1. 4

    Man, I love the Dolphin reports. To be honest, I probably truly understand 10% of what’s going on. But the technical magic that happens in the reports is too good to pass up.

    1. 2

      I’m just amazed that there are still bugs left for them to do these writeups… But I’m not complaining, it’s a monthly delight to read these reports!

    1. 2

      Has anyone considered trying NTFS root filesystem yet? It might be an…. interesting alternative to partitioning for dual boots.

      1. 3

        I’m fairly certain it’s not possible due to different features between the filesystems - in particular no suid means sudo won’t work. I’m also not sure mapping to different users on Linux works properly, though I haven’t checked in a while.

        1. 1

          That can probably bevworked around with creative use of extended attributes, if someone really wants to do it.

          1. 1

            I’m pretty sure NTFS has something for setuid, since Interix supported it.

            1. 9

              NTFS is a lot like BeFS: the folks talking to the filesystem team didn’t provide a good set of requirements early on and so they ended up with something incredibly general. NTFS, like BeFS, is basically a key-value store, with two ways of storing values. Large values can (as with BeFS) be stored in disk blocks, small values are stored in a reserved region that looks a little bit like a FAT filesystem (BeFS stores them in the inode structure for the file).

              Everything is layered on top of this. Compression, encryption, and even simple things like directories, are built on top of the same low-level abstraction. This means that you can take a filesystem with encryption enabled and mount it with an old version of NT and it just won’t be able to read some things.

              This is also the big problem for anything claiming to ‘support NTFS’. It’s fairly easy to support reading and writing key-value pairs from an NTFS filesystem but full support means understanding what all of the keys mean and what needs updating for each operation. It’s fairly easy to define a key-value pair that means setuid, but if you’re dual booting and Windows is also using the filesystem then you may need to be careful to not accidentally lose that metadata.

              I also don’t know how the NTFS driver handles file ownership and permissions. In a typical *NIX filesystem, you have an small integer UID combined with a two-byte bitmap of permissions. You may also have ACLs, but they’re optional. In contrast, NTFS exposes owners as UUIDs (much larger than a uid that any *NIX program understands) and has only ACLs (which are not expressed with the same verbs as NFSv4 or POSIX ACLs), so you need some translation layer and need to be careful that this doesn’t introduce incompatibilities with the Windows system.

              You’re probably better off creating a loopback-mounted ext4 filesystem as a file in NTFS and just mounting the Windows home directory, if you want to dual boot and avoid repartitioning.

              Note that WSL1 uses NTFS and provides Linux-compatible semantics via a filter driver. If someone wants to reverse engineer how those are stored (wlspath gives the place they live in the UNC filesystem hierarchy) then you could probably have a Linux root FS that uses the same representation as WSL and also uses the same place in the UNC namespace so that Windows tools know that they’re special.

              1. 1

                What is used by WSL 2?

                1. 5

                  WSL2 is almost totally unrelated to WSL, it’s a Linux VM running on Hyper-V (I really wish they’d given WSL2 a different name). Its root FS is an ext4 block device (which is backed by a file on the NTFS file system). Shared folders are exported as 9p-over-VMBus from the host.

                  This is why the performance characteristics of WSL and WSL2 are almost exactly inverted. WSL1 has slow root FS access because it’s an NTFS filesystem with an extra filter driver adding POSIX semantics but the perf accessing the Windows FS is the same because it’s just another place in the NTFS filesystem namespace. WSL2 has fast access to the root FS because it’s a native Linux FS and the Linux VM layer is caching locally, but has much slower access to the host FS because it gets all of the overhead of NTFS, plus the overhead of serialising to an in-memory 9p transport, plus all of the overhead of the Linux VFS layer on top.

                  Hopefully at some point WSL will move to doing VirtIO over VMBus instead of 9p. The 9p filesystem semantics are not quite POSIX and the NTFS semantics are not 9p or POSIX, so you have two layers of impedance mismatch. With VirtIO over VMBus, the host could use the WSL interface to the NTFS filesystem and directly forward operations over a protocol that uses POSIX semantics.

