1. 3

    GitHub is changing. It is important to understand that GitHub is moving away from being a Git Repository hosting company and towards a company that provides an entire ecosystem for software development.

    Hasn’t this always been the case?

    1. 5

      No, if you look back to when Git was first becoming popular (around 2008) the alternatives to hosting your own Git repository were very cumbersome. Using pull requests instead of sending patches was part of the draw, but the main thing was “be able to use Git without putting up with (for instance) the terrible user interface of Rubyforge.

      1. 6

        But a pull request isn’t part of Git, so I think my postulate still holds true.

        1. 6

          What I said was that pull requests were a small part of the draw, and the main thing was being able to host a git repository without dealing with apache or sourceforge.

          1. 1

            Is it possible to get actual numbers from some kind of VCS server log from 11 years ago?

            Did you know Fossil is 12 years old? http://fossil-scm.org/home/timeline?c=a28c83647dfa805f I just found out.

            1. 1

              I’m having a hard time seeing any connection between what you said and what I said. Wrong thread, maybe?

              1. 1

                i get your lack of sight on account of my lack of clarity so here’s some of that:

                when Git was first becoming popular (around 2008)

                … as a rhetorical point, boils down to a dispute between you and zg regarding these like long-range ecosystemic benefits (and the pull request thing is kind of an aside - you are in agreement more than youre in disagreement, imho, and causality is not inferrable about why git and github pulled ahead, is it? it’s pretty contingent)

                is it possible to get actual numbers

                this refers to numbers about popularity

                otherwise talking about some farfagnugen ecosystem-level obscurities is kind of pointless

                i mean zg kind of just said rhetorically that he doesn’t agree with the fossil guy and you kind of just said that one time in history one thing happened once, and so i figured that having maybe some actual rigorous data would allow us to come to some kind of conclusion, but I know that it’s not very important or interesting, but i was just curious, actually, and i feel like there’s a slim chance that some literal data on vcs usage might exist and that that would solve a lot of these “does the ecosystem come before the theoretical innovation in VCS design or the chicken before the egg or what?” types of questions. since they take place in an ahistorical vacuum otherwise. doy.

      2. 1

        Ya pretty much. I think the author missed the point of Github. It was never really about Git more than to the extent that Git appeared to be in the lead at the time and perhaps some preference by the founders.

        The value proposition is everything around supporting the Git workflow.

        1. 2

          A few things:

          1. Fossil exists in contradiction to the value proposition of “everything supporting git,” to solve problems that aren’t yet solved…

          2. Fossil is NOT git, in the same sense that, once upon a time, GNU was supposed to be NOT Unix…

          3. Literally, GitHub invited the guy AS the Chief Point-Misser in a special critical capacity.

          4. Everything around supporting the git workflow is a value proposition – only to the business supporting “everything around the git workflow! …

          4.1 (continuing) … – but that’s a proposition about the ecosystem NOT to the conceptual framework of what it means to “do VCS stuff.”

          I explained this to epilys, but also wanted to point out to you, that the author probably “missed the point” of GitHub intentionally, whereas you missed precisely that point…

          1. 1

            If you say so.

            1. 0

              aren’t you saying that GitHub matters but VCS does not?

              aren’t you saying that Git is irrelevant and the whole thing should just be called “Hub?”

              when you say “it was never really about Git… etc., etc.,” what do you mean by “it,” if not GitHub?

              aren’t you just saying “value proposition” in the hopes that everybody forgets that GitHub is a “value-proposing business”… running on a vcs called GIT?

          2. 1

            I disagree. I’ve been a Github user since 2009ish and I used it 90% for “hosting a git repository” - that was in addition to hosting my own git repos via ssh/gitolite, so also some mirroring.

            When my company paid for github, it was to have a git repo. And pull requests, but nothing else. And I simply don’t believe I’m the outlier here. Sure, webhooks were nice but that’s the extent of any added benefit there.

          3. 1

            #include jolly-sarcasm-compiler.h

            I don’t know! But let me look in a BOOK or a TECHNICAL GUIDE at the very least - oh here’s one…

            https://lobste.rs/s/v4jcnr/technical_guide_version_control_system#c_bolhkj

            When you say “always” do you mean “since we moved away from mainframes?”

          1. 5

            In this article, we provided a technical comparison of some historically relevant version control systems. If you have any questions or comments, feel free to reach out to jacob@initialcommit.io.

            No Fossil. sniff

            I reached out (since I was feeling open – ahem! – free)

            1. 6

              Hey appreciate you reaching out @lettucehead! I poked around on the Fossil website and the integrations look pretty sweet. I installed it and will hopefully get some time to play around with it this week. Hopefully will add a section into the blog post in the near future.

              p.s. I’m just learning the ropes here, but I submitted a hat request as the creator of the Initial Commit site.

              1. 1

                nice!!!

            1. 3

              I find it awful that developers think Github should try to “improve” git. If the author wants a change, they should bring it to the git dev mailing list where the actual git development happens.

              1. 0

                Do you find it awful that car tire manufacturers try to improve tire traction? Or do you think that’s the responsibility of “the road people?”

                It would break the analogy for me to suggest that there’s a mailing list for roads, but there’s trade shows or standards organizations or whatever.

                I think you are in serious need of a history lesson, and I have a pretty “serious” writing style so I should say upfront that I mean this in the least annoying, most gentle way, and I’m pretty sincere in a meaningful way but not that serious in an angry way, and I always mess this up so I just need to be very clear, and there’s an imaginary huge spoonful of sugar to make the medicine go down included, and, should you disagree, you may take it with a grain of salt (to your taste).

                Fossil is not “some project” by “some developer” – it is THE weird rebel VCS (TM)(R)(C) backed by the full powers of freaky FOSS ideologies that have been falling all over themselves (omnidirectionally) to hack new stuff since the beginning of computer time when von Neumann made the 32-bit array from giant tubes and this one whacko named Nils Barricelli immediately started making “life” in the form of cellular automata (that Stephen Wolfram pretends he invented) on punchcards.

                OK, that’s exaggeration – but I’m “serious,” there was Subversion, then there was Git and Mercurial. There’s also Fossil. On the side. Not “off on the side somewhere,” but in the center of being off to the side. If there were a rave of obscure VCSes then Fossil would be the DJ. (I’m joking but I’m totally serious.)

                Git has literally been the same for the last twenty years. All the variously (non-)exciting “UNIX simplicity” manifestos kind of break down when you consider carefully the issues entangled within git that have remained unresolved for developers generally because the ubiquity of the most important technologies is an impediment to further progress. This is not unique to git, but it is true about git.

                That simplicity cannot be improved upon while no consensus regarding improvement exists within GitHub. Why? Because they are the material being that represents the ubiquity of the technology of git in the market. If there’s no money behind it, it can’t happen. And there isn’t money behind Fossil. Which is the best place to improve not just “the ecosystem” but the actual technology of VCS itself. It is about the ideas and not about the profit or the users.

                That is the reason that the creator of Fossil was invited.

                That is the reason that he was invited, even though everyone knew he would be a contrarian.

