1. 14

    On the IRC side, the groups team received an email from a Void representative that was resolved, I’m unsure why they’ve included that they are still hoping to get access to their channels, because we believe the issue was sorted :(

    If there’s anything we still need to do, you can catch me as kline on freenode, or email us at projects@freenode.net

    edit: we managed to reach out for them, it looks like the post was written ahead of time, before we had resolved the issue. The Void channels on freenode should be safe and sound and back with active Void contributors!

    1. 4

      Something this paper touches on is that ultimately, we’ve made it so that compilers don’t work for us, because we’ve set them toxic goals.

      By making compiled code size and speed the be all and end all of how we compare compilers, we’ve driven compiler developers to USB/IDP/UB hackery that means they can chase the benchmarks we pretend to care about, when really we should be encouraging compiler devs to instead develop for correct-in-practice.

      1. 2

        The example code is in Java – I’d like to see a version of this in C!

        1. 1

          Is there a C hashmap implementation you’re particularly thinking of?

          1. 1

            I was going to say CPython’s hash tables with string keys. That might work, but they’re pretty complicated, and with the methodology he uses, I don’t know how you would take out the bytecode dispatch overhead. It looks like he just directly calls the hash function (hash('abc') in Python) in a loop and subtracts.

            However I seem to recall that Python was actually faster than Go in some hash table benchmarks. (early Go at least) That is, if you wrote a simple loop to insert into hash tables like this one, Python’s highly tuned hash tables would outperform a compiled language! They’re both of course written in C – in some sense you’re comparing C to C, but it shows that the interpreter overhead sometimes doesn’t matter.

            (And I don’t have a reference unfortunately.)

            Maybe an easier one would be C++ unordered_map which I use here with a similar hash function:

            https://github.com/google/rappor/blob/master/analysis/cpp/find_cliques.cc#L81

        1. 1

          The background to this [lobste.rs] post is, I imagine, the recent controversy surrounding the inclusion of Elasticsearch.

          Elasticsearch has been included in the reference Mastodon client as an optional extra to allow better searching. While this is nominally a good thing, and likely used honestly, there exists a subset of users concerned that Elasticsearch has an awful lot of features that now exist alongside search, and help to find trends and produce datamining insights.

          Many people left Twitter to escape that platforms omnipresent analytics and monetisation of users. These same people are concerned that the current direction of Mastodon is moving towards that, even if through honest decisions, by the inclusion of software that enables it.

          1. 4

            No, that’s quite unrelated to it :)

            1. 1

              I don’t get that impression at all. I see this post as outlining an alternative to Mastodon for folks who may want a simpler approach to solving the same problem while offering users similar features.

              1. 1

                I should probably clarify, I mean this being posted specifically to lobste.rs. That said, while Pleroma is a fully featured implementation that existed before the concern of elasticsearch, it’s being touted especially as being free of the concerns recently raised.

            1. 2

              Yeah, I had a play with this a while ago and it works pretty well: in a field trial among ~20 mostly non-tech friends, only one noticed that there was no way to set a password.

              1. 2

                One of your comments is that cookie security wasn’t taken seriously. Could it be the case that you can include in the cookie a per-browser fingerprint as well as a key, and then use a HMAC to hide this information and ensure the authenticity and integrity.

                If an attacker were to steal the cookie, the server could identify that even though the secret is valid, the browser has changed significantly enough (cookie theft in the positive case, a sufficiently serious upgrade in the negative case) and force a new login for the browser?

                1. 1

                  I thought this way too until I started tracking our users’ browser fingerprints. Then I discovered that they changed way more than you’d expect; I never investigated why but saw that it was unreliable enough to not pursue.

                  1. 1

                    Yeah, I think the very fast browser update cycle these days might stuff this idea up.

              1. 7

                This is such a sad story.

                This is also a good example of why making an android level user friendly desktop Linux distribution should be number one priority for FOSS developers. We need UX designers, Artists, and non-technicals in FOSS.