                  There are some fun corner cases in the WSL filesystem view. For example, if you enable developer mode then ln -s in WSL will create an NTFS symbolic link. If you disable developer mode then unprivileged users aren’t allowed to create symbolic links (I have no idea why) and so WSL creates an NTFS junction. Nothing on the system other than WSL knows what to do with a junction that refers to a file (the rest of Windows will only ever create junctions that refer to directories) and so will report the symlink as a corrupted junction. This is actually a pretty good example of the split between being able to store key-value pairs and knowing what they mean in NTFS: both WSL and other Windows tools use the same key to identify a junction but WSL puts a value in that nothing else understands.

                  1. 1

                    Actual Linux filesystems. Because it’s just a Linux kernel, in Hyper-V, with dipping mustards.

            2. 2

              Why not go the other way around and boot Windows off of btrfs? :D

              1. 1

                This is only a proof of concept at this stage - don’t use this for anything serious.

                But really, why not, you have backups… right? :P

            1. 1

              A weird choice by Apple I think, to handle images differently. I wonder what this means in the future, with new technology, and whether it’ll really start staying behind.

              1. 12

                It’s not that weird; makes it easier for them to implement the codecs in one dylib that’s shared by all applications (saving RAM) and can use whatever hardware-specific stuff they use on various devices to codec the bits without exposing those implementation details to the world.

                1. 7

                  Indeed. Image codecs are an attack surface (a few jailbreaks were thanks to TIFF decoder), so it’s better to have fewer, better tested copies.

                  1. 1

                    And applications can use it, too. In TenFourFox we used the OS X AltiVec-accelerated built-in JPEG decoder to get faster JPEGs “for free.”

                  2. 6

                    From a user perspective I think it would be weirder if they didn’t do this – “oh you can view this image of type X in Safari but not Preview.app, because the decoder statically linked in the former, but Preview.app can render type Y quickly because it leverages the core OS codec dylib but Safari doesn’t include a decoder for that one, or it only has some ultra-slow battery-eating software decoder someone contributed to WebKit”.

                    Doing it in one shared set of libraries for everything means that support is consistent, it’s easier to audit attack surface across the board (which Apple already struggles with, so I’d hardly encourage them to increase that surface), and optimizations only need to happen in exactly one place to leverage GPU features or custom IC blocks on their mobile SOCs. For a mobile browser you really want as few pure-software decoders as you can get away with for battery life reasons (more-so for video than stills, but things like HEIF are starting to be reasonably heavyweight to decode without hardware support on image-heavy pages).

                  1. 2

                    This article doesn’t discuss, perhaps assuming as background knowledge, the reason that defined file formats are useful: They allow multiple different independent programs to operate on the same data.

                    For this reason, storing and associating the creator program (as MacOS does) has always seemed regressive to me. A file of well-defined type should have meaning independently of any particular program.

                    1. 9

                      That’s exactly what separating the creator from the type was meant to allow…

                      The creator specified the icon and the default application that would open if you didn’t specify another one. But applications chose to accept files based on the type, not the creator, so you didn’t have to have a one to one mapping of types to applications.

                      1. 1

                        There was a talk about this at a recent WWDC, talking about how this works in current macOS:

                        https://developer.apple.com/videos/play/tech-talks/10696

                      2. 2

                        I find the “pixel art vs photo editing” argument kind of compelling that even an extension/magic-based system has limitations.

                      1. 2

                        Your plan to have decent backups is good; your decision to have only three is baffling.

                        1. 1

                          I figure: what would I ever need to do with a fourth backup? Just seems paranoid. I’ll almost certainly always restore from the most recent anyways. Plus, I can always increase it in the future (and am open to changing it now, just can’t think of why I would).

                          1. 4

                            One real benefit to using tarsnap, specifically, is that tarsnap will deduplicate backed-up data across all backups. Deduplication doesn’t really help you if your server stores a rotating set of huge movies, but if you have a slowly-growing set of data, keeping old backups around is pretty much free.

                            1. 2

                              My backup scheme is:

                              • daily-01 to daily-31, these get overwritten as days progress.
                              • YYYY-MM, which never get overwritten.

                              The monthly snapshots are done on the first of every month.

                          1. 8

                            I wouldn’t mind nearly as much as I do if:

                            • they were targeted at the content of the page, not me
                            • they didn’t track me and my doings
                            • they were passive, with no javascript to waste my battery and speed up my fans

                            To say that ”with ads you pay with your attention” is to ignore the darkest sides of the ad industry.