                I submit that you are 100% correct when you say: “If the author wants a change, they should bring it to the git dev mailing list where the actual git development happens.”

                I further submit that this has already happened, but you just weren’t around for it.

                Finally, I helpfully suggest that it’s not “awful” to have the kinds of feelings that you, in the innocence and naivete of youth and scholarship, also helpfully looking out for the community, called awful.

                In fact, it is not awful, it is itself the community looking out for itself. But that just can’t happen properly until you have the knowledge that allows you to fully consider, in its genuine context, why the developer of Fossil is not the same as some complaining “developers.”

                I know it’s a pain in the butt to be unexpectedly in the position of having someone take a stand against you, but really I am taking a stand against the world, pointing out the little red line between Us and Them, and hoping you will recognize that you already have friends on our side. Literally our side includes the members of the exact mailing list that you think (thought? :D) the guy “being awful” should have contacted. I don’t blame you for having this opinion whatsoever – your mind is just probably running the wrong VCS :) maybe rebase that opinion

                also check this out it is so cool https://fossil-scm.org/home/doc/trunk/www/index.wiki

                1. 6

                  Thank you for the reply.

                  Fossil is not “some project” by “some developer”

                  I didn’t comment on any of this. I think you picked up some kind of dismissal and irony from my comment.

                  Because they are the material being that represents the ubiquity of the technology of git in the market. If there’s no money behind it, it can’t happen

                  While it’s true that capital pretty much controls linux and friends, the git community is independent.

                  I further submit that this has already happened, but you just weren’t around for it. This is not relevant because the problem is the author tries to make github pressure git, instead of communicating with the developers.

                  I should not reply to the way you express yourself because it is irrelevant to the discussion and your points (it’s an ad hominem) but since you comment on it I will tell you my opinion: saying you have a certain kind of tone doesn’t mean others should tolerate it; it’s not an excuse. Mature discourse is not like this. You can share your opinions without being mildly condescending.

                  Also, thank you for the other comment about my site :)

                  1. 0

                    > Thank you for the reply.

                    You’re welcome, and I owe you a continual debt for your continued engagement with a lesser being of my particular variety. I’m not trying to troll, I’m absolutely not trying to excuse myself, and I should point out the meaning of the root of apology. (Unrelated: website in link is maintained by a single individual! Incredible. What an example of cathedral-style development…)

                    > the way [I] express [myself]

                    Technology is my hobby, not my profession. So sorry if I’m not what you expected. And I’m sincerely curious. I’m not joking around when it comes to knowledge, opinions, and exacting detail. I am really hungry to know. I just don’t know how to communicate with developers very well (it is NOT easy) and I have a terrible proclivity for prolixity. I’d rather read your replies, although I will accept your downvotes.

                    > dismissal and irony (yours in my opinion, but only in my mind in your opinion!)

                    So what?

                    (Note: I’m asking. I’m not asking “rhetorically.” I’m asking because I want to know.)

                    > capital controls linux

                    I’ve taken heat before for having been invited here by one of those sympathizers with intellectual radicals, a self-avowed hypertext crank, and possibly stupidly I don’t blame myself for the fact that everyone seems to think I share all his opinions – we’re strangers. I just wanted to be a part of the best forum in cyberspace, so I asked him.

                    Anyway, does capital really control Linux, or is that just a lame explanation of the fact that nobody “controls Linux,” and everybody thinks that capital is a big deal? When I said:

                    > no money behind it

                    … what I meant was, “No people with deep pockets supporting the one crazy Fossil developer, directly.” Are you really replying to me? Am I misinterpreting you by thinking that we’re not really talking about the same thing? Now we’re talking about different communities, and I am lost. When I said:

                    > the community (which I said twice)

                    … I meant two things. The first time, I was using the term in a sentence about you. I meant the community that you (in my opinion) were looking out for by defining “the author” as one of the developers who, when thinking about improving things, thinks about things that you “find awful” (that’s OK – it is your opinion!) – things like saying GitHub should improve the technology it has used to get itself acquired by Microsoft for $7.5 x 1,000,000,000,000.00 USD (woah! crazy talk!). IMPROVEMENTS LIKE FUNDING FOSSIL IN THE FLAMING NAME OF HADES. Sorry. That was autocorrect, not me. I’m just gonna leave it there. Hopefully it doesn’t render poorly on mobile.

                    The second time, I meant you, me, and everyone invited here by people invited by jcs. Because this is a community. Communities are places where developers go to read news and be annoyed by crazy old men and find romance. Communities are a huge problem. Communities are where keyboards interface with chairs. And this chair-to-keyboard interface started short-circuiting explosively upon learning that such a noble and talented person as yourself (I really do like your terminal emulator!) was capable of being deceived by the complacency of the powerful. I think it is popular to believe, on this very technically advanced forum, that everything sucks. And this is a terrible opinion. We, you and I, do not suck. That’s like, one of the categorical axiomatic booleans of writing software that doesn’t become an unimprovable Legacy pile of bloatware. No? One of the categorical axiomatic booleans of doing stuff that we can pretend is great until it really is great.

                    And it is also the basic postulate of my entire philosophy on free software, which in my opinion is the only exciting software, because, to quote a really old guy who probably nobody here knows about or is interested in, credo quia absurdum. It really is the irrational man that is the source of all progress, because if only logical actions are taken then any mind which is not omniscient will remain in a local minima of cost when greater cost savings are possible. I believe that wisdom adheres to contradiction like flies to fly paper, and I literally think that is why everyone around here thinks that all software sucks, because it is a forum filled with talent.

                    Anyway, it is apparent (to me, not apparent to some kind of objective mind that would literally be physically impossible to create because the model becomes the map eventually) that you think the only community that could possibly matter in this discussion is the git community. I would like to know why that is. I know it’s an annoying and tiresome question. I literally don’t know the answer and I do very much seek to know. I think it’s the wrong answer, and the only – literally the only – reason I can give you is this: “Fossil seems cool to me.”

                    Look, I don’t have a classical education in this stuff. I know there’s such a thing as naming files for version control with dates and symbols that’s all neat and tidy called “SemVer,” and that mentioning this is a great way to convince your boss for a few extra weeks of what is in reality more free time to read Lobste.rs while you “convert to the new system” by running a shell script in the background, and I can honestly say my knowledge about VCSes stops somewhere around there.

                    I also know every time somebody posts about GitHub a bunch of hot-blooded FOSS fanatics come out of the air like Rumpelstiltskin (mixed with poor, finally-defeated, possibly-woman-hating-but-probably-not-Hitler RMS) to complain that they hate the system of “stars.” But that is not the best evidence in favor of GitHub, and also not the best evidence in favor of Fossil.

                    So, apparently, you think there are two communities. One is Linux and friends, and the other is the git one.

                    IN WHAT WAY COULD THESE POSSIBLY BE DISTINCT? o.0

                    How is anybody supposed to know what community is where – we are talking to each other, and that means you and I are in communion (in a very boring sense) with one another. We are online together and that is what this whole stupid project of sitting in front of a useless glowing rectangle is about. I mean I love mine and don’t know why, I guess because there are people on the other end… but I am sooo curious to know – what are your real thoughts?

