Threads for joshklein

4

joshklein 7 months ago | link | on: The case against a C alternative

I don’t often see another item mentioned that I’d like to offer for consideration.

I think my first attempt to articulate this may have been on the orange site in a discussion about C and security, and much later about X and Xenocara there and on this site.

This has always felt like a squirrely concept to wrap the English language around, and nearly impossible to articulate in a world philosophically-dominated by the ideas that descend from the bazaar-style approach of GNU/Linux in software design. I’m still not sure how to convey the idea to a general audience, but I highly value the internal design coherency and adherence to significant portions of the original K&R version of a unix philosophy that spirals off to touch on all kinds of other ideas (and even unrelated programming languages built on C) when talking about the value of C applications and systems.

It’s not that “C is the only way” by any stretch; rather, I don’t want to see anything except a single programming language (and compiler, and code style, and architectural principles, and standardization of IPC, and so on) used on everything that comprises an essential base layer of my computing. And I want that layer to be simple enough that the people I personally know today could recreate that language, its toolchain, and its entire ecosystem from first principles in a post-computing apocalypse. Being able to survive the eventual abandonment (or worse, destruction) of complex institutions is significantly more important to me than something like avoiding memory leaks or closing security holes.

If Rust (or anything else) replaced C in that capacity, I’d be perfectly happy to abandon the ~40 years of work and knowledge already accrued to that language and its collective of wise gray beards with their younger journeymen, apprentices, and disciples.

I often invoke OpenBSD as my example because it seems absurd to people who don’t use OpenBSD that it might be possible to open a driver (or any other component) of an operating system’s source code - having never done so before - and be able to understand how it works it based on its similarity to source code you inspected years ago in a userland application.

C isn’t the reason for that, but C has a lot to do with that. It would be hard for me to continue my attempted explanation of personally valuing the C language and the other humans who can write it without straying wildly off-topic into a rant about the Bronze Age collapse, so I’ll leave it there.
1. 2
  
  xigoi 7 months ago | link
  
  How many people would be able to exactly recreate C, including all obscure edge cases, out of memory?
  1. 1
    
    joshklein 7 months ago | link
    
    I take it you mean to ask how many people it would take to exactly recreate a new equivalent to C from first principles after the many decades of its existing knowledge evaporated? I’m confident in saying it would take approximately 1 extremely bright person approximately 1 year of labor, since that’s how long it took Ritchie (after which it took a small group of other exceptional engineers only a brief period to write an entire operating system and its userland of applications based on that language).
    
    I want to be clear that I think Rust (for example) is a wonderful and powerful piece of technology, so I unfairly pick on it here merely to provide an illustrative counterexample:
    
    I know Rust has had sponsorship for at least the past decade, and it looks like the 2022 budget of the Rust Foundation is $625,000. I don’t work on Rust, and I am undoubtedly even further below their level of technical ability and productivity than I would be if compared to Ritchie (which would already be many orders of magnitude), but it doesn’t seem unreasonable to suggest that no individual on earth could recreate the entire Rust toolchain from first principles in their own lifetime. And since we also don’t have a Rust operating system with Rust hardware drivers and a Rust userland after more than 10 years of its funding, it would be impossible to make any assessment on how long it would take - there is no evidence to draw upon.
    
    That I’m so much less capable and clever than the collection of people and institutions working on C alternatives is the essence of my point.
    
    I’m not concerned that potential C alternatives aren’t as sophisticated or powerful as C, but rather the precise opposite.
    1. 6
      
      matklad 7 months ago | link
      
      but it doesn’t seem unreasonable to suggest that no individual on earth could recreate the entire Rust toolchain from first principles in their own lifetime.
      
      https://github.com/thepowersgang/mrustc is a functional Rust compiler, which was implemented, as far as I know, by a single person in a rather short timeframe. Heck, I guess I can say that I myself implemented a significant chunk of Rust compiler twice :-)
      
      Rust is undoubtedly way harder to do than C, but still seems rather within reach of a single dedicated person.
      1. 1
        
        joshklein 7 months ago | link
        
        I used the example of Rust as it is the most commonly discussed language around this topic, but I don’t write Rust myself or have any knowledge of its ecosystem, so I may not understand your meaning out of unfamiliarity. The introduction of this project page reads:
        
        This project is a “simple” rust compiler written in C++ that is able to bootstrap a “recent” rustc, but may eventually become a full separate re-implementation. As mrustc’s primary goal is bootstrapping rustc, and as such it tends to assume that the code it’s compiling is valid (and any errors in the generated code are mrustc bugs). Code generation is done by emitting a high-level assembly (currently very ugly C, but LLVM/cretone/GIMPLE/… could work) and getting an external tool (i.e. gcc) to do the heavy-lifting of optimising and machine code generation.
        
        I apologize for my own ignorance - again, I do not work in Rust (but also see no reason it shouldn’t grow into a widely adopted language for a broad spectrum of software) - but this project seems dramatically at odds with an assertion that an individual could have produced this from first principles themselves, and perhaps even serves strongly as counter evidence. Am I misunderstanding?
        
        5
        
        matklad 7 months ago | link
        
        Perhaps it’s me who is misunderstanding what “producing from first principles” entails: a working simple compiler that can compile “bells and whistles” compiler seems to fit the bill.
        
        If the objection is to cutting corners (assuming the code is valid, using “external assembler”, etc), than that’s I think how the first versions of C worked as well (it had scarce any typechecking). Getting C toolchain to modern gcc/clang state required quite a bit of effort.
        
        If the objection is to being implemented in C++ (so, requiring some existing supporting infra), than, yes, Rust is indeed one step further on the bootstrap chain than C. But C also isn’t exactly a clean-slate thing: it incrementally started from a compiler for a language which didn’t even have structs, it kinda required preceding 30 years of computer evolution. I think the right way to capture is this: the incremental diff from the “previous” step is much larger for Rust, but it still manageable. The non-incremental diff from zero depends on what you consider to be zero: if it is the computing world just before C appeared, than it’s much larger for Rust, if that’s the computing world just after the first computers appeared, than the relevant differences between Rust and C seem to shrink again.
    2. 3
      
      c-cube 7 months ago | link
      
      An OS in rust, like redox ? Of course it doesn’t have all the drivers linux has, but it exists. For C++ it’s the same, interestingly: SerenityOS was built from scratch in a few years, with the full stack from the kernel to a graphical userland. These are doable and arguably doable more productively than in C.

19

healeycodes 8 months ago | link | on: One Decade of Lobsters

I wonder why growth is trending down (not that that’s necessarily a bad thing).

I’ve made some good friends on here, and when I post my own content, I’ve always had great interactions/feedback too!
1. 46
  
  mempko edited 8 months ago | link
  
  I love lobste.rs and have been a member for 8 years. The comments ahead are just my personal experience but maybe there are others who feel the same way. At some point (I think about 2 years ago) topics about tech culture and society started to be removed by moderators and I started to participate less and less. Which is insane since the reason lobste.rs started was HN banned the creator and HN was doing some funny moderation. (fun history: https://jcs.org/2012/06/13/hellbanned_from_hacker_news, https://news.ycombinator.com/item?id=4452384). One reason I loved lobste.rs was it’s careful use of moderation, instead relying on having a solid group of users vetted by others in the community.
  
  So, this stronger moderation against topics related to culture and society that intersect with tech made me lose interest. Given all the crazy things happening in the world today, to believe that tech is isolated from the world is naive and ultimately creates a bubble culture. What’s the point of loving technology if it can’t be applied to real world problems? So over time I started to lose some interest in content on lobste.rs as it seemed less relevant to my life. Maybe the content is changing again? I don’t know as I haven’t really participated as much.
  
  The community here is strong and I hope for another strong 10 years. I just hope people learn that tech is useless independent of helping people. Code that doesn’t run, that doesn’t solve problems, is just a statue. Beautiful to look at and appreciate, but not much else.
  1. 58
    
    dmpk2k 8 months ago | link
    
    I feel the opposite. The American culture wars are exhausting.
    
    I am glad this place is peaceful.
    1. 21
      
      mempko edited 8 months ago | link
      
      I find the culture war exhausting too, but I also feel it’s mostly fake. That it’s mostly manufactured by the media and big voices on social media. Notice I didn’t say anything about any culture war but that’s where you went. Isn’t that weird? Something is wrong with our discourse. I’m talking about software solving the real problems we have in society (hungry, homeless, global warming, ecological collapse, energy, prison system, education, war, inequality, gun violence). The culture war is manufactured, in my opinion (puts on tin foil hat), to distract us from the real problems.
      
      Computers are literally man’s greatest invention. They can save us from meaningless labor and enhance our minds. They aren’t a bicycle for the mind, but a rocket ship. My worry is we are wasting it. We shouldn’t take computers for granted. It won’t take much to forget how to make them.
      1. 18
        
        ansible-rs 8 months ago | link
        
        I’m talking about software solving the real problems we have in society (hungry, homeless, global warming, ecological collapse, energy, prison system, education, war, inequality, gun violence).
        
        Do we need software to fix any of those problems? Aside from global warming / ecological collapse at least? We (as a society) have the wealth to fix these issues, it is mostly the lack of consensus / political will to do so. And the main thing standing in the way are certain wealthy actors and interest groups. They are interested in their own profits first and foremost, and control of society via marginalization or outright oppression of minorities and destruction of democratic systems and discourse.
        
        We can use software on the margins to try to educate people, and show how they are being manipulated. But it doesn’t seem like enough.
        
        3
        
        mempko edited 8 months ago | link
        
        Like a virus, computers are now in everything. You eat today? Computers were involved. It’s not so much that they can fix any of those problems (I would argue they accelerate some like global warming. Google is proud they increases waste and energy use through all of society https://economicimpact.google.com/), it’s that if they aren’t part of the solution, then they are part of the problem. So we either fix it, or get rid of their usage. Since they are such a powerful tool for productivity, it seems to me we can use them to accelerate solutions vs accelerate problems.
        
        2
        
        feoh 8 months ago | link
        
        Like a virus, computers are now in everything.
        
        Then all the more reason for having a place where we can discuss the science, art and craft of technology away from the divisiveness that’s tearing our society apart makes sense in my view.
        
