A problem with the “nation-state” rhetoric that might be useful to dispel is the idea that it is somehow a God-tier where suddenly all other rules becomes defunct. The five-eyes are indeed “nation state” and has capabilities that are profound; like the DJB talk speculating about how many RSA-1024 keys that they’d likely be able to factor in a year given such and such developments and what you can do with that capability. That’s scary stuff. On the other hand, this is not the “nation state” that is Iceland or Syria. Just looking at the leaks from the “Hacking Team” thing, there are a lot of “nation states” forced to rely on some really low quality stuff.

I think Greg Conti in his “On Cyber” setup depicts it rather well (sorry, don’t have a copy of the section in question) and that a more reasonable threat model of capable actors you do need to care about is that of Organized Crime Syndicates - which seems more approachable. Nation State is something you are afraid of if you are political actor or in conflict with your government, where the “we can also waterboard you to compliance” factors into your threat model, Organized Crime hits much more broadly. That’s Ivan with his botnet from internet facing XBMC^H Kodi installations.

I’d say the “Hobbyist, Fragmented Maximalist” line is pretty spot on - with a dash of “Confused”. The ‘threats’ of Google Play Store (test it, write some malware and see how long it survives - they are doing things there …) - the odds of any other app store; Fdroid, the ones from Samsung, HTC, Sony et al. - being completely owned by much less capable actors is way, way higher. Signal (perhaps a Signal-To-Threat ratio?) perform an good enough job in making reasonable threat actors much less potent. Perhaps not worthy of “trust”, but worthy of day to day business.

Who should be the faces recommending signal that people will recognize and listen to?

I’m sorry, but this is plain incorrect. There are many expansions on IRC that have happened, including the most recent effort, IRCv3: a collectoin of extensions to IRC to add notifications, etc. Not to mention the killer point: “All of the IRCv3 extensions are backwards-compatible with older IRC clients, and older IRC servers.”

Per IRCv3 people I’ve talked to, IRCv3 blew up massively on the runway, and will never take off due to infighting.

And yet everyone is using Slack.

More likely sure, but that doesn’t mean that many of them reach the threshold of effort that they do.

Sure it is, it’s just that there are multiple federations.

That’s exactly what you can’t do — you can’t refuse service if a user says “no” to tracking (unless you can prove in court that the tracking is strictly required for the functioning of the service).

European civil law originals from Roman civil law, and is quite different from common law systems that originate from British law. Generally the law is quite specific and the intent is that the law will be applied as written rather than interpreted in the social and political context of the day in light of precedent, as is done in common law systems.

I don’t know if that’s the case with the GDPR to the extent that it’s true of say, German law or French law, but if it is, it doesn’t need to be ‘tested’ in court, it is what it is.

Ooh thankyou, having a look :)

The runit/daemontools philosophy is to just keep trying until something finally runs. So if the order is wrong, presumably the service dies if a dependent service is not running, in which case it’ll just get restart. So eventually things progress towards a functioning state. IMO, given that a service needs to handle the services it depends on crashing at any time anyways to ensure correct behaviour, I don’t feel there is significant value in encoding this in an init system. A dependent service could also be moved to running on another machine which this would not work in as well.

But that neither solves starting daemons in parallel, or even at all, if they are run in the ‘wrong’ order.

That was my initial thought, but it turns out the opposite is true. The services are retried until they work. Things are definitely paralleled – there is not “exit” in these scripts, so there is no physical way of running them in a linear (non-parallel) nature.

Ignoring the theory: void’s runit provides the second fastest init boot I’ve ever had. The only thing that beats it is a custom init I wrote, but that was very hardware (ARM Chromebook) and user specific.

Dependency resolving on daemon manager level is very important so that it will kill/restart dependent services

Why? The runit/daemontools philsophy is just to try to keep something running forever, so if something dies, just restart it. If one restarts a service, than either those that depend on it will die or they will handle it fine and continue with their life.