                    You can’t hide behind a statement that something very not mysterious is “awful” by saying that you weren’t commenting on whether when you said “developers” you meant people distinct from the author of the thing this is all about.

                    Sorry I don’t have a literal technical argument. I hope you can follow the thread of my thought. Sorry if the words are too complicated I gather you’re from the Continent. (I mean that I’ll rephrase it if needed!) I am genuinely curious. I can accept downvotes for bad style. (I’m trying to improve it.) (Although who doesn’t want to be sardonic, flippant, tedious, and … wait for it … unwelcome?)

                    (JK >.< but only about the unwelcomeness – i love the other qualities too much!)

                    And SUCK == FALSE!

                    1. 1

                      Oh and sorry I have l’espirit d’escalier but I also read…

                      this

                      this

                      this

                      and this

                      … approximately 2.5 years ago after I found out about Fossil. I find out about things every week, but that was one of the good ones. I’ve been meaning to get back to it, and learn about all this mumbo-jumbo on my own, but you know, VCS is like waaaay down on the to-do list, and 1/($7.5*10^9)th less far down on the to-read list. (We can also start saying “One Githubth” if that’s easier than “One seventy-five-hundred-millionths.”)

                      My questions are real. Maybe there’s not any right answer. I can accept that. But I just don’t get it. Why not use the better tool? Why not fund its development? Why ignore the guy after inviting him to the thing? You know what I mean?

                    2. 0

                      > the problem is the author tries to make github pressure git, instead of communicating with the developers

                      Can you say more

                    3. 3

                      Git has literally been the same for the last twenty years

                      Git is only 14 years old :)

                      1. 2

                        I heard Linus carried the entire source code in his brain exactly as it exists today for exactly 6 years… 14+6=20

                        JK im an idiot thanks myfreeweb

                        1. 1

                          by the way

                          fossil is “only” 14-2 years old! just found out

                        2. 3

                          Finally, I helpfully suggest that it’s not “awful” to have the kinds of feelings that you, in the innocence and naivete of youth and scholarship, also helpfully looking out for the community, called awful.

                          Your comment was overall well-put and an interesting perspective, but I feel like this was patronizing and unnecessary. It’s the kind of thing that derails from what could be a useful, continuing discussion. :)

                          1. 1

                            i appreciate you pointing this out, i will try to not do that

                          2. 1

                            also if you were using fossil it wouldn’t be such a pain in the butt to rebase

                          3. 0

                            also your website abt meli is beautiful

                          1. 17

                            Possibly off topic but… what are you talking about???

                            1. 17

                              I was wondering the same question, and searching the web for “leetcode”, I found : https://leetcode.com/ which seems to be a platform for coding challenges.

                              Hope it answers your question, it answered mine.

                            1. 5

                              Though Guido is officially retiring, his contributions to Dropbox and the larger Python community will continue to be felt. He has already put into motion the conversion of the Dropbox server code from Python 2 to Python 3.

                              I’m surprised they’re still using Python 2, especially given how heavily they’re using mypy.

                              1. 0

                                oh?

                              1. 3

                                I think they are in score order

                                1. 1

                                  Did you test this

                                  1. 3

                                    Just observe any high-traffic story’s comments evolve, you will see this. It’s definitely intentional, just like on Reddit and the orange site. I think it may have been Slashdot who originated this practice of obsuscating the timeline and making even trivial remarks into popularity contests. It’s a bad idea, in my opinion.

                                    Nonetheless, people still often use the intuitive terms “above” and “below” when posting, in apparent ignorance of how unstable the ordering is.

                                    1. 1

                                      thanks!

                                    2. 1

                                      Did you test this fnord

                                      1. 1

                                        Did you test test test this fnord fnord

                                        1. 1

                                          man i can’t reply twice to myself, why? It always says “you’ve posted here lately” but the time I made the post about was like, bam bam, one-two, dirty harry he-only-fired-five-shots style (except two shots)

                                          1. 1

                                            It’s to prevent accidentally sending the same comment twice: https://github.com/lobsters/lobsters/blob/master/app/controllers/comments_controller.rb#L42

                                            1. 1

                                              thanks!

                                  1. 13

                                    There’s no B2B business that can be built on $2/mo subscriptions. Put on some big boy business pants and Charge More™.

                                    1. 33

                                      Sourcehut founder here. Sourcehut is B2C, not B2B. Additionally, this is an alpha-quality product and payment is optional. The prices will likely be raised when it graduates to beta, and payment will become mandatory outside of exceptional cases.

                                      The goal is not to maximize profit, but to provide a sustainable service to the community.

                                      1. 16

                                        Your pricing plan sounds fair but I am talking about sustainability. A business with technical support cannot survive on $2/mo plans, answering a technical support question from that customer will cost you the entire annual revenue from that customer. Perhaps you don’t plan on providing support to anyone but the higher tiers – that’s a respectable approach.

                                        Paid source repositories are used by software professionals, thus B2B. The overlap in the Venn diagram of “hobbyist” and “paid source control” is very small (and with a corresponding $2 budget). 99% of hobbyists will use a free service.

                                        1. 20

                                          Support on anything other than a best-effort basis is paid and charged separately at B2B prices.

                                          1. 11

                                            Pinboard is doing ~$250k in yearly revenue on $11 and $25/year subscriptions. I also think you’re vastly underestimating the number of people that pay for tooling for their personal projects.

                                            1. 6

                                              At that revenue level, Pinboard can’t afford to hire a second FTE to back him up. He can’t take a vacation without the pager. Do you think that’s wise or appropriate? If he ever wanted to walk away after a few years, do you think someone would want to come in and take over the business?

                                              We’re talking about the difference between shoestring budget and sustainable business. A sustainable business is profitable and not a bad thing: it allows you to keep the business running without burning yourself out.

                                              1. 13

                                                Sourcehut is profitable. Read the financial report. I’ve already hired a FTE to start in Q4 and Sourcehut has become more profitable every quarter. The prices will like be raised when the beta begins and payment will become mandatory for all users. Right now, the business is sustainable enough to keep me working on it, and ratcheting up the profitability is not a priority right now.

                                                1. 6

                                                  Yeah, I did read it. According to my math and assuming you are FT, you are paying yourself less than $10/hr (~$1500 / 160 hrs/mo?). Is that right?

                                                  1. 7

                                                    No, I’m paying myself even less than that. But I make money from other sources as well. My personal financial position is sustainable (and net positive).

                                                2. 4

                                                  Sure, I get the point you’re making, but the point I’m trying to make is that there’s definitely “successful” businesses out there at that price point.

                                                  1. 7

                                                    Your point was based on a bookmarking site that requires so much less developer and hardware resources to implement than an alternative to Github. A site that probably takes almost nothing to operate in comparison gets by on a small price. What SirCmpwn is doing is much larger in development effort and resources required for users.

                                                    So, the example doesn’t tell us anything. It would have to be a sustainable business doing something similar for a long period of time that wasn’t selling its users out or burning through venture capital. That probably would narrow examples down quite a lot. It might also give us an idea what pricing would be like.