                1. 7

                  Development is one of the few “creative” areas where working for free is considered not-strange (it’s still not common). For various cultural reasons that essentially stem from the abuse of artists, most higher creatives strongly resist working for free.

                  If my phone were charged I’d take a picture of the document that discourages free work of just about any form to the creative students at my university.

                  1. 6

                    A big part of this is probably the existence of copyleft licenses which provide a legal mechanism to guarantee that continued work will be contributed back to the community. I wonder if a similar mechanism exists for artists (perhaps creative commons?).

                    It’s also important that software has a useful notion of “contributing back to the original work”, and that contributing is both standardised (my copy of git and the language compiler probably works the same as yours) and idiomatic (diffs, patches, and PRs are all well-known tools). It seems possible in theory to have large, open source, collaborative design projects (where many designers contribute back to a single project under copyleft terms), but I’m not aware of a “standard” design format with both a critical mass of users and good support for decentralised contributions.

                    1. 2

                      I think free work should be discouraged if someone else is profiting. However if it such a taboo because they have a history of being abused and low quality of life perhaps we should start an money pool to pay for contributors who don’t have a higher paying job like software development.

                    2. 2

                      Personally, I don’t think FOSS is a good fit in that situation.

                      Just my opinion, but I feel the open source model works best when the contributors are working on the project because it’s something they want or need themselves, OR because the project offers some kind of unique and interesting challenge.

                      A novice friendly desktop doesn’t fall into either category.

                      1. 2

                        Funny because the android OS gets a LOT of contributions. Just because something is novice friendly doesn’t mean it has to be crippled in any way. Also there’s a lot of unique and interesting challenges in making a user friendly operating system.

                    1. 2

                      The software here sounds like it could be Dragon with the Verbal Vim commands? It sounds almost identical to this 2013 PyCon talk by Tavis Rudd: https://www.youtube.com/watch?v=8SkdfdXWYaI

                      1. 4

                        From the article:

                        “The silver bullet” came when Moyher found a video presentation by developer and coder Travis Rudd, which appeared online in 2013 shortly after his diagnosis, that took viewers step-by-step through Rudd’s own RSI experience. The 28-minute video shows Rudd breaking down exactly how he customized Dragon NaturallySpeaking, a voice-recognition software suite, to write code in the Python language using nothing other than his voice. This countered the wisdom Moyher had seen in forums about RSI and coding, declaring that Dragon’s usefulness in coding was limited. “Don’t do it, it’s impossible,” was the common wisdom, Moyher said.

                      1. 2

                        Suggest visualization.

                        Is this really a privacy thing? This is behavior explicitly advertised by the product.

                        I’m not sure that getting a lot of “look at this totally expected behavior of modsern products” posts here is good. Tends to lead to clickbaity stuff.

                        1. 5

                          I think really this isn’t the advertised behavior. While Strava does advertise activity tracking, it’s not until you mix in the occupation related PT required in the military that this emergent behavior appears where you can see very regimented fitness activity often in areas that otherwise wouldn’t have it. Together, you see the initially surprising - but entirely reasonable in hindsight - ability to locate bases. It’s something that makes you go “huh!”.

                          Strava advertises fitness activity tracking. The military takes fitness seriously. Combined, Stava can be used to identify the location of abnormal areas of activity, ie, military bases.

                          This is the tweet that really sums it up: https://twitter.com/gavinsblog/status/957786002751332354

                          1. 1

                            The users of these devices had an expectation of privacy which has been violated. I doubt they believed their use of a fitness device could reveal their position to the enemy.

                            I think it’s decent news and worthy of attention/discussion.

                            1. 3

                              Have you used Strava? I have, and it is very clear when you are posting an activity publicly. (My understanding based on discussion elsewhere is that private activities are not included in the heat map. Strava also provides a feature whereby you can post an activity publicly but hide the start/end points so that your home address isn’t apparent; my understanding is that these hidden sections of public activities are also omitted from the heat map.)

