Threads for isthatforreal

  1. 14

    I don’t have a problem with hacktivism and calling attention to injustice is generally the right thing to do. But the idea that you can call out war crimes by indiscriminately targeting disk drives of Russian citizens is really missing the point.

    1. 12

      This morning I would had said you are right, however today I have picked up my children from their preschool where an Ukrainian boy at their age pissed under himself because he saw an unknown male (me), after having spent two days in a darkened evacuation train and having left behind everyone except his mum - and probably much more she would not tell. I have never seen a more scared being in my life. It wasn’t an anxiety, it was a kind of fear I wasn’t aware humans were able to experience. Let’s say I have a problem with that. If this ‘malware’ will stop at least one Russian ammunition train or make one Russian more stand up, the collateral damage(money) it causes is worth much more than the collateral damage(dead kids) that may be caused by the said ammunition. I don’t blame anyone having other opinion, but I understand and would myself do what the author of the module has and had to do.

      1. 6

        We must do something;
        This is something;
        Therefore, we must do this.

        Just because it’s an action that can be taken doesn’t mean it will help. In fact, I rather suspect this hurts the overall effort.

        1. 3

          If this ‘malware’ will stop at least one Russian ammunition train or make one Russian more stand up, the collateral damage(money) it causes is worth much more than the collateral damage(dead kids) that may be caused by the said ammunition. I don’t blame anyone having other opinion, but I understand and would myself do what the author of the module has and had to do.

          I see where you’re coming from. But I don’t see such methods changing the opinions or stance of a previously-indifferent (much less one who is supportive of the regime) Russian. I see frustration and anger, because they almost certainly aren’t thinking of the plight of Ukrainian families fleeing chaos, they’re thinking about their lost files.

          1. 3

            I am not endorsing either side here, but your comment seems to presuppose that the sides of their target audience (people in Russia) are supports and opposes. I think in the view of the author of this hazardous code the sides are three: supports, opposes, and mildly in favor of the fictitious events pictured in Russian propaganda. If the theory is that the last group is the largest then they would need only small margin over 50% of that group to be pushed into the opposes group in order to justify the operation to themselves. Again, I’m not endorsing either viewpoint here – I’m just trying to highlight how views can shift depending on (mis)understanding of the subgroups and the size of those groups. Personally I don’t think we have very good estimates for these parameters but tbh I haven’t done a lot of research either.

      1. 2

        I don’t know. Making plans doesn’t quite work recently.

        1. 11

          It’s not pro, “subscribe to our newsletter” floater is missing.

          1. 13

            But it must be a pop-up that appears when you start to read, otherwise you might learn something

            1. 4

              Clearly. This doesn’t even appear to be monetized.

            1. 3

              As a reluctant Perl developer I am eager to see signatures land. I dearly hope signatures will require all defined variables to be passed.

              1. 2

                Have you tried passing arguments wrapped in a hash?

                1. 1

                  I mean, I have, but I don’t understand the relevance. What are you thinking?

                  1. 1

                    I had a wrong memory of getting a warning when assigning an undef to a variable.

                2. 1

                  They do today! Unless you specify default values or have a “slurpy” array or hash to receive extra parameters, Perl will throw an exception if the caller doesn’t match the signature. “If the argument list doesn’t meet the requirements of the signature, then it will throw an exception.” —Signatures in perlsub

                  1. 1

                    Yeah, this is in reply to Yuki’s insistence that they not for stabilizing.

                1. 41

                  I think this, and many other similar cases, spanning back to the Python 2.7 fallout, reveal an interesting divide within the community of Python users.

                  (This is entirely an observation, not a “but they should support it, if not until the thermal death of the Universe, at least until the Sun is reasonably close to being a Red Dwarf” rant. Also, seriously, 5 years is pretty good. It would’ve been pretty good even before the “move fast and break things” era).

                  There are, on the one hand, the people who run Python as an application, or at the very least as an operational infrastructure language. They need security updates because running an unpatched Django installation is a really bad idea. Porting their codebase forward is not just necessary, it provides real value.

                  And then there are the people who run Python for their automated testing framework, for deployment scripts, for project set-up/boilerplate scripts and so on. They are understandably pissed at things like these because their buildiso.py script might as well run on Python 1.4. Porting their codebase forward is a (sometimes substantial!) effort that doesn’t really yield any benefits. Even the security updates are barely relevant in many such environments. Most of the non-security fixes are technically really useless: the bulk of the code has been written X years ago and embeds all the workarounds that were necessary back then, too. Nobody’s going to go back and replace the “clunky workarounds” with a “clean, Pythonic” version, seeing how the code not only works fine but is literally correct and sees zero debugging or further development.

                  Lots of enterprise people – and this part applies to many things other than Python – still plan for these things like it’s 2001 and their massive orchestration tool is a collection of five POSIX sh scripts and a small C programs written fifteen years ago. That is to say, their maintenance budget has only “bugs” and “feature requests” items, and zero time for “keeping up with the hundreds of open source projects that made it feasible to write our SaaS product with less than 200 people in the first place and which have many other SaaS products to keep alive so they’re not gonna stop for us”.

                  1. 19

                    A point you’re passing over (or at least expressing with some incredulity) is that, sometimes software is allowed to be “Done”. You’re allowed to write software that can reach an end state where it is not only feature-complete, but adding features to it would make it worse. IMO, it is not only possible for someone to do that, but it is good, because the current paradigm is inherently unstable in the same way that capitalism’s “Exponential Growth” concept is. The idea that software can be maintained indefinitely is a fallacy that relies on unlimited input resources (time, money, interest, etc), and the idea that new software grows to replace old is outright incorrect when you see people deliberately hunting out old versions of software with specific traits. (Actually, on the whole, features have been lost over time, but that’s a whole different discussion about the fact that the history of software is not taught, with much of it being bound up in long-dead companies and people).

                    For people maintaining such software, why would it make sense to rewrite large swathes of the codebase, and have a high risk of introducing bugs in the process, many of them probably having already been fixed. Sure, there’s the “security” aspect of it, and there will always need to be minor maintenance needed here and there, but rewriting the code to be compatible with non-EOL platforms not only incurs extra weeks or months (or even years) of effort, but it invalidates all of the testing that you have accumulated against the current codebase, as well.

