but if they want to write tests even when they’re not required, then it’s because they want a second way to look at their problem and understand it better. And that’s what we’re striving for.
-
when you tell someone they need to write tests, they write crappy tests, but if they want to write tests even when they’re not required, then it’s because they want a second way to look at their problem and understand it better.
This rings very true to me, for what it’s worth.
-
Yes, I wrote something similar on Stack Exchange a while back:
Testing follows a common pattern in software engineering: testing is claimed to make software better/more “agile”/less buggy/etc., but it’s not really the testing which does this. Rather, good developers make software better/more “agile”/less buggy/etc. and testing is something that good developers tend to do.
In other words, performing some ritual like unit testing for its own sake will not make your code better. Yet understanding why many people do unit testing will make you a better developer, and being a better developer will make your code better, whether it has unit tests or not.
-
-
-
That can generate new modules rather than changes to existing ones.
-
-
Wait, are you telling me fractional scaling actually works in Gnome on Fedora?!
(It doesn’t on Ubuntu, and it’s been keeping me in a state of stunned amazement that they’ve been shipping a desktop unusable on mainstream hardware for two consecutive releases now, and none of the reviewers have given it as much as a sideline mention. I guess I’m the only person in the world trying to run Ubuntu on an exceedingly rare Thinkpad X1 Carbon.)
-
-
I’m amused by the reactions to this. Code formatting is the least interesting problem in programming, and one of the most easily automated. Props to Łukasz for this; I may not agree with every choice, but I agree that the choices should be made once and once only, and then just … used.
-
-
No, no, no… Defaulting to double-quotes over apostrophes sends it to hell right away. I’m not fond of squeezing my left pinky over Shift the entire time I’m typing. Also, apostrophes are obviously more classy. Double-quotes smells too much of C and other C-inspired syntaxes.
On a slightly more serious note, if a line fits into the length limit doesn’t mean it should necessarily be reformatted this way. I prefer this:
return { 'AND': eval_and, 'OR': eval_or, }[op](some, more, args, here)to not be turned into a one-liner. But
blackdoes.-
But that’s the point of Black—to remove all thought about formatting so no one can bikeshed coding styles. There are no aesthetic concerns taken into account period. If it’s ugly, it’s ugly. Get over your artistic tendencies and program—that’s what you are paid for.
Would I use this? No (that is, if I programmed in Python—I don’t). I’ve built up a coding style that works for me over the past 30 years, and yes, I am concerned with aesthetic concerns of code. Then again, I’ve been fortunate to work at places were I an use my personal coding style.
-
Code style affects readability though, it’s not just about making it look pretty (I like pretty code too though). So the choices Black makes in that regard are important. Personally I don’t think automatic formatting tools should be too concerned with line length (except maybe in some very specific contexts) and they should just work with the lines they’re fed. The rules this tool uses for splitting lines seem fairly arbitrary and it’s one of the few areas where I think a human is better off making the call.
I’m not a Go programmer, but I think gofmt handles this better?
-
-
-
So, this might be a good time to float an idea:
None of this would be an issue if users brought their own data with them.
Imagine if users showed up at a site and said “Hey, here is a revokable token for storing/amending information in my KV store”. The site itself never needs to store anything about the user, but instead makes queries with that auth token to modify their slice of the user’s store.
This entire problem with privacy and security would go away, because the onus would be on the user to keep their data secure–modulo laws saying that companies shouldn’t (and as a matter of engineering and cost-effectiveness, wouldn’t) store their own copies of customer data.
Why didn’t we do this?
-
http://remotestorage.io/ did this. I’ve worked with it and it’s nowhere near usable. There are so many technical challenges (esp. with performance) you face on the way that result of you basically having to process all user data clientside, but storing the majority of data serverside. It gets more annoying when you attempt to introduce any way of interaction between two users.
We did try this, saw that it’s too hard (and for some services an unsolved problem) and did something else. There’s no evil corporatism in that, nor is it a matter of making profit, even if a lot of people especially here want to apply that imagination to everything privacy-related. It’s human nature.
-
basically having to process all user data clientside
If I go to a site, grant that site a token, couldn’t that server do processing server side?
It gets more annoying when you attempt to introduce any way of interaction between two users.
Looking at remotestorage it appears there’s no support for pub/sub, which seems like a critical failing to me. To bikeshed an example, this is how I see something like lobste.rs ought to be implemented:
-
User data is stored in servers (like remotestorage) called pods, which contain data for users. A person can sign up at an existing pod or run their own, fediverse-style.
-
These pods support pub/sub over websocket.
-
A particular application sits on an app server. That app server subscribes to a list of pods for pub/sub updates, for whatever users that have given that application permission. On top of these streams the app server runs reduce operations and keeps the result in cache or db. A reduce operation might calculate something like, give me the top 1000 items sorted by hotness (a function of time and votes), given streams of user data.