                              I have no more expectation of privacy when I post a public activity to Strava than when I post a public photo to Instagram, or a comment to Lobste.rs.

                          1. 1

                            Has anyone been able to find the supplementary materials? I’ve had a poke around on archive.org, as well as probing through the current Notre Dame site, but I haven’t had any luck yet.

                            1. 4

                              For the next couple of weeks I’m going to continue to hack on the Thymio, Aseba, and Jetson stuff I have for my Masters.

                              I’m working with one other on an (academic) year long project to implement SLAM to map unfamiliar environments, and then use evolutionary algorithms to identify the best strategy to achieve various goals. Since the bot hardware is cheap and cheerful, the main challenges we’re facing is developing any kind of useful SLAM output, and navigation through it. For simulating and developing improved strategies, the plan is to handoff to the Jetson strapped on top and use the GPGPU cores (OpenCL) to be quicker than the PIC device in the bot itself.

                              1. 1

                                Cool projects. I don’t know what SLAM is in this context. Turning it into a link would be helpful.

                                1. 3

                                  They probably are talking about Simultaneous Localization and Mapping

                                  1. 1

                                    Oh, OK. That makes sense. Thanks.

                              1. 2

                                The slug in the URL here has somehow become notes-of-cpython-lists, when it should actually be notes-on-cpython-lists, not the of vs. on.

                                  1. 1

                                    Actually decent article.

                                1. 10

                                  Honestly, I can’t help but to feel very bearish on ETH. I really like the idea, but I think the implementation is poor, and the community is poorly aligned in values to making it a success.

                                  The most important construct in ETH that sets it apart from other currencies is the Smart Contract. I don’t believe though that these are either smart, nor contracts. Whether or not you agree with the resolution of the DAO hack or not, the fact that we consider it a hack to be in some way resolved indicates we do see smart contracts as programs that can and should be changeable to better meet the intent.

                                  Based on the DAO and a number of other issues with smart contracts, I don’t think they are smart based on the design of the language being so poorly adapted for the kind of verification needed to make robust contracts. It isn’t smart.

                                  Based on the communities willingness to fork over contract actions they don’t agree with means they aren’t contracts. In real life, if you’re duped by a creative but legal (as judged by the legal process, or in this case the execution on the blockchain) interpretation, you need to suck it up and move on. In Ethereum, you can fork, and in practice the group that lead to the fork of ETH were a minority. Smart contracts aren’t contracts because by the decision of a few they can be rewritten without the agreement of all involved parties.

                                  Ultimately, if I were looking to do non-hobbyist business, either as the business or a customer, for these reasons I wouldn’t feel comfortable using Ethereum.

                                  1. 19

                                    I am not a lawyer, but I did grow up with one, and I’m pretty sure a legal but clever and tricky contract has legal grounds to be thrown out in court.

                                    As a kid I was curious if the “tiny fine print that you couldn’t read” could really be used to trick someone. It can’t. The legal system is very aware of the distinction, it’s called acting in good faith.

                                    Again, not a lawyer, not legal advice, don’t make choices based on what I’ve said, but it’s not as cut and dry as you claim it is.

                                    1. 15

                                      And contracts with “bugs” in them (i.e., that don’t accurately represent the intent of the parties) aren’t taken literally either. There are rules/principles about how to interpret them that are much more nuanced than that. Only a programmer who doesn’t get out much would think that a better approach is to eliminate the potential for ambiguity and then always interpret contracts literally.

                                      1. 7

                                        I generally understand your point and agree with it, but what I’m suggesting is that the execution of a smart contract is the legal process in this context.

                                        It’s not that it’s right or wrong that the contract was interpreted/executed in a given way, it’s that after the field has been set and the dice cast, then going back in time and writing out the execution because some definition of majority (usually a minority in practice) didn’t win is the issue.

                                        Changing how the outcome played out after the fact that it was interpreted and executed feels (in the context of a smart contract being interpreted by the legal process of the block chain) like an extrajudicial action by people who lost out.