                    What made me point this out, is that you seem to regard this form of software as a negative, or as a liability. But at least half of modern software development seems to be what is effectively treading water, all due to bad decisions related to dependencies that are chosen, or the sheer insufferable amount of astractional cost we have and are accumulating as an industry. Personally, I envy the people who get to maintain software where there is now very little to do aside from maintenance work.

                    1. 10

                      You’re allowed to write software that can reach an end state where it is not only feature-complete, but adding features to it would make it worse.

                      Doing this requires you to find a language, compiler and/or interpreter, build toolchain, dev tooling, operating system, etc. all of which must in in the “Done” state with hard guarantees. And while you’re free to build your own “Done” software, the key here is that nobody else is obligated to provide you with “Done” software, so you may have to build your own “Done” stack to get it, or pay the going rate for the shrinking number of people who are fluent in languages which are effectively “Done” because the only work happening in those languages these days is maintenance of half-century-old software systems.

                      Meanwhile, we already have tons of effectively “Done” software in the wild, in the sense that the people who made it have made a conscious decision to never do any type of upgrades or further work on it, and it’s generally not a good thing – especially when it turns out that, say, a few billion deployed devices worldwide are all vulnerable to a remote code execution bug.

                      1. 5

                        Not every upgrade has to be non backward compatible. Perl5 is a good example.

                        1. 6

                          Python releases are about as backwards incompatible as Perl releases. I think people just assume every upgrade is bad because of the Python 2 -> 3 upgrade. Worth remembering that realistically nobody tried doing a Perl 5 -> Raku (neé Perl 6) migration.

                          1. 2

                            That’s probably because Raku was such a long time coming, and marketed from the start (at least as far back as I can remember, not being a Perl coder) as an “apocalypse”. I think nobody expected to be able to migrate, so nobody even bothered trying. Python, on the other hand, had compatibility packages like “six” and AFAIK it was always intended to be doable at least to upgrade from 2 to 3 (and it was, for a lot of code, quite doable). But then when people actually tried, the nitty-gritty details caused so much pain (especially in the early days) that they didn’t want to migrate. And of course essential dependencies lagging behind made it all so much more painful, even if your own pure Python code itself was easy to port it might be undoable to port a library you’re using.

                            So I guess it boils down to expectation management :)

                        2. 5

                          This is actually why standards are useful, they allow code to outlive any actually-existing platform. The code I have from 20 years ago that still builds and runs without changes usually has a single dependency on POSIX. I’m not running it on IRIX or BSD/OS like the author was, but it still works.

                          1. 2

                            Not necessarily, I think. One might want to do so in cases where there is external, potentially malicious user input. However, in highly regulated environments, where different parties exchange messages and are liable for their correctness, one can keep their tools without upgrading anything for a long time (or at least until the protocol changes significantly). There is simply no business reason to spend time on upgrading any part of the stack.

                            1. 2

                              Meanwhile, we already have tons of effectively “Done” software in the wild, in the sense that the people who made it have made a conscious decision to never do any type of upgrades or further work on it, and it’s generally not a good thing

                              Good way to carefully misrepresent what I was talking about :)

                              1. 1

                                It’s more that this really is what “Done” means. My own stance, learned the hard way, is that the only way a piece of software can be “Done” is when it’s no longer used by anyone or anything, anywhere. If it’s in use, it isn’t and can’t be “Done”.

                                And the fact that most software that approximates a “Done” state is abandonware, and the problems abandonware tends to cause, is the point.

                                1. 1

                                  I disagree that this is what “Done” means, and I disagree with your implied point that this is in any way “inevitable”.

                                  1. 1

                                    The idea that software can be maintained indefinitely is a fallacy that relies on unlimited input resources

                                    That’s what you wrote above. Which implies that your definition of “Done” involves ceasing work on the software at a certain point.

                                    My point is that generally you get to choose “no further work will be done” or “people will continue to use it”. Not both. You mention people searching for older versions of software – what do you think a lot of communities do with old software? Many of them continue to maintain that software because they need it to stay working for as long as it’s used, which is incompatible with “Done” status.

                                    1. 1

                                      And yet if you read a paragraph down from there, you will see

                                      “For people maintaining such software,”

                            2. 6

                              A point you’re passing over (or at least expressing with some incredulity) is that, sometimes software is allowed to be “Done”.

                              Oh, I’m passing over it because I prefer to open one can of worms at a time :-D.

                              But since you’ve opened it, yeah, I’m with you on this one. There’s a huge chunk of our industry which is now subsisting on bikeshedding existing products because, having ran out of useful things to do, it nonetheless needs to do some things in order to keep charging money and to justify its continued existence.

                              I don’t think it’s a grand strategy from the top offices, I think it’s a universal affliction that pops up in every enterprise department, sort of like a fungus which grows everywhere, from lowly vegetable gardens to the royal rose gardens, and it’s rooted in self-preservation as much as a narrow vision of growth. Lots of UI shuffling or “improvements” in language standards (cough C++ cough), to name just two offenders, happen simply because without them an entire generation of designers and language consultants and evangelists would find themselves out of a job.

                              So a whole bunch of entirely useless changes piggyback on top of a few actually useful things. You still need some useful things, otherwise even adults would call on the emperor’s nakedness and point out that it’s a superfluous (or outright bad) release. But the proportion, erm, varies.

                              The impact of this fungus is indeed terrible though. If you were to accrue 20 years’ worth of improvement on top of, say, Windows XP, you’d get the best operating system ever made. But people aren’t exactly ecstatic over Windows 11 because it’s not just 20 years’ worth of improvement, and there’s a lot of real innovation (ASLR, application sandboxing) and real “incremental” improvement (good UTF-8 support) mixed with a whole lot of things that are, at best, useless. So what you get is a really bad pile of brown, sticky material, whose only redeeming feature is that there’s a good OpenVMS-ish kernel underneath and it still runs the applications you need. Even that is getting shaky, though – you can’t help but think that, with so many resources being diverted towards the outer layer, the core is probably getting bad, too.

