1. 14

    This is exciting stuff; valuable perspectives on the tension between developers giving their code and the companies that benefit from it. I’m looking forward to seeing where this goes.

    Since I don’t do any JS, I wonder how the ideas could be adapted to other languages and ecosystems.

    1. 5

      Answering my own question, the github repo description is “a package registry for anything, but mostly javascript” which looks promising: https://github.com/entropic-dev/entropic

      1. 6

        As package management seems to be a wheel oft-reinvented with the same lessons re-learned, it’s always worth looking at alternatives and prior art.

        I’ll note gx as well as Guix/Nix for non-Javascript-centric packaging, but I would like to see more too!

      2. 2

        Why don’t use CPAN? It’s proven to work and be sustainable.

      1. 7

        The end of controlling what you see on the Web is coming.

        1. 27

          Not if you switch to Firefox :)

          I really hope Google is shooting themselves (and Chrome’s market share) in the foot with this move… but somehow I doubt it.

          1. 7

            Firefox development is mostly funded by Google. I can’t imagine them doing much to piss Google off.

              1. 13

                This actually sounds reassuring:

                Regardless of what happens with Chrome’s manifest v3 proposals, we want to ensure that ad-blockers and other similarly powerful extensions that contribute to user safety and privacy remain part of Mozilla’s add-ons ecosystem while also making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                1. 8

                  making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                  This part is scary.

                  1. 1

                    Yeah, but …

                    We have those APIs now isn’t it ? And the world isn’t collapsing.

                    1. 4

                      The scary part is that Firefox thinks it’s their job to decide how users use their own computers.

                      1. 18

                        It’s kind of impossible not to if you’re creating consumer facing software, isn’t it?

                        1. 4

                          It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                          1. 12

                            If it’s about the signed extension thing, please read about the history of that feature It is not based on threat models and predictions. It was done this way to get rid of adware that was auto-installing itself and making real-world people’s lives worse. It has to be hard-coded into the EXE, because it’s only the EXE that Windows performs signature checks on and that Mozilla can sue adware developers for impersonating.

                            1. 2

                              Alright. If it doesn’t affect people building from source, I guess it doesn’t matter.

                              1. 2

                                So… block it on Windows?

                            2. 3

                              It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                            3. 3

                              I never understand this sort of rhetoric.

                              I maintain quite a few open-source projects, and contribute to others. They all make choices about what they support and what they don’t. Is it sinister of them to do so? Many of them don’t provide any sort of toggle to make them support things the developers have chosen not to support, which is what you seem to object to. Is that really controlling behavior, or just developers disagreeing about what should be supported?

                              1. 1

                                My issue is that it’s user-hostile to prevent users from doing what they want with their computers. Firefox runs on my computer; I as an end user — and my grandparents as end-users — should be free to determine which extensions I run within Firefox. It’s not Mozilla’s computer to control. The ability to choose how to use one’s computer shouldn’t be reserved to developers: it should be available to everyone.

                                1. 0

                                  Mozilla is free to develop the software they want to develop. You’re free to not use it.

                                  You don’t have the right to force them to develop something they don’t want to, but you seem to be trying to assert such a right.

                      2. 2

                        Or, rely on blocklists: https://firebog.net/ I’ve got a little side project to automate it: https://gitlab.com/dacav/myofb

                        If you want something more complex, more popular, more user-friendlly: pi-hole

                        1. 3

                          Until they fully control DNS as well with something like DoH.

                          1. 1

                            Ah, this cat-and-mouse thing! :) Let’s try. You play adversary :)

                            My next move is to use the blacklist to place a filter at firewall level instead of using it at dns level.

                            Your move

                            1. 1

                              Or use /etc/hosts

                              1. 1

                                That’s actually one of the options of my scripts: populating /etc/hosts. :)

                              2. 1

                                Proxying ads through the website you want to see, so the ad urls are http://destination.com/double click/ad/1234

                                1. 1

                                  Definitely. But the website gets a performance penalisation, I think.

                                  Plus, I’m wondering, will it be as effective for the trackers to deal with the tracked browser with a proxy server in between? (maybe, maybe not).

                                2. 1

                                  I place Ads and DoH on the same IP address as the CDN that millions of websites use.

                                  1. 1

                                    Wait what? I don’t get this one. How many millions of websites are passing through the same IP address? Can you elaborate?

                                    1. 1

                                      Many of the ones that sit behind CloudFlare and Fastly.

                        1. 4

                          Trying to wrap my brain around prolog. My short term goal is to prepare a model of Polish intestacy rules, as my previous js attempt underestimated creativity of judges.

                          1. 1

                            I have never done much Perl, but I enjoyed playing with it one spring at university. Who here is using Perl regularly?

                            1. 7

                              I used to work at Booking.com, which has about a million lines of Perl in production. It was good times, I quite enjoyed working with it.

                              1. 6

                                It was my main language from about 1998-2008. I don’t write programs in Perl anymore, but I regularly use perl -ne, perl -pe, and perl -i -p -e on the command line and in scripts.

                                1. 9

                                  Same here. Back in the days of “traditional sysadmin” I used Perl for most tasks, be it small processing scripts or CGI web apps. These days Perl has fallen out of fashion and as much as I still like writing things in Perl 5, none of my colleagues wants to touch Perl code, so I end up doing much more Go, or sometimes Python (but I’m not a huge fan of Python).

                                  That said, I did manage to semi-sneak some Perl 5 into production a while back, and recently replaced a complicated shell script which was doing all sorts of echo | grep | sed | xargs etc. - I put the Perl replacement up for review and most people said it was “surprisingly readable” and that no other language could have done it as well.

                                  Perl definitely still has its place, but there’s too much stigma around it now.

                                  1. 6

                                    It’s possible to write reasonable Perl, but it’s very easy to make unreadable Perl if one isn’t careful. Unfortunately, sysadmins under duress was the most significant Perl userbase, while not one known for taking time on scripts. (Not helping Perl’s reputation for readability also: JAPH)

                                    1. 7

                                      Agreed, TMTOWTDI is both good and bad. Perl lets you take shortcuts, so people take them. PHP is arguably just as bad for this (I guess because it evolved from Perl).

                                2. 5

                                  Never tried perl5, but I’ve been using perl6 quite a bit lately and I really enjoy it.

                                  1. 5

                                    I use Perl regularly, as my “secret weapon” when consulting and/or writing API backends.

                                    1. 4

                                      I used perl from 2005-2010 on closed source code (a fastcgi ad-server, of all things). I remember going through the camel book(s) at the same time, and quite enjoy it. I’ll miss the Perl conferences more than the language though. :p I never got to an expert level though, so it can be that.

                                      1. 4

                                        I don’t use much Perl anymore but I really miss how well regular expressions were integrated into the language.

                                        1. 4

                                          2/3 of my regular clients are Perl shops (the third is teaching, and that’s mostly Python), so Perl is basically my dayjob :)

                                          1. 3

                                            I use Perl(5) for fun (personal projects, coding challenges etc).