                            1. 2

                              I once made a three-key keyboard where I first made an input filter for BeOS and created a log of every keystroke over a period of weeks that I then used to create a modified Huffman encoding based on the usage of the keys. It worked, but I can’t say it was very practical. Didn’t spend a lot of time trying to learn the alphabet, though, so maybe it could have been useful…

                              1. 2

                                That’s fantastic, why three and not two, though?

                                1. 2

                                  More fingers/keys means shorter sequences!

                                  In the data I generated I think the longest sequence was four or five keypresses to generate a character.

                              1. 3

                                Thank goodness. I am so effing tired of needing to download yet another terrible app just to do a simple task (this week’s example: paying for street parking in a town I’m visiting). Almost all mobile apps aren’t worth the storage space they take up on my phone, let alone the fact that I trust my browser’s sandboxing much more than native apps.

                                1. 2

                                  I trust Apple’s sandboxing well enough. But I 100% agree that random one-off apps should just be web apps. Or even just web pages. Why on earth should paying for street parking be an app at all? That’s a <form>.

                                  1. 1

                                    To keep your payment info safe, I guess.

                                    Anyway, even Apple agrees that not all app need to be installed, and created AppClips. I’m sure Android has something like it too.

                                    https://developer.apple.com/app-clips/

                                1. 9

                                  All I gathered from this blog post was “OpenSSL has incomprehensible error codes or the entire cert ecosystem is too complicated”.

                                  1. 20

                                    Correction: “OpenSSL has incomprehensible error codes AND the entire cert ecosystem is too complicated”

                                    I’m currently trying to figure out why connections between older stunnel/openssl versions and newer versions of the same software aren’t working. My current hypothesis is that the certificates used are “invalid” according to the newer versions, and because of this they refuse to use them as client certificates - but they do this silently, so the other end just sees a connection with no client certificate. Yum yum.

                                    1. 3

                                      While the cert ecosystem is complicated, openssl’s bad errors are what make it incomprehensible I think. I’ve spent a fair amount of time debugging TLS in different situations. OpenSSL and stunnel was sufficiently opaque and hard to debug that we ended up replacing it entirely with a version written in Go, which has a TLS stack that actually gives half-reasonable error messages.

                                      1. 3

                                        Absolute shot in the dark but how long are your keys? OpenSSL recently started erroring out when asked to use short keys, and that messed me up for a while. 2048 bit minimum for RSA, don’t know about any of the others off the top of my head. My code didn’t fail silently, but I was using Python and for all I know I only ever saw error messages because of that. Feel free to message me if you hit a dead end or just want to chat, I can’t promise I can help but happy to try.

                                        1. 3

                                          That’s one possible problem, thanks for the suggestion! One part of the system uses 1024 bit RSA keys, I think.

                                          Finding out about this kind of requirement seems to be on the level of “oh, I saw a comment on a Stack Overflow post about something remotely related”… Perhaps I just don’t know where to look.

                                      2. 2

                                        I actually ran into this problem last week and my takeaway was that Google’s server expects a server name indicator (SNI) in https requests; don’t know how familiar you are with TLS, but SNI can be sent by the client during negotiation to indicate which certificate the server should use. Handy for servers that host multiple domains and need to know which certificate to present before they receive a Host header. Anyway, if Google doesn’t get SNI it apparently falls back to a self-signed certificate that has this message buried in it, since it doesn’t know to use the www.google.com certificate or whatever.

                                        Edit: None of that actually justifies this outcome. Google’s doing something weird and nonstandard to draw attention to what it perceives as a defect (and probably 99% of the time, they’re right), because there’s no official way to raise the error they want to raise. How much of that is on Google and how much of that is on the ecosystem is debatable, but it creates a headache when the solution to “The server uses a self-signed certificate!” is “Send SNI in your client”, and also there’s no good way to look this up.

                                        1. 5

                                          In the age of cloud/CDNs everywhere, it’s safest to treat SNI as a hard requirement. Take Cloudfront as an example:

                                          % openssl s_client -connect cf.feitsui.com:443
                                          CONNECTED(00000006)
                                          4559363692:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/ssl/ssl_pkt.c:386:
                                          ---
                                          no peer certificate available
                                          ---
                                          No client certificate CA names sent
                                          ---
                                          SSL handshake has read 5 bytes and written 0 bytes
                                          ---
                                          
                                          % openssl s_client -connect cf.feitsui.com:443 -servername cf.feitsui.com
                                          CONNECTED(00000006)
                                          depth=4 C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
                                          verify return:1
                                          depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
                                          verify return:1
                                          depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
                                          verify return:1
                                          depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
                                          verify return:1
                                          depth=0 CN = *.cloudping.cloud
                                          verify return:1
                                          
                                          (...)
                                          

                                          It’s only really ancient clients that don’t support SNI - think IE on XP and Android 1, maybe? As a result you find SNI is often a requirement or CDNs give the option to pay extra for the dedicated IP you need for non-SNI connections. I know Cloudfront charges $600 a month for dedicated IPs/SSL certificates, and I know others (Fastly, Cloudflare, etc.) charge as well.