                              Personally, I envy the people who get to maintain software where there is now very little to do aside from maintenance work.

                              I was one of them for about two years, let me assure you it is entirely unenviable, precisely because of all that stuff above. Even software that only needs to be maintained doesn’t exist and run in a vacuum, you have to keep it chugging with the rest of world. It may not need any major new features, but it still needs to be taught a new set of workarounds every other systemd release, for example. And, precisely because there’s no substantial growth in it, the resources you get for it get thinner and thinner every year, because growth has to be squeezed out of it somehow.

                              Edit: FWIW, this is actually what the last part of my original message was about. As @ketralnis mentioned in their comment here, just keeping existing software up and running is not at all as simple as it’s made out to be, even if you don’t dig yourself into a hole of unreasonable dependencies.

                            3. 8

                              Lots of enterprise people – and this part applies to many things other than Python – still plan for these things like it’s 2001 and their massive orchestration tool is a collection of five POSIX sh scripts and a small C programs written fifteen years ago.

                              The funny thing is that the Python 2.x series was not the bastion of stability and compatibility people like to claim now, as they look back with nostalgia (or possibly just without experience of using Python back then). Idiomatic Python 2.0 and idiomatic Python 2.7 are vastly different languages, and many things that are now well-known and widely-liked/widely-relied-upon features of Python didn’t exist back in 2.0, 2.1, 2.2, etc. And the release notes for the 2.x releases are full of backwards-incompatible changes you had to account for if you were upgrading to newer versions.

                              1. 8

                                People probably remember Python 2 as the “bastion of stability and compatibility” because Python 2.7 was around and supported for 10 years as the main version of the Python 2 language. Which is pretty “bastion of stability and compatibility”-like. I know that wasn’t the intention when 3.0 was released, but it’s what ended up happening, and people liked it.

                                1. 4

                                  So, obviously, the thing to do is to trick the Python core team into releasing Python 4, so that we get another decade of stability for Python 3.

                              2. 5

                                Is it a really problem in practice though? If the small tool is actually large enough that porting would take too much time, then there are precompiled releases going back forever, docker images going back to 3.2 at least, and there’s pyenv. That seems like an ok situation to me. Anyone requiring the old version still has it available and just has to think: should I spend effort to upgrade or spend effort to install older version.

                                1. 25

                                  Yes, it really is a problem in practise to try to keep your older unchanging code running. It’s becoming increasingly difficult to opt out of the software update treadmill, even (especially!) on things that don’t ostensibly need updating at all.

                                  Python 3.6 depends on libssl which depends on glibc, the old version of which isn’t packaged for Ubuntu 16.04. But the security update for glib’s latest sscanf vulnerability that lets remote attackers shoot cream cheese frosting out of your CD-ROM isn’t available on 16.04 and 17 dropped support for your 32-bit processor. And your CD-ROM.

                                  Sadly you can’t just opt out of the treadmill anymore. The “kids these days” expect constant connectivity, permanent maintenance, and instant minor version upgrades. They leave Github issues on your projects titled “This COBOL parser hasn’t had an update in several minutes, is it abandoned?” They wrap their 4-line scripts with Docker images from dockerhub, and it phones home to their favourite analytics service that crashes if it’s not available. Even if you don’t depend on all of those hosted services (and that’s harder than you think with npm relying on github, apt relying on launchpad, etc), any internet connectivity will drag you in via vital security updates.

                                  1. 5

                                    I’m not sure I buy the argument that “kids these days” have anything to do with Ubuntu’s decisions on how long to support their OS, and for what platforms.

                                    I’d personally jump to one of Debian (for years of few changes), Alpine (if it met my needs) or OpenSUSE Tumbleweed (if rolling was acceptable). I was surprised of the last, but Tumbleweed is actually a pretty solid experience if you’re ok with rolling updates. If not, Debian will cover you for another few years at least.

                                    If you need an install with a CD drive, maybe https://netboot.xyz/ could be helpful. There are a variety of ways to boot the tool, even an existing grub.

                                    1. 11

                                      Maybe it didn’t come through but I mean almost all of that to be hyperbole. The only factual bit is that it really is harder to keep unchanging code running than you’d think, speaking as somebody that spends a lot of time trying to actually do that. It’s easy to “why don’t you just” it, but harder to do in real life.

                                      Plus the cream cheese frosting. That’s obviously 100% true.

                                      1. 4

                                        Plus the cream cheese frosting. That’s obviously 100% true.

                                        In case anyone is wondering, this is really legit! Back in 2015 or so I used to keep an Ubuntu honeypot machine in the office for this precise reason – it was infected with the cream cheese squirting malware and a bunch of crypto miners, which kept the CPU at 100% and, thus, kept the cream cheese hot. It was oddly satisfying to know that the company was basically paying for (part of) my lunch in such a contorted way, as I only had to supply the cream cheese.

                                    2. 1

                                      I was asked a while ago to do some minor improvements to a webshop system that had been working mostly fine for the customer. When I looked into it, it turned out to be a whole pile of custom code which was built on an ancient version of CakePHP, which only supported PHP versions up to 5.3. Of course PHP 5 had been deprecated for a while and was slated to be dropped by the (shared) hosting provider they were using.

                                      So I cautioned that their site would go down pretty soon, and indeed it did. I tried upgrading CakePHP, but eventually got stuck, not only because the code of the webshop was an absolute dumpster fire (without any tests…), but also because CakePHP made so many incompatible changes in a major release (their model layer for db storage was rewritten from scratch, as I understand it) that updating it was basically a rewrite.

                                      So after several days of heavy coding, I decided that it was basically an impossible task and had to tell the customer that it would be smarter to get the site rebuilt from scratch.

                                    3. 3

                                      It depends on how the whole thing is laid out. I’m a little out of my element here but I knew some folks who were wrestling with a humongous Python codebase in the second category and they weren’t exactly happy about how simple it was.