                                            I’ve broken it out in anger at work for some ad-hoc log parsing stuff too .

                                            1. 2

                                              Not only is it the scripting language I usually reach for, and have since 4.036, but most of the externally facing services on Floodgap.com are written in Perl including the HTTP and gopher servers.

                                              1. 2

                                                I’d just like to take the opportunity to thank you for making TTYtter back in the day!

                                                I still use Oysttyer daily. Best Twitter client bar none.

                                                1. 2

                                                  Hey, thanks! :)

                                              2. 2

                                                I believe The Register is still a perl shop :~)

                                                1. 31

                                                  Google cut us off after an incident where one of our users account was taken over and a lot of spam sent. We have failed to even come in contact with Google. We are a public library with 200 employees and some 20k active users.

                                                  If a phone operator failed to communicate in such a situation, regulators would fine them. Perhaps we should regulate large email providers as well?

                                                  EDIT: I also run a small company mail server on Digital Ocean and its mail ends up in spam 100% of the time for GMail recipients. I’ve tried their reporting tool several times, implemented SPF, DKIM and DMARC - all in vain.

                                                  1. 16

                                                    E-Mail providers are in Germany regulated under the same law (TKG) as phone companies. So, if you’re in Germany and have problems with Google (or anyone else) blocking legitmate mail, please, by all means, write to the Bundesnetzagentur as the relevant administrative authority at info@bnetza.de (not hosted by GMail I assume; German language probably required). If they get enough complaints, they’re going to look into the problem.

                                                    1. 2

                                                      Czechia… Thanks for the tip, though. Might copy the legislation eventually. :-)

                                                      1. 1

                                                        And does it really work?

                                                        1. 5

                                                          If you refer to the legal framework: as long as Google provides e-mail service in Germany, they have to obey German law, and as such the BNetzA can fine Google if it doesn’t obey.

                                                          If you refer to personal capabilities: the BNetzA is one of the larger authorities as it regulates the entire German telco market. If you file a complaint with them, it’s usually handled professionally and friendly, albeit (as with all German authorities) probably slowly. I have had contact with them on another topic some years ago.

                                                          1. 6

                                                            Complaint to BNetzA has worked in my case with Telekom. So I second the recommendation to complain about Google there.

                                                    1. 8

                                                      I’m making a fast reading device with 2.13in e paper and raspberry pi zero - something like spritz but without giving me headache and making my eyes sore. My first ‘low level’ project ever. I have managed to reduce refresh time from over 2s to about 0.5s, that’s about 240 wpm.

                                                      1. 4

                                                        And people still say perl is ugly.

                                                        1. 7

                                                          This seems like more of an anti-feature to me. Maybe in limited uses it won’t be too bad?

                                                          <joke> Maybe the perl folks are staring to move to ruby now? </joke>

                                                          1. 6

                                                            This snippet is kotlin (which had the opportunity to make it a reserved word at the getgo), but it’s applicable and imho is a good example of how very readble succinct code can come out of this:

                                                            nums.filter { it > 5 }.sortBy { -it }.map { it * 3 }
                                                            

                                                            I’m a fan, at least. @1 is an uglier sigil to me, but that’s history.

                                                            1. 11

                                                              I’ll argue that any feature that has every been added to any programming languages has at least a few good use cases. It’s not like language designers are adding features just for the craic, they do it to solve real problems.

                                                              The question isn’t so much “does this language feature make a certain type of problem easier to solve?”, but rather “does this solve enough problems to offset the costs of adding it to the language?”

                                                              Adding features to languages comes with real costs. It will increase programmers cognitive load, it will make tools harder to write, it will make future language improvements/changes harder as features interact with features, etc.

                                                              In this particular case, I’m not so sure if it’s a good trade-off. The problem it solves is typing an explicit parameter (|a|). It strikes me as a small problem, at best.

                                                              1. 9

                                                                They all seem like warts to paper over a lack of proper partial application.

                                                                1. 4

                                                                  Partly, though you can use these variables to apply deeper than the first position

                                                                2. 6

                                                                  Swift had $0, $1, etc since 1.0. I though I’d never use this syntax when I first saw it but I was very wrong. Your example is exactly where it shines.

                                                                  On paper, it looks magical. But in practice, coming up with arbitrary names for a parameter is probably less clear and adds more cognitive load, including coming up with good names when writing the code. Here’s the same example with an explicit “good” parameter name:

                                                                  nums.filter { num -> num > 5 }.sortBy { num -> -num }.map { num -> num * 3 }
                                                                  
                                                                  1. 5

                                                                    Oleg Kiselyov has an interesting take on the subject. Suppose Kotlin took this from Scala’s _.

                                                                  2. 2

                                                                    I think ‘limited uses’ is key. I expect we (team/employer) will adopt it, restricted to use in one-line blocks, enforced by a Rubocop.

                                                                    Haven’t seen Clojure mentioned yet in the comments, but that’s where I first encountered this kind of thing.

                                                                    1. 1

                                                                      That could potentially encourage people to write ‘smarter’ and more magical one-liners.

                                                                    2. 1

                                                                      Well it’s really close to perl’s $_[1]. But it doesn’t work in blocks if I recall correctly.

                                                                      I think some people really want Perl but are afraid to admit that.

                                                                    1. 65

                                                                      In the Mastodon universe, technically-minded users are encouraged to run their own node. Sounds good. To install a Mastodon node, I am instructed to install recent versions of

                                                                      • Ruby
                                                                      • Node.JS
                                                                      • Redis
                                                                      • PostgreSQL
                                                                      • nginx

                                                                      This does not seem like a reasonable set of dependencies to me. In particular, using two interpreted languages, two databases, and a separate web server presumably acting as a frontend, all seems like overkill. I look forward to when the Mastodon devs are able to tame this complexity, and reduce the codebase to a something like single (ideally non-interpreted) language and a single database. Or, even better, a single binary that manages its own data on disk, using e.g. embedded SQLite. Until then, I’ll pass.

                                                                      1. 22

                                                                        Totally agree. I heard Pleroma has less dependencies though it looks like it depends a bit on which OS you’re running.

                                                                        1. 11

                                                                          Compared to Mastodon, Pleroma is a piece of cake to install; I followed their tutorial and had an instance set up and running in about twenty minutes on a fresh server.

                                                                          From memory all I needed install was Nginx, Elixir and Postgres, two of which were already set up and configured for other projects.

                                                                          My server is a quad core ARMv7 with 2GB RAM and averages maybe 0.5 load when I hit heavy usage… it does transit a lot of traffic though, since the 1st January my server has pushed out 530GB of traffic.

                                                                          1. 2

                                                                            doesnt Elixir require Erlang to run?

                                                                            1. 2

                                                                              It does. Some linux distributions will require adding the Erlang repo before installing elixir but most seem to have it already included: https://elixir-lang.org/install.html#unix-and-unix-like meaning its a simple one line command to install e.g pkg install elixir

                                                                          2. 7

                                                                            I’m not a huge social person, but I had only heard of Pleroma without investigating it. After looking a bit more, I don’t really understand why someone would choose Mastodon over Pleroma. They do basically the same thing, but Pleroma takes less resources. Anyone who chose Mastodon over Pleroma have a reason why?