                                          And your server would have to be dangerously old (think “pre-dating TLS”) to not support it.

                                          1. 3

                                            Android got SNI support around 2011 in versions 3 and later. Internet Explorer on Windows XP would have been the last holdout. I can’t imagine either of those can effectively use the internet today, especially given they’re both TLS 1.0 only clients and many servers require TLS 1.2 or later; at least anything under PCI-DSS scope.

                                      1. 8

                                        In the Arduino world, everything is done in C++, a language which is almost never used on 8-bit microcontrollers outside of this setting because it adds significant complexity to the toolchain and overhead to the compiled code.

                                        I don’t buy this. C++ is C with extra features available on the principle that you only pay for what you use. (The exception [sic] being exceptions, which you pay for unless you disable them, which a lot of projects do.)

                                        The main feature is classes, and those are pretty damn useful; they’re about the only C++ feature Arduino exposes. There is zero overhead to using classes unless you start also using virtual methods.

                                        The C++ library classes will most definitely bloat your code — templates are known for that — but again, you don’t have to use any of them.

                                        (Aside: can someone explain why anyone’s still using 8-bit MCUs? There are so many dirt cheap and low-power 32-bit SoCs now, what advantage do the old 8-but ones still have?)

                                        1. 9

                                          (Aside: can someone explain why anyone’s still using 8-bit MCUs? There are so many dirt cheap and low-power 32-bit SoCs now, what advantage do the old 8-but ones still have?)

                                          They’re significantly cheaper and easier to design with (and thus less pretentious in terms for layout, power supply parameters, fabrication and so on). All of these are extremely significant factors for consumer products, where margins are extremely small and fabrication batches are large.

                                          Edit: as for C++, I’m with the post’s author here – I’ve seen it used on 8-bit MCUs maybe two or three times in the last 15 years, and I could never understand why it was used. If you’re going to use C++ without any of the ++ features except for classes, and even then you still have to be careful not to do whatever you shouldn’t do with classes in C++ this year, you might as well use C.

                                          1. 3
                                            • RAII is a huge help in ensuring cleanup of resources, like freeing memory.
                                            • Utilities like unique_ptr help prevent memory errors.
                                            • References (&) aren’t a cure-all for null-pointer bugs, but they do help.
                                            • The organizational and naming benefits of classes, parameter overloading and default parameters are significant IMO. stream->close() vs having to remember IOWriteStreamClose(stream, true, kDefaultIOWriteStreamCloseMode).
                                            • As @david_chisnall says, templates can be used (carefully!) to produce super optimized type-safe abstractions, and to move some work to compile-time.
                                            • Something I only recently learned is that for (x : collection) even works with C arrays, saving you from having to figure out the size of the array in more-or-less fragile ways.
                                            • Forward references to functions work inside class declarations.

                                            I could probably keep coming up with benefits for another hour if I tried. Any time I’m forced to write in C it’s like being given those blunt scissors they use in kindergarten.

                                            1. 2

                                              The memory safety/RAII arguments are excellent generic arguments but there are extremely few scenarios in which embedded firmware running on an 8-bit MCU would be allocating memory in the first place, let alone freeing it! At this level RAII is usually done by allocating everything statically and releasing resources by catching fire, and not because of performance reasons (edit: to be clear, I’ve worked on several projects where no code that malloc-ed memory would pass the linter, let alone get to a code review – where it definitely wouldn’t have passed). Consequently, you also rarely have to figure out the size of an array in “more-or-less fragile ways”, and it’s pretty hard to pass null pointers, too.