I really like runit on void. I do like the simplicity of SystemD target files from a package manager perspective, but I don’t like how systemd tries to do everything (consolekit/logind, mounting, xinet, etc.)

I wish it just did services and dependencies. Then it’d be easier to write other systemd implementations, with better tooling (I’m not a fan of systemctl or journalctl’s interfaces).

Runits sv(8) has the reload command which sends SIGHUP by default. The default behavior (for each control command) can be changed in runit by creating a small script under $service_name/control/$control_code.

https://man.voidlinux.eu/runsv#CUSTOMIZE_CONTROL

I was thinking of the difference between ‘restart’ and ‘reload’.

Reload is only useful when:

• You can’t afford to lose a few seconds of service uptime (OR the service is ridiculously slow to load)
• AND the daemon supports an on-line reload functionality.

I have not been in environments where this is necessary, restart has always done me well. I assume that the primary use cases are high-uptime webservers and databases.

My thoughts were along the lines o: If you’re running a high-uptime service, you probably don’t care about the extra effort of writing ‘killall -HUP nginx’ than ‘systemctl reload nginx’. In fact I’d prefer to do that than take the risk of the init system re-interpreting a reload to be something else, like reloading other services too, and bringing down my uptime.

Can you share some legal sources to back this statement?

I’ve never listen such argument, but I have listened an opposite one, stating that software copyright is based on literary one, so that you can translate a C GPL software into Python only under GPL, as a derived work (with a caveat I do not remember). That’s different from common wisdom, as such protections are usually demanded to patents not copyright.

So I’m very curious about your sources.

And BTW file level copyright doesn’t means that, without a license you can use that file…

We’ve had this discussion before, and I don’t think that your interpretation of the interpretation of the EUPL authors is correct.

https://lobste.rs/s/oroz5k/google_loses_android_battle_could_owe#c_wxup7r

The big issue for me is just the plaintext readability – often I am e.g. compiling a project and just doing cat README.md. So a README.md template should at least aim to keep most of the text readable as plaintext, IMHO.

It’s horses for courses; both approaches have their merits.

Well, as long as it works, I’m fine :-)

I don’t know how Unity does it (which is what I’m using now), but I suspect it’s essentially the same, and it does look crisp at any scale factor.

https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/

They should have never used Python in the first place. That was their big mistake. I honestly believe their rewrite will be a failure.

there are more communities around frameworks rather than the language itself, which is different from many other scripting languages

In general I tend to agree, but at least at some time ago I am pretty sure the Rails community was larger than the Ruby community. The Django community in Python also seems to be quite big vocal, but probably not larger than its language community given that the Python community is overall way more diversified and less focused on one particular use of the language.

My ideal would be graal – it can run JVM languages, Ruby, Python, managed C, and many more at high performance. In the future maybe even a C# frontend may be possible, all interacting with each other seemingly natively.

But even the CLR or classical JVM would be great. But JS or WASM? God f*cking no.

To be fair, it’s not just systemd, but systemd was the beginning of the end for me.

I expect my servers to be stable and mostly static. I expect to understand what’s running on them, and to manage them accordingly. Over the years, Debian has continued to change, choosing things I just don’t support (systemd, removing ifconfig etc). I’ve moved most of my stack over to docker, which has made deployment easier at the cost of me just not being certain what code I’m running at any point in time. So in effect I’m not even really running Debian as such (my docker images are a mix of alpine and ubuntu images anyway).

I used to use NetBSD years back quite heavily, so moving back to it is fairly straightforward, and I like OpenBSD’s approach to code reduction and simplicity over feature chasing. I think it was always on the cards but the removal of ifconfig and the recent furore over the abort() function with RMS gave me the shove I needed to start moving.

N.B. You can partially remove systemd, but not completely remove it. Many binaries runtime depend on libsystemd even if they don’t appear like they would need it.