        I’m not suggesting that this is a monastery, but monasteries existed to keep the barbarians out and knowledge in when the dark ages fell. I see communities like this serving a similar purpose.
        
        2
        
        mempko edited 8 months ago | link
        
        Except it was in the monasteries where truth died. The “dark ages” were nothing like you described. I suggest reading Debt the first 5000 years by David Graeber. Eratothsenes figured out the circumference of the earth and over a 1000 years later we had Christopher Columbus who thought the world was much smaller. Yajnavalkya postulated the earth revolved around the sun yet the Monasteries promoted a earth as the center vision.
        
        We need a functioning civilization to keep knowledge being passed through one generation to the next. Now that we are facing threats to organized human life at an unprecedented scale, there will be no ‘safe place’ to teach people how to build computers without civilization wide support. Computers are just too complex.
        
        Also imagine the rest of society thinking “Wow, we have these amazing tools called computers that can solve our problems, but the folks who design and build them, the elite who use these tools, want nothing to do with our problems. Want to ignore them because they are too disturbing and annoying to the experts”.
        
        2
        
        feoh 8 months ago | link
        
        Good on you for fighting the good fight. I’ll just be over here hacking around with old computers and trying to stay healthy long enough to retire and enjoy life a bit :)
        
        2
        
        mempko edited 8 months ago | link
        
        You evoke an interesting thought and bring up a good point. There are millions of programmers. But most programmers have little say in what they actually build as they work for large companies. That’s because, while programmers are paid well relative to the rest of society, they often own very little of their work.
        
        The responsibility I am talking about falls on those that do have a say in what is built. Many of the leaders are former programmers themselves. But even among programmers there is a class divide. Those that don’t have a say in what is built don’t have the responsibility I speak of. Maybe we need more people owning their work.
      2. 9
        
        edk- 8 months ago | link
        
        The culture war is manufactured. It is also a real, serious problem. One of the reasons there are so many wars is that they can be started unilaterally.
        
        To the point at hand, though, do you think discussion about “culture and society” on lobste.rs solves any of those problems? I associate these kinds of topic with lobste.rs’ turning into a little hackernews, in which the same handful of political arguments are rehashed and people are generally horrible to each other. I don’t think the tech industry at large is going to discover, for instance, the concept of professional ethics through comment threads here.
        
        I think the reason we can be civilised here is that we find technology neat; it’s a thing we have in common, and the reddit-style discussions work reasonably well for that. When we debate bigger things the medium shows its weaknesses. For one thing, while a lot of the strictly computery posts exist in some sort of niche, articles about society have much more direct political implications, and tend to elicit some sort of opinion for pretty much everyone. It’s also much harder to stay calm when discussing something that matters.
        
        I’ve argued, often and animatedly, that political content shouldn’t be on lobste.rs. I have several reasons for this, and I hope I’ve explained one of them, but just as important is… politics. I think being exposed to the sort of environment I see on political threads here makes people worse, or at least marginalises those who are most inclined to be nice. In theory diversity of opinion might expose people to new ideas, but in practice people pretty much always go home thinking exactly what they thought yesterday, only more so. I’d be all in favour of your position if I’d ever seen any evidence that lobste.rs debating important things leads to people becoming more conscientious about those things.
        
        I appreciate this is a bit of a ramble, but one last thing: why would we expect anything else? You say that believing tech is isolated from the world creates a bubble culture. But lobste.rs is a bubble in its purest form already. Most tech workers and enthusiasts, especially in America, exist in a relatively narrow social stratum; it’s hard to find a demographic distinction in which the field doesn’t exhibit strong bias. I have my doubts about the comment section free-for-all as a vehicle for social change, but even if it could work, we’d need to be more connected to the rest of society in order to have any chance of deciding what technology’s place in it ought to be.
        
        9
        
        mempko 8 months ago | link
        
        You raise a lot of good issues here. But I feel maybe I wasn’t clear enough. I don’t want random discussions about culture and politics. Twitter already exists. I care about the intersection of technology and society. I think those discussions are important to have and Lobsters used to have them. Then those seemed to have gone away and I lost some interest.
        
        We know that people in technology are usually horrible at social issues, partly because we get people who prefer certainty. The certainty of the machine. I was one of those people. We have great comfort talking about frameworks, programming languages, and reverse engineering old hardware. We like our safe space.
        
        I have my doubts about the comment section free-for-all as a vehicle for social change, but even if it could work, we’d need to be more connected to the rest of society in order to have any chance of deciding what technology’s place in it ought to be.
        
        I don’t have this view of lobsters as a vehicle for social change. It’s not. Social change will come either way and we can talk about how technology is involved, or we can ignore and treat lobsters as a sort of comfort food. That’s totally acceptable. It’s just less interesting for me and that’s why I responded to ‘why has growth stalled’ comment.
      3. 1
        
        Halkcyon edited 8 months ago | link
        
        Notice I didn’t say anything about any culture war but that’s where you went. Isn’t that weird?
        
        Seems very telling to me and makes the user come off as a troll. Somehow having concern = culture war? Or caring about a topic = virtue signaling? There’s no authenticity to users like that. They can’t imagine a world where people are caring or concerned about things bigger than themselves.
    2. 6
      
      mjtorn 8 months ago | link
      
      I had to filter out the culture tag for the sake of my sanity.
      
      As much as I love reading this site, there’s something about the influx of certain topics and the style of conversation etc that - for the lack of a better word - triggers me. I have to restrain myself from getting involved, yet I know nothing good can follow from participating.
      
      Few of us are in a position to really affect change, and online discussion (esp. heated) is a net-negative substitute.
      
      This is probably still true for culture stories, but I don’t wanna go look in that dark corner.
      
      Everything else I love, thank you and keep it up for many decades!
    3. 3
      
      feoh 8 months ago | link
      
      I too find the forever culture war exhausting, and treat tech and, by extension lobsters, as a kind of haven where I can think about fun, inspiring things I might want to build or ideas I can grow from.
      
      There is a time and a place for everything, and there are a bazillion fora for discussing that stuff. IMO it doesn’t need to be here.
  2. 30
    
    rtpg edited 8 months ago | link
    
    As someone who also subscribes to the (glibly described as) “everything is politics” philosophy, I am still for removing a lot of the “culture” articles. The main reason is that these discussions are already happening elsewhere (for example HN). Society existing everywhere doesn’t mean that we have to discuss society everywhere.
    
    The secondary reason is that there is a general idea for what is on topic, and that is “can this make you a better programmer”. I think that makes some stuff about community management (like CoC discussions for prog languages) on topic, but loads of things that end up getting removed fall far from this goal.
    
    A tertiary reason (something that happens in rant-tagged articles as well): when those articles don’t get pulled down, we end up with the same 5 people yelling at each other saying the exact same things over and over again. There is a clear vibe from some people to want to pull discussions into the same stump speech.
    
    I do think that when there isn’t a forced segue, discussion about society still happens in the comments section. And it stays reasoned. But at least personally, I don’t need every social space to turn into debate club. Lobsters isn’t the only place on the internet.
  3. 16
    
    david_chisnall 8 months ago | link
    
    I’m a relative newcomer but I appreciate the fact that lobste.rs discussions tend to be limited to things that have some form of objective evaluation criteria. When someone presents a technical project, I can evaluate it against my requirements. I can have a discussion about why my requirements are different from yours and whether my requirements are not actually solving my underlying problem. I almost certainly have a load of biases around why my requirements ended up being that shape but they’re generally not things that I have particularly strong beliefs about and, if I do, those beliefs are very unlikely to be core to my self image.
    
    When we discuss politics or culture then you and I may have very different ideas about an ideal society looks like and have very strong beliefs derived from things that are at the core of our self identity about that shape. If those happen to line up, then we can have a rational discussion about whether a particular policy advances our society towards that goal (though, often, we don’t really have enough data to make a good assessment). If we have conflicting goals for society then discussing how to reconcile them in a public forum is hard and maintaining an inclusive culture when those discussions are happening is even harder.
    
    I enjoy discussing politics, even with folks that disagree with me, but I don’t enjoy doing it on the Internet because it’s incredibly easy for things to be quoted out of context or misinterpreted. I’m glad that this is a place where we can put those discussions on one side and engage on other issues.
  4. 6
    
    x64k 8 months ago | link
    
    I am torn on this matter, not the least because the one time when I broke my “no politics here” it quickly went sideways and not all in a good way, and it left a bit of a sour taste in my mouth, mostly because, justified or not, I really didn’t want to have a flamewar in an otherwise really civil place.
    
    So on the one hand I think it’s useful, but also healthy and important for a community to be able to discuss things that its members consider important, even if they’re not exactly the reason why we’re all here.
    
    This is probably a holdover of mine from the old days, when any forum, no matter what its primary topic was, also had a “General Discussion” section. A good chunk of it was flamewar but to me, a non-native English speaker at the end of the world, technologically speaking, those things were eye-opening in many ways. Even the things I actively disagreed with. They were useful for me in tech, not just in general. Without them, I’d be largely ignorant to the social, political and economical trends that shape the tech world of tomorrow, and I’d be entirely lost in this sea of information. I also think they were healthy: in my experience, tech communities that do not engage in these exercises and cannot vent on non-technical topics will eventually vent on technical topics, and will eventually cluster around narrow niches with categorical and harsh adepts who produce a lot of judgement but don’t really move the boundary of technology any further. Once they devolve into that, communities aren’t too fun to hang out in anymore, and get an expiration date, too.
    
    Usefulness and healthiness aside, I really wish I could talk about a whole bunch of non-tech things with many of you here. There are people here whose work I admire and I’m sure the original approaches that makes their software so good has also produced a lot of other ideas worth hearing.
    
    But on the other hand the single-section, tag-based, up/down-vote structure is really inadequate for this. Even if the front-page doesn’t promote controversy, the sheer volume of material that can be tagged culture is overwhelming, it’s a category that’s ripe for self-promotion, and it’s a field that’s really inviting for bike shedding while waiting for shit to compile. Unless it’s confined to a separate section, it tends to push out technical content which, in turn, tends to push out technical people.
    