                                              The organisational and naming benefits of classes & co. are definitely a good non-generic argument and I’ve definitely seen a lot of embedded code that could benefit from that. However, they also hinge primarily on programmer discipline. Someone who ends up with IOWriteStreamClose(stream, true, kDefaultIOWriteStreamCloseMode) rather than stream_close(stream) is unlikely to end up with stream->close(), either. Also, code that generic is pretty uncommon per se. The kind of code that runs in 8-16 KB of ROM and 1-2 KB of RAM is rarely so general-purpose as to need an abstraction like an IOWriteStream.

                                              1. 2

                                                I agree that you don’t often allocate memory in a low-end MCU, but RAII is about resources, not just memory. For example, I wrote some C++ code for controlling an LED strip from a Cortex M0 and used RAII to send the start and stop messages, so by construction there was no way for me to send a start message and not send an end message in the same scope.

                                                1. 1

                                                  That’s one of the neater things that C++ allows for and I liked it a lot back in my C++ fanboy days (and it’s one of the reasons why I didn’t get why C++ wasn’t more popular for these things 15+ years ago, too). I realise this is more in “personal preferences” land so I hope this doesn’t come across as obtuse (I’ve redrafted this comment 3 times to make sure it doesn’t but you never know…)

                                                  In my experience, and speaking many years after C++-11 happened and I’m no longer as enthusiastic about it, using language features to manage hardware contexts is awesome right up until it’s not. For example, enforcing things like timing constraints in your destructors, so that they do the right thing when they’re automatically called at the end of the current scope no matter what happens inside the scope, is pretty hairy (e.g. some ADC needs to get the “sleep” command at least 50 uS after the last command, unless that command was a one-shot conversion because it ignores commands while it converts, in which case you have to wait for a successful conversion, or a conversion timeout (in which case you have to clear the conversion flag manually) before sending a new command). This is just one example but there are many other pitfalls (communication over bus multiplexers, finalisation that has to be coordinated across several hardware peripherals etc.)

                                                  As soon as you meet hardware that wasn’t designed so that it’s easy to code against in this particular fashion, there’s often a bigger chance that you’ll screw up code that’s supposed to implicitly do the right thing in case you forget to “release” resources correctly than that you’ll forget to release the resources in the first place. Your destructors end up being 10% releasing resources and 90% examining internal state to figure out how to release them – even though you already “know” everything about that in the scope at the end of which the destructor is implicitly called. It’s bug-prone code that’s difficult to review and test, which is supposed to protect you against things that are quite easily caught both at review and during testing.

                                                  Also, even when it’s well-intentioned, “implicit behaviour” (as in code that does more things than the statements in the scope you’re examining tell you it does) of any kind is really unpleasant to deal with. It’s hard to review and compare against data sheets/application notes/reference manuals, logic analyser outputs and so on.

                                                  FWIW, I don’t think this is a language failure as in “C++ sucks”. I’ve long come to my senses and I think it does but I don’t know of any language that easily gets these things right. General-purpose programming languages are built to coordinate instruction execution on a CPU, I don’t know of any language that allows you to say “call the code in this destructor 50us after the scope is destroyed”.

                                          2. 7

                                            While you can of course can put a 32 bit SoC on everything, in many cares 8 bitters are simpler to integrate into the hardware designs. A very practical point, is that many 8 bitters are still available in DIP which leads to easier assembly of smaller runs.

                                            1. 5

                                              Aside: can someone explain why anyone’s still using 8-bit MCUs? There are so many dirt cheap and low-power 32-bit SoCs now, what advantage do the old 8-but ones still have?

                                              They’re dirt cheaper and lower power. 30 cents each isn’t an unreasonable price.

                                              1. 3

                                                You can get Cortex M0 MCUs for about a dollar, so the price difference isn’t huge. Depending on how many units you’re going to produce, it might be insignificant.

                                                It’s probably a question of what you’re used to, but at least for me working with a 32 bit device is a lot easier and quicker. Those development hours saved pay for the fancier MCUs, at least until the number of produced units gets large. Fortunately most of our products are in the thousands of units…

                                                1. 9

                                                  a 3x increase in price is huge if you’re buying lots of them for some product you’re making.

                                                  1. 4

                                                    Sure, but how many people buying in bulk are using an Arduino (the original point of comparison)?

                                                    1. 2

                                                      I mean, the example they gave was prototyping for a product..

                                                  2. 6

                                                    If you’re making a million devices (imagine a phone charger sold at every gas station, corner store, and pharmacy in the civilized world), that $700k could’ve bought a lot of engineer hours, and the extra power consumption adds up with that many devices too.