                                                                            1. 6

                                                                              Mastodon has more features right now. That’s about it.

                                                                              1. 4

                                                                                Pleroma didn’t have releases for a looong time. They finally started down that route. They also don’t have official Docker containers and config changes require recompiling (just due to the way they have Elixir and builds setup). It was a pain to write my Docker container for it.

                                                                                Pleroma also lacks moderation tools (you need to add blocked domains to the config), it doesn’t allow remote follow/interactions (if you see a status elsewhere on Mastodon, you can click remote-reply, it will ask your server name, redirect you to your server and then you can reply to someone you don’t follow) and a couple of other features.

                                                                                Misskey is another alternative that looks promising.

                                                                                1. 2

                                                                                  it doesn’t allow remote follow/interactions (if you see a status elsewhere on Mastodon, you can click remote-reply, it will ask your server name, redirect you to your server and then you can reply to someone you don’t follow)

                                                                                  I think that might just be the Pleroma FA - if I’m using the Mastodon FE, I get the same interaction on my Pleroma instance replying to someone on a different instance as when I’m using octodon.social (unless I’m radically misunderstanding your sentence)

                                                                                  1. 1

                                                                                    Thanks, this is a really great response. I actually took a quick look at their docs and saw they didn’t have any FreeBSD guide set up, so I stopped looking. I use Vultr’s $2.50 FreeBSD vps and I didn’t feel like fiddling with anything that particular night. I wish they did have an official docker container for it.

                                                                                  2. 3

                                                                                    Pleroma has a bunch of fiddly issues - it doesn’t do streaming properly (bitlbee-mastodon won’t work), the UI doesn’t have any “compose DM” functionality that I can find, I had huge problems with a long password, etc. But they’re mostly minor annoyances than show stoppers for now.

                                                                                  3. 7

                                                                                    It doesn’t depend - they’ve just gone further to define what to do for each OS!

                                                                                    1. 4

                                                                                      I guess it’s mainly the ImageMagick dependency for OpenBSD that got me thinking otherwise.

                                                                                      OpenBSD

                                                                                      • elixir
                                                                                      • gmake
                                                                                      • ImageMagick
                                                                                      • git
                                                                                      • postgresql-server
                                                                                      • postgresql-contrib

                                                                                      Debian Based Distributions

                                                                                      • postgresql
                                                                                      • postgresql-contrib
                                                                                      • elixir
                                                                                      • erlang-dev
                                                                                      • erlang-tools
                                                                                      • erlang-parsetools
                                                                                      • erlang-xmerl
                                                                                      • git
                                                                                      • build-essential
                                                                                      1. 3

                                                                                        imagemagick is purely optional. The only hard dependencies are postgresql and elixir (and some reverse proxy like nginx)

                                                                                        1. 4

                                                                                          imagemagick is strongly recommended though so you can enable the Mogrify filter on uploads and actually strip exif data

                                                                                    2. 3

                                                                                      Specifically, quoting from their readme:

                                                                                      Pleroma is written in Elixir, high-performance and can run on small devices like a Raspberry Pi.

                                                                                      As to the DB, they seem to use Postgres.

                                                                                      The author of the app posted his list of differences, but I’m not sure if it’s complete and what it really means. I haven’t found a better comparison yet, however.

                                                                                    3. 16

                                                                                      Unfortunately I have to agree. I self-host 99% of my online services, and sysadmin for a living. I tried mastodon for a few months, but its installation and management process was far more complicated than anything I’m used to. (I run everything on OpenBSD, so the docker image isn’t an option for me.)

                                                                                      In addition to getting NodeJS, Ruby, and all the other dependencies installed, I had to write 3 separate rc files to run 3 separate daemons to keep the thing running. Compared to something like Gitea, which just requires running a single Go executable and a Postgres DB, it was a massive amount of toil.

                                                                                      The mastodon culture really wasn’t a fit for me either. Even in technical spaces, there was a huge amount of politics/soapboxing. I realized I hadn’t even logged in for a few weeks so I just canned my instance.

                                                                                      Over the past year I’ve given up on the whole social network thing and stick to Matrix/IRC/XMPP/email. I’ve been much happier as a result and there’s a plethora of quality native clients (many are text-based). I’m especially happy on Matrix now that I’ve discovered weechat-matrix.

                                                                                      I don’t mean to discourage federated projects like Mastodon though - I’m always a fan of anything involving well-known URLs or SRV records!

                                                                                      1. 11

                                                                                        Fortunately the “fediverse” is glued by a standard protocol (ActivityPub) that is quite simple so if one implementation (e.g. Mastodon) doesn’t suit someone’s needs it’s not a big problem - just searching for a better one and it still interconnects with the rest of the world.

                                                                                        (I’ve written a small proof-of-concept ActivityPub clients and servers, it works and federates, see also this).

                                                                                        For me the more important problems are not implementation issues with one server but rather design issues within the protocol. For example established standards such as e-mail or XMPP have a way to delegate responsibility of running a server of a particular protocol but still use bare domain for user identifies. In e-mail that is MX records in XMPP it’s DNS SRV records. ActivityPub doesn’t demand anything like it and even though Mastodon tries to provide something that would fix that issue - WebFinger, other implementations are not interested in that (e.g. Pleroma). And then one is left with instances such as “social.company.com”.

                                                                                        For example - Pleroma’s developer’s id is lain@pleroma.soykaf.com.

                                                                                        1. 16

                                                                                          This is a completely reasonable and uncontroversial set of dependencies for a web app. Some of the largest web apps on the Internet run this stack. That is a good thing, because when Fediverse nodes need to scale there are well-understood ways of doing it.

                                                                                          Success in social networking is entirely about network effects and that means low barrier to entry is table stakes. Yeah, it’d be cool if someone built the type of node you’re talking about, but it would be a curiosity pursued only by the most technical users. If that were the barrier to entry for the network, there would be no network.

                                                                                          1. 39

                                                                                            This is a completely reasonable and uncontroversial set of dependencies for a web app. Some of the largest web apps on the Internet run this stack.

                                                                                            Yes, but not for a web app I’m expected to run on my own time, for fun.

                                                                                            1. 6

                                                                                              I’m not sure that’s the exact expectation, that we all should run our single-user Mastodon instances. I feel like the expectation is that sysadmin with enough knowledge will maintain an instance for many users. This seems to be the norm.

                                                                                              That, or you go to Mastohost and pay someone else for your own single-user instance.

                                                                                              1. 2

                                                                                                You’re not expected to do that is my point.

                                                                                              2. 16

                                                                                                completely reasonable and uncontroversial

                                                                                                Not true. Many people are complaining about the unmanaged proliferation of dependencies and tools. Most projects of this size and complexity don’t need more than one language, bulky javascript frameworks, caching and database services.

                                                                                                This is making difficult to package Mastodon and Pleroma in Debian and Ubuntu and making it more difficult for people to make the service really decentralized.