    The section-less structure also means that these things inevitably make it to the front page. On old phpBB boards you could often have civil discussions in the Linux section while also shitposting in the General Discussion section, as long as general awfulness was dealt with via the ban hammer. But on lobster.rs these aren’t separate sections and shitposting inevitably spreads.
    
    It’s also a very wide umbrella. culture is equally well applied to an article about the political views of early demosceners – which, even though it’s technically politics, I’d really be super curious to read about – and to an employer branding piece about how a company contributes to Rust projects which, after years of exposure to corporate hiring machines, makes me want to puke halfway through the title.
    
    Honestly, the only tag I really dislike is practices, probably because I got a bad case of burnout from over-practice-ising a while back and eww. Ultimately, I left culture unfiltered, but I don’t think we need more of it.
  5. 3
    
    winter 8 months ago | link
    
    At some point (I think about 2 years ago) topics about tech culture and society started to be removed by moderators
    
    I wonder why this was put into place if the discussions were fine. (I only joined a little over a year ago, so I can’t really speak much on this except that I’m curious as to why these posts started being removed.)
    1. 12
      
      mempko edited 8 months ago | link
      
      It’s still a great community. I wouldn’t have buyer’s remorse. It just changed over time to something less interesting to me. Part of it is the new moderation that came with new management. They wanted to narrow the focus of the site. I can’t say that’s why growth started trending downwards, but that downward trend coincides with what I felt. So take it with a grain of salt. I was just highlighting something that might have had an impact.
      1. 4
        
        LenFalken 8 months ago | link
        
        Where else do you get your dose of interesting discussions?
        
        100% I feel the same way too but it’s only made me take time off to reconsider my approach to the website. At the end of the day you either decide to work with it or not.
        
        I’ve begun to vet my posts via lobsters IRC first. Maybe lobsters needs an initial “post filter”? i.e. if a post is thumbs-uped by a member of certain activity and age, it gets listed?
        
        3
        
        mempko 8 months ago | link
        
        It’s strange but I am finding the best conversations I have are with individuals in private settings. Nice to know the IRC is active. Maybe I should try to hop in. Thanks!
      2. 3
        
        hblanks 8 months ago | link
        
        It absolutely did for me. I stopped posting after my last submission was removed for “not being technical.”
        
        That alone would have been OK, but the criteria for “technical” were (and remain) vague. And then, when I posted an honest question asking to understand them and the culture tag, titled “what is the culture tag for?”, the moderator proceeded to rename it to “why was my post removed?.”
        
        Moderating’s a thankless job, but all the same, that felt disingenuous to me. So, I don’t submit things here anymore. It’s a bummer because for years, I feel like this place used to support the readership you mentioned:
        
        Usefulness and healthiness aside, I really wish I could talk about a whole bunch of non-tech things with many of you here. There are people here whose work I admire and I’m sure the original approaches that makes their software so good has also produced a lot of other ideas worth hearing.
    2. 5
      
      friendlysock 8 months ago | link
      
      The discussions were emphatically not fine, hence the purging efforts by both moderators and the community.
      1. 5
        
        mempko edited 8 months ago | link
        
        Popcorn tech.
        
        You know what’s sad. I tried submitting topics that were incredibly technical. Bleeding edge tech. Nothing, no traction. For example, topics dealing with quantum computing, cryptography, etc.
        
        It’s almost like people don’t want to talk about technology specifically. They want pop-technology. or popcorn tech. Compare the level of technical discussion here to say, lambda-the-ultimate (is that still around?).
        
        But it’s better here than HN and reddit! So that’s a win.
        
        11
        
        david_chisnall 8 months ago | link
        
        It’s almost like people don’t want to talk about technology specifically. They want pop-technology. or popcorn tech. Compare the level of technical discussion here to say, lambda-the-ultimate (is that still around?).
        
        I think people want to talk about things that they can meaningfully engage with. I’m interested in reading about quantum computing, for example, but I have literally nothing useful to contribute on the subject. You seem to have invited quite a few folks to join, perhaps if you reached out to some physicists then you’d find the audience contained more people who were able to meaningfully contribute on those subjects.
        
        I’m happy to engage on a range of deeply technical topics here (language design, compiler internals, OS / hypervisor internals, CPU architecture and microarchitecture, capability systems, and so on), and I will on most of those subjects. Quite a few of them have very few comments because there are not very many folks here that share that interest. That doesn’t mean that they’re shallow, it just means that they’re experts in different things to me. I’ve had a few comments where I’ve either been the only person commenting or one of a small set, yet had some very high moderation totals (so other members are happy that I posted, even if they don’t feel that they have anything to add), or where other folks have let me know that they’re grateful for the explanation (often folks who are not members here, but still read the site). Similarly, there have been other threads where I’ve read everything, clicked the up-vote button on some fantastic explanations and clarification, and yet had nothing worthwhile to add myself.
        
        6
        
        gerikson 8 months ago | link
        
        I’d like to take this opportunity to thank you for your clear comments regarding the dark recesses of C/C++. Even though it is far from my area of expertise you usually manage to make me feel I understand them better.
        
        1
        
        igorclark 8 months ago | link
        
        Agree wholeheartedly with these conclusions. Also, your posts are reliably interesting, always extremely informed, carefully considered and well worth reading. Thanks!
      2. 2
        
        winter 8 months ago | link
        
        Ah, the parent made it seem like the discussions were fine (or didn’t really have a stance on that, I guess I was assuming that).
  6. 2
    
    Student 8 months ago | link
    
    I did propose a while back that such posts be on topic with their own tag. The few responses to the proposal were overwhelmingly negative. I think it’s fair to say there is not a pent up hunger for that sort of thing to be on topic here.
2. 6
  
  reezer edited 8 months ago | link
  
  I think the quality is going down. Many submissions are borderline spam, or yet another basic howto on something, that if you were interested could find on your favorite search engine in seconds. The comment sections are more and more frequently covered by “me too” style comments (including “I love this”, “Great Work!” which is nice of them, but also just doesn’t add anything, you could have just upvoted), or disagreements, with little to no merit and I more often read comments from people that didn’t go beyond the headline. And on the technical side there’s quite a bit of objectively wrong information in both articles and comments.
  
  And then with more people I think there simply ends up a lot more bikeshedding, which I assume is pretty natural as websites grow. And with Lobste.rs/reddit/HN style sites in particular the most visible things will be meritless “motherhood statements” that people can easily agree with and are hard to criticize.
  
  Don’t get me wrong, luckily none of these is really dominant, it’s just that it seems to be increasing and can be off-putting when there’s randomly multiple cases of this.
  
  Comparing it to HN I actually switched to lobste.rs, because that was a bit of a problem, but comparing it nowadays, they are on equal footing, even though groups of people, interests, etc. are somewhat different.
  
  I also wonder how Drew DeVault’s and ban of links to his blog affected things, but I don’t want to open that topic.
  
  Anyways, with that said I am really happy about the “Saves” I’ve collected over the years. A lot of them also for the comment sections. So thanks to everyone for that! :)
  1. 6
    friendlysock 8 months ago | link
    
    I broadly agree with your concerns. Some observations (from my viewpoint):
    
    DDV and others made merry use of us as a marketing channel, which is shitty behavior. We still have some folks who do the same thing, and one of the side-effects is that open lively debate is the first casualty when hucksters just want a clean, attractive billboard for their wares. (See also similar patterns on other UGC platforms who bow to advertisers).
    
    We do seem to have a lot of “motherhood”/“underpants” threads. I’m unsure if it is significantly worse than a few years ago, but it has been a thing I have noticed.
    
    “me too” comments are cancer, but there’s also the other orange-site disease of subthreads just totally derailing into detailed discussions of things that have little to do with the original article. Both are bad.
    
    A lot of our internal mechanisms for dealing with stuff have gone away over the years; the community has become increasingly hostile to anyone pointing out decorum violations, our moderation is effectively just pushcx, and community-led attempts to fix process issues (as evidenced by the meta tag) seems to have dropped off. I think that is the true existential threat to Lobsters right now.
    1. 1
      
      gerikson 8 months ago | link
      
      the other orange-site disease of subthreads just totally derailing into detailed discussions of things that have little to do with the original article
      
      A back-of-the-envelope sketch of a solution to that issue would be an increasing time limit imposed on replying to a comment, based on its depth in a thread.
      
      Tweaks are needed, maybe if you’re a first time commenter in a thread you don’t get a time limit on the first reply.
      
      I think this would address the case where 2 people just really really want to be right and keep replying to each other.
  2. 7
    
    gerikson 8 months ago | link
    
    comparing [lobste.rs and Hacker News] nowadays, they are on equal footing, even though groups of people, interests, etc. are somewhat different.
    
    I vehemently disagree.
    
    This is a listing of the top scored and commented submissions so far this year, from HN, lobste.rs and /r/programming on Reddit.
    
    https://gerikson.com/hnlo/topscore.html
    
    I count 8 submissions from the 25 top scored submissions on HN that are on topic for lobste.rs. The rest are (US) political or business news. From the 25 top commented, none are on topic for this site.
    
    Not having to daily wade through that dreck (especially without the help of tags) is what makes this place so much better than HN.
    1. 2
      
      reezer edited 8 months ago | link
      
      As mentioned that is why I switched to HN. I don’t mean to make this a competition though. It’s just something I’ve noticed and wanted to share these things as a form of constructive criticism. I think Lobste.rs does really good, good enough for me to spend time writing comments after all. ;)
      
      I assume it also very much depends on the time (weekend, weekdays, American, European daytime, …), as well as how you use the websites.
      
      Also I am not sure if overall top scores are the best measurements. I go there on a regular basis and care more about what I see then rather then the highest overall scores over the course of many months. Getting very high scores is a mixture of topics being low entry level enough, posting them at the right time, and various other factors.
      
      Also my view obviously is very subjective in that I remembered HN worse when I opened it up a couple of times lately, when I just was a bit disappointed on the front page of lobste.rs. So there’s obviously a bit of bias there.
      
      Looking at the top ones I think actually gives all these sites less reputation than they deserve, with lobste.rs clearly winning though.
      