                                                    Meanwhile, he’s in alpha making money while experimenting and building it. It’s an interesting approach.

                                              2. 8

                                                The overlap in the Venn diagram of “hobbyist” and “paid source control” is very small

                                                I think the interesting question is: is the overlap large enough to be self-sustaining? Not every every service needs exponential growth, for some it is enough to cover the costs + wages. E.g. SDF has been around for ages and seems to do pretty well.

                                              3. 4

                                                The goal is not to maximize profit, but to provide a sustainable service to the community.

                                                Something of a tangent:

                                                The idea that business owners have a moral obligation to maximize shareholder value is actually relatively recent, championed by a famous paper in 1976 that showed that under certain condtions, social welfare is maximized when individual executives aim to maximize shareholder value.

                                                The Value of Everything contains a great history of these ideas, along with some compelling criticisms.

                                                Interestingly, the BRT recently renounced shareholder value as a metric in favor of stakeholder value, which is potentially much more in line with businesses like sourcehut and pinboard that aim to maximize value created rather than profit.

                                                (I’m also a subscriber to sourcehut - even though I barely use it I’m more than happy to support anyone trying to build a sustainable open source ecosystem)

                                                1. -2

                                                  The goal is not to maximize profit, but to provide a sustainable service to the community.

                                                  Which, incidentally, disqualifies you from calling it “B2C”. Because if your goal is not to maximize profit (or shareholder value) then you’re not, strictly speaking, a “business” :-)

                                                  Just to clarify, I’m not saying there’s anything wrong with it!

                                                  1. 16

                                                    I think it makes me not a capitalist, but still qualifies as a business.

                                                    1. 8

                                                      Since we’re in the company of word-mincing engineers who believe that qualifications must be in place before anybody can say whether a thing is or is not a business or possesses the attribute of being “B2C,” lets mince more words.

                                                      A capitalist is not someone who desires the suffering of their peons, in and of itself.

                                                      A capitalist, sensu strictu, is someone who owns the means of production.

                                                      Things touched by the invisible hand are divided into capital, rent, and labor.

                                                      Labor means what it appears to mean.

                                                      Rent means, in addition to the rent that you pay for, the land itself, if you are a landowner.

                                                      Capital is everything else.

                                                      When Groucho Marx says, “Seize the means of production!” those means are synonymous with capital: the tooling, the machinery, the raw material and energy, AND the finances.

                                                      So, sorry, you’re still a capitalist, barring further free-as-in-freedom philosophizing of the memetically replicating Turing’s Cathedral of the virus of the primordial thought-stuff of software. Maybe m4 is actually a semiconscious code-being and nobody owns it, and therefore it’s not an instrument of capital and therefore you’re not a capitalist (IDK if autoconf is one of sr.ht’s dependencies but you see what I’m getting at).

                                                      However, I happily admit you’re neither a capitalist swine nor a capitalist dog, and I think it is this sense of capitalist that you thought you weren’t, and if so, I’m happy to confirm that.

                                                      1. 1

                                                        You’re writing like almost everything written on capitalism doesn’t encourage accumulation of capital. At least in U.S., wealth maximization is implied when people mention that word. Otherwise, we’d just call it business or business ownership. He’s someone with capital seeking some profit but not a capitalist aiming for maximal capital. What he’s doing is closer to public-benefit corporations and non-profits practicing utilitarianism.

                                                        1. 4

                                                          To be fair, he did start the post saying he was going to be extra pedantic. And it was an amusing read in that context.

                                                          1. 3

                                                            Yes, and in the three hundred intervening years between now and the division of the economy into the three things I mentioned, which, by the way, I have precisely and accurately represented, there has been some linguistic drift.

                                                            There have also been some important historical events like the invention of liberalism, communism, Baha’ism, the computer, and the U.S. itself. And gravity and the “circulation of the blood” model of uh heartbeats. Also all businesses as incorporated in the legal sense, since they had to come up with said legal sense for purposes of taxation, and that was antedated by the formation of the nation state, since the idea of capital is kinda literally the idea of economics, which has to do with capital like CPUs have to do with registers. Also capitalization – but LiTeRaL CaPiTaLiZaTiOn (since English has German roots and they capitalize everything, and creative spelling died out with universal literacy, cf. any really old book, like, not-so-random example, On The Wealth Of Nations, by an old white man – unpopular these days, but nobody was very progressive at the time – who had the distinctions of being absentminded and Scottish, wrote during the Scottish Enlightentment, cerca 1700-1750 IIRC & -ish, and once accidentally forgot to get off the train and crossed into England, or something like that). But we’re getting off-topic.

                                                            You’re arguing that capitalists not seeking to maximize profit are no such thing. Correct?

                                                            I’m arguing that he is running a business, and damn if it’s a dirty thing because it’s really not, it’s the only way anything ever gets done anyhow. I am not slinging mud at DDV or sr.ht, so if you hear or see that in my post it’s badly written.

                                                            This whole discussion is about whether Drew should exploit the living daylights out of his users, and I think anyone who reads this page can easily conclude that the users hereabouts strongly desire to be exploited, since there is no small amount of public support of sr.ht. Much of this fundraising discussion has been Drew pumping the brakes to avoid some trigger-happy idea of Successful Business Productivity (TM) (C) (R) (Patent Pending) being allowed to replace the genuine sustainoblah of the communoblah (cf. my other, equally eloquent, cranial emissions on this amazingly exciting matter, both right around here).

                                                            You can say that Sourcehut is like Amtrak, the Corporation for Public Broadcasting, or something else, but really it is a VCS. I think to really be infrastructural and fundamental in the utility-as-in-Monopoly-the-board-game sense (as opposed to the utility-as-in-we-all-scream-for-ice-cream sense) you need to have back-room deals and very pretentious lovers and Nancy Pelosi’s rubber stamp and everything else.

                                                            Maybe it is different with technology in that you don’t need the backing of a phat Carnegie-level kingpin to even begin and it can grow over time to be like Amtrak. Certainly it is different with FOSS, and whether it can grow is a yuge and bigly test of the mettle, both of the founder and of the community, especially when the main considerations are of the sustainoblah and so forth. Hopefully Drew DeVault hasn’t got friends who’ve been secretly meeting with Jeremy Epstein or software freedom is really going down the tubes. :P

                                                            So it is clear that wealth maximization is beside the point – in fact, it’s more finely graduated than a cylinder, in Sourcehut’s case, apparently intentionally.

                                                            When discussing the implications of words, it is important to discuss what they imply for whom. Well I dunno if it always is, but it is now, dang it! Lenin said, when somebody had occasion to invoke freedom, and I’m always anti-Lenin in praxis but never in rhetoric, “freedom for whom? – to do what?” Because it is the answer to that question that is the same as the answer to the question of “Why?” Some postmodern people think that freedom is a byword for “rich people walking all over poor people,” and there is a similar logic there. I happen to disagree, but I get their point, and when I haven’t eaten for a long time I too get concerned that maybe it’s a war of all against all, and freedom is only when the armies are marching towards Those People Over There. Then I have some pineapple salsa, and in a half an hour critical pathways have been refueled with primordial glucose, and I can get behind the communoblah and say the Pledge of Allegiance and am overcome with relief and gratitude that … never mind. Freedom is tricky. We’re working on it. I am pro-freedom, btw. But it’s beside the point.