                                                                                                1. 1

                                                                                                  I’m not going to defend the reality of what NPM packaging looks like right now because it sucks but that’s the ecosystem we’re stuck with for the time being until something better comes along. As with social networks, packaging systems are also about network effects.

                                                                                                  But you can’t deny that this is the norm today. Well, you can, but you would be wrong.

                                                                                                  This is making difficult to package Mastodon and Pleroma in Debian and Ubuntu

                                                                                                  I’m sure it is, because dpkg is a wholly unsuitable tool for this use-case. You shouldn’t even try. Anyone who doesn’t know how to set these things up themselves should use the Docker container.

                                                                                                  1. 1

                                                                                                    I think the most difficult part of the Debian packaging would be the js deps, correct?

                                                                                                    1. 3

                                                                                                      Yes and no. Unvendorizing dependencies is done mostly for security and requires a lot of work depending on the amount of dependencies. Sometimes js libraries don’t create serious security concerns because they are only run client-side and can be left in vendorized form.

                                                                                                      The Ruby libraries can be also difficult to unvendorize because many upstream developers introduce breaking changes often. They care little about backward compatibility, packaging and security.

                                                                                                      Yet server-side code is more security-critical and that becomes a problem. And it’s getting even worse with new languages that strongly encourage static linking and vendorization.

                                                                                                      1. 1

                                                                                                        I can’t believe even Debian adopted the Googlism of “vendor” instead of “bundle”.

                                                                                                        That aside, Rust? In Mastodon? I guess the Ruby gems it requires would be the bigger problem?

                                                                                                        1. 2

                                                                                                          The use of the word is mine: I just heard people using “vendor” often. It’s not “adopted by Debian”.

                                                                                                          I don’t understand the second part: maybe you misread Ruby for Rust in my text?

                                                                                                          1. 1

                                                                                                            No, I really just don’t know what Rust has to do with Mastodon. There’s Rust in there somewhere? I just didn’t notice.

                                                                                                            1. 2

                                                                                                              AFAICT there is no Rust in the repo (at least at the moment).

                                                                                                              1. 1

                                                                                                                Wow, I’m so dumb, I keep seeing Rust where there is none and misunderstanding you, so sorry!

                                                                                                  2. 7

                                                                                                    Great. Then have two implementations, one for users with large footprints, and another for casual users with five friends.

                                                                                                    It is a reasonable stack if you will devote 1+ servers to the task. Not for something you might want to run on your RPI next to your irc server (a single piece of software in those stacks too)

                                                                                                    1. 4

                                                                                                      Having more than one implementation is healthy.

                                                                                                      1. 2

                                                                                                        Of course it is. Which is why it’s a reasonable solution to the large stack required by the current primary implementation.

                                                                                                  3. 6

                                                                                                    There’s really one database and one cache there. I mean, I guess technically Redis is a database, but it’s almost always used for caching and not as a DB layer like PSQL.

                                                                                                    You can always write your own server if you want in whatever language you choose if you feel like Ruby/Node is too much. Or, like that other guy said, you can just use Docker.

                                                                                                    1. 4

                                                                                                      There’s really one database and one cache there. I mean, I guess technically Redis is a database, but it’s almost always used for caching . . .

                                                                                                      A project that can run on a single instance of the application binary absolutely does not need a cache. Nor does it need a pub/sub or messaging system outside of its process space.

                                                                                                      1. 2

                                                                                                        It’s more likely that Redis is being used for pub/sub messaging and job queuing.

                                                                                                      2. 11

                                                                                                        This does not seem like a reasonable set of dependencies to me

                                                                                                        Huh. I must be just used to this, then. At work I need to use or at least somewhat understand,

                                                                                                        • Postgres
                                                                                                        • Python 2
                                                                                                        • Python 3
                                                                                                        • Django
                                                                                                        • Ansible
                                                                                                        • AWS
                                                                                                        • Git (actually, Mercurial, but this is my choice to avoid using git)
                                                                                                        • Redis
                                                                                                        • Concourse
                                                                                                        • Docker
                                                                                                        • Emacs (My choice, but I could pick anything else)
                                                                                                        • Node
                                                                                                        • nginx
                                                                                                        • Flask
                                                                                                        • cron
                                                                                                        • Linux
                                                                                                        • RabbitMQ
                                                                                                        • Celery
                                                                                                        • Vagrant (well, optional, I actually do a little extra work to have everything native and avoid a VM)
                                                                                                        • The occasional bit of C code

                                                                                                        and so on and so forth.

                                                                                                        Do I just work at a terrible place or is this a reasonable amount of things to have to deal with in this business? I honestly don’t know.

                                                                                                        To me Mastodon’s requirements seem like a pretty standard Rails application. I’m not even sure why Redis is considered another db – it seems like an in-memory cache with optional disk persistence is a different thing than a persistent-only RDBMS. Nor do I even see much of a problem with two interpreted languages – the alternative would be to have js everywhere, since you can’t have Python or Ruby in a web browser, and js just isn’t a pleasant language for certain tasks.

                                                                                                        1. 38

                                                                                                          I can work with all that and more if you pay me. For stuff I’m running at home on my own time, fuck no. When I shut my laptop to leave the office, it stays shut until I’m back again in the morning, or I get paged.

                                                                                                          1. 2

                                                                                                            So is Mastodon unusual for a Rails program? I wonder if it’s simply unreasonable to ask people to run their own Rails installation. I honestly don’t know.

                                                                                                            Given the amount of Mastodon instances out there, though, it seems that most people manage. How?

                                                                                                            1. 4

                                                                                                              That looks like a bog-standard, very minimal rails stack with a JS frontend. I’m honestly not sure how one could simplify it below that without dropping the JS on the web frontend and any caching, both of which seem like a bad idea.

                                                                                                              1. 7

                                                                                                                There’s no need to require node. The compilation should happen at release time, and the release download tarball should contain all the JS you need.

                                                                                                                1. -3

                                                                                                                  lol “download tarball”, you’re old, dude.

                                                                                                                  1. 7

                                                                                                                    Just you wait another twenty years, and you too will be screaming at the kids to get off your lawn.

                                                                                                                2. 2

                                                                                                                  You could remove Rails and use something Node-based for the backend. I’m not claiming that’s a good idea (in fact it’s probably not very reasonable), but it’d remove that dependency?

                                                                                                                  1. 1

                                                                                                                    it could just have been a go or rust binary or something along those lines, with an embedded db like bolt or sqlite

                                                                                                                    edit: though the reason i ignore mastodon is the same as cullum, culture doesn’t seem interesting, at least on mastodon.social

                                                                                                                  2. 4

                                                                                                                    If security or privacy focused, I’d try a combo like this:

                                                                                                                    1. Safe language with minimal runtime that compiles to native code and Javascript. Web framework in that language for dynamic stuff.

                                                                                                                    2. Lwan web server for static content.

                                                                                                                    3. SQLite for database.

                                                                                                                    4. Whatever is needed to combine them.

                                                                                                                    Combo will be smaller, faster, more reliable, and more secure.