      I agree that tags help. However I am a bit paranoid about filtering sometime, because for most of them I could imagine there’s stuff I find interesting. However it’s certainly a big plus.
3. 4
  joshklein 8 months ago | link
  If by “growth” you mean a heuristic capturing overall combined site activity of existing and new users, I would postulate a causal relationship from the re-opening of alternative activities otherwise prevented during pandemic conditions (prior to general vaccine availability) and the lagging consequences from the unwinding of pandemic-related isolation trauma.
  
  Active Users by month remained high through 2020 Q4 before trending generally downard in 2021 and 2022. It seems that Comments Posted and Votes Cast also follow this trend.
  
  New Users by month began trending generally downard earlier, around the beginning of the pandemic. Where would existing users be meeting new users to invite in 2020 Q2? It seems that Stories Submitted also follows this trend. How many stories are driving users’ excitement for discussion while still being on topic to this site in 2020 Q2 and Q3?
  
  I have made no attempt at scientific rigor in this assessment; this is chart eyeballing & back-of-napkin thinking.
4. 3
  
  proctrap 8 months ago | link
  
  It seems to follow the covid development ? Would make sense if people started using lobsters more at the start, but over time became bored of all the digital stuff when they can’t do IRL things.
5. 2
  
  ansible-rs 8 months ago | link
  
  I have joined in the last year. I haven’t invited anyone else yet that I (a) knew well enough, and (b) thought would be a good fit for this site.
6. 1
  
  feoh 8 months ago | link
  
  I think maybe there was a turning point where people started vetting their invites a bit more carefully.
  
  This is all anecdotal but I remember a bunch of strife around people mis-using flags and downvotes when we had it, and there was some discussion around some folks who were seen as not participating in a way many of us found benefited the community.
  
  (Yes I know such distinctions are a VERY slippery slope. Community is a delicate flower. I’m super grateful ours continues to thrive.)

24

pushcx Sysop edited 1 year ago | link | on: What are you doing this week?

Fixing a longstanding bug in the Lobsters header by redesigning the nav. There are lengthy design notes and screenshots in the GitHub issue, and the linked PR has the full implementation. I also used this as an excuse to fix a hundred small alignment issues an add a list of stories with active discussions. I will probably deploy this change Thursday, Friday, or Saturday when traffic is lower because no matter how many times I’ve gone over all the combinations dark/light + desktop/mobile for all ~70 page types, there’ll inevitably be a bugfix or two needed.

I’m waving my hands above my head about this one because I know changes to core UI are always disconcerting, even with a bug that’s had a fix planned for 2.5 years. I’ve been calling out this change in the chat room and tweeted about it. Hopefully this comment (with the hat so it appears in the mod log) helps, too.
1. 6
  
  joshklein 1 year ago | link
  
  I’ll be autogenerating screenshots across device/OS/browser/dimension combinations to test an unrelated site this week. If it would be helpful, feel free to PM me whenever ready with: (1) a staging URL, (2) a list of the platform combinations you want tested, (3) a way to share back png files.
  
  It won’t be much incremental work for me to add Lobsters unless you need multiple iterative test passes, so happy to add it to my queue.

5

zmitchell 1 year ago | link | on: An optimization story

I don’t always get opportunities to do deep dives on the software I write for my research, but when I do it tends to be pretty fun. In this case I had a simulation that was taking about 8 hours to run, which made me grumpy. I decided to see how fast I could make it and ended up making HUGE improvements. Read on to see how I did it and how much faster it was in the end!
1. 2
  
  joshklein 1 year ago | link
  
  I enjoyed following your iterative process (rather than a post-mortem “here is how I ended up doing this”). Thanks for sharing.
  
  I would have reached for Numba before rewriting in Rust to see how far it would get me, but I don’t write Rust so this choice would be an ergonomic/practical one. Do you have any comment on taking that approach? I’d also probably reach for CPython before a full rewrite (in C or Rust or anything else).
  
  As an aside re: finding bottlenecks - my first pass after profiling is always to look for the Python loops that can be replaced by NumPy. Most of the time, that’s as far as I need to go in practice.
  1. 1
    
    zmitchell 1 year ago | link
    
    I enjoyed following your iterative process
    
    Thanks! I wanted it to be an end-to-end description of the process so that new-ish programmers can see what the process is like (measure, tweak, measure, tweak, etc). It’s also meant to show that optimization is often a case of compounding smaller optimizations rather than one BIG honking optimization.
    
    I would have reached for Numba before rewriting in Rust to see how far it would get me, but I don’t write Rust so this choice would be an ergonomic/practical one. Do you have any comment on taking that approach?
    
    Sure! I was aware of things like Numba, PyPy, etc, but I remembered that at least with PyPy there were some restrictions on which Python versions you could use, which libraries could be used with it, etc. I didn’t do a ton of research into this. I also think I mixed up Numba and Dask in my head and immediately discounted it because I only wanted to run this program on my 2-core laptop, not a cluster, so I figured the additional overhead would eat into any performance gains. I’ve actually had more than one person recommend Numba to me since I published this, so I’ll probably go back to a previous version in git and test it out to see how far that would have gotten me in comparison. I’ll post an update on the piece whenever I get around to that.
    
    Writing a Python extension has been on my programming bucket-list for a while, so this was just enough of an excuse to actually do it. I already knew Rust well enough to get by, so that wasn’t a big concern. I also kind of welcomed the opportunity to see how I could tweak the low-level details to squeeze out some performance here and there.

5

joshklein 1 year ago | link | on: What are you doing this week?

Doing the (emotionally challenging) work of reconnecting with people I’ve lost touch with over the years as I look for a new full-time role that won’t burn me out (which would perpetuate my loss-of-connection burn cycle).

13

lattera 1 year ago | link | on: Should you use Let’s Encrypt for internal hostnames?

Both at home and at work, I use an invalid TLD (.lan). Let’s Encrypt, then, is naturally not an option. Instead, I create my own internal CA and create per-device certs only for those devices/services that need them.
1. 4
  
  monotux e-mailed 1 year ago | link
  
  Look into step-ca, you can setup an internal ACME instance and use letsencrypt clients (at least certbot) to fetch and renew certificates.
2. 2
  
  joshklein 1 year ago | link
  
  I do the same at home. The requisite knowledge was entirely contained in ikectl(8), iked(8), and related man pages. As an amateur, I also had to look up a few terms on Wikipedia.
3. 2
  
  david_chisnall 1 year ago | link
  
  How do you handle deploying the CA root cert? Last time I tried this, Android whines at you if you have any trusted CA certs that are not part of the default bundle and iOS made it annoying to use. There’s also the problem (which doesn’t occur so much in the pandemic) that anyone visiting your house gets certificate warnings and probably doesn’t want to add your CA to their trusted list (if they did then you could MITM every connection that they make with TLS to any remote that isn’t publishing CCA records).
  1. 2
    
    lattera 1 year ago | link
    
    I don’t use any of the custom CA’d services on my network with my Android phone. I only use my laptops for accessing those things.
  2. 0
    
    jornane edited 1 year ago | link
    
    CAA records don’t prevent your custom CA from issuing certificates, and doesn’t prevent browsers from trusting your certificates if your CA is trusted.
    
    What kind of problems do you have with using a custom CA in iOS? You send the certificate to the device (e.g. you serve it on a web server), you install it with your passcode and then enable it in Settings -> General -> About.
    1. 1
      
      david_chisnall 1 year ago | link
      
      CAA records doesn’t prevent your custom CA from issuing certificates, and doesn’t prevent browsers from trusting your certificates if your CA is trusted.
      
      CCA prevents my CA from issuing a cert for your domain and intercepting client traffic. A public CA that tries this and gets caught will suffer huge penalties (some have gone out of business as a result).
      
      If I visit your house and add your CA cert to the trust anchors in my device to connect to your printer, then you can have your router MITM all TLS connections to domains that don’t have CCA records and the client will happily trust the cert and report a secure connection. Worse, if your signing certificate is compromised (I’m assuming that you’re not using an HSM or doing any of the other things that a CA needs to be certified?) then whoever compromises it can mount similar attacks on any network that I connect to. You can probe this in JavaScript (try doing an HTTP request, catch the exception if the connection is not allowed), so if you’ve got a nice selection of compromised signing certs that people trust then you can do this easily on a public AP.
      
      Oh, and the CCA record only helps if the domain is also using DNSSEC, otherwise the router can just intercept the DNS query and substitute NXDOMAIN for the CCA lookup.
      
      What kind of problems do you have with using a custom CA in iOS? You send the certificate to the device (e.g. you serve it on a web server), you install it with your passcode and then enable it in Settings -> General -> About.
      
      I haven’t tried this for a while, but I think some corporate anti-malware things spotted the cert and marked the device as insecure.

1

lattera 1 year ago | link | on: Selling my own GPL software, part 1: a lot of hurdles

One thing I’d like to read is your thoughts on why you chose the GPL versus BSDL (or another permissive license). Also, one thing I learned (at least, in the US) is that if you are the maintainer/owner of the GPL code, you can still do what you want with it, including keeping it proprietary. That violates the spirit of the GPL, but still follows the letter.
1. 11
  
  raymii edited 1 year ago | link
  
  I want all software to be open source under the GPL, meaning source available and everyone required to also open source their modifications. The viral nature some people complain about is my main selling point. For the greater good that is the only viable option, since taking a piece of software and not contributing back but just profiting is only good for “increasing shareholder value”.
  
  The BSD style licenses permit such behaviour. GPL forces companies to contribute back. Theory does not always holds up, see many Chinese router makers or the recent OBS clone by some Chinese firm, but it provides a base to stand on in case of such violations.
  
  With the GPL everyone benefits instead of a few already wealthy folks getting wealthier. I literally live two villages next to the shipyard that is building Bezoss rumoured next yacht, without all the open source code that would not be possible. But the original creators? They probably dont see a penny. (which might be completely fine with them, since they choose a BSD style license anyway, who am I to judge. But, my views differ, and those are the views you asked about).
  1. 8
    
    lattera 1 year ago | link
    
    What we’re seeing in many BSD-licensed projects is that companies do still contribute back. It’s in their best interest to (make an attempt, at least) upstream their non-money-making bits. The FreeBSD project shines as a great example of this. Sony, Netflix, Juniper, Dell EMC Isilon (I think they were acquired), NVIDIA, and many others contribute a large amount of code (and monetary donations) back to the project, even though they don’t have to.
    