                                                  3. 2

                                                    The license fee for a Cortex M0 is 1¢ per device. The area is about the size of a pad on a cheap process, so the cost both of licensing and fabrication is pretty much as close to the minimum cost of producing any IC.

                                                    1. 1

                                                      The license fee for a Cortex M0 is 1¢ per device.

                                                      This (ARM licensing cost) is an interesting datapoint I have been trying to get for a while. What’s your source?

                                                      1. 2

                                                        A quick look at the Arm web site tells me I’m out of data. This was from Arm’s press release at the launch of the Cortex M0.

                                                        1. 1

                                                          Damn. Figures.

                                                    2. 1

                                                      Could you name a couple of “good” 8-bit MCUs? I realized it’s been a while since I looked at them, and it would be interesting to compare my preferred choices to what the 8-bit world has to offer.

                                                    3. 2

                                                      you only pay for what you use

                                                      Unfortunately many arduino libraries do use these features - often at significant cost.

                                                      1. 2

                                                        I’ve not used Arduino, but I’ve played with C++ for embedded development on a Cortex M0 board with 16 KiB of RAM and had no problem producing binaries that used less than half of this. If you’re writing C++ for an embedded system, the biggest benefits are being able to use templates that provide type-safe abstractions but are all inlined at compile time and end up giving tiny amounts of code. Even outside of the embedded space, we use C++ templates extensively in snmalloc, yet in spite of being highly generic code and using multiple classes to provide the malloc implementation, the fast path compiles down to around 15 x86 instructions.

                                                      1. 5

                                                        The problem is that most sites are relying on ad revenue. If this does not change, the situation will not change. Web ads are only worth as much because they are personalized.

                                                        I think there needs to be a service/interface which transmit a small amount of money to the website owner per visit. The amount should roughly be what the ad company pays the website owner nowadays. No sign ups per website. Currently if I want to watch one video on YouTube ad-free or read an article behind a paywall I need a full subscription. This would make the web user oriented instead of ad oriented. The problem here is that so many users (including me) are so used to the fact that most of the content on the internet is free.

                                                        1. 12

                                                          This would make the web user oriented instead of ad oriented.

                                                          Well, it would make the web wealthy-user oriented, anyway. Ad-supported models have the (in my opinion) highly desirable characteristic of not restricting access to information based on the viewer’s income level because ad revenue is aggregated across the entire user base.

                                                          Discussions about moving toward an ad-free micropayments model, from what I’ve seen, generally assume that everyone has enough disposable income to replace their share of the ad money, but the Internet is global. A resource that is priced at a level such that a German user pays for it without a second thought may be prohibitively expensive to someone in rural Kenya trying to use the web on their cheap Android phone to educate themselves out of subsistence farming.

                                                          1. 2

                                                            Thanks for your response. I might want to add two thoughts:

                                                            1. The same pricing mechanism also applies to ads (especially targeted ads). Companies pay according to the possible revenue of a future customer. Also like other online services there could be different prices, depending on your country (e.g. Netflix). Sadly this is not compatible with an anonymous service.
                                                            2. This proposal would not be mandatory, but an alternative way to browse websites.
                                                            1. 1

                                                              /save

                                                            2. 7

                                                              It somehow worked in 2000s, when ads were linked to page content, not to dossier on user.

                                                              I doubt if current targeting technology works at all, I always see ads completely unrelated to my interests and needs.

                                                              1. 1

                                                                Content targeted ads aren’t possible to do when the user visits eg facebook.com or some similar aggregator; it’s not possible to know what content is shown at a particular URL. So the site owner is the only one who can match ads to content, but then they need to know more about the user by tracking them on other sites.

                                                                Content/URL targeted ads require that URL contents don’t change, basically, and that the content is accessible to the ad companies’ classifiers and scanners. This doesn’t work well with timeline based sites.

                                                                1. 1

                                                                  The 2000s was a very wealth-based web. Many poorer households even in developed countries didn’t have computers at home, and having broadband was hit-or-miss. Developing countries only really embraced the internet en masse after mobile phones became cheap and ubiquitous.

                                                                2. 4

                                                                  The received wisdom is that sites make all their money from advertising but I’d be interested to see numbers on what that looks like today.