                                                                                                                    1. 2

                                                                                                                      I don’t think this is unusual for a Rails app. I just don’t want to set up or manage a Rails app in my free time. Other people may want to, but I don’t.

                                                                                                                  3. 7

                                                                                                                    I don’t think it’s reasonable to compare professional requirements and personal requirements.

                                                                                                                    1. 4

                                                                                                                      The thing is, Mastodon is meant to be used on-premise. If you’re building a service you host, knock yourself out! Use 40 programming languages and 40 DBs at the same time. But if you want me to install it, keep it simple :)

                                                                                                                      1. 4

                                                                                                                        Personally, setting up all that seems like too much work for a home server, but maybe I’m just lazy. I had a similar issue when setting up Matrix and ran into an error message that I just didn’t have the heart to debug, given the amount of moving parts which I had to install.

                                                                                                                        1. 3

                                                                                                                          If you can use debian, try installing synapse via their repository, it works really nice for me so far: https://matrix.org/packages/debian/

                                                                                                                          1. 1

                                                                                                                            Reading other comments about the horror that is Docker, it is a wonder that you dare propose to install an entire OS only to run a Matrix server. ;)

                                                                                                                            1. 3

                                                                                                                              i’m not completely sure which parts of you comment are sarcasm :)

                                                                                                                        2. 0

                                                                                                                          Your list there has lots of tools with overlapping functionality, seems like pointless redundancy. Just pick flask OR django. Just pick python3 or node, just pick docker or vagrant, make a choice, remove useless and redundant things.

                                                                                                                          1. 3

                                                                                                                            We have some Django applications and we have some Flask applications. They have different lineages. One we forked and one we made ourselves.

                                                                                                                        3. 6

                                                                                                                          Alternatively you install it using the Docker as described here.

                                                                                                                          1. 31

                                                                                                                            I think it’s kinda sad that the solution to “control your own toots” is “give up control of your computer and install this giant blob of software”.

                                                                                                                            1. 9

                                                                                                                              Piling another forty years of hexadecimal Unix sludge on top of forty years of slightly different hexadecimal Unix sludge to improve our ability to ship software artifacts … it’s an aesthetic nightmare. But I don’t fully understand what our alternatives are.

                                                                                                                              I’ve never been happier to be out of the business of having to think about this in anything but the most cursory detail.

                                                                                                                              1. 11

                                                                                                                                I mean how is that different from running any binary at the end of the day. Unless you’re compiling everything from scratch on the machine starting from the kernel. Running Mastodon from Docker is really no different. And it’s not like anybody is stopping you from either making your own Dockerfile, or just setting up directly on your machine by hand. The original complaint was that it’s too much work, and if that’s a case you have a simple packaged solution. If you don’t like it then roll up the sleeves and do it by hand. I really don’t see the problem here I’m afraid.

                                                                                                                                1. 11

                                                                                                                                  “It’s too much work” is a problem.

                                                                                                                                  1. 5

                                                                                                                                    Unless you’re compiling everything from scratch on the machine starting from the kernel

                                                                                                                                    I use NixOS. I have a set of keys that I set as trusted for signature verification of binaries. The binaries are a cache of the build derivation, so I could theoretically build the software from scratch, if I wanted to, or to verify that the binaries are the same as the cached versions.

                                                                                                                                    1. 2

                                                                                                                                      Right, but if you feel strongly about that then you can make your own Dockerfile from source. The discussion is regarding whether there’s a simple way to get an instance up and running, and there is.

                                                                                                                                      1. 3

                                                                                                                                        Docker containers raise a lot of questions though, even if you use a Dockerfile:

                                                                                                                                        • What am I running?
                                                                                                                                        • Which versions am I running?
                                                                                                                                        • Do the versions have security vulnerabilities?
                                                                                                                                        • Will I be able to build the exact same version in 24 months?

                                                                                                                                        Nix answers these pretty will and fairly accurately.

                                                                                                                                    2. 2

                                                                                                                                      Unless you’re compiling everything from scratch on the machine starting from the kernel.

                                                                                                                                      You mean starting with writing a bootstrapping compiler in assembly, then writing your own full featured compiler and compiling it in the bootstrapping compiler. Then moving on to compiling the kernel.

                                                                                                                                      1. 1

                                                                                                                                        No no, your assembler could be compromised ;)

                                                                                                                                        Better write raw machine code directly onto the disk. Using, perhaps, a magnetized needle and a steady hand, or maybe a butterfly.

                                                                                                                                        1. 2

                                                                                                                                          My bootstrapping concept was having the device boot a program from ROM that takes in the user-supplied, initial program via I/O into RAM. Then passes execution to it. You enter the binary through one of those Morse code things with four buttons: 0, 1, backspace, and enter. Begins executing on enter.

                                                                                                                                          Gotta input the keyboard driver next in binary to use a keyboard. Then the display driver blind using the keyboard. Then storage driver to save things. Then, the OS and other components. ;)

                                                                                                                                        2. 1

                                                                                                                                          If I deploy three Go apps on top of a bare OS (picked Go since it has static binaries), and the Nginx server in front of all 3 of them uses OpenSSL, then I have one OpenSSL to patch whenever the inevitable CVE rolls around. If I deploy three Docker container apps on top of a bare OS, now I have four OpenSSLs to patch - three in the containers and one in my base OS. This complexity balloons very quickly which is terrible for user control. Hell, I have so little control over my one operating system that I had to carefully write a custom tool just to make sure I didn’t miss logfile lines in batch summaries created by cron. How am I supposed to manage four? And three with radically different tooling and methodology to boot.

                                                                                                                                          And Docker upstream, AFAIK, has provided nothing to help with the security problem which is probably why known security vulnerabilities in Docker images are rampant. If they have I would like to know because if it’s decent I would switch to it immediately. See this blog post for more about this problem (especially including links) and how we “solved” it in pump.io (spoiler: it’s a giant hack).

                                                                                                                                          1. 3

                                                                                                                                            That’s not how any of this works. You package the bare minimum needed to run the app in the Docker container, then you front all your containers with a single Nginx server that handles SSL. Meanwhile, there are plenty of great tools, like Dokku for managing Docker based infrastructure. Here’s how you provision a server using Let’s Encrypt with Dokku:

                                                                                                                                            sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
                                                                                                                                            okku letsencrypt:auto-renew
                                                                                                                                            

                                                                                                                                            viewing logs isn’t rocker science either:

                                                                                                                                            dokku logs myapp
                                                                                                                                            
                                                                                                                                            1. 1

                                                                                                                                              OK, so OpenSSL was a bad example. Fair enough. But I think my point still stands - you’ll tend to have at least some duplicate libraries across Docker containers. There’s tooling around managing security vulnerabilities in language-level dependencies; see for example Snyk. But Docker imports the entire native package manager into the “static binary” and I don’t know of any tooling that can track problems in Docker images like that. I guess I could use Clair through Quay but… I don’t know. This doesn’t feel like as nice of a solution or as polished somehow. As an image maintainer I’ve added a big manual burden keeping up with native security updates in addition to those my application actually directly needs, when normally I could rely on admins to do that, probably with lots of automation.