                                                            Sourcehut is a niche business. Is it still a business?

                                                            Sourcehut isn’t maximizing capital. Is it still an enterprise?

                                                            Not treating users like customers (or the other way around). Still used/consumed?

                                                            Not treating unthinking money-spenders like hogs in a hog confinement or rubes in a carnival. Still a subscription model? Still important to have good marketing?

                                                            The answers, respectively, are Yes; Yes; Yes/Yes, Yes and Yes.

                                                            So, back to the original thing, sorry it took so long: Does a capitalist inherently seek maximal capital?

                                                            The question is honestly intractable. YMMV.

                                                            1. 2

                                                              I admit that I am using the term capitalist wrongly, in the sense that you, nickpsecurity, read it, and I even concede that the majority of people or even 99% of people correctly “mis-“read my (actual:) misstatement in that regard. The question isn’t intractable at all.

                                                              But the fact is, in your very simple (totally unstated, I’m guessing here) model of capitalists, 99%ers, and-small-bands-of-rapidly-iterating-capital-owning-programmers, well, the programmers just don’t fit in. They are like the “party vanguard” in Leninism (the elite stormtroopers of ideological purity, leading the huddled masses to the future), or the petit-bourgeois (read: upper-middle-class merchant-y types) in Marx, of whom I heard he once said, “Yeah, there’s gonna be some very very special ones of this class in my logical class warfare structure, and they’re gonna be super impt, since they’re gonna speak the lang of the elite and walk amongst the common folk or whatnot” and you know he was talking about himself, because he came from a bougie-in-the-modern-sense background but was all obsessed with that stuff you’ve heard about.

                                                            2. 3

                                                              A system of privates business and business ownership only becomes capitalism when it’s sufficiently ruthless? I don’t think I know people who use capitalism that way.

                                                              1. 3

                                                                Most of the richest companies screw over their stakeholders in many ways, the founders/owners of most businesses take most of the money others generate, and so on. Makes me think profit maximization often requires ruthlessness since it forces the maximizer to eventually do harmful things to increase revenue or lower costs.

                                                        2. 8

                                                          Arguing that all businesses have to maximize profit in order to qualify as a business is a pretty bizarre stance to take. I can decide to run my company at a loss and still qualify as a business.

                                                          1. 2

                                                            Arguing that, “arguing that all businesses have to maximize profit [sic] is a pretty bizarre stance to take,” is itself a pretty bizarre stance to take, since the first arguer was apparently asserting the invalidity of “B2C,” an appellation that honestly presupposes a big ol’ distinction between the Bs and the Cs, whereas a sustainable blah to the communoblah is a bit more of a Blah2Blah, since the purely theoretically profit-maximizing logic of “either you’re going From Business and To Consumer or you’re a nothingburger” no longer holds.

                                                            If you really wanted to point out something in the offending comment that was truly bizarre, instead of merely pedantic, you could have pointed out that Sourcehut has no shareholders for whom to maximize the value.

                                                            Instead you claimed that WeWork is a business, but that was never in dispute, thus, the bizarreness redoundeth upon ye.

                                                            I will say that despite what nickpsecurity had to say, the Pinboard comment seems to have generated some useful discussion.

                                                          2. 2

                                                            You might be confused about businesses vs. public corporations vs. capitalism etc.

                                                            You don’t have to try to be a paperclip maximizer just because all your friends are doing it.

                                                            1. 1

                                                              You don’t have to be a utility-maximizing agency-possessing actor in a space of probability vectors collapsed by intentions that precede any instruments ability to objectively measure intent by precisely the interval sustained by one’s observation of others just because all your friends are watching Nike commercials with you in a panopticon of meaningless exhortation to “Just do it” with attractive and scantily-clad 10-foot-tall athletes filling every screen.

                                                              JUST KIDDING YOU HAVE TO ;D

                                                            2. 1

                                                              How did they give hundreds of millions of dollars from their business if they weren’t a business? Or maybe just a business with a different focus?

                                                              Random-ish example whose products I enjoyed marked down or on sale. Recently Pineapple Salsa. The -ish part is there since delicious products do bias my coverage sometimes. :)

                                                              1. 2

                                                                I do want some pineapple salsa though, now that you mention it. How did it get so late writing unnecessary replies to unnecessary posts?

                                                                1. 1

                                                                  His point is that B2C, where instead of Business and Consumer you’re in an Imaginary and Dreamy Sustainable Community of Cocreators, is not a B2C but rather a IaDSCoC2IaDSCoC or whatever. see my other post. He is not saying Newman’s Own doesn’t exist, he’s saying Free Software in Drew DeVault’s conception of what that means and stands for and whatever is not, like, a cookie-cutter example of a B2C. Geez.

                                                            3. 10

                                                              Not everything has to be a hockey stick. Sometimes just making a living is enough.

                                                              1. 1

                                                                Sometimes just making a living is enough

                                                                but hes not though, is he. $1000 a month is not enough where I live.

                                                                1. 13

                                                                  Note that for my own part, my income comes from more sources than just Sourcehut. I have a breakdown here:

                                                                  https://drewdevault.com/donate

                                                                  And this is missing income from my new GitHub sponsors account, which is sitting at $25/mo right now. I also make money from occasional consulting on my various open source projects, mainly Wayland. I make a comfortable living.

                                                                  1. 3

                                                                    Well, he seems to be about to hire someone else, so it seems to be enough for him.

                                                                    1. 7

                                                                      That’s very important. Many people aren’t motivated by money. They have a goal that they want to hit, are comfortable with, whatever. Then, past that, they’re willing to overlook potential revenue to do something that matters to them.

                                                                      SirCmpwn seems so in that camp on top of what he says is a comfortable living. He’s willing to pass on some material opportunities to build things he believes in that might help other people, too. I respect that. Whether folks agree or not, it would help them to realize such people exist and factor it into their economic theories.

                                                              1. 10

                                                                I’m not a speedrunner or even a gamer, but you’d never know it from looking at my YouTube history. I love (and subscribe to) speedrunning and glitch channels pretty extensively…because they expose the game for what it is, and I like thinking about how the program itself was built, or what was missed to allow it to break in whatever way it did.

                                                                (Son of a Glitch come back, please.)

                                                                1. 4

                                                                  I love this attitude. It reminds me of the CharOp boards back during D&D 3.5. Given some conditions, how is it possible to break the game? There’s a thrill in it.

                                                                    1. 3

                                                                      I love TvTropes, and it’s surprisingly deep for a wiki “just” about pop culture.

                                                                1. 1

                                                                  This is why i read lobste.rs

                                                                  1. 7

                                                                    Oh boy, even more to add to this.

                                                                    The guy who created it, Curtis Yarvin is extremely right-wing and has been described as “the Alt right’s favorite philosophy instructor”.

                                                                    Big oof.

                                                                    1. 9

                                                                      Personally I’m fine with using, discussing and even contributing to a software system created by someone whose politics I don’t agree with.