                                      For example, lots of these codebases see continuous, but low-key development. You have a test suite for like fourty products, spanning five or six firmware versions. You add support for maybe another one every year, and maybe once every couple of years you add a major new feature to the testing framework itself. So it’s not just a matter of deploying a legacy application that’s completely untouched, you also have to support a complete development environment, even if it’s just to add fifty lines of boilerplate and maybe one or two original test cases a year. Thing is, shipping a non-trivial Docker setup that interacts with the outside world a lot to QA automation developers who are not Linux experts is just… not always a very productive affair. It’s not that they can’t use Docker and don’t want to learn it, it’s just that non-trivial setups break a lot, in non-obvious ways, and their end users aren’t always equipped to un-break them.

                                      There’s also the matter of dependencies. These things have hundreds of them and there’s a surprising amount of impedance matching to do, not only between the “main package” and its dependencies, but also between dependencies and libraries on the host, for example. It really doesn’t help that Python distribution/build/deployment tools are the way they are.

                                      I guess what I’m saying is it doesn’t have to be a problem in practice, but it is a hole that’s uncannily easy to dig yourself in.

                                    4. 4

                                      It’s also hard to change code from any version of Python, just because it’s so permissive (which is part of the appeal, of course). Good luck understanding or refactoring code- especially authored by someone else- without type hinting, tests, or basic error-level checks by a linter (which doesn’t even ship out of the box).

                                    1. 3

                                      I expect this will eventually replace git client for some of us who are frustrated by the unnecessary complexity of the existing solution.

                                      The last time I checked, this project lacked a simple migration guide: what you did in git VS what you do in got. But now, the manual page has a lot of examples, and I am willing to give it a try!

                                      1. 3

                                        it’s simpler to just use git

                                        1. 1

                                          or fossil

                                        2. 2

                                          This project’s target demographic are people using CVS (or maybe Subversion), so I’m not surprised there’s no migration guide from Git.

                                        1. 4

                                          “… Objectively the screeners are making a good decision to fail me, - I probably look like I have no idea what I’m doing and I’m only sometimes able to get a good result by the end of the interview. But this is a bit like declaring someone a bad sous chef after asking them to bake a rare pastry without a recipe. I am more likely to get an offer from an onsite interview than I am to pass an initial phone screen, which seems backwards. …”

                                          They are failing you because, they have no idea how to hire talent efficiently.

                                          Here is an analogy: A company claims that they are looking for writers, that can write small books, may be even multi-volumes books that are meant to capture imagination of consumers, offer something that was thoughtful, yet original. But during an interview they present applicants with a ‘Jeopardy-like’ test. And filter out applicants that do not pass it within the time frame allocated. Writing books, and doing Jeopardy – both use words, right?

                                          Another analogy that comes to mind: there is a difference between multi-instrument symphony composers, and a rap music artists. Both is music, both are art, right? But different skills, experiences and cognitive gifts are needed there….

                                          I hope the above analogies demonstrate why the interview processes you are referring to, are simply incompetent.

                                          They are not making a good decision when they are filtering you out.

                                          And certainly (in my humble opinion) – you should not be developing tools that would make it easier for these companies to continue this travesty.. (may be I will come up with a better name for this in the future :-) ).

                                          Instead, may be, you could think up of a system that helps discovering talent with different level of experience in building things. People who can ‘map out a journey’, ‘anticipate obstacles’, ‘pickup up good practices’ and think up ‘differentiating features’ of that journey – so that at the end, the industry is producing competent alternatives of products and solutions. You will have a lot of customers for that SaaS :-)

                                          I think your interest in consulting is also a right interest, if you want to take that path.

                                          You do not need to write out an ‘array merge’ or ‘find closest neighbor’ algorithm in 10 minutes on a phone call to earn your pay. You are more talented, more competent and more experienced than being insulted by those ‘interview’ filters.

                                          1. 4

                                            And certainly (in my humble opinion) – you should not be developing tools that would make it easier for these companies to continue this travesty.. (may be I will come up with a better name for this in the future :-) ).

                                            AGPL? Your comment reminds me about the homebrew guys misadventure at Google. He sure was smart enough to design a tool they use, yet “not smart enough” for Google to invest in him. In my humble opinion he deserved a small fraction of time they saved by using his tool.

                                          1. 12

                                            I’m glad the technical committee eventually overruled the maintainer but the amount of bureaucracy required to get there hints to me that there are lots of other user hostile decisions like this making it into debian packages.

                                            1. 14

                                              This bureaucracy makes decision making process more or less predictable. It’s Debian, you know what to expect.

                                              1. 26

                                                Yup. One of the big functions of bureaucracy in these cases is to ensure general perceived legitimacy of the outcome. This means both the maintainer being overruled accepting that they had their shot within the context of the process and choosing to continue contributing even though they lost, and the community understanding that the process was fair to those involved and permitted consideration of all relevant sides.

                                                People sometimes get mad that bureaucracies produce outcomes slowly, but the advantage of this is legitimacy and the stability it provides. Otherwise, the legitimacy of the outcome depends on the degree to which one agrees with the outcome, or trusts / believes in the rightness of the individual or unaccountable group dictating the outcome.

                                                Kings can make unilateral decisions, but people often don’t like being ruled by kings (open source maintainers probably can’t rely on an equivalent of the divine right).

                                                1. 7

                                                  People sometimes get mad that bureaucracies produce outcomes slowly, but the advantage of this is legitimacy and the stability it provides. Otherwise, the legitimacy of the outcome depends on the degree to which one agrees with the outcome, or trusts / believes in the rightness of the individual or unaccountable group dictating the outcome.

                                                  Kings can make unilateral decisions, but people often don’t like being ruled by kings (open source maintainers probably can’t rely on an equivalent of the divine right).

                                                  I mean you say that, and then rightfully apply it to statecraft, but I’m pretty sure everyone who has direct experience of say, the UK’s disability welfare processes, understands that there are points at which bureaucracy works counter to stability and legitimacy

                                                  1. 10

                                                    Specific implementations of bureaucracy may not necessarily be made with this goal, but it is the most common goal behind the creation of bureaucratic systems. Similarly, even bureaucratic systems made with this goal in mind may lose sight of this goal or fail to achieve it.