                                                                                                                                              1. 3

                                                                                                                                                you’ll tend to have at least some duplicate libraries across Docker containers

                                                                                                                                                That is literally the entire point. Application dependencies must be separate from one another, because even on a tight-knit team keeping n applications in perfect lockstep is impossible.

                                                                                                                                                1. 1

                                                                                                                                                  OS dependencies are different than application dependencies. I can apply a libc patch on my Debian server with no worry because I know Debian works hard to create a stable base server environment. That’s different than application dependencies, where two applications are much more likely to require conflicting versions of libraries.

                                                                                                                                                  Now, I run most of my stuff on a single server so I’m very used to a heterogeneous environment. Maybe that’s biasing me against Docker. But isn’t that the usecase we’re discussing here anyway? How someone with just a hobbyist server can run Mastodon?

                                                                                                                                                  Thinking about this more I feel like a big part of what bothers me about Docker, and therefore about Clair, is that there’s no package manifest. Dockerfile does not count, because that’s not actually a package manifest, it’s just a list of commands. I can’t e.g. build a lockfile format on top of that, which is what tools like Snyk analyze. Clair is the equivalent of having to run npm install and then go trawling through node_modules looking for known vulnerable code instead of just looking at the lockfile. More broadly, because Docker lacks any notion of a package manifest, it seems to me that while Docker images are immutable once built, the build process that leads you there cannot be made deterministic. This is what makes it hard to keep track of the stuff inside them. I will have to think about this more - as I write this comment I’m wondering if my complaints about duplicated libraries and tracking security there is an instance of the XY problem or if they really are separate things in my mind.

                                                                                                                                                  Maybe I am looking for something like Nix or Guix inside a Docker container. Guix at least can export Docker containers; I suppose I should look into that.

                                                                                                                                                  1. 2

                                                                                                                                                    OS dependencies are different than application dependencies.

                                                                                                                                                    Yes, agreed.

                                                                                                                                                    Thinking about this more I feel like a big part of what bothers me about Docker, and therefore about Clair, is that there’s no package manifest. Dockerfile does not count, because that’s not actually a package manifest, it’s just a list of commands. I can’t e.g. build a lockfile format on top of that, which is what tools like Snyk analyze.

                                                                                                                                                    You don’t need a container to tell you these things. Application dependencies can be checked for exploits straight from the code repo, i.e. brakeman. Both the Gemfile.lock and yarn.lock are available from the root of the repo.

                                                                                                                                                    The container artifacts are most like built automatically for every merge to master, and that entails doing a full system update from the apt repository. So in reality, while not as deterministic as the lockfiles, the system deps in a container are likely to be significantly fresher than a regular server environment.

                                                                                                                                                2. 1

                                                                                                                                                  You’d want to track security vulnerabilities outside your images though. You’d do it at dev time, and update your Dockerfile with updated dependencies when you publish the application. Think of Docker as just a packaging mechanism. It’s same as making an uberjar on the JVM. You package all your code into a container, and run the container. When you want to make updates, you blow the old one away and run a new one.

                                                                                                                                          2. 4

                                                                                                                                            I have only rarely used Docker, and am certainly no booster, so keep that in mind as I ask this.

                                                                                                                                            From the perspective of “install this giant blob of software”, do you see a docker deployment being that different from a single large binary? Particularly the notion of the control that you “give up”, how does that differ between Docker and $ALTERNATIVE?

                                                                                                                                            1. 14

                                                                                                                                              Ideally one would choose door number three, something not so large and inauditable. The complaint is not literally about Docker, but the circumstances which have resulted in docker being the most viable deployment option.

                                                                                                                                            2. 2

                                                                                                                                              You have the dockerfile and can reconstruct. You haven’t given up control.

                                                                                                                                              1. 5

                                                                                                                                                Is there a youtube video I can watch of somebody building a mastodon docker image from scratch?

                                                                                                                                                1. 1

                                                                                                                                                  I do not know of one.

                                                                                                                                          3. 3

                                                                                                                                            I totally agree as well, and I wish authors would s/Mastodon/Fediverse/ in their articles. As others have noted, Pieroma is another good choice and others are getting into the game - NextCloud added fediverse node support in their most recent release as a for-instance.

                                                                                                                                            I tried running my own instance for several months, and it eventually blew up. In addition to the large set of dependencies, the system is overall quite complex. I had several devs from the project look at my instance, and the only thing they could say is it was a “back-end problem” (My instance had stopped getting new posts).

                                                                                                                                            I gave up and am now using somebody else’s :) I love the fediverse though, it’s a fascinating place.

                                                                                                                                            1. 4

                                                                                                                                              I just use the official Docker containers. The tootsuite/mastodon container can be used to launch web, streaming, sidekiq and even database migrations. Then you just need an nginx container, a redis container, a postgres container and an optional elastic search container. I run it all on a 2GB/1vCPU Vultr node (with the NJ data center block store because you will need a lot of space) and it works fairly well (I only have ~10 users; small private server).

                                                                                                                                              In the past I would agree with out (and it’s the reason I didn’t try out Diaspora years ago when it came out), but containers have made it easier. I do realize they both solve and cause problems and by no means think they’re the end all of tech, but they do make running stuff like this a lot easier.

                                                                                                                                              If anyone wants to find me, I’m @djsumdog@hitchhiker.social

                                                                                                                                              1. 2

                                                                                                                                                Given that there’s a space for your Twitter handle, i wish Lobste.rs had a Mastodon slot as well :)

                                                                                                                                              2. 2

                                                                                                                                                Wait, you’re also forgetting systemd to keep all those process humming… :)

                                                                                                                                                You’re right that this is clearly too much: I have run such systems for work (Rails’ pretty common), but would probably not do that for fun. I am amazed, and thankful, for the people who volunteer the effort to run all this on their week-ends.

                                                                                                                                                Pleroma does look simpler… If I really wanted to run my own instance, I’d look in that direction. ¯_(ツ)_/¯

                                                                                                                                                1. 0

                                                                                                                                                  I’m waiting for urbit.org to reach useability. Which I expect for my arbitrary feeling of useability to come about late this year. Then the issue is coming up to speed on a new language and integrated network, OS, build system.

                                                                                                                                                  1. 2

                                                                                                                                                    Urbit is apparently creating a feudal society. (Should note that I haven’t really dug into that thread for several years and am mostly taking @pushcx at his word.)

                                                                                                                                                    1. 1

                                                                                                                                                      The feudal society meme is just not true, and, BTW, Yarvin is no longer associated with Urbit. https://urbit.org/primer/

                                                                                                                                                  2. 1

                                                                                                                                                    I would love to have(make) a solution that could be used locally with sqlite and in aws with lambda, api gateway and dynamodb. That would allow scaling cost and privacy/controll.

                                                                                                                                                    1. 3

                                                                                                                                                      https://github.com/deoxxa/don is sort of in that direction (single binary, single file sqlite database).