    So, from my point of view, today’s use of the BSD license isn’t too much different from the GPL. Just because a company can take BSDL code and completely close it doesn’t mean they will. As mentioned above, they usually don’t.
    
    Instead, the BSDL enables companies to make better use of my work and innovate with it. Contributing their non-money-making bits relieves their own maintenance burden, allowing the wider community to take their work and improve upon it as well. My BSDL code will have a much wider reach and impact than GPL for this very reason.
    
    Juniper learned this lesson in a very hard way. They had hard forked FreeBSD a very long time ago (I think back in the FreeBSD 4 days, but I could be horrifically wrong there.) They didn’t upstream their changes. Then FreeBSD made some HUGE changes over the years, and when they went to upgrade their fork to the latest release, they had a very large amount of work to do. It really hurt them in their engineering efforts.
    
    Now, Juniper contributes back as much as they can. They minimize the number of proprietary patches against FreeBSD. Companies like Netflix have learned from Juniper’s experience. This teaches me that from a pure “contributing back” perspective, the BSDL and the GPL are equal in practice.
  2. 8
    
    joshklein 1 year ago | link
    
    GPL forces companies to contribute back
    
    Without personally or directly engaging in the pseudo-religious argument this topic occasionally can devolve into, I feel obligated to highlight this referenced statement as demonstrably and objectively incorrect.
    1. 2
      
      premysl 1 year ago | link
      
      I’d say more misguided than incorrect. Making something available does not necessarily make it a contribution.
      
      Moreover, you only need to make it available under certain conditions. If you neither distribute it, nor otherwise expose it to the public, it may very well stay walled off.
      
      Lastly, if the author doesn’t sue, there is no force to speak of. It’s more likely you’ll get public shaming, as with Microsoft’s hiccup lately.
  3. 5
    david_chisnall 1 year ago | link
    
    GPL forces companies to contribute back
    
    Sorry to be a pedant but this misstating of the GPL is one of my pet peeves. The GPL, by design, does not require anyone to contribute back. The GPL is intended to protect the rights of end users, not to protect the rights of the original creators. It forces them to contribute forwards. The only people who have rights granted by the GPL are the people who receive binary copies of the software. The following are completely allowed by the GPL:
    
    Maintaining an in-house fork of a GPL’d program without sharing the code.
    
    Providing recipients of the binary with a tarball of the source code but not sending it upstream and not providing any revision control history to understand the changes (Apple did this a lot).
    
    Providing a service using the GPL’d code without sharing the code at all (this is not true for the AGPL in the specific case that the service is a hosted instance of the software but in all other cases it is).
    
    From the perspective of a corporation, the question is simple: is it cheaper (counting TCO, including liabilities from licence compliance) to use open source code than to develop something in house? If your code is less than a few person years of effort (i.e. a single person’s hobby project), then the cost of developing it in-house is probably very small. They typically have three choices:
    
    Develop something in house.
    
    Take an open-source project, customise it, and maintain an in-house fork.
    
    Take an open-source project, customise it, and upstream the changes.
    
    For a GPL’d project, there’s a big liability from distributing and so, in my experience, they’re more likely to go with options one or two than option three because the potential liability from GPL’d distribution is greater than the potential saving from reducing their diffs with upstream. For something permissively licensed, the weighting typically goes towards option 3: there’s no point developing something in house if there’s a low-risk public version and there’s little risk from upstreaming changes (the awareness of this has changed a lot over the last 20 years, especially in smaller companies).
    
    In a few cases, I’ve seen companies take a hybrid of options one and three: see that there’s a GPL’d project and pay someone to write a permissively licensed alternative, which they then develop in the open.

23
inactive-user 1 year ago | link | on: Git: ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen
I stopped signing stuff because I just couldn’t deal with gpg any more. At some point it broke for mysterious reasons I couldn’t figure out, and I just gave up. I’ve been wanting a better signing scheme for a long time.

For anyone wanting to try it out:

~/.config/git/config:
```
[user]
signingKey = ~/.ssh/id_ed25519

[gpg]
format = ssh
```
Commit:
```
% git commit -am 'Sign me!' --gpg-sign

% git log --format=raw
```
commit 74d2eb36642937c31b096419fe882259572e42e3 tree 7a6a8614e03d217dea76f28edbc6652666932df8 parent 8c8db6f1bd0ec29cfffc1cf0d0f91f637e8fbd26 author Martin Tournoij martin@arp242.net 1635225059 +0800 committer Martin Tournoij martin@arp242.net 1635225059 +0800 gpgsig —–BEGIN SSH SIGNATURE—– U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg6w5WB1nhvFYmOIc/hxLj2dkuME 4oQcQrLs1oQsRdZ68AAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQDPTXV5wPb0Yzt0VaVpk5/83TKw5MklAb0DkQkVT99Ib+MwaTIirb1kG1m54akzfn+ Bb3vV9YYRjjCHnie5ziwU= —–END SSH SIGNATURE—–
```
Sign me!
```
The gpg in a lot of the settings and flags is somewhat odd since you’re not using gpg at all, but I can see how it makes sense to group it there.

It doesn’t really integrate well with GitHub, but that’s hardly surprising given that this feature is about five hours old 🙃
1. 2
  
  joshklein 1 year ago | link
  
  You may find signify of interest. See this post from @tedu for elaboration.
  1. 2
    
    inactive-user 1 year ago | link
    
    There’s also minisign, which has a few improvements. But can you use it with git (or email for that matter)? Because last time I checked you couldn’t. Nothing standing in the way in principle, but the tooling/integration just isn’t there.
    1. 1
      
      LeahNeukirchen 1 year ago | link
      
      https://leahneukirchen.org/dotfiles/bin/git-signify
      
      But not as nice UX.
      1. 1
        
        inactive-user 1 year ago | link
        
        Ah nice, but it’s a bit too hacky for my taste to be honest 😅 Also somewhat hard and non-obvious to verify for other people (philosophical question: “if something is securely cryptographically signed but no one can verify it, then is it signed at all?”)
2. 1
  
  mayli 1 year ago | link
  
  Does it only support ed25519? I am still on rsa, btw, you format is screwed due to markdown.
  1. 2
    
    inactive-user 1 year ago | link
    
    Presumably it supports all key types; it just calls external ssh binaries like with gpg. There’s no direct gpg or ssh integration in git (as in, it doesn’t link against libgpg or libssh) and leaves everything up to the external tools. It’s just that I have an ed25519 key.
    
    Looks like I forgot to indent some lines; can’t fix the formatting it now as it’s too late to edit 🤷

4

joshklein 1 year ago | link | on: Pip vs Conda: an in-depth comparison of Python’s two packaging systems

Be careful to stay mindful of how radically different the work you do might be from other people.

I use conda. I create a new environment for each data science project I work on, then delete those environments when that project is done. I sometimes use pip within those conda environments; conda supports that. I also use pip outside my conda environments, when the tool to be installed is a non-dependency to a specific project (and doesn’t already exist in my OS package manager, which is my strongly preferred way to install any system-wide application).

Suppose I start a new GIS-related analysis and I want to create an isolated “virtual environment” and install shapely.

Okay, so I’m now installing its dependency on GEOS, which is most definitely not a Python library. So, what’s the singular “right way” that every individual should install these tools in every circumstance? I’d suggest there is no such thing as a single “right way”.

I want to do two things here that are important to me: install a C++ dependency to a Python library, and have it totally isolated into something functionally akin to a reproducible virtual environment that also leaves the rest of my projects (and system) alone.

Now, I also want to share my Jupyter notebook analysis with my colleague so they can reproduce my results on their machine. I want to check one text file into my repo that fully specifies that environment, and I want my colleague to be able to create that environment with one command, on any operating system (including Windows and MacOS, since they’re not hip to the same development tools as me). And after they have reproduced my work, they won’t want any of my stuff on their system anymore. I want them to be able to delete it with one command, too. To really remove it from their system.

We can kind of do all of this with pip, but… well… good luck to each of us on our competition for whose system goes longer before requiring a fresh OS reinstall. Heck, maybe my colleague is reproducing my results on MacOS, but I created the work on Linux. Say Apple pushes an update to Maps that somehow breaks my GIS project, and only my GIS project, and only on my colleague’s machine.

I’m sure you’ll agree this will be a fun experience to resolve with my colleague. And this is the one on Mac, so at least I can start to theorize why it might break for them. That poor colleague using Windows is on their own.

Now, on the other hand:

conda is not how I would install any software in the context of needing some project-agnostic “user tool” on my local machine. I don’t want to have to activate an environment - even an automatic default one - to run shell commands I expect to just work. My tune might change if I switched to Windows, but I know nothing about that OS and would be reaching for the tool most familiar to me in order to become productive quickly, so I’m not a person with an informed opinion about that.

And while deploying isn’t my area of expertise (so I might be speaking out of turn), this also is not how I would deploy any of my work into production. For example, I imagine installing GEOS via conda to work with PostGIS as part of the backend for a user-facing GIS platform is almost certainly the wrong way to be approaching the objective. This is where people are going to be looking at Nix and all the other things related to scalable and reproducible deployments.

conda was created by people in the data science community that write a lot of Python that depends on a lot of non-Python. I don’t think Travis worked on it, but the people who did certainly work for him, and so you know they intimately understand this use case. It is very, very, very good for this use case. Not perfect, but awesomely useful. Poor Travis has probably been answering people’s “Python” questions about NumPy for 2 or 3 decades. Cheers to his group of folks for making my life easier at the same time as reducing their open source support burden.

And to be perfectly clear, I don’t blame the people responsible for the Python packaging ecosystem that pip is a suboptimal solution when I need to write some Python code (which depends on some Python library, which has some numerical C or Fortran library deep in its dependency chain, all from one project that conflicts with my other project’s separate deep dependency tree of software spanning multiple languages and decades).

In summary, I don’t think conda is for software engineers.

13

icefox 1 year ago | link | on: My Fanless OpenBSD Desktop

That looks exactly like how I’d imagine an OpenBSD’s work space to look: Minimal, classy, entirely beautiful.