                                            1. 10

                                              Just use a textarea. Textareas have predictable behavior, are performant and easy to interact with from a browser extension like GhostText or Firenvim.

                                              If you really, really need fancy formatting, use an existing editor like ProseMirror or TinyMCE. These editors are built by people who have more than a decade of experience building in-browser editors and will always, without exception, provide a better user experience than what you can do. This also makes the life of browser extension writers easier as they won’t need to figure out how your custom editor works and will be able to re-use the code they already have.

                                              1. 1

                                                And if you need some highlighting it may be done with a transient textarea and a div below.

                                              1. 1

                                                Installing dependencies is pain.

                                                1. 1

                                                  I just did this on a freshly-installed perl 5.34.0. What did you try?

                                                  $ cpan Regexp::Log::Common DateTime::Format::HTTP Number::Format
                                                  

                                                  It took a while, but I’m on a slow VPS.

                                                  This went faster and made less noise:

                                                  $ cpan App::cpanminus
                                                  $ cpanm Regexp::Log::Common DateTime::Format::HTTP Number::Format
                                                  
                                                  1. 4

                                                    I’ve taken to doing a thing for publicly-available Perl utilities in which

                                                    1. I declare deps in a cpanfile
                                                    2. I submodule cpm into my repo
                                                    3. I include a script that uses cpm to install into ./local and then kicks off a fatpack.
                                                    4. I regenerate and commit the fatpacked script whenever I merge a branch

                                                    This lets people use the thing without installing any deps, but also provides a low barrier to entry to people who want to contribute (they don’t need to use all of my dev tooling, don’t need to use Carton, and don’t even need to find their own decent CPAN client).

                                                    I’ve been meaning to make the script from #3 into something generalized and redistributable, but… not enough time.

                                                    1. 1

                                                      The point of the post was to describe the code for edification, not to distribute it as an installable package.

                                                      1. 2

                                                        Sure, that’s fine. Sorry, just sharing, not trying to push you into doing anything :)

                                                    2. 1

                                                      It was a general complain. I see that people are rediscovering awk and I thought that perl could be the next thing they will use. But after seeing your example it occurred to me that will likely not happen because of tooling. In awk you write a simple, fire and forget script. If you decide you want to write the same script in perl you would use some modules. But on order to do so you need to run your code to see what’s missing. Then install cpanm (you need to know that it exists and why you want to use it) with cpan. Then manually enter required modules name, go for a walk and hope for the best. I know there are/were projects like carton, perl brew, cpanfile but what I want is to be able to write my code and just run it without all the effort needed to set up my environment. It makes writing scripts in perl too much work and there are better languages to write my apps with.

                                                      1. 6

                                                        Perl is a superset of awk: see a2p(1p) ​(a core Perl script).

                                                        You don’t need to use external modules to use Perl scripts. The core has a bunch. OP elected to use a module for web log parsing because it was available, not because it was the only way.

                                                        All succesful languages rely on modules and libraries. Distributing these is an age-old problem. Perl has one solution, which may seem old fashioned, but at least for me, it’s way easier to understand that Python’s (or containers, for that matter).

                                                        Edit in my experience, a lot of *nix software managers include the most popular Perl modules as native “units”. Off the top of my head, this includes Debian/Ubuntu and Free- and OpenBSD.

                                                  1. 1

                                                    I made a similar switch a while ago, awesome to sway, because one game (Cyberpunk 2077 with wine) was crashing my whole computer randomly under awesome.

                                                    I managed to make a usable configuration but I still miss awesome a lot because of:

                                                    • the lack of workspace aware alt-tab: this is the most frustrating thing, I just can’t understand how it is considered acceptable to rotate through all windows regardless of workspace, I never want that;
                                                    • my feeling that my configuration is made of a dozen loosely coupled pieces.

                                                    I really just want awesome-on-wayland.

                                                    1. 3

                                                      An alternative could be Qtile. I have never tried it myself, but it looks like Awesome with Python and it works on both X11 and Wayland. I didn’t know about it before starting on i3, but I think I would have given a try.

                                                      1. 1

                                                        Interesting, I’ll take a look. That’d be the occasion to learn Python.

                                                        1. 1

                                                          Very interesting indeed, Qtile has a strong feeling of awesome-but-with-python. Sadly the lack of systray when in wayland and more importantly of XWayland support make it a non-starter for me. I’ll keep it on my radar nonetheless.

                                                      2. 1

                                                        Sometimes it’s worthwhile to run a dedicated xserver for a game only.

                                                      1. 5

                                                        I guess the CeCILL license/contract is a good alternative to GPL, then. That license is clearly written as a contract referring to French Civil/contract law and IP law.

                                                        1. 5

                                                          Or https://ec.europa.eu/info/european-union-public-licence_en which is nice because has 22 language versions.

                                                        1. 17

                                                          Wouldn’t it make more sense to rewrite systemd in rust? It’s a bigger potential attack surface.

                                                          1. 25

                                                            Seems like the work in vaguely that direction is underway: https://github.com/systemd/systemd/pull/19598.

                                                            1. 9

                                                              Not for me. Having said that I really dislike medium. A post that talks about the dangers of monopolisation of crowd work could do a lot better than a for profit walled garden blogging platform.

                                                              1. 4

                                                                FWIW, reading through the “cached” link underneath the submission’s title is I believe the workaround for a number of paywalls.

                                                                1. 1

                                                                  Does not work on iOS unfortunately, the archive.md website displays a captcha page which is impossible to solve (the page doesn’t have a mobile version, and the modal window to solve the captcha goes outside the browser’s viewport).

                                                                2. 3

                                                                  I think opening the link in a private window does the trick as a workaround. It’s actually quite an illustration for the article point.

                                                                  1. 2

                                                                    Sure there are workarounds, but the sooner people who use Medium for publishing realize they’re cutting into their prospective audience, the better.

                                                                  1. 8

                                                                    I know it’s off-topic because the article is great but names like “robot butt” make me wince and/or cringe, just feel a little gross.