                                                                      P.S. for anyone interested in a thoughtful, thorough criticism of Yarvin’s political philosophy, I recommend this Slate Star Codex article: https://slatestarcodex.com/2013/10/20/the-anti-reactionary-faq/

                                                                      1. 2

                                                                        Yeah. How much of your system runs GNU? (Rhetorical question.) Stallman isn’t less politically charged than Yarvin, even before the recent comments; the difference is that Stallman leaned left, which is more accepted in the affluent intellectually-oriented minds of software people

                                                                        1. 0

                                                                          From what I’ve seen Stallman leaned libertarian (socially left, fiscally right).

                                                                          1. 2

                                                                            I don’t think it’s accurate to describe Stallman as a libertarian. As far as I’m aware, he describes himself as a socialist and holds non-free-software-related political views that are generally consistent with the left wing of American politics, including fiscally. Many of his views on software freedom are consistent with some strains of libertarianism, but I think it’s ultimately a limitation of the “left-right” metaphor when talking about political beliefs to describe him as otherwise socially left, fiscally right.

                                                                      2. 4

                                                                        I was wondering how long it would be before someone would chime in with this tired bit of commentary.

                                                                        Every comment you’ve left in this thread has been inflammatory and off-topic. The Urbit guy wrote some things you don’t like. We get it. The weird thing to me is the most hysterical people who constantly yell at those they deem right-wing also have funny ideas about when prejudice is acceptable, i.e., punching down vs punching up, power dynamics, etc. How much authority or power do you think CY/MM has?

                                                                        This is a horrendously boring topic, and you have made this forum a more boring place for having brought it up. Please just stop. Let’s focus on technology.

                                                                        1. 3

                                                                          The piece of technology was founded by someone with very strong visions as to what society should be, which means that in the software, there are design decisions being made to align with this. In this case, there’s a very strange belief in a feudalistic system where - even if the names were changed from lords/dukes/etc. to galaxies/planets/etc. - this influence still exists in the software. I believe it bears mentioning.

                                                                          1. -1

                                                                            Would this wired bit of commentary upon commentary therefore be horrendously boring by transitivity or equally and oppositely – to be precise, horrendously – interesting?

                                                                            I almost wrote your exact comment, although mine, blessedly unposted, was the product of inimitable genius, dizzying charisma, and a thunderous thesaurus (not to mention my usual tediously unwelcome sardonic flippancy).

                                                                            That said, I do think someone is entitled to their opinions – and furthermore, while you called out a single dude[ette/???] (what’s the non-binary declension of this, perhaps dudezir?), mdszy, besides sharing with you the property of being named entirely consonants even in Welsh and Serbian, shares his/her/their opinion with a large number of woefully underrepresented-in-your-diatribe-against-tired-chimes folks. So I just wanted to let you know, helpfully, that additional context is necessary.

                                                                            Question: when you write, “[that is], punching down vs punching up, power dynamics, etc.,” what does that mean?

                                                                            PS I guess the “y” in mdszy is a fair pt of contention, but I think y behaves as a vowel only when it is pronounceable.

                                                                          2. 0

                                                                            Yep. He’s said some horrendous things and excluded a lot of people. I have no interest in this project if it can’t bring itself to align with the values of the community.

                                                                            1. 4

                                                                              The tendency to universalize one’s values creates a problematic blind spot for a great many people

                                                                              1. 1

                                                                                Kind of seems like it has, though? Or at least they kicked him out and erased his name from their public intro, probably other places. I guess it’s down to who exactly you mean by “the” community.

                                                                            1. 6

                                                                              From the “Your Last Computer” page:

                                                                              Imagine that you can login from anywhere with one simple, memorable name and password. And when you do, an entire OS appears for you. Inside is your whole digital life. Every conversation you’ve ever had, all your biometric data — every step and heartbeat. Your personal mesh of devices: your doors, your car, your irrigation. All of your communities, every message you’ve shared with friends and family. Every connection you’ve made and every archival piece of data, in one place. Secure and private, forever.

                                                                              Wow, no. Hell to the no.

                                                                              (Am I understanding correctly that this vast quantity of sensitive information would be stored in a public blockchain, protected only by non-quantum-safe encryption?)

                                                                              ETA: Also, from https://urbit.org/understanding-urbit/urbit-id/ it looks like they support only 4 billion Urbit IDs, which is already fewer than the number of people on the planet.

                                                                              1. 20

                                                                                To me it’s clear that the last 3 billion to sign up are considered non-people by the design of the system. They don’t deserve to participate as equals - they must act as servants or sharecroppers to the 4 billion “planet” addresses for access to Urbit.

                                                                                Urbit seeks to stratify it’s users into classes. This document by founder Curtis Yarvin describes the system as “digital feudalism.” https://github.com/cgyarvin/urbit/blob/6ac688960687aa9c89d4da6fff49a3125c10aca1/Spec/urbit/3-intro.txt

                                                                                The founder Curtis Yarvin wrote a “philosophy” blog for a while that describes his viewpoint as “neo-monarchism”.

                                                                                I looked for a summary of this context and found this Verge article from 2017: https://www.theverge.com/2017/2/21/14671978/alt-right-mencius-moldbug-urbit-curtis-yarvin-tlon

                                                                                1. 6

                                                                                  Currently the feudal lords of the internet are Zuck, Dorsey, etc. Urbit’s aim is to move users’ data from centralized servers at Facebook/Twitter datacenters into somewhere you personally control. The network governance is modeled after a republic, so it’s actually an improvement from what we have currently. And Yarvin is no longer part of the project, any of his philosophy has been stripped from Urbit (if it was ever there to begin with).

                                                                                  1. 7

                                                                                    I would assume, though, that Yarvin must be a Galaxy owner, giving him explicit power over what gets built and who gets added to the Urbit network.

                                                                                    The whole situation with Galaxies in general is problematic: it seems like they’re designed to lock in power over the network to 256 people, and there is no sanctioned way to transfer that power if the ruler does not want to give up their key. This is what people mean by “baking in” his philosophy into the design of Urbit.

                                                                                    1. 2

                                                                                      Galaxies can change hands like any other cryptographic asset. It just hasn’t been tried yet (afaik). Galaxies have power like ISPs have power, that doesn’t stop you from switching ISPs or running stuff on your own computer.

                                                                                      1. 6

                                                                                        Yes, and most people dislike their ISP.

                                                                                        More importantly, though, it’s not like there’s any hard reason you can’t have more ISPs. The internet is built to accommodate any number of them, it’s only the fact that it’s expensive that’s preventing competition.

                                                                                        Same with social networks today: there’s not much reason you can’t operate your own, and many people do, through Mastodon and the like. It’s only market forces that keep people on the small number of dominant networks.

                                                                                        Meanwhile in Urbit, it’s specifically designed such that a limited group of 256 people have dominion over everyone in the system. This group of people cannot be removed or competed against within the bounds of the system unless you convince them to sell their assets.

                                                                                        For a system that’s aiming to replace all computing, that’s a scary prospect.

                                                                                        And that’s only assuming that only one person will own each galaxy: we could easily see power consolidation via existing galaxy owners buying other galaxies.