My own desk is always a hopeless messy jumble, and has been my whole life. I don’t know when I realized that clutter was actively comfortable, but it is.
1. 4
  
  joshklein 1 year ago | link
  
  I earnestly believe that this aesthetic simplicity & physical utilitarianism can be accessed with intentionality by learning to “think in OpenBSD” (similar to the titular character’s experience from the novel Ender’s Game, or as in the film Arrival); it could be something you or anyone else can aspire to emulate via your neuroplasticity and the daily effect of using this operating system.
  
  I’d love to see this studied as robustly as we’ve studied the effects of color in brand identities. I imagine OpenBSD to be the “IBM blue” of OS aesthetics.
  
  Whatever else you believe about OpenBSD and the alternative more popular desktop operating systems, it would be hard to dispute that OpenBSD disproportionately pursues a calm “internal coherency” given the project’s approach to normalized coding style, a smaller team of opinionated contributors, complete man pages distributed with the system as a single “source of truth”, the absence of bells and whistles that trigger the frailties of your mammalian brain, and an ethos approximating the original Thompson & Ritchie style Unix philosophy.
  1. 3
    
    icefox edited 1 year ago | link
    
    Or you can be the person who, when someone asks “do you have X?”, reaches into a pile and unerringly finds it. Or sometimes says “No, but I know of something better.” It takes all sorts.

12

matklad edited 1 year ago | link | on: The hidden performance overhead of Python C extensions

And either the Rust standard library or possibly the Rust compiler–I’m not sure which–are smart enough to use a (slightly different) fixed-time calculation.

That’s LLVM. It actually is surprisingly smart. If you have a sum for i from a to b, where the summation term is a polynomial of degree n, there exists a closed form expression for the summation, which would be a polynomial of degree n+1. LLVM can figure this out, so sums of squares, cubes, etc get a nice O(1) formula.

Another good story with the same theme is https://code.visualstudio.com/blogs/2018/03/23/text-buffer-reimplementation. “You can always rewrite hot spots in a faster, lower level language” isn’t generally true if you combine two arbitrary languages.
1. 1
  
  itamarst 1 year ago | link
  
  Thanks for the explanation, I’ll update the article.
  1. 1
    
    joshklein 1 year ago | link
    
    A fairer comparison would thus mean using LLVM on the Python code too (see: Numba). Given the example domain, I’d further be interested to know the speed difference between Rust on the CPU to Python on the GPU.
    1. 1
      
      itamarst 1 year ago | link
      
      These are all toy examples, the point was never that Rust is faster, as I mention Rust can actually be slower than Cython. The updated article points out on the default compiler on macOS is clang, so you might get that optimization with Cython too.

2

james 2 years ago | link | on: Coding Adventure: Chess AI

Dupe: https://lobste.rs/s/9lq9hx/coding_adventures_chess_ai
1. 1
  
  joshklein 2 years ago | link
  
  That’s odd, I thought I did a site search by both title and URL but it did not show up. Must have overlooked it somehow, my mistake.

25

hwayne edited 2 years ago | link | on: Is abstraction killing civilization?

First off, I’m not out to belittle Ken Thompson’s efforts here. Writing an assembler, editor and basic kernel in three weeks is highly respectable work by any standard. It’s also a great piece of computer lore and fits Blow’s narrative perfectly - especially with Kernighan’s little quip about productivity in the end. Of course, we don’t know how “robust” Thompson’s software was at this stage, or how user friendly, or what kind of features it had. I’m going to boldly claim it would’ve been a hard sell today, even if it did run on modern hardware.

Ooh, I can answer this! Ken Thompson’s first version of Unix was just the barebones he needed to run Space Traveler, a game he wanted to port from MULTICS. It wasn’t anything close to what we’d recognize as a Unix.

Despite that, I’m willing to bet a few bucks there are more people around today (including youngsters) who can program in C than ever before, and that more C and assembly code is being written than ever before.

I was thinking the same thing. Maybe in relative numbers there are fewer people who understand the low level things, but the absolute numbers are magnitudes higher.
1. 11
  
  rtpg 2 years ago | link
  
  Maybe in relative numbers there are fewer people who understand the low level things, but the absolute numbers are magnitudes higher.
  
  This is very powerful thinking and unlocks a lot of counter narratives to popular beliefs.
  
  I remember when the Wii came out and people were worried that games would stop being “good” cuz so many casual games existed now (see also mobile game stuff). The ratio with sales was super weird but ultimately we were looking at bigger pie stuff.
  
  I think a similar thing has happened with software sales as well relative to mobile applications
2. 3
  
  sebras 2 years ago | link
  
  Ooh, I can answer this! Ken Thompson’s first version of Unix was just the barebones he needed to run Space Traveler, a game he wanted to port from MULTICS. It wasn’t anything close to what we’d recognize as a Unix.
  
  Not only that, you can actually run it in SIMH’s PDP-7 emulator! The original source code is available, including the source for the game Space Travel. The ~3k lines kernel is bundled with ~18k user space programs (assembler, debugger, text editor, disk/file management utilities, some games, etc.). Maybe less barebones than you’d expect. To me this inititial UNIX version is akin to prototype to see if the approach will work (later evolved and refined into Research UNIX of course).
3. 2
  
  joshklein 2 years ago | link
  
  it wasn’t anything close to what we’d recognize as a Unix
  
  Do you have any recommendations for philosophical/historical/narrative reading produced by these folks or their contemporaries? I’ve consumed plenty of their writing on the technical side, but most of the philosophical/historical/narrative accounts I’m aware of seem to have gone through the filters of other people involved with later/divergent parts of the historical trajectory (GNU, Linux, FSF, and so on).
  1. 2
    
    thombles 2 years ago | link
    
    Have a look around on multicians.org. I’ve enjoyed some of Tom Van Vleck’s pieces like his history of electronic mail.
    1. 4
      
      seg_lol 2 years ago | link
      
      Unix Hater’s Handbook http://web.mit.edu/~simsong/www/ugh.pdf
      
      Lion’s Commentary on Unix https://cs3210.cc.gatech.edu/r/unix6.pdf

43

lorddimwit edited 2 years ago | link | on: ARCHITECTURE.md

In my day it was called HACKING and it documented the code as it stood two years ago, if you were lucky.
1. 10
  
  joshklein 2 years ago | link
  
  Where I’ve seen this done well, it has always been rolled into CONTRIBUTING as a lightweight place to point new developers toward any non-obvious logical entry points, rather than as a place to bother with articulating high-level architectural decisions.
  
  That is to say, it firmly sticks to the “what” instead of the “why” and makes no pretense of being a comprehensive document. As you point out, the “why” is probably out of date, but “why” also doesn’t really matter to anyone who hasn’t already wrapped their brain around the whole mental model of the application.
  
  No ready examples immediately jump to my mind, but I know I recently saw a good page in a go project noting the rough equivalent of a main() that was neither the primary entry point of the application itself nor a cleanly separated area of concern (i.e. module). One could argue this already suggests a poorly designed architecture, so I wish I had this example ready at hand - this is where I’d make some kind of argument about not letting “perfect” get in the way of “practical”, but of course I see the silliness of that point when I’m already speaking at a purely theoretical level.

2

joshklein edited 2 years ago | link | on: Pip has dropped support for Python 2

Python 2 support has been dropped by ~~pip~~ the Python Packaging Authority (PyPA) at the Python Packaging Index (PyPI), which is the default configuration for every distribution of pip I’m aware of. If you have critical dependencies on Python 2 packages and are unwilling to migrate to Python 3, set up your own package index ~~or pull the libraries you depend on directly into the vcs for your legacy project~~ (which is definitely more work than migrating to Python 3, but is a choice you have).

Another easier alternative would be to pull the libraries you depend on directly into the vcs for your legacy project.
1. 8
  
  borntyping 2 years ago | link
  
  This is a change to pip, not to pypi. You can still use an older version of pip on Python 2 to install packages from PyPI. (That might change in the future, but it doesn’t seem to be under consideration in the maintainers threads on the issue.)
  1. 2
    
    joshklein 2 years ago | link
    
    That wasn’t what I read the change to mean, so absolutely needed your clarification. Cheers.
2. 3
  
  inactive-user 2 years ago | link
  
  Vendoring dependencies is pretty mechanical. Migrating to Python 3 is only partially mechanical. So I’m not sure why you would say the former is more work. It doesn’t seem like it to me. By far.
  1. 1
    
    joshklein edited 2 years ago | link
    
    I wrote the parenthetical statement in reference to setting up your own index, then went back to add the alternative option (of vendoring dependencies), so that was an unintended misstatement. Thanks for the clarification; you are completely correct. Original comment now reflects the correction above.
    1. 2
      
      inactive-user 2 years ago | link
      
      Interesting, okay. Depending on circumstances, setting up your own index could also be easier than migrating to Python 3 though too. Migrating to Python 3 can be exceptionally difficult. I’ve lived through it.
      1. 1
        
        joshklein 2 years ago | link
        
        I talked a friend through the decision at his $work, and they decided the site deployment wasn’t large enough to warrant going in that direction, since it presented an ongoing cost for onboarding future people and maintaining infrastructure. They ultimately pulled all libraries into their own repo, not even vendoring, after going through the process and discovering none were being actively maintained anyway.
3. 2
  
  twm 2 years ago | link
  
  Python 2 support has been dropped by ~~pip~~ the Python Packaging Authority (PyPA) at the Python Packaging Index (PyPI)
  
  I don’t think that this statement is correct. Pip dropping support for Python 2.7 doesn’t inherently have any implications for what packages can be uploaded or downloaded from PyPI. I’ve not heard a peep about dropping support for any version of Python on PyPI.
  
  Vendoring your unmaintained Python 2.7 dependencies may be useful for other reasons: while you’ll still be able to use Pip 2.3.x for a while it will eventually atrophy, like everything else in the 2.7 ecosystem. Vendoring may ease any sustaining engineering you do, and it’ll help avoid use of an unmaintained client application. However, the version of Pip shipped with your Linux distribution will doubtless continue to be supported (meaning: receive security updates to the TLS stack) for years, and PyPI is unlikely to break it.