                                        1. 5

                                          The legal system has been dealing with smartasses since before your ancestors were deloused.

                                          Think of it like the efficient market hypothesis: People have been banging on legal systems for so long that you can reasonably assume that all of the interesting stuff has been found, and is either a known technique or is already illegal. There might be exceptions to this, but the fact the system is administered by humans who exercise human judgement closes a lot of novel loopholes, as well.

                                          1. 3

                                            I’d go one step further and assert that, in legal systems that have been functioning for centuries and are thoroughly debugged, some obvious glaring flaws will continue to exist, but they are those that are actively maintained by some group which has an extraordinary amount of power and stands to gain an extraordinary amount of wealth from them.

                                        2. 4

                                          I used to think this way, until I realized that all these high-profile bugs in applications on Ethereum have very little to do with the code in Ethereum.

                                          The DAO is a good example. It was not written by the core Ethereum project. It was a distributed application written by unrelated developers, and crowdfunded by a token sale. Blaming the Ethereum project for DAO’s code quality is like blaming the Unix developers for a segfault in some third-party app.

                                          1. 3

                                            You don’t have to blame the core developers for the DAO contract code’s bugs to blame them for forking the block chain to “fix” the bugs for THE DAO developers.

                                            Those are two separate acts from two separate groups of people.

                                            1. 1

                                              On the other hand, one of the Ethereum founders was responsible for the Parity bug.

                                              1. 1

                                                I agree with you but think the conclusion you draw is incorrect. While Solidity itself is not a bug, the language itself is part of the design of Ethereum, and by using a language (Solidity) that is so poorly adapted to verification, it’s made it easier for users to write buggy contracts.

                                                1. 1

                                                  C is buggy, but that didn’t kill Unix.

                                                  Unless a credible competitor appears, I think Ethereum will continue to dominate the smart contracts space.

                                                  1. 2

                                                    C isn’t buggy. Solidity isn’t buggy. Their use in the systems mentioned have lead to more bugs, and an environment more user- and developer-hostile than had they instead been replaced with other languages.

                                                    I agree that Solidity won’t kill Ethereum, but a credible competitor will. I think it is almost a certainty that the biggest shining star of a more mature smart contract blockchain system will be better verifiability in the language. It might not be the immediate killer of Ethereum, it might not even be the technology that kills the Ethereum killer, but I really do think that a verifiable in practice language will be a requisite feature for a smart contract technology that isn’t as known for being a massive footgun as Ethereum is.

                                                    1. 1

                                                      Wait, since when is C buggy?

                                                      1. 1

                                                        I should have been more precise.

                                                        While C itself is not a bug, the language itself is part of the design of Unix, and by using a language (C) that is so poorly adapted to verification, it’s made it easier for users to write buggy programs.

                                                        Buggy programs didn’t kill Unix, so I doubt Ethereum is in danger.

                                              1. 2

                                                Why does the option have a -unknown-unknown suffix?

                                                1. 14

                                                  Compilers often consider their target as a triplet in the form machine-vendor-os, such as x86-pc-linux, which would describe a compiler targeting x86 IBM compatible machines running Linux. In the case of webasm, the machine target is webasm, but the vendor/OS are irrelevant and not known at compile time.

                                                  1. 3

                                                    Thanks for the clear explanation :)

                                                    1. 2

                                                      The Rumsfeld of platforms?

                                                  1. 5

                                                    Things I have to do this week - mostly coursework:

                                                    1. Continue my work on the evolutionary algorithm for my classes - probably going to add simulated annealing as well has hillclimber strategies and see where they suit being applied.
                                                    2. Finish up my implementation of rfc1149, which should be a laugh, again for class
                                                    3. Prepare and run the completathon at my uni (hackathon, but the theme is no new projects - polish off those side-projects you’ve had wasting away for months!)