                                                                                                                                                  1. 8

                                                                                                                                                    For what it’s worth, I am pretty happy with the overall look&feel of sourcehut. My only complain would be that the gray is a bit too much gray, but I don’t know what would be the implication of a softer one in terms of accessibility (maybe none?)

                                                                                                                                                    1. 3

                                                                                                                                                      I’m guessing the css for the site is simple enough that adding a per account setting for some CSS or generic properties would probably be fairly easy. So you could for instance override the grey with another colour in your account. Just populate the custom values into the template (I think this is just jinja2) as a context value and voila. One of the things about hosted github and gitlab is all you really get to change is the project logos and org logo. Would be nice is sourcehut had a little bit of chstomizability in terms of look and feel. Also someone could then set up a dark mode theme for sourcehut…

                                                                                                                                                      1. 3

                                                                                                                                                        I guess a Greasemonkey extension should do it easily without need of server side customisation. 🙂

                                                                                                                                                        1. 4

                                                                                                                                                          Yes but then I wouldn’t be able to MySpace up my sourcehut pages in various shades of neon pink and orange, distracting people from my poorly written code by making their eyes bleed.

                                                                                                                                                          1. 1

                                                                                                                                                            It’s on Google death list-for running third party code.

                                                                                                                                                      1. 2

                                                                                                                                                        This should be a config option.

                                                                                                                                                          1. 2

                                                                                                                                                            Wauw, those are amazing. Utterly delightful.

                                                                                                                                                          1. 1

                                                                                                                                                            Does this mean if we have google analytics or mixpanel or anything else on our site, we’ll lost these functionalities?

                                                                                                                                                            1. 2

                                                                                                                                                              in theory, any analytics package should continue to work just fine in terms of giving you tracking data on visits and hits on your site. blocking 3p cookies will largely stop third parties from tracking your visitors across sites unrelated to yours.

                                                                                                                                                              1. 2

                                                                                                                                                                Safari blocks third party cookies already. It’s likely your “analytics” are already incorrect.

                                                                                                                                                                1. 1

                                                                                                                                                                  No, they will block only domains on disconnect.me blacklist. See the link in my comment above.

                                                                                                                                                                1. 20

                                                                                                                                                                  I think this is huge. It reminds me of the early days of Firefox (back then still known as Phoenix) in a world where IE6 and pop-up ads dominated. At launch IE6 was really the best and most innovative browser of it’s time (IMHO). But after IE6 had beaten Netscape, Microsoft stopped putting money in IE development and the situation got worse over time. It was Phoenix with, among other things, a pop-up blocker that was on by default that brought down Internet Explorers hegemony.

                                                                                                                                                                  Today, with Chrome being dominant the situation is different because Google is still innovating Chrome at light speed. The one and only Achilles heel to beat this giant is by attacking their business model, which is to enable ad blocking by default. I expect this is something people want, just like pop-up blockers back in the days. Google will never be able to lead, or even follow in this direction without changing their business model.

                                                                                                                                                                  Unfortunately, Mozilla’s own business model also heavily relies on selling ads, albeit indirectly. According to this statement from an independent audit report:

                                                                                                                                                                  Note 10 - Concentrations of Risk:

                                                                                                                                                                  Mozilla has entered into contracts with search engine providers for royalties which expire through November 2020. Approximately 93% and 94% of Mozilla’s royalty revenues were derived from these contracts for 2017 and 2016, respectively, with receivables from these contracts representing approximately 75% and 79% of the December 31, 2017 and 2016 outstanding receivables.

                                                                                                                                                                  In other words, $539 Million, which is 93% of their total revenue, comes from companies that have selling ads as their business model (Baidu, Google, Yahoo and Yandex).

                                                                                                                                                                  I really hope Mozilla will be able to change this revenue stream to better align with their mission[1]. They have been trying to diversify their revenue since 2014 and although they might not be as dependent on Google as they once were, they’re still almost fully dependent on ads.

                                                                                                                                                                  Oh, and yeah, of course simply making a better browser than Chrome would also help ;)

                                                                                                                                                                  Background:

                                                                                                                                                                  [1] https://www.mozilla.org/en-US/mission/ “An Internet that truly puts people first, where individuals can shape their own experience and are empowered, safe and independent.”

                                                                                                                                                                  1. 11

                                                                                                                                                                    I really hope Mozilla will be able to change this revenue stream to better align with their mission[1]. They have been trying to diversify their revenue since 2014 and although they might not be as dependent on Google as they once were, they’re still almost fully dependent on ads.

                                                                                                                                                                    This is the million dollar question / problem. The world does not run on fairy dust and good intentions. Figuring out HOW to better align with their mission is a decidedly non trivial problem, and I’d wager that were it not they’d have done this already, because everybody and their uncle likes to carp about Mozilla.

                                                                                                                                                                    1. 6

                                                                                                                                                                      I think they should introduce a pro-version with a different firefox icon for 5$/month, I would buy it.

                                                                                                                                                                      1. 2

                                                                                                                                                                        So… they’d need to find ~10 million people like you who will pay for an icon in order to be able to replace their ad-related revenue stream. I doubt that’s going to happen, or that they’re even going to have any viable revenue stream out of this.

                                                                                                                                                                        As the amount in question is $500M/year, Mozilla’s problem is similar to the situation that large corporations face, where they are unable to enter many markets because they are just too small. Mozilla needs to find large revenue streams, and it’s impossible for them to combine lots of tiny revenue streams (by doing things like you suggested) because the overhead would be too high.

                                                                                                                                                                        1. 1

                                                                                                                                                                          I don’t agree. First, I don’t understand why browser development (since we are talking about firefox) should cost $500M/year. Second: Diversification. Icon was just one proposal, another can be payed VPN, another can be enterprise features proposed in this thread. (Hated) pocket integration is another one. Mozilla in some sense reminds me of Europe that for 20 years cannot diversify itself from the russian gas (money coming from the ads companies).

                                                                                                                                                                          1. 2

                                                                                                                                                                            My point is that you can’t replace $500M/year with tiny revenue streams like that. You’d need hundreds of them, and it’s simply unmanageable.

                                                                                                                                                                            Why it costs so much: it’s probably because there’s a lot more than just one browser. Whether there really need to be so many projects is another question, I don’t really know the answer to that.

                                                                                                                                                                            1. 1

                                                                                                                                                                              One problem I expect they have is that shrinking costs is really hard, and growing them really easy. The vast majority of it is probably salaries. Trying to shrink from $500M/year to $50M/year (say) would mean getting rid of roughly 9/10 employees!

                                                                                                                                                                              To do this successfully you’d need to retain quality employees, and make sure that the administrative staff shrunk as much as (or more than) the engineering staff. Not something that is easy to do while firing 90% of your staff, going on a very long hiring freeze, or so on.

                                                                                                                                                                          2. 2

                                                                                                                                                                            I said this a long time ago. Make some privacy-focused, enterprise offerings on top of it with good service. Additionally, an auditability-focused version supporting logging, messaging, etc. Enterprises buy lots of that stuff, too.