-
A user visits the site. The server serves the result instantly from its cache.
-
Additionally the pub/sub protocol would have to support something like resuming broken connections, like replay messages starting from point T in time.
Anyway, given this kind of architecture I’m not sure why something like lobste.rs for example couldn’t be created - without the performance issues you ran into.
-
If I go to a site, grant that site a token, couldn’t that server do processing server side?
If your data passes through third-party servers, what’s the point of all of this?
The rest of your post is to me, with all due respect, blatant armchair-engineering.
-
The pub/sub stuff completely misses the point of what I am trying to say. I’m not talking about remotestorage.io in particular.
-
Lobste.rs is a trivial usecase, and not even an urgent one in the sense that our centralized versions violate our privacy, because how much privacy do you have on a public forum anyway? Let’s try something like Facebook. When I post any content at all, that content will have to be copied to all different pods, making me subject to the lowest common denominator of both their privacy policies and security practices. This puts my privacy at risk. Diaspora did this. It’s terrible.
-
Let’s assume you come up with the very original idea of having access tokens instead, where the pods would re-fetch the content from my pod all the time instead of storing a copy. This would somewhat fix the risk of my privacy (though I’ve not seen a project that does this), but:
- Now the slowest pod is a bottleneck for the entire network. Especially stuff like searching through public postings. How do you implement Twitter moments, global or even just local (on a geographical level, not on network topology level) trends?
- Fetching the data from my pod puts the reader’s privacy at risk. I can host a pod that tracks read requests, and, if the system is decentralized enough, map requests from pods back to users (if the request itself doesn’t already contain user-identifying info)
-
If your data passes through third-party servers, what’s the point of all of this?
It decouples data and app logic. Which makes it harder for an application to leverage its position as middle man to the data you’re interested in. Doing stuff like selling your data or presenting you with ads. Yet you put up with it because you are still interested in the people there. Because if data runs over a common protocol you’re free to replace the application-side of things without being locked in. For example, I bet there’s some good content on Facebook but I never go there because I don’t trust that company with my data. I wish there were some open source, privacy friendly front end to the Facebook network available, that would let me interact with people there, without sitting on Facebook’s servers, and open source. Besides that, if an application changes its terms of use, maybe you signed up trusting the application, but now you’re faced with a dilemma of rejecting the ToS and losing what you still like about the application, or accepting new crappy terms.
The rest of your post is to me, with all due respect, blatant armchair-engineering.
Ha! Approaching a design question by first providing an implementation without discussion seems pretty backwards to me. Anyway, as far as I’m concerned I’m just talking design. Specifically I’m criticizing what I perceive as a deficiency in remotestorage’s capabilities. And arguing that a decentralized architecture doesn’t have to be slow, is at least as good as a centralized architecture, and better, in many regards, for end users.
Let’s try something like Facebook. When I post any content at all, that content will have to be copied to all different pods,
No, I was saying that this would be published to subscribing applications. There could be a Facebook application. And someone else could set up a Facebook-alternative application, with the same data, but a different implementation. Hey, you could even run your own instance of Facebook-X application.
making me subject to the lowest common denominator of both their privacy policies and security practices.
If you grant an application access to your data, you grant it access to your data. I don’t see a way around that puzzle in either a centralized or decentralized architecture. If anything, in a decentralized architecture you have more choices. Which means you don’t have to resign yourself to Facebook’s security and privacy policies if you want to interact with the “Facebook” network. You could move to Facebook-X.
Now the slowest pod is a bottleneck for the entire network. Especially stuff like searching through public postings. How do you implement Twitter moments, global or even just local (on a geographical level, not on network topology level) trends?
What I was describing was an architecture where pods just store data. Apps consume and present it. If I have an app, and I subscribe to X pods, there’s no reason I have to wait for the slowest pod’s response in order to construct a state that I can present users of my app.
So for something like search, or Twitter moments, you would have an application that subscribes to whatever pods it knows about. Those pods publish notifications to the app over web socket, for example whenever a user tweets. Your state is a reduction over these streams of data. Let’s say I store this in an indexed lookup like ElasticSearch. So every time a user posts a tweet, I receive a notification and add it to my instance of ElasticSearch. Now someone opens my app, maybe by going to my website. They search for X. The app queries the ElasticSearch instance. It returns the matching results. I present those results to the user’s browser.
Fetching the data from my pod puts the reader’s privacy at risk.
Hmm, I’m not sure if we’re on the same page. In the design I laid out, the app requests this data, not the pod.
-
With respect, “social media” and aggregator sites are red herrings here. They cant be made to protect privacy by their very nature.
I’m more thinking about, say, ecommerce or sites that aren’t about explicitly leaking your data with others.
-
“With respect, “social media” and aggregator sites are red herrings here. They cant be made to protect privacy by their very nature.”