When I ran my own init system on Arch (systemd was giving me woes) I had to keep libsystemd.so installed for even simple tools like pgrep to work.

Some more info and discussion here. I didn’t want to switch away from Arch, but I also didn’t want remnants of systemd sticking around. Given the culture of systemd adding new features and acting like a sysadmin on my computer I thought it wise to try and keep my distance.

IME Docker abstracts the problem under a layer of magic rather than providing a sustainable solution.

Yes it makes things as easy as adding a line referencing a random github repo to deploy otherwise troublesome software. I’m not convinced this is a good thing.

I think Kubernetes has support for some alternative runtimes, including FreeBSD jails? That might make FreeBSD more popular in the long run.

Works fine for me(tm).

It seems fine both over mobile and laptop, and over 4G. I haven’t tried any large groups and I doubt I’ll use it much, but so far I’ve been impressed.

Cowyo is pretty straighforward (if sort of sparse).

Being go and working with flat files, it’s pretty straightforward to run & backup.

Bookstack is by far one of the best wikis I’ve given to non-technical people to use. However I think it stores HTML internally, which is a bit icky in my view. I’d prefer it if they converted it to markdown. Still, it’s fairly low resource, pretty and works very, very well.

If I understand this well, if someone that has history of exchanges with you doesn’t act, then he might leak some informations that you exchanged together. That’s why if everybody stops using it temporarily, it might help everybody.

That’s not necessarily required – Thunderbird preloads content, but does not display it. So you’d be vulnerable there, too.

From the client/user point of view, riot is certainly as optimal as it is subotimal. It is fairly usable and nice, but also incredibly ressource hungry and slow at times. I would like to see more native clients (in particular console clients), but this would certainly increase friction in terms of client support for features and changes.

This also extends to the operational point of view: It’s not just that matrix/synapse is simply slow at times, it’s that the design is by default way more ressource intensive than IRC. An ircd requires basically nothing in terms of ressources to serve quite a seizable number of users. synapse on the other hand requires quite a lot of CPU power in addition to metric ton of space in it’s database (especially if your users join large rooms). Joining the main matrix channel is almost certain to cause hours of full CPU usage and increase the db size by a few hundred MB.

Of course matrix and irc provide different featuresets, but right now I feel that matrix may never be ideal for large group chats simply by design. I can’t quite see how rooms like the matrix main channel will ever be “ok” for a matrix server.

All this being said, matrix works nicely for one-on-one and small group chats, which is what most of my users do.

The actual design of the Matrix spec doesn’t have any issues that I have seen but the current software seems more like a prototype in production. Hopefully dendrite and some updates to riot can speed everything up because thats one of the main issues I see with it now.

I got downvoted twice for “incorrect” though I tried my best to be neutral and objective. Please let me know, what I should change to make these statements more correct and why. I’m happy to have this conversation.

Priorities can be criticized.

Mozilla obviously has more than enough money that they could pay devs to fix this — just sell Mozilla’s investment in the CliqZ GmbH and there would be enough to do so.

But no, Mozilla sets its priorities as limiting what users can do, adding more analytics and tracking, and more cross promotions.

Third party cookie isolation still isn’t fully done, while at the same time money is spent on adding more analytics to AMO, on CliqZ, on the Mr Robot addon, and even on Pocket. Which still isn’t ooen source.

Mozilla has betrayed every single value of its manifesto, and has set priorities opposite of what it once stood for.

That can be criticized.

I would, but my quassel experience wasn’t that great ~1 year ago. Got really unstable and took several minutes to start the desktop client as I approached 400 buffers. Granted, this is a lot, and people have told me that using postgres for the backend can improve it, but I don’t really want to use postgres for my IRC bouncer and I’m accustomed to weechat and its own problems now :’)

That said, I used the old quasseldroid for a long time, and it was actually a life-saver when the desktop client kept crashing and I needed to read some old messages. Thanks for many years of IRC on the go!