17

pm 2 years ago | link | on: ijq: Interactive jq

Looks like people more and more people are realising that the next usability iteration on terminal is seeing the result as you type. More applications keep implementing this workflow, probably shells will implement it in a general fashion in years to come.

Some years ago I hacked together a small curses program that accepted a command with a placeholder and presented a prompt that would re-run the command with the new input on each krypress. I never published it because it was very hacky and quite dangerous if you’re not careful.
1. 7
  
  ifreund 2 years ago | link
  
  This is very true for text editors as well IMO, which is why I use kakoune which shows the incremental results as you preform complex combinations of actions or select based on a regex.
2. 3
  
  untitaker edited 2 years ago | link
  
  I think you can sort of do this with https://github.com/lotabout/skim#as-interactive-interface – perhaps even integrate that into the shell itself
  
  fzf may have a similar option
  
  the problem is with process spawning overhead in my opinion – doing it for every keystroke needs debouncing and at that point the UI starts to lag. If apps have native support for it they can do something more efficient
  1. 1
    
    pm 2 years ago | link
    
    Yes. It did essentially that that you linked. The UI doesn’t need to get unresponsive, text input is decoupled from external process execution.
    1. 2
      
      untitaker edited 2 years ago | link
      
      I don’t mean that the textbox itself becomes unresponsive but rather that the preview will have to endure the cost of process startup and starting from scratch and depending on the operation that is previewed that can be expensive. I have had this experience with the exact ag example… ag takes time to search things, but depending on previous preview it may not have to search the entire space again.
      
      st is very good at dampening the impact but things can be better with a different architecture
3. 2
  
  joshklein 2 years ago | link
  
  I’m interested to see what kinds of things Jupyter might inspire in shells. The notebook workflow mostly fits tasks with requirements halfway between an interactive shell and an executable file (as in exploratory data analysis and the like), but the concept has already made its way over to the text editor side (in VSCode you can use a magic comment command to delineate and execute individual code cells within a file to view output while still editing, as if it were a notebook). I wonder what that might conceptually look like if taken to the shell side instead of the editor side.
4. 0
  
  oz 2 years ago | link
  
  Aren’t you describing fish? :)

2

joshklein 2 years ago | link | on: Offloading NixOS builds to a faster machine

Interesting overview of the Nix approaches, so thanks for sharing. My curiosity has been piqued by all the NixOS posts I’ve been seeing even though I don’t run it myself. Any reports from folks running a bunch of devices like the one from this post on their home network? What are you using them to do?

My home router/firewall/dhcp/ipsec server (atom x86-64) and file/media/proxy/cache/print server (celeron x86-64) are OpenBSD, so when I bought a Beaglebone Black (ARMv7) to toy with, it was fun to go down a rabbit hole pretending I was @tedu (his 2014 post) to learn about diskless(8) and pxeboot(8) and how to netboot via uboot. This ended being pure experimentation since the actual parallelized work I do at home is on a single beefy Linux workstation (hard requirement on Nvidia GPU for now) and I’m not a professional sysadmin. The BBB sits disconnected in a drawer, but the setup lives on as the mere handful of config line changes required to set up tftpd(8) on the file server and point dhcpd(8) to it from the router, so I gained a more complete understanding of those as a neat side effect of experimenting. At some point in the next couple years I’m going to want to play with a RISC-V SoC, but that’s going to mean looking at Linux again unless I magically become competent to write my own drivers.
1. 8
  luizirber 2 years ago | link
  I just converted my last non-NixOS machine yesterday, so I’ll share my experience =]
  
  I currently have 5 machines running NixOS and deployed using NixOps (to a network called ekumen):
  
  laptop, ThinkPad T14 AMD (odo)
  
  workstation: Ryzen 9 3900X, 128GB RAM (takver)
  
  compute stick: quad core Intel Atom, 2GB RAM (efor)
  
  rpi: 3B+, 1 GB RAM (gvarab)
  
  chromebox: i7, 16GB RAM (mitis)
  
  I set up the workstation and chromebox as remote builders for all systems, just as @steinuil did in the post. I’m using the rpi for running Jellyfin (music) and Nextcloud (for sharing calendars and files with my spouse), and setting up the chromebox to be an IPFS node for sharing research data. The laptop and workstation are using home-manager for syncing my dev environment configurations, but I do most of the dev/data analysis in the workstation (which has gigabit connections to the internet), and while the laptop is often more than enough for dev, my home connection is way too slow for anything network-intensive (so, it serves as a glorified SSH client =P)
  
  They are all wired together using zerotier, and services running in the machines are bound to the zerotier interface, which ends up creating a pretty nice distributed LAN.
  
  I don’t have my configs in public (booo!), because I’ve not been too good on maintaining secrets out of the configs. But @cadey posts are a treasure trove of good ideas, and I also enjoyed this post and accompanying repo as sources of inspiration.
  1. 1
    
    ac 2 years ago | link
    
    I don’t really see the value nixops provides over nixos-rebuild which can work over ssh.
    1. 1
      
      luizirber 2 years ago | link
      
      That’s a fair point. Part of using nixops was about exploring how to use it later for other kinds of deployment (clouds), and it is a bit excessive for my use case (especially since I use nixops to deploy locally in the laptop =P).
      
      A lot of my nix experience so far is seeing multiple implementations of similar concepts, but I also feel like I can refactor and try other approaches without borking my systems (too much).
2. 2
  steinuil 2 years ago | link
  On the Pi from the post I run:
  
  syncthing
  
  Navidrome so I can listen to my music library on my phone
  
  twkwk, a small program that serves my TiddlyWiki instance
  
  synapse, a torrent client which is actually the Rust program I mentioned in the post
  
  some SMB shares with Samba that serve the two drives I use for torrents and music

14

kemitchell 2 years ago | link | on: Quite the reMarkable Device

I’ve been really tempted to buy a remarkable2. But the reviews I see say it’s great for note taking but not so great for just reading PDFs. Mostly I want to read PDFs. I’m still on the fence.
1. 14
  
  FIGBERT 2 years ago | link
  
  As long as your PDFs don’t require color, it is 100% worth it. Definitely one of my favorite devices at the moment.
  1. 5
    
    joshklein edited 2 years ago | link
    
    Same. In the month or so I’ve had one, it hasn’t caused me a single frustration (and I’m the kind of person who gets annoyed at the user interfaces of my own Apple products). It works exactly as advertised. Anyone who thinks it might be worth the price tag should watch a third party review video and check out the official and awesome list projects. It has been awhile since I’ve stayed this excited about a new device so long after buying it.
2. 12
  
  anagram_red 2 years ago | link
  
  I picked one up recently hoping that I could migrate a lot of my ebooks and pdfs to it. I don’t plan on returning it, but I wouldn’t recommend it.
  
  I was a huge fan of the kindle dx, but I’ve managed to break the buttons on a couple which renders them practically useless. I was on the fence with the first remarkable device but figured I’d given the latest iteration a shot. I figured it’d be a good DX substitute. It’s not. I want to like it, the physical design is really good, but the software sucks.
  
  I have a large collection of documents (epub/pdfs) that I was looking forward to getting on the device. Largely a mix of books published in electronic formats from regular publishers (O’Reilly, Manning, PragProg, etc.) as well as a few papers and docs I’ve picked up here and there.
  
  First, the reMarkable desktop/mobile app that you have to rely on for syncing is a little wonky. Syncing between the device and mobile/desktop versions of the app works, but leaves a little to be desired. Second, I have yet to load a pdf or epub that isn’t brutally slow to navigate (just page by page). If the document has images or graphics (even simple charts and illustrations) it will affect navigation performance. Occasionally a document will load relatively quickly, and navigate reasonable well, only to slow down after a few page turns. Epubs tend to be a little more difficult to work with - particularly if you decide to change the font. All I have to compare this device to is my broken DX, which, everything considered, positively smokes the reMarkable.
  
  It’s usable. It works alright for PDFs, less so for epubs. On the positive side, the battery life is quite good.
  1. 3
    
    FIGBERT 2 years ago | link
    
    I agree with your analysis in most regards. Syncing a lot of ebooks and pdfs to it is not something at which it would excel by default. I have a large Calibre library, and I haven’t synced it over for that reason. However, it’s something I’m looking forward to investigating with KOReader, which supports the reMarkable.
    
    I haven’t experienced the lag that you talk about, but can understand that that would be bothersome – though I definitely have experienced the “wonkiness” of the companion apps.
  2. 1
    
    jfb 2 years ago | link
    
    My understanding is that epubs are converted to PDF before being synced? Is that actually the case?
    1. 4
      
      KayodeLycaon 2 years ago | link
      
      It renders the epub to pdf for display but that’s all in-memory. It’s still an epub on disk.
      1. 1
        
        anagram_red 2 years ago | link
        
        I don’t know. I’ve got a couple books that are both pdf and ePub, and the pdf version behaves a little better. You can also resize and change fonts for ePub doc, but not for PDFs.
      2. 1
        
        anagram_red 2 years ago | link
        
        Along these lines, another interesting observation I’ve made has to do with the way some kinds of text get rendered. In particular, I’ve encountered epubs with code listings that render fine in other apps and on other devices, but render horribly on the remarkable2 device. Interestingly, in some of those cases I will also have a publisher provided PDF that renders just fine.
        
        Further, epubs and PDFs are categorized differently in both the app and the device. With epubs you can change the justification, page margins, line spacing, fonts, and font size. With PDFs you have fewer options, but you do have the ability to adjust the view (which is great for papers since you can get rid of the margins).
    2. 2
      
      FIGBERT 2 years ago | link
      
      I don’t think so – from my playing around with ssh, there are definitely some epubs stored on device. I actually think the browser extension generates epubs, rather than pdfs which was surprising.
      1. 2
        
        jfb 2 years ago | link
        
        Huh. Cool. Hmmm. The real reason I shouldn’t get one is that I always fall asleep with my e-reader and it often bounces off my face.
        
        3
        
        anagram_red 2 years ago | link
        
        That’s a pro, for the device, it weighs next to nothing. I’ve damn near knocked myself out dropping an iPad Pro on my head when reading in bed.
        