                                                                    1. 12

                                                                      Then you will love The Goatse Operator =()=!

                                                                      1. 3

                                                                        OH NO

                                                                      2. 1

                                                                        Sorry about that, not a native speaker myself =/

                                                                        1. 11

                                                                          Should’ve been robutt

                                                                          1. 10

                                                                            I’m a native speaker and I think “robot butt” is hilarious. Humor is subjective. I’ll grant that “robot butt” is perhaps somewhat unprofessional, and if I worked in an Erlang shop I might not share this with my coworkers for that reason, but don’t take the criticism too personally.

                                                                        1. 31

                                                                          And I still can’t shake off a bit of a cult-ish vibe there. Regardless whether on purpose, or purely accidental.

                                                                          It’s not accidental. See Who Owns the Stars: The Trouble with Urbit for more background about on the political motivations behind the project.

                                                                          1. 12

                                                                            “[I]n many ways nonsense is a more effective organizing tool than the truth. Anyone can believe in the truth. To believe in nonsense is an unforgeable demonstration of loyalty. It serves as a political uniform. And if you have a uniform, you have an army.”

                                                                            ― Mencius Moldbug AKA Curtis Yarvin

                                                                            1. 2

                                                                              What’s the context? This can be read as him raising an army by nonsense or an observation of how gullible people are by contrasting the masses to an army.

                                                                              1. 4

                                                                                Why not both? There’s precedent.

                                                                                “You don’t get rich writing science fiction. If you want to get rich, you start a religion.” - L. Ron Hubbard

                                                                                1. 2

                                                                                  That’s valid too, but combining them pretty much doubles the importance of actual context.

                                                                                  Right now it’s the equivalent of my maybe-favorite reasoning, which is that circular reasoning works because it’s predicated on the fact that circular reasoning works.

                                                                            2. 15

                                                                              There is nothing more boring than a personal attack to a systems creator to discredit the system. You need to assume that they are a diety that can predict exactly how every part of the system will interact with every other part.

                                                                              The article may eventually get to that point, but after reading a third of it and not getting there I have better things to do with my life.

                                                                              1. 34

                                                                                Boring, sure, but not necessarily unwarranted. The author goes to great lengths to explain why it is important to him to consider not even the creator alone, but all who will benefit from a system as it grows and becomes widely known / used.

                                                                                If Urbit were some random open source library I’d agree that attacking the author is pointless. But it’s not, it’s an entire alternative socioeconomic apparatus with the author’s political views embedded within it in a meaningful way (not just in terms of language, which has actually been changed to be less political). He has said as much himself.

                                                                                To me, the article is more an explanation of why the author won’t participate in or support Urbit rather than a takedown of the system itself. Just like how many people (of all political stripes) don’t shop at certain stores or buy products from certain companies if they disagree strongly with the owners.

                                                                                1. 2

                                                                                  What prevents someone from forking Urbit or starting a similar project to advance a radical anarcho-socialist platform?

                                                                                  I don’t really care, but that Yarvin guy seems to have put some effort into his work, disagreeable or not, while the opposition focuses on complaining and raging.

                                                                                  If Urbit really is a threat, aren’t online comments the least useful slacktivist countermeasure?

                                                                                  1. 10

                                                                                    What prevents someone from forking Urbit or starting a similar project to advance a radical anarcho-socialist platform?

                                                                                    We have to draw a distinction between Urbit the community and Urbit the software. TFA does discuss both (for example, the author critiques Hoon, which is part of the software). However, the discussion of Yarvin and his supporters is part of a critique of Urbit the community.

                                                                                    An example here might be people who are opposed to using VS Code because of the closed source and Microsoft connections. Most of them would probably feel fine about using a hard fork of the open source code, but that wouldn’t “be” VS Code, it would be some other project / community.

                                                                                    Honestly, it’s even a bit more complicated than this since Urbit the software is designed to reflect a particular set of social values. But I’m not overly concerned with that since a fork could (presumably without much trouble) alter the design.

                                                                                    As an aside:

                                                                                    If Urbit really is a threat, aren’t online comments the least useful slacktivist countermeasure?

                                                                                    If what you meant was that Lobsters comments are useless, talk about boring arguments… No one comes to Lobsters under the belief that their comments will change the world. We’re here to discuss topics we find interesting with people who also like to discuss those topics. The whole “ya’ll are so dumb for discussing something that interests you” meme is tired and unoriginal.

                                                                                    If what you meant was that TFA is useless, then isn’t all political commentary useless? And wouldn’t that include Yarvin’s extensive political commentary? Making an argument about something and putting it out there for others to think about is pretty much the whole point of free speech. No one is forcing you to read it, and no one is forcing you to comment on it.

                                                                                    1. 3

                                                                                      Nothing prevents this. There’s even a quote from Yarvin from some years ago when he was still actively involved in the project saying that he had no problem with other people forking Urbit’s (open source) code and implementing another Urbit with a different namespace model.

                                                                                      1. 2

                                                                                        There have been many without the incompatable-with-existing-software low-performance VM or the intentionally hierachical and rent-seeking namespace/routing scheme. Scuttlebut is probably the most similar variant along the axis of ‘share write-only data in a censorship-resistant way’ (except it actually somewhat achieves the latter).

                                                                                        For the ‘send someone some ETH to prove you care about the identity’ part of the system, you could just demand whoever you’re talking to have a message in their history where they mention a wallet ID and a planned transaction amount and time to the EFF. You have the added bonus of the money possibly doing something useful rather than going to people who are in a position to receive it precisely because they thought they’d make money or enjoy having power by rent-seeking. I guess this also achieves the feature where it props up Peter Thiel’s investment in Etherium.

                                                                                        For the we-did-our-own-crypto-it’s-definitely-better-than-openssl in a terribly inefficient VM part, I guess you’ll have to write a scuttlebut client in brainfuck or whatever esolang takes your fancy. You could also just put in some busy loops and rewrite the hashing bit to introduce some security vulnerabilities I suppose.