Sure they can. Starting with Facebook, they can give privacy settings per post defaulting on things like Friends Only. They could even give different feeds for stuff like Public, Friends Only, or Friends of Friends. They can use crypto with transparent key management to protect as much of the less-public plaintext as possible. They can support E2E messaging. They can limit discovery options for some people where they have to give you a URL or something to see their profile. Quite a few opportunities for boosting privacy in the existing models.
Far as link aggregators, we have a messaging feature that could be private if it isn’t already. Emails and IP’s if not in public profile. The filters can be seen as a privacy mechanism. More to that point, though, might be things like subreddits that were only visible to specific, invited members. Like with search, even what people are looking at might be something they want to keep private. A combo of separation of user activities in runtime, HTTPS and little to no log retention would address that. Finally, for a hypothetical, a link aggregator might also be modified to easily support document drops over an anonymity and filesharing service.
-
-
-
-
-
-
-
We did. They’re called browser cookies.
The real problems are around an uneducated consumption-driven populous: Who can resist finding out “which spice girl are you most like?” – but would we be so willing to find out if it meant we get a president we wouldn’t like?
It is very hard for people to realise how unethical it is to hold someone responsible for being stupid, but we crave violence: We feel no thrill that can compare serving food, working in an office, or driving a taxi. Television and Media give us this violence, an us versus them; Hillary versus Urine Hilarity or The Corrupt Incumbent versus a Chance to Make America Great Again, or even Kanye versus anybody and everybody.
How can we make a decision to share our data? We can never be informed of how it will be used against us.
The GDPR does something very interesting: It says you’re not allowed to use someones data in a way they wouldn’t want you to.
I wish it simply said that, but it’s made somewhat complicated by a weird concept of “data” It’s clear that things like IP addresses aren’t [by themselves] your data, and even a name like John Smith isn’t data. Software understands data but not the kind of “data” that the GDPR is talking about. Pointing to “you” and “data” is a fair thick bit of regulation if you don’t want to draw a box around things and prevent sensible people from interpreting the forms of “data” nobody has yet thought of.
But keep it simple: Would that person want you doing this? Can you demonstrate why you think that is and convince reasonable people?
I’m doing a fair bit of GDPR consulting at the moment, and whilst there’s a big task in understanding their business, there’s also a big task getting them to approach their compliance from that line of questioning: How does this make things better for that person? Why do they want us to do this?
We’re not curing cancer here, fine, but certainly there are degrees.
-
Browser cookies is something that crossed my mind after I suggested this, but my experience as a web dev makes me immediately suspect of them as durable stores. :)
I agree with your points though.
-
-
This still doesn’t solve problems with tracking, because companies have already started to require GDPR opt-in to use their products (even when using the product doesn’t necessarily require data tracking), or to use their products without a degraded user experience.
See cloudflare, recaptcha, facebook, etc.
“You can’t use this site without Google Analytics having a K/V-auth-token”, “We will put up endless ‘find-the-road-sign’ captchas if we can’t track you”, etc.
-
It’s a mistake to think you can “GDPR opt-in”. You can’t.
You have to prove that the data subject wants this processing. One way to do this is to ask for their consent and make them as informed as possible about what you’re doing. But they can decide not to, and they can even decide to revoke their consent at any time until you’ve actually finished the processing and erased their data.
These cookie/consent banners are worse than worthless; a queer kind of game people like Google are playing to try to waste time of the regulators.
We will put up endless ‘find-the-road-sign’ captchas if we can’t track you
I’ve switched to another search engine for the time being. It’s faster, the results are pretty good, and I don’t have to keep fiddling with blocking that roadblock on Google’s properties.
-
-
-
I can’t really get behind just ignoring headers because some engineer feels like they aren’t useful anymore.
-
-
- Via is actually useful, if properly used, and can detect request loops outside your network
- Expires is actually useful if you need to expire a response at a specific date, Cache-Control doesn’t do that, it’s only use isn’t “expire my content and don’t cache”
- X-Frame-Options is needed to support older browser, IE only supports a minimal version of CSP since 10, if you support older clients, XFO is a good security addition as CSP may not be available
-
The repeated use of “deprecation” without obvious links to the RFCs superceding those deprecations doesn’t help. Further, the entire point of the article is pretty clearly to help advertise Fastly (which presumably wants to go after some of Cloudflare’s market).
Like, it’s an interesting read, but I’m a bit concerned about people putting their services behind providers that sanctimoniously decide to break with RFCs because it might get them more business.
-
-
From the bit at the end it doesn’t sound like they’re doing anything to the headers by default? These are headers they recommend stripping out, and there’s an example at the end of how to strip out individual headers if you want to, but a site owner would have to actually do that to have any effect.
-
-
-
The most feature-packed release in a while!
impl Traitis something I’ve been eagerly waiting for. But improved ergonomics with dereferencing undermatchandmain() -> Result<>are great as well!
I still hope to revive mine: http://softwaremaniacs.org/blog/en/