Oh, I was under the impression they were using some different crypto because the messages produced by Signal would be too large, or something. I retract my statement :-)

Okay the links are clearly not on the page itself. You can see at the top that the UI is clearly distinct from the website itself and is more like a feature of the browser than anything else. As far as I can see, it’s just a convenient way of displaying search results for the headline without the user having to manually search it themselves.

And well, that’s really a strawman argument since that is not at all what Google is doing here. Equating a news site and the website of a corporation that sells actual products isn’t really meaningful.

Really, it’s like berating Spotify for having their radio feature because it can show me similar songs to the one I’m listening to. It’s a feature that doesn’t really hurt anyone, and on the contrary, benefits the majority of people. I’m sure Tyler’s fine with Spotify playing some Frank Ocean on his radio.

Yes, I realize that – but it’s expected that the next version of Unicode is going to standardize the new capitalization rules, which they haven’t yet.

I agree. It just saddens me that Kotlin makes all exceptions unchecked, even those coming from Java, instead of automatically wrapping the Java code in Result<T, E>.

There’s a lot of things Rust does right that no JVM language currently does well.

If you use ExceptT in Haskell with a polymorphic error type you’ll get this.

Yes, Ocaml has it with Polymorphic variants + result monad. The one current downside is the error messages can be less than ideal.

A few blog posts describing it:

http://functional-orbitz.blogspot.se/2013/01/introduction-to-resultt-vs-exceptions.html

http://functional-orbitz.blogspot.se/2013/01/experiences-using-resultt-vs-exceptions.html

Sure, but the solution would have been to wrap checked exceptions in a Result type for interop, not, like kotlin does today, to just swallow all of them.

Yeah, XMPP’s weakness are the XEPs and the inconsistent implementation. It should have all been one consolidated protocol, but then it might not have had adoption due to complexity. sigh

The media is not stored in the Postgres database.

The software is slow. It should never have been written in Python, because they’re affected by the GIL. The database is poorly optimized and has lots of issues that require manual intervention like this: https://github.com/matrix-org/synapse/issues/1760

The best summary I can provide is this quote, “[The problem with Matrix ] has everything to do with synapse, bad signature design (canonicalized json vs http sigs) and an overall terrible agent model.”

12GB Postgres database means poor performance unless you have good hardware. Try running it on an Rpi or a Scaleway C1. You’re not going to have a usable experience. Even a Digital Ocean $5/mo droplet won’t be usable.

Not everyone has a Dual Xeon with 64GB of RAM colocated. I do. It was even awful on that.

Quassel manages to store all the same data, also in a PostgreSQL database, in much less than 12GB. If you add fulltext search, it still won’t be even close.

The problem is that Matrix as a project just has a lot of things left to fix, my current favorite is their “database” backend on Android

Matrix could be great, if they actually drop HTTP Longpolling, actually finish a native socket implementation, actually finish their Rust server implementation, replace their serialization format with a more efficient one, and so on, and so on.

In a few years Matrix may become great – for today, it isn’t there yet.

Disclaimer: I’m personally involved with IRC, and develop Quasseldroid, a client for the Quassel bouncer.

You say Backwards compatibility is necessary, and yet Google managed to get all major sites to adopt AMP in a matter of months. AMP has even stricter validation rules than even XHTML.

XHTML could have easily been successful, if it hadn’t been torpedoed by the WHATWG.

Disingenuous? Me? Really? :-D

Who was in the working group that wrote CSS2 specification?

I bet a coffee that each of those “does not specify” was the outcome of a political compromise.

But again, beyond the technical stuffs, don’t you see a huge geopolitical issue?

XHTML had little traction, because of developers

I remember that in early 2000s everyone started to write <br/> instead of <br> and it was considered cool and modern. There were 80x15 badges everywhere saying website is in xhtml. My Motorola C380 phone supported wap and some xhtml websites, but not regular html in builtin browser. So I had impression that xhtml was very popular.