                                                                                        Sadly none of this comes with a central body of a few hundred people you need to seek permission from before you can discover peers or have your traffic routed. I guess we’ll just have to form a commune of rent-seeking tyrants or something. That part seems really hard to do under an actually p2p protocol so maybe scuttlebut falls down as a replacement there.

                                                                                        1. 2

                                                                                          As somebody who’s thought a lot about what properties make technology better at advancing anarchist ideals, it’s precisely the absence of hierarchy which I would prioritize above all else. Urbit prioritizes hierarchy in every aspect of its permission and identity models. I would never use it as a starting point.

                                                                                          (Edit: fix typo)

                                                                                          1. 1

                                                                                            Sorry - I only now realized that this conversation took place more than a week ago. Please don’t feel any obligation to respond.

                                                                                      2. 18

                                                                                        It’s absolutely relevant if the system was designed to enable an anti-democratic agenda. It’s definitely boring to keep having to call the project out on that front, but it’s important to make people aware of the underlying motivations of its creator. I wouldn’t consider this necessary to do if a warning was added to the original post (I do think it’s interesting to look at the technical details of systems like this), but I assume they weren’t aware of this at the time of writing.

                                                                                        1. 17

                                                                                          An anti-democratic agenda is not a flaw when it comes to personal computers. If 99% of the population didn’t want me to do something with my personal computer, I would want my personal computer to anti-democratically ignore them and do what I tell it to do anyway.

                                                                                          Of course the status quo isn’t democratically-controlled computing, it’s oligarchically-controlled computing. When I do my computing on privately-owned, closed-source platforms - Google, Facebook, Twitter, WeChat, etc.- it’s the fairly small number of people who work at those companies who control how I do my personal computing, rather than the electorate of the political unit I happen to live in.

                                                                                          1. 8

                                                                                            An anti-democratic agenda is not a flaw when it comes to personal computers

                                                                                            I think you misunderstand “anti-democratic”. Yarvin has expressed support for dictatorship and slavery. Do you truly think that you would have more computing freedom in such a political environment than in a democracy?

                                                                                            1. 3

                                                                                              Possibly, depending a lot on the specific details of how the government of the political unit I lived in were set up. Certainly in a democracy a majority of the people could vote for politicians whose agenda includes restricting my compute freedom (for any number of reasons), and a lot of protections of individual rights in systems we call “liberal democracies” are grounded in self-consciously undemocratic processes, like judicial rulings.

                                                                                          2. 13

                                                                                            Which are irrelevant because the creators aren’t omniscient.

                                                                                            Somehow Stallman enabled Google to happen with his hippie ideas about helping your neighbour. I don’t think creating the worlds largest spy agency was his primary motivation when he wanted the printers firmware source code. What matters is the interaction between the system and the world and not what the original creator intended.

                                                                                            The article at the top points out those interactions and why they are bad. The article in the comment above is pure character assassination and who ever wrote it should feel bad.

                                                                                            1. 3

                                                                                              Somehow Stallman enabled Google to happen with his hippie ideas about helping your neighbour.

                                                                                              I recommend doing some reading. The main public figure behind what you’re talking about is not RMS, but Eric S. Raymond, co-founder of the sometimes-controversial OSI and originator of the term “open source” (I think the vocabulary already illustrates a bit of a difference). Reading the FSF’s GPLv3 (or this article in particular) is enough to identify that Stallman was actively trying to forestall (wink!) the rise of something like Google on the back of FOSS. Contrast that with ESR’s term “open source”, as discussed in his book The Cathedral and the Bazaar (the name might sound familiar!).

                                                                                              tl;dr: The best reading about the whole mess by far is this two-or-so–page article from 1999 by O’Reilly.

                                                                                              As to your point: I guess it is character assassination in part? I think it’s also a decent discussion of the issues surrounding the Urbit project, and the significance of the dynamic between founder/maintainer and userbase. But I’ve only really given it a skim.

                                                                                            2. 3

                                                                                              How exactly is the design undemocratic?

                                                                                              1. 17

                                                                                                As a point of fact, the distribution of address space is explicitly feudal and meant to enable rent seeking. There are arguments for why this is a good or bad thing, but it is very much not democratic.

                                                                                                1. 4

                                                                                                  Those concerns are entirely orthogonal.

                                                                                                  Feudalism and rent-seeking are both definitely bad, but it’s entirely possible for a democratic society to vote themselves both. I’d argue that many have; 29% of wealth is taxed in Australia, and ‘public-private partnerships’ (yecch) are funneling vast amounts of taxpayers money into the hands of a few individuals and companies.

                                                                                                  1. 5

                                                                                                    I disagree that this is a category error. Societies can be more or less democratic and feudalism and rent-seeking move power from the people to an elite.

                                                                                                    This is recognised by organisations like the Economist that assess a “democracy index” for various countries. Democracy is the measure of how much the people rule versus how much an elite rule and we can measure it for countries, workplaces, indeed, any community.

                                                                                                    We don’t need to imagine this, we can simply look at the world as it exists. e.g. social democracies like Norway are clearly more democratic* than liberal democracies like the UK and USA where much more power is in the hands of an elite and there is much more widespread misinformation (in large part because the media is controlled by elites), voter suppression, and disenfranchisement through poor voting systems.

                                                                                                    * I think Norway is a more democratic society because:

                                                                                                    • it uses PR so a much greater proportion of the population has a meaningful say on their elected representatives (compare the UK and USA where only swing-constituencies really matter)
                                                                                                    • there is proportionally more variety in media ownership, including significant union-allied media organisations
                                                                                                    • workers benefit from sectoral-bargaining by large and powerful unions, so bosses have less power over workers
                                                                                                    • income distribution is flatter, meaning elites have less economic power relative to the average person. In contrast, in the UK and USA proportionally more people are in poverty and they are much less likely than the rich to exert political power by voting, lobbying, protest or donations.

                                                                                                    We can see the effect of this in the high levels of voter turnout (~75% in Norway vs ~60% in the USA and UK), high level of reported trust in government and media and perhaps more controversially in poverty rates and wealth and income equality (why would a truly free population choose to give so many resources to an elite while others are malnourished?)