                                                    I’ve been speaking to some of my friends about further embedded stuff, but it needs to take a bit of a back seat for this week. Between uni work, extracurricular work, and my non-tech stuff, I’m struggling a bit to keep my head above water.

                                                    1. 2

                                                      Offtopic, but: .horse? Really?

                                                      1. 2

                                                        The author got that question on HN and answered as follows:

                                                        The first page I wrote when I was making the site was this one (https://ircdocs.horse/specs/) – and the initial drafts were a fair bit screechier than what’s there now. I wanted people to know that everything on ircdocs is pretty much just my thoughts (as opposed to the more consensus-based approach of IRCv3), and figured the horse TLD would make people take it less seriously.

                                                        Didn’t exactly work out, now that a fair number of devs are using it as a legit protocol reference. Still, gives the site some decent character and makes it memorable :P

                                                        1. 1

                                                          What of it?

                                                          1. 1

                                                            It’s just… weird! In a good way, but… yeah.

                                                        1. 1

                                                          It looks cool, especially that it’s first class within the OS, but I think I still miss tools that allow me to specify GUI components by properties. Can I with Hey?

                                                          I’ve previously used tools that would, instead of allowing me to set Selection of View 0 of View 0 of Window 0 to 3, would allow me to, essentially, send click on object in window "Time" with caption "Clock". You could absolutely also navigate down the object tree with indices but it was fragile - if a new tab were to be inserted, instead of selection 3 you’d want 4, everywhere you used it - which is hard to find.

                                                          1. 1

                                                            A related, classic sorting visualization is The Sound of Sorting: https://www.youtube.com/watch?v=M0cNsmjK33E

                                                            1. 6

                                                              Two things:

                                                              1. Cutting my teeth on “real compiler” tech (beyond just simple hand-written stuff that is unlikely to scale as a single developer to a full language) with flex and bison
                                                              2. Continuing to help prepare for freenode #live
                                                              1. 4

                                                                Hand written parsers scale better than flex/bison in my experience.

                                                                1. 3

                                                                  I was never a fan of the compiler-compiler approach (flex/bison, happy, etc.) since it seems like a heavyweight hack to work around the lack of meta-programming in some languages (and without (ab)using the C preprocessor).

                                                                  These days I tend to use either parser combinators or PEGs (e.g. OMeta) when I need to lex/parse/etc. Whilst these could be described as DSLs, they’re at least embedded in the host language rather than running externally and dumping code to a file.

                                                                  1. 2

                                                                    Maybe when you’re experienced, and the parser is the main part of the project. Really, this is just because I need parsers more, but I don’t have the CS fundamentals background to write efficient, sensible, and clean parsers on my own. It’s far easier for me to express a grammar than to implement it.

                                                                    1. 2

                                                                      I basically just followed the example on this page https://en.wikipedia.org/wiki/Recursive_descent_parser and found it a bit easier to understand than bison (and you eliminate a dependency).

                                                                      Heres my if statement parser for my self hosting C compiler:

                                                                      https://github.com/andrewchambers/c/blob/master/src/cc/parse.c#L1275

                                                                      Its quite doable with a bit of practice.

                                                                1. 2

                                                                  This survey is frustrating. For example, while I don’t really use XMPP, I do maintain several server instances. Likewise, running several instances means I actually run one each of Prosody, Openfire, and ejabberd. The structure of this survey makes it hard to explain my situation (even if unusual).

                                                                  1. 6

                                                                    As mentioned in the article, freenode cares about user privacy and security when using our network, and we specifically provide a tor hidden service for users who wish to use it.

                                                                    At the same time, the amount of abuse we saw over earlier HS implementations was significant, which is why we know require users to connect with SASL (which requires an account registered over the clearnet). We’re aware of this hole, and we’ve been investigating. While we’re currently very busy in the runup to #live, we’re also open to suggestions on how we can securely close this hole in a way that allows users to never connect via clearnet.

                                                                    https://freenode.net/kb/answer/chat#accessing-freenode-via-tor https://freenode.live/