This is an interesting interpretation, but I’d call it incorrect.

You are welcome. But given your arguments, I still stand with my political interpretation.

the reason to create whatwg wasn’t about control

I was 24 back then, and my reaction was “What? Why?”.

My boss commented: “wrong question. You should ask: who?”

XHTML had little traction, because of developers

Are you sure?

I wrote several web site back then using XML, XSLT and XInclude serverside to produce XHTML and CSS.

It was a great technological stack for distributing contents over the web.

w3c didn’t “start working on a new Dom”. They copy/backport changes from whatwg hoping to provide stable releases for living standards

Well, had I wrote a technical document about an alternative DOM for the whole planet, without anyone asking me to, I would be glad if W3C had take my work into account!

In what other way they can NOT waste WHATWG’s hard work?
Wel, except saying: “guys, from now on do whatever Google, Apple, Microsoft and few other companies from the Silicon Valley tell you to do”.

But I do not want to take part for W3C: to me, they lost their technical authority with EME (different group, but same organisation).

The technical point is that we need stable, well thought, standards. What you call live standard, are… working draft?

The political point is that no oligopoly should be in condition to dictate the architecture of the web to the world.

And you know, in a state where strong cryptography is qualified as munitions and is subject to export restrictions.

I’m not speaking on behalf of my function in the w3c working group I’m in, nor for Mozilla. But those positions provided me with the understanding and background information to post this comment.

I have no doubt about your good faith.

But probably your idealism is fooling you.

As you try to see these facts from a wider perspective, you will see the problem I describe.

there are too many people generating too much content in too many sloppy ways for draconian error handling to work well.

I do remember this argument was pretty popular back then, but I have never understood why.

I had no issue in generating xhtml strict pages from user contents. This real world company had a couple handred of customers with pretty various needs (from ecommerce, to online magazines or institutional web sites) and thousands of daily visitors.

We used XHTML and CSS to distribute highly accessible contents, and we had pretty good results with a prototype based on XLS-FO.

To me back then the call to real world issues seemed pretestuous. We literally had no issue. The issues I remember were all from IE.

You are right that many mediocre software were unable to produce proper XHTML. But is this an argument?

Do not fix the software, let’s break the specifications!

It seems a little childish!

XHTML was not perfect, but it was the right direction.

Look at what we have now instead: unparsable contents, hundreds of incompatible javascript frameworks, subtle bugs, bootstrap everywhere (aka much less creativity) and so on.

Who gain most from this unstructured complexity?

The same who now propose the final solution lock-in: web assembly.

Seeing linux running inside the browser is not funny anymore.

Going after incompetent developers was not democratization of the web, it was technological populism.

I think it’s more about all of this sounding like a science fiction plot than just taking a jab at the Trump presidency; just a few years ago nobody would have predicted that would have happened. So, no, not pure trolling.

After 20 years of Berlusconi and with our current empasse with the Government, no Italian could ever troll an American about his current President.

It was not my intention in any way.

As @olivier said, I was pointing to this surreal situation from an international perspective.

USA control most of internet: most root DNS, the most powerful web companies, the standards of the web and so on.

Whatever effect Cambridge Analitica had to the election of Trump, it has shown the world that internet is a common infrastructure that we have to control and protect together. Just like we should control the production of oxigen and global warming.

If Cambridge Analitica was able to manipulate USA elections (by manipulating Americans), what could do Facebook itself in Italy? Or in German?
Or what could Google do in France?

The Internet was a DARPA project. We can see it is a military success beyond any expectation.

I tried to summarize the debacle between W3C and WHATWG with a bit of irony because, in itself, it shows a pretty scary aspect of this infrastructure.

The fact that a group of companies dares to challenge W3C (that, at least in theory, is an international organisation) is an evidence that they do not feel the need to pretend they are working for everybody.

They have too much power, to care.