                                                                                                    1. 2

                                                                                                      It’s well known that democracies can vote themselves into, or be manipulated into authoritarianism, which is exactly why it’s important to call out these attempts when we see them.

                                                                                                      1. 4

                                                                                                        Yes! But @friendlysock’s point was that feudalism and rent-seeking aren’t democratic. I think that’s a category error; as you point out, it’s well known that democracy can result in either or both.

                                                                                                        1. 1

                                                                                                          It is not a category error. You can build non-democratic things out of democratic things.

                                                                                                          Separating from potential semantic issues. Urbit centralizes power (power over routing, power over peer discovery, namespace being distributed with some mixture of money, seniority and nepotism, voting power only being available to a select few – the senate – who are also endowed with the most of the above) in a way that is somewhere between capital-equals-power and pre-selected, recursively appointed hierarchy (ie. feudalism).

                                                                                                          The word Democracy in the context that @friendlysock used it very clearly refers to distribution of power (as opposing centralization) rather than voting-as-a-method-of-distributing power.

                                                                                                          It is difficult to believe that one would respond to such a post as if it were discussing voting-as-a-means-of-power-distribution if one were having a discussion in good faith, and more difficult still to believe one would double down on such an interpretation except as a rhetorical technique.

                                                                                                          1. 1

                                                                                                            It is difficult to believe that one would respond to such a post as if it were discussing voting-as-a-means-of-power-distribution if one were having a discussion in good faith

                                                                                                            Let’s be clear about this, instead of beating about the bush with “it is difficult to believe”. My position is as follows:

                                                                                                            • I wasn’t conflating Democracy with voting. In fact, I consider voting one of the major problems with modern Democracy. I’m a proponent of sortition as a replacement for voting as a potential solution.
                                                                                                            • Democracy is orthogonal to centralization, and orthogonal to power distribution, because …
                                                                                                            • Democracy - in the sense of Government of the people, by the people, for the people - can and has in recent times resulted in despotic centralisation of power. Steering well clear of Godwin here, I’d point to Chavez as an example.

                                                                                                            Perhaps this is the difference that’s leading you to think I’m arguing in bad faith.

                                                                                                            I’d argue that in every meaningful sense, a centralised despotic Government with widespread popular support can still be Democratic; it’s just that the will of the people here is the problem.

                                                                                                            1. 0

                                                                                                              You still seem to be intentionally confusing things that are the result of a democratic process with things that can be described as democratic.

                                                                                                              The people of england could have a vote (or the sortition lottery winners could decide) on whether Manchester should be walled off and ruled despotically by Eddie Izzard. It would be the result of a democratic process as the people of Manchester were outvoted by everyone else in England, but the power relationship between Eddie Izzard and the people of Manchester would not be democratic.

                                                                                                              Similarly decisions based on propaganda and populism are less democratic, and decisions justified via manipulated elections are not really democratic at all.

                                                                                                              Any relationship which enables rent-seeking is inherently undemocratic, and any rent-seeking-enabling structure explicitly ruled by the 256 people chosen by virtue of their capital and interest in having power over said structure is not democratic at all.

                                                                                                              Very loosely, when used as an adjective in the context above, ‘Democratic’ would mean the people with power are the people whose interests are most relevant. This is inherently and definitionally untrue in any rent-seeking relationship (although the relationship could still be a result of a greater structure which is democratic), and untrue in any system which can accurately be described as feudal.

                                                                                                              1. 1

                                                                                                                You still seem to be intentionally confusing things that are the result of a democratic process with things that can be described as democratic.

                                                                                                                I think this is at the heart of our disagreement, and where we may have to agree to disagree.

                                                                                                                I would say that a state of affairs arrived at by a democratic process is by definition democratic; although it may also be rent-seeking, feudal, or despotic. Or some combination of all three.

                                                                                                          2. 1

                                                                                                            Ahh, got you, sorry for misunderstanding!

                                                                                              2. 2

                                                                                                Indeed. But also be forewarned that the author of that article is an avowed socialist; there are distasteful politics of all flavours on display here.

                                                                                                1. 17

                                                                                                  Not all distasteful things are equally distasteful.

                                                                                                  1. 14

                                                                                                    That’s true; but Yarvin’s politics are still pretty damn distasteful.

                                                                                                  2. 10

                                                                                                    wonder how he manages to reconcile his socialism with his distasteful politics

                                                                                                    1. 4

                                                                                                      I think gulags were the preferred mechanism?

                                                                                                1. 9

                                                                                                  Maybe not everyone knows this, but instead of pressing ESC in vim, which is kind of far, you can do Ctrl+[, it will send the same signal to vim.
                                                                                                  Looking at the ASCII table (man 7 ascii) you’ll instantly know why, control is interpreted in terminals as nullifying the 6th and 7th bit:

                                                                                                         033   27    1B    ESC (escape)                133   91    5B    [
                                                                                                  

                                                                                                  This is also the reason why ESC often shows as ^[.

                                                                                                  1. 2

                                                                                                    Isn’t that even worse from the RSI-avoidance point of view?

                                                                                                    1. 2

                                                                                                      I have caps lock mapped to ctrl, so ESC is just a small movement away for my little fingers. Not sure if that helps RSI avoidance, but it’s a bit less stretching around.

                                                                                                    2. 2

                                                                                                      That’s very interesting, I did not know that.

                                                                                                      1. 2

                                                                                                        Or use something like xcape and turn Ctrl into ESC.

                                                                                                        1. 4

                                                                                                          Even better, bind caps lock to ESC (when tapped) and CTRL (when chorded) using e.g. caps2esc on Linux or AutoHotKey on Windows. This has dramatically reduced stress I was experiencing in my left forearm, as my wrists sit at a much more natural angle.

                                                                                                        2. 2

                                                                                                          Switching caps and esc is also really good tho! How often do you need to caps, really?

                                                                                                          1. 4

                                                                                                            If this catches on then I am sure Firefox will also re-integrate RSS.

                                                                                                            1. 4

                                                                                                              That would be both sad and hilarious.