                                                                                        Much as this page is getting high and mighty about the MEGACORP, I don’t see it as a preferable alternative.

                                                                                        1. 1

                                                                                          Very fair.

                                                                                          Except: are there 256 ISPs? I mean, nominally is one thing. Practically?

                                                                                          (I don’t know the answer to this question.)

                                                                                          1. 2

                                                                                            In any one location, likely no. Across the entire world, though, I wouldn’t be surprised if the number greatly exceeds 256, especially if you count cell phone service providers.

                                                                                            Urbit, in contrast, is intended to be a global system, and has a hard limit of 256 leaders for all people on their system.

                                                                                    2. 5

                                                                                      And Yarvin is no longer part of the project, any of his philosophy has been stripped from Urbit (if it was ever there to begin with).

                                                                                      The fundamental idea of Urbit (buried under the slick marketing, and the weird esoteric programming language) is digital scarcity - replicating the scarcity of physical land on this planet in cyberspace.[1] Once the system is up and running, those that control the land can extract rents, or exclude those under them from occupying land they control, or entering strategic partnerships with other land owners… this is where Yarvin/Moldbug’s ideals of “digital feudalism” are expressed.

                                                                                      “Normal” ideals of cyberspace assume that scarcity has no place there - stuff like information and software can be replicated endlessly at very little marginal cost. Urbit explicitely rejects this.

                                                                                      Now, I don’t have a problem with this concept intellectually. People have different ideals and projects for the future of digital governance. But hackers interested in contributing to Urbit should understand the trade-offs they would be making, as opposed to contributing to a more “mainstream” project.

                                                                                      [1] this is anologous to Bitcoin being considered “digital gold”.

                                                                                      1. 2

                                                                                        So you must also be against ICANN and their limited TLD designations? And against Twitter/Facebook for limiting users (shadow banning)?

                                                                                        1. 2

                                                                                          Where in my comment did I say anything that made you assume I hold the opinions you ascribe to me?

                                                                                          1. 2

                                                                                            These are also artificially scarce resources

                                                                                            1. 2

                                                                                              ICANN is insufficiently regulated and holds an artificial monopoly. There’s no technical limitation to prevent everyone on earth having their own TLD Edit apparently there is a hard-coded character limit to the TLD. That said, I welcome competition in this space and would like to see ICANN lose its monopoly.

                                                                                              Facebook and Twitter identities are not artificially limited de facto - the services are awash in bots.

                                                                                              And in any case, I stated the following:

                                                                                              […] I don’t have a problem with this concept intellectually. People have different ideals and projects for the future of digital governance.

                                                                                              I just wish that people pushing Urbit would be honest about the project’s ultimate goals.

                                                                                    3. 6

                                                                                      The most entertaining read about Curtis Yarvin is Neoreaction a Basilisk, by Elizabeth Sandifer. I found a good review of it, though I read it over a year ago.

                                                                                      1. 1

                                                                                        I backed this on Kickstarter, but I don’t think I’ve actually read it… thanks for the reminder!

                                                                                      2. 3

                                                                                        After seeing everyone start to gush over this for the past couple days I was legitimate wondering if this was the same project as the one I remember being described as ‘digital feudalism’.

                                                                                        This is a plain attempt for a few people to solidify their power over the next iteration of web technologies so I think it is absolutely legitimate to call out their philosophy (which, again some people in this thread are saying isn’t relevant). This is a power structure we can still opt-out of, and I’m inclined to do so.

                                                                                      3. 4

                                                                                        You are misunderstanding. Urbit does not store data on a blockchain. It uses a file system like Unix.

                                                                                        1. 4

                                                                                          So when they say « you can login from anywhere with one simple, memorable name and password », where is the « one place » that data is streaming down from?

                                                                                          1. 1

                                                                                            An Urbit server running wherever you have it running

                                                                                            1. 4

                                                                                              Wait, this implies that if your server is destroyed, you lose data. That’s incorrect, right? Everything in your server (node) is also stored across other nodes, and your node helps store other people’s data, right? Did I get this wrong?

                                                                                              1. 1

                                                                                                Afaik there is no replication currently, but you could certainly create an Urbit app that does the replication across certain machines. It would be a lot easier to make in Urbit than Linux because the network stack is tightly integrated with the rest of the programming environment.

                                                                                              2. 3

                                                                                                That seems like an extremely important thing to have mentioned in the first page or two, floating at least somewhere in all the Glorious Future marketing talk. -.-

                                                                                          2. 2

                                                                                            Regarding the 4B IDs, an ID is analogous to a phone number. There are about 4B active mobile phone numbers, and mobile phones seem to work ok, so it’ll probably work out https://www.statista.com/statistics/274774/forecast-of-mobile-phone-users-worldwide/

                                                                                            1. 4

                                                                                              From the way they talk about all this, it seems like they want it to last for an incredibly long time, they make it sound like they want it to last literally thousands+ years.

                                                                                              Sounds like the 4B limit isn’t really up to the task of lasting thousands of years and becoming an extremely widespread standard for computing.

                                                                                              1. 2

                                                                                                Let’s start with this decade first… increasing the 4B limit will be a good problem to have.

                                                                                          1. 3

                                                                                            I’ll be honest, I never in 100 years thought that my thread on TUHS would have such a wide ranging interest. The fact that it has hit ars technica and the reg is pretty damn staggering.

                                                                                            1. 1

                                                                                              You’re the one behind this? Mad props

                                                                                              1. 2

                                                                                                no, I just started the original thread :)

                                                                                                1. 2

                                                                                                  You shoulda left me sooo impressed, don’t let the truth get in the way of a good story ;)

                                                                                            1. 2

                                                                                              Well they already lost a while ago, so this is merely confirmation (overturn could have been significant). Somebody could find the older story and link here. Ostensibly it means that scraping is legal to an absurd (business-threatening, to LinkedIn) extent. Idk if that’s gonna pan out but that’s what people were saying a while ago after og ruling

                                                                                              1. 4

                                                                                                So, LinkedIn’s position was that although their users own their own profile data to which LinkedIn provides public access, other companies shouldn’t be allowed to make use of that public data which LinkedIn admittedly doesn’t own? That’s some chutzpah!

                                                                                                But if you ever wonder why some other social network sites claim ownership of their users’ data, this would help explain that.

                                                                                              1. 2

                                                                                                Wait, does 2^7^8 actually take four years on modern GPUs? Makes sense, but still longer than I expected.

                                                                                                1. 3

                                                                                                  Brute force is slow. That said - 400 GPUs could do it in 3.65 days, and you could rent that easily enough.

                                                                                                  1. 1

                                                                                                    Even if you get them for $1/h that would not come very cheap.

                                                                                                    1. 1

                                                                                                      Yeah, not at all. Unsalted hashes, though, so at least it’d produce a rainbow table holding every password you’d tried (to be applied very cheaply to other passwd files).