        1
        
        jfb 2 years ago | link
        
        For me, it’s more the fact that the Kobo then ends up falling onto the floor. I’m not crazy with that with a $120 device, so …
3. 7
  
  inactive-user 2 years ago | link
  
  I own Gen 1 and Gen 2. I love the simplicity and focus of the device. It’s an amazing… whiteboard.
  
  Note taking is not suuuper great. Turns out marking up a PDF to take notes actually isn’t that great because the notes quickly get lost in the PDF. It’s not like in real life, where you can put a sticky note to jump to that page. The writing experience is fantastic though. I have notebooks where I draw diagrams/ideas out. I like it for whiteboarding type stuff.
  
  Reading is terrible. I mean, it works. Searching is painfully slow. The table of contents doesn’t always show up (even though my laptop PDF reader can read the TOC just fine). When you do get a TOC, the subsections are flattened to the top level, so it’s hard to skim the TOC. PDF links don’t work. Text is often tiny, though you can zoom in. EPUBs appear to get converted to PDFs on the fly and their EPUB to PDF conversion sucks. Though, I’ve found doing the conversion myself in Calibre is way better.
  
  Overall, I like the device for whiteboarding. But it’s kinda hard to recommend.
  1. 2
    
    snej 2 years ago | link
    
    Marking up PDFs works better in color, since you can pick a contrasting ink color. I do it in Notability on my iPad Pro (which is also great for whiteboarding / sketching.)
    
    I was tempted by reMarkable when the first version came out, but I couldn’t see spending that kind of money on something that only does note taking and reading. I’m glad it’s found an audience though, it’s a cool device.
  2. 1
    
    mjn edited 2 years ago | link
    
    Turns out marking up a PDF to take notes actually isn’t that great because the notes quickly get lost in the PDF. It’s not like in real life, where you can put a sticky note to jump to that page.
    
    So far the best experience I’ve seen for this is LiquidText on an iPad Pro. While you can write on the PDF as any other annotator, there’s also a lot of more hypertext type of features, like collecting groups of notes in an index, or writing separate pages of notes that are bidirectionally hyperlinked to parts of the document they refer to. Or do things like pull out a figure from a paper into a sidebar where you attach notes to it.
    
    The main downside for me is that you do more or less have to go all-on on LiquidText. It supports exporting a workspace to flat PDFs, but if you used the hypertext features in any significant way, the exported PDFs can be very confusing with the lack of expected context.
  3. 1
    
    porges 2 years ago | link
    
    Agreed that it is hard to find notes. There should be a way to jump to pages that have notes on them (this is how Drawboard PDF works, for example).
  4. 1
    
    xyproto 2 years ago | link
    
    What is the advantage over drawing on a piece of paper or on a whiteboard, then taking a photo of what you’ve drawn, if needed?
    1. 1
      
      inactive-user 2 years ago | link
      
      I tried paper note books, but I’m too messy and make too many mistakes. Erasing, moving, and reordering is hard on paper.
      
      A whiteboard is pretty good for temporary stuff and erases better than paper. But, it can be a bit messy.
      
      I also tried Rocketbook for a while. I got the non-microwaveable (yes you read that right) one. That was okay. A little meh for me.
      
      And of course, you can’t read PDFs on any of these.

15

joshklein 2 years ago | link | on: What do you use to share URLs, photos, or random bits of text between devices?

For short and ephemeral text and images, check out the “note to self” feature of Signal. It appears as the name of one of your contacts. This requires your devices be linked, but approximates the lazy email-it-to-yourself approach with an added layer of reasonable privacy.
1. 3
  
  lim 2 years ago | link
  
  Signal is my usual go to. What I’m sending is often long untypable passwords, so I keep the disapearing messages set to 5 minutes as well.
2. 2
  
  slylax edited 2 years ago | link
  
  I use this feature all the time. It’s great for sending non-url things to other devices. For URL things, I uuse Firefox’s “Send to Device” function that works when you have browser sync enabled.
  
  Edit to Add: Slightly OT, in F-Droid there is an app called Exif-Scrambler. It’s a wonderful tool for scrubbing metadata out of pictures. Share to Exif-Scrambler, then E-S will scrub metadata and present you with another share option, at which point I use Note to Self on Signal.
3. 2
  
  asimpson 2 years ago | link
  
  Yep! I’ve been using this too but it felt clunky still.
  1. 1
    
    seg_lol 2 years ago | link
    
    How so? What would you change?
    1. 1
      
      asimpson 2 years ago | link
      
      I don’t think there’s much I could change but it isn’t as seamless as iOS Universal Clipboard or Airdrop
4. 1
  
  dalanmiller 2 years ago | link
  
  Does it bother you that Signal for desktop is not encrypted?
  1. 1
    
    danielrheath 2 years ago | link
    
    I assume you mean “not encrypted at rest”? Doesn’t bother me personally (if you control my user account you have ~everything anyways).

13

tbonesteaks 2 years ago | link | on: Open Source is Discrimination

I’ve really enjoyed reading this blog over the last few weeks. He has a great perspective and explains the legal side well. Seems like there is an “Open Source Industrial Complex” where lots of money is made selling products and having conferences about “open source”.
1. 5
  
  kemitchell 2 years ago | link
  
  You’ll hear people who work in the field joke about a “compliance-industrial complex”. I think that started back in the early 2000s, after big companies started permitting use of open source in masse. Salespeople for nascent compliance solutions firms would fly around giving C-level officers heartaches about having to GPL all their software. My personal experience of those products, both for ongoing use and for one-off due diligence, is that they’re way too expensive, painful to integrate, just don’t work that well, and only make cost-benefit if you ingest a lot of FUD. Folks who disagree with me strongly on other issues, like new copyleft licenses, agree with me here.
  
  That said, I don’t mean to portray what’s going on in the open source branding war as any kind of conspiracy. There are lots of private conversations, private mailing lists, and marketing team meetings that don’t happen in the open. But the major symptoms of the changing of the corporate guard are all right out there to be seen online. That’s why I walked through the list of OSI sponsors, and linked to the posts from AWS and Elastic. It’s an open firefight, not any kind of cloak-and-dagger war.
2. 7
  
  soc edited 2 years ago | link
  
  Agreed. I’m getting increasingly tired by some communities’ (especially Rust’s) aggressive push of corporate-worship-licenses like BSD, MIT (and against even weak copy-left licenses like MPL).
  1. 17
    
    untitaker 2 years ago | link
    
    I’m saying this with all the respect in the world, but this comment is so far detached from my perception of license popularity that I wanna know from which niche of the tech industry this broad hatred of Rust comes from. To me it seems like one would have to hack exclusively on C/C++/Vala projects hosted on GNU Savannah, Sourcehut or a self-hosted GitLab instance to reach the conclusion that Rust is at the forefront of an anti-copyleft campaign. That to me would make the most sense because then Rust overlaps with the space you’re occupying in the community much more than, say, JavaScript or Python, where (in my perception) the absolute vast majority of OSS packages do not have a copyleft license already.
    1. 3
      
      soc 2 years ago | link
      
      Try shipping any remotely popular library on crates.io and people heckle you no end until they get to use your work under the license they prefer.
      
      Lessons learned: I’ll never ship/relicense stuff under BSD/MIT/Apache ever again.
    2. 2
      
      pgeorgi 2 years ago | link
      
      this broad hatred of Rust comes from
      
      Counter culture to the Rust Evangelism Strike Force: Rust evangelists were terribly obnoxious for a while, seems like things calmed down a bit, but the smell is still there.
      1. 1
        
        untitaker 2 years ago | link
        
        I think it’s beneath this site to make reactionary nonsense claims on purpose.
        
        2
        
        gerikson 2 years ago | link
        
        How is criticizing a (subset) of a group for their method of communication “reactionary”?
        
        1
        
        untitaker 2 years ago | link
        
        I’m saying soc’s claim about Rust pushing for liberal licensing is nonsense and probably reactionary to the Rust Evangelism Strike Force if @pgeorgi’s explanation is true. My point is that “counter culture” is not an excuse to make bad arguments or wrong claims.
        
        2
        
        gerikson 2 years ago | link
        
        OK, that makes a bit more sense.
        
        2
        
        pgeorgi edited 2 years ago | link
        
        reactionary nonsense claims
        
        like talking about some “broad hatred of Rust” when projects left and right are adopting it? But the R.E.S.F. is really the first thing that comes to my mind when thinking of rust, and the type of advocacy that led to this nickname sparked some notable reactions…
        
        (Not that I mind rust, I prefer to ignore it because it’s just not my cup of tea)
  2. 7
    
    joshklein edited 2 years ago | link
    
    I won’t belabor the point, but I’d suggest considering that some of those project/license decisions (e.g. OpenBSD and ISC) may be about maximizing the freedom (and minimizing the burden) shared directly to other individual developers at a human-to-human level. You may disagree with the ultimate outcome of those decisions in the real world, but it would be a wild misreading of the people behind my example as “corporate worshipping”.
    
    As I have said before: “It’s important to remember that GNU is Not Unix, but OpenBSD userland is much more so. There isn’t much reason to protect future forks if you expect that future software should start from first principles instead of extending software until it becomes a monolith that must be protected from its own developers.”
    
    Not all software need be released under the same license. Choosing the right license for the right project need not require inconsistency in your beliefs about software freedoms.
    1. 6
      
      inactive-user 2 years ago | link
      
      The specific choice of MIT/Apache dual-licensing is so unprincipled and weird that it could only be the result of bending over backwards to accommodate a committee’s list of licensing requirements (it needs to compatible with the GPL versions 2 and 3, it needs a patent waver, it needs to fit existing corporate-approved license lists, etc). This is the result of Rust being a success at all costs language in exactly the way that Haskell isn’t. Things like corporate adoption and Windows support are some of those costs.
      1. 3
        
        joshklein 2 years ago | link
        
        I can’t speak directly to that example, as I don’t write Rust code and am not part of the Rust community, but it would not surprise me if there were different and conflicting agendas driving licensing decisions made by any committee.
        
        I do write code in both Python and Go (languages sharing similar BSD-style licensing permissiveness), and my difficult relationship to the organization behind Go (who is also steward of its future) is not related in any way to how that language has been licensed to me. Those are a separate set of concerns and challenges outside the nature of the language’s license.