                                                                                                                                                                            1. 11

                                                                                                                                                                              We’re getting there. There was already a VPN service that we experimented with at the end of last year (I believe signups are closed now) and there are other ideas in the works as well.

                                                                                                                                                                              The hard part is figuring out what is acceptable to charge for. The last thing we would want is a world where users need to pay for increased privacy. Enterprise offerings could certainly fit the bill.

                                                                                                                                                                              1. 2

                                                                                                                                                                                Have you considered EU sponsoring?

                                                                                                                                                                                1. 2

                                                                                                                                                                                  I am very far removed from this process, all I know is what’s been shared by leadership internally :). But from what I can tell there have been a ton of ideas and the process has been very thorough. I’d be surprised if this hasn’t been considered.

                                                                                                                                                                                2. 1

                                                                                                                                                                                  ahal, start with changing the icon ;) Once the infra for two repos is set, you will see where it brings you.

                                                                                                                                                                              2. 1

                                                                                                                                                                                As would I, however you don’t have to look far at all to see that this amounts to good intentions. Sure, a few of us would pony up, but the VAST majority of users simply will not. They want a free lunch.

                                                                                                                                                                            2. 4

                                                                                                                                                                              Yeah, just think of the speed benefit they could brag about by simply blocking all ads by default too. Privacy is great by itself, but imagine the wow of being 2x or 3x faster than the “fast” google chrome with such a simple change on top of it!

                                                                                                                                                                            1. 3

                                                                                                                                                                              I believe that the European cookies directive should be addressed to browser creators, not website owners. Let’s be honest: Google and Mozilla are dependent on advertising money and unless forced by legislation they will not protect their users.

                                                                                                                                                                              1. 3

                                                                                                                                                                                In your opinion, which legislation forced this move by Mozilla then?

                                                                                                                                                                                1. 2

                                                                                                                                                                                  I haven’t heard this idea earlier. It sounds like a really good idea.

                                                                                                                                                                                1. 16

                                                                                                                                                                                  perl rereads the file

                                                                                                                                                                                  Abandon all hope ye who enter here expecting predictable interpreter behavior

                                                                                                                                                                                  1. 7

                                                                                                                                                                                    If := has been called by Pascal and Ada the assignment operator …. Keep calling it that! …. Walrus operator makes the industry appear juvenile and unprofessional.

                                                                                                                                                                                    1. 8

                                                                                                                                                                                      Come write Puppet, we have a spaceship operator

                                                                                                                                                                                      1. 9

                                                                                                                                                                                        I think Rust’s “turbofish” (”::<>”) takes the cake for odd operator names.

                                                                                                                                                                                        I don’t really like the name “walrus” for “:=”, but not because it’s “unprofessional”; rather, because—as @tenken noted—it’s already widely used and generally called “assignment”, and so inventing a new name for it violates the principle of least surprise.

                                                                                                                                                                                        1. 5

                                                                                                                                                                                          The issue is, Python already has an assignment operator.

                                                                                                                                                                                        2. 3

                                                                                                                                                                                          So does C++20

                                                                                                                                                                                          1. 3

                                                                                                                                                                                            PHP too

                                                                                                                                                                                            1. 1

                                                                                                                                                                                              Well, that’s my one argument for Puppet gone

                                                                                                                                                                                          2. 6

                                                                                                                                                                                            that’s only unprofessional in the pejorative sense of “professional”. nothing about giving operators cute names affects actual professionalism (treating employees and customers with respect, honouring commitments, delivering a quality product)

                                                                                                                                                                                            1. 1

                                                                                                                                                                                              Part of being professional is appearing to be professional. Visible, conscious professionalism is a bit part of attaining and maintaining the trust and respect of the public for other professions. If programmers want to be treated as a profession (and the way people react to any kind of management being applied to them suggests that they do want to be treated like professionals) then they need to attain and maintain the trust and respect of the public and the business community as being professional enough to be professionals.

                                                                                                                                                                                              Lawyers don’t wear suits because they love wearing suits, or because they’ve always worn suits. They wear suits because suits convey an image of professionalism that they public expects of lawyers. Lawyers are given a huge amount of trust by the public, and so they need to be trusted by the public. Not only are they self-regulating, but they frequently handle huge amounts of money, on behalf of not just big businesses but also members of the public, small business owners, etc.

                                                                                                                                                                                              Programmers aren’t regulated at all, but they probably should be. They’ll oppose any attempts any anything other than self-regulation quite forcefully, and self-regulation means you need to be seen to be professional and trusted by the public. Programmers handle huge amounts of personal information. People need to feel comfortable that the people doing so aren’t cowboys.

                                                                                                                                                                                              1. 3

                                                                                                                                                                                                I don’t want programming to be regulated, and I deliberately want cute, unprofessional names like “walrus operator” to continue to exist in programming language communities. Professionalism be damned.

                                                                                                                                                                                                1. 1

                                                                                                                                                                                                  Programming will be regulated. It’ll happen. It’s a question of whether programmers will be self-regulated or regulated by others, not whether they’ll be regulated eventually.

                                                                                                                                                                                                  ‘Walrus operator’ has to be especially stupid given it’s neither funny nor cute, already has another name, and looks nothing like a walrus.

                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                    Let it be regulated by others then, rather than ourselves. An “other” is someone groups can coordinate to fight against.

                                                                                                                                                                                            2. 3

                                                                                                                                                                                              You would love perl5’s goatse operator: =()=.

                                                                                                                                                                                              1. 2

                                                                                                                                                                                                Well I should report you to your employer for your specieist bigotry and unprofessionalism.

                                                                                                                                                                                                But hey, python is wide open after all. Fork your own and call it professional python and serious business operator.

                                                                                                                                                                                              1. 11

                                                                                                                                                                                                I lived in Luxembourg for a while and spoke mostly English and workplace French. Everyone in Luxembourg is more-or-less trilingual in Luxembourgish, French, and German, and many often know English or Portuguese on top of that.

                                                                                                                                                                                                I remember a friend of mine spent an hour and two beers explaining to me the genders of different nouns in each of Luxembourgish, French, and German. Both of us being software-minded, he explained this using an interface-implementation metaphor. The concept of “car” was an implementation, the words for “car” were the interface. The different languages had different calling conventions, but they all ended up back at the same implementation.

                                                                                                                                                                                                …maybe it was more like four beers.

                                                                                                                                                                                                1. 11

                                                                                                                                                                                                  Drunk programmers make an attempt at semiotics. You cannot believe what happens next.

                                                                                                                                                                                                  1. 11

                                                                                                                                                                                                    Perl or ES2015peranto is born.

                                                                                                                                                                                                  2. 3

                                                                                                                                                                                                    You might like to have a look at how natural language grammars are specified in GF (Grammatical Framework).

                                                                                                                                                                                                    Gender is like a struct field of the concrete noun type (for a gendered language). If the adjective gender must agree with the noun gender, then the adjective type will be a function from gender to word, and the noun phrase construction will pass the noun’s gender to the adjective’s function.