                                                                                                      1. 1

                                                                                                        I’ve been seeing headlines here and on the orange in the past couple years about spending $75.00 USD with AWS to, I can’t recall, crack anything or whatever. Wish I could look it up but no search-fu this morning. Do you know what I’m referring to, and if so, why or under what conditions it’s possible to do that (compared to spending four years like kqr exclaims above)? I get that increasing character set size is a building-up of the underlying mountain of math. Is that curve (of increase of time per additional character to get your three-letter thingies) exponential or logarithmic or what?

                                                                                                        Reason I’m asking is because “plenty of passwords” are “pretty long.” (Scare quotes to indicate my stupidity.) Does having an 8+ char password “pretty much preclude” bruteforce attacks? Or is it possible that some combos are “at the front of the rainbow table” and get cracked anyway? (I know the table is built as you go along, but I mean like, at the beginning of “the combinatoric pattern” or whatever that produces the table, the same randomly selected randomness “by chance” occurring in both the password generator and the password cracker or whatever…)

                                                                                                        I once had the opportunity to use john on a real-life computer system actually in use today that was, as john ironically notes in beginner documentation somewhere, “so ancient that anybody could go and view /etc/passwd” because no shadow file. I was “pretty surprised” how long some of the passwords took, and some were never cracked. I wasn’t using GPU acceleration, by which I mean a $1,000 AMD/NVIDIA thing. But it still had a baked-in GPU, obvo. To no avail (after a couple days or more, can’t remember). My question here is: does crypt(3) have vulnerableness compared to whatever the OpenBSD hipsters use nowadays due to its using some older curve, or lower SHA, or whatever, or something else? If it does, how come it’s just the character set blowing up that concomitantly explodes the time it takes for eg hashcat to win?

                                                                                                        In the dark ages of the pre-WWW ‘90s and earlier (I wasn’t alive), I’m guessing it took a certain amount of computation to generate passwords, which I’m guessing now is exponentially exceeded like everything in computing by the amount of computation it takes to do the same task, on a new curve, with a new CPU, or whatever. So why does it (still) take so long to crack some “sufficiently large-charsetted” crypt(3) thing…? When you say “bruteforce takes forever,” I’m like, lacking some context. If you can’t tell. :)

                                                                                                        1. 2

                                                                                                          EC2 offers GPUs for 5c per gb of ram per hour. $75 would get you 1500 hours of GPU time.

                                                                                                          1. 1

                                                                                                            Brute force still takes a long time on obsolete algorithms, long enough to be infeasible for many cases. However modern algorithms strive for universally impossible, not merely infeasible.

                                                                                                            Is that curve (of increase of time per additional character to get your three-letter thingies) exponential or logarithmic or what?

                                                                                                            Exponential.

                                                                                                            Does having an 8+ char password “pretty much preclude” bruteforce attacks? Or is it possible that some combos are “at the front of the rainbow table” and get cracked anyway?

                                                                                                            Common passwords and patterns definitely get checked first. For example, “password” is 8+ chars, but hardly secure no matter how strong an algorithm you use.

                                                                                                            whatever the OpenBSD hipsters use nowadays

                                                                                                            As far as I know, OpenBSD still uses bcrypt, an well known and widely used algorithm from 1999.

                                                                                                            1. 1

                                                                                                              Thanks!

                                                                                                              1. 1

                                                                                                                bcrypt is still quite good - features include:

                                                                                                                • always salts passwords, so rainbow tables don’t work
                                                                                                                • takes a ‘work factor’ parameter - increment this number to double the processing required. I’m 95% sure you can increase this without having access to the original password.
                                                                                                        2. 1

                                                                                                          Depends on what’s on the other side of the password, doesn’t it? For some passwords it could be a bargain!

                                                                                                    1. 4

                                                                                                      Ken, if you’re a lobste.rs user, we’d love to hear you weigh in. :)

                                                                                                          1. 3

                                                                                                            Hm. If I was Ken, I’d be grumpy at least, having to think of another password at the age of 76 ;) - and I cound not even pick another chess move, because these will be added to wordlists in no time.

                                                                                                            1. 15

                                                                                                              Well, the he doesn’t need to worry. He can get in without a password at all.

                                                                                                              1. 2

                                                                                                                This article was amazing

                                                                                                          1. 9

                                                                                                            I did a search and according to this tweet it’s a nascent project of Matt Lee, who was behind GNU social, and also a signatory on the joint statement that was being discussed the other day. I’m not sure what to make of it yet. I suspect a lot is going unsaid.

                                                                                                            1. 1

                                                                                                              Interesting!

                                                                                                              1. 0

                                                                                                                More details coming soon, I promise.

                                                                                                              1. 0

                                                                                                                All the cool kids are doing it

                                                                                                                1. 7

                                                                                                                  Flagged off-topic, this is internal org politics/drama.

                                                                                                                  • It technical? No. There is no code in this, there are no technical principles being conveyed. It’s a call to remove somebody.
                                                                                                                  • Is it actionable for most users? No. Only one user I’m aware of here (@JordiGH) has a direct stake in this, and has already acted.
                                                                                                                  • Is it covered elsehwere? Even in El Reg.

                                                                                                                  If you value this site, let me suggest that you please help keep drama submissions like this off. Flag early, flag often.

                                                                                                                  1. 6

                                                                                                                    It technical? No. There is no code in this, there are no technical principles being conveyed. It’s a call to remove somebody.

                                                                                                                    It is correctly tagged under ‘culture’, so this point is moot.

                                                                                                                    Is it actionable for most users? No. Only one user I’m aware of here (@JordiGH) has a direct stake in this, and has already acted.

                                                                                                                    Whether something is actionable or not does not belie whether it has interest for people.

                                                                                                                    1. 1

                                                                                                                      It is correctly tagged under ‘culture’, so this point is moot.

                                                                                                                      I don’t agree, obviously. Also, the culture tag is suspect.

                                                                                                                      Whether something is actionable or not does not belie whether it has interest for people.

                                                                                                                      All kinds of things are interesting but are off-topic for Lobsters. Mere interest is a painfully low bar–if that’s sufficient for you, the orange site might well enjoy your patronage.

                                                                                                                    2. 1

                                                                                                                      Flagged troll, this is waging your own personal culture war.

                                                                                                                      Just filter the ‘culture’ tag and be done with it, why don’t you?

                                                                                                                      1. 0

                                                                                                                        That isn’t what the troll flag is for, and you using it because you disagree lowers the utility of it for marking genuine bad-faith actors.

                                                                                                                      2. 0

                                                                                                                        Underrated post.

                                                                                                                        1. 1

                                                                                                                          There are a dozen people agreeing with you: ’ 38 comments | +38, -13 off-topic, -2 spam’ as of now. I did doubt to submit this, but I did so because the previous resignation also stirred up some discussion as I recall. I also only tagged it culture and nothing else.

                                                                                                                        1. 3

                                                                                                                          Many people are discussing paying $100 to defeat HDCP.

                                                                                                                          However, it seems like you can pay $15 to defeat HDCP. Confer: https://www.instructables.com/id/How-to-Bypassing-HDCP/

                                                                                                                          So, what is the $100 device? Does it do something other than act as a splitter?

                                                                                                                          1. 1

                                                                                                                            The linked one is a capture device. HDMI goes in, UAC goes out.