                                                                  Sites (YouTube included, as you mentioned) are increasingly pushing subscription models and I suspect it is because ad revenue is actually not brilliant - unless you’re Google or Facebook, because you are providing the ads and you’ve virtually cornered the market between you.

                                                                  Certainly when I worked for a major newspaper, management were in the process of realising that online ads would not bring in the profits they wanted and could not replace subscription revenue.

                                                                  All that said, even if I’m right, not everyone will be easily convinced. There are sunk costs, advertisers who rely on the market, and no clear alternative business model for the web at the moment.

                                                                  Something like what you suggest might be the most palatable option.

                                                                  1. 4

                                                                    I wish it were so but check the annual reports that Alphabet, Facebook, etc. file with the SEC. Ads account for an overwhelming proportion of their revenue.

                                                                    There are good reasons for them to offer subscriptions as well. Maybe it’s a hedge against the ad bubble bursting, maybe it serves a particularly desirable group of consumers, maybe investors like it, or maybe it keeps the regulators away. I don’t know.

                                                                    1. 3

                                                                      Alphabet and Facebook are precisely the companies that @owent predicted would be making money from ads. They’re talking about everyone else: news sites, blogs, forums, etc. Are they getting much money from ads? Could they do better with subscriptions or another revenue model?

                                                                      Personally, most of the sites I use are either paid for by their owners out of charity, vanity or self-interest or they are supported by subscriptions, or product sales. Exceptions include reddit (which is mostly a time-vampire anyway), youtube, stackoverflow (whose ads don’t seem that obnoxious), and search engines.

                                                                1. 2

                                                                  I mostly use Apple Magic Keyboards with numpad (old wired one at home and the wireless one at the office).

                                                                  I’ve considered a Keychron K1 (87 key), but for now I’m waiting for them to release an ISO Nordic variant.

                                                                  1. 3

                                                                    I don’t defend the American date shorthand format on any grounds other than that it’s what I’ve used all my life. I agree that in any kind of programming context or any context where people from outside the US might see it, you should go with the unambiguous and standardized ISO 8601 date representation. But I’m not gonna stop scrawling 2/26/21 when I need to date a check or something, Europeans be damned (also don’t Europeans no longer use checks? that’s another American thing I don’t defend).

                                                                    1. 3

                                                                      I think it’s interesting that checks are still used the US, it’s so… antique. Last time I saw a check was the single time in several years I worked in a game store in the early 00s that someone wanted to pay using one. It took us a while to figure out if we accepted checks and how to handle it.

                                                                      In Sweden we’ve since gone one step further and basically no longer use cash. My guess is that it’s mostly 90+ year olds who still use it, and maybe allowances for kids under 7 who can’t have their own Mastercard and Swish.

                                                                      There’s a fair chance that this is something we’ll regret at one point, but we’ll see… very convenient until that day comes, at least!

                                                                    1. 36

                                                                      Tangentially related, it seems like macOS on M1 swaps very enthusiastically, to the point of possibly bringing SSD life well under a year: https://twitter.com/marcan42/status/1361151198921826308

                                                                      (I didn’t want to post a twitter thread as a submission, but seems like it may be of interest.)

                                                                      As marcan42 points out in the thread, this is clearly an OS software issue so it should be patchable in software as well.

                                                                      1. 11

                                                                        Interesting. I’m up to 5.4TBW; kernel_task has written 69.5GB (!) in 3 days 1 hour of uptime. One to keep an eye on; thanks for sharing.

                                                                        1. 8

                                                                          This is madness, I’ve only managed 15 TBW on a Samsung 970 EVO 1TB on an extremely heavily used laptop in 28 months, under 2% the drive’s warrantied TBW, and keenly aware I’ve been hammering the drive at various points. That also includes 2 h00j VMware VMs

                                                                        2. 16

                                                                          Not a big problem, just swap out the SSD of your MacBook when it’s dead. Oh wait, it can’t be replaced :/ Another reason to support Right To Repait.

                                                                          1. 5

                                                                            This might be controversial, but I think you’re just watching what happens when miniaturization and integration happens. The SSD on these is basically directly connected to the FSB, and that contributes to the performance of it. How do you make that replaceable effectively?

                                                                            Your ALU used to be a discrete, replaceable component. Then it became integrated. Then L2 cache. Should it stop, especially if integration can make things more reliable (i.e RAM slot failure)?

                                                                            1. 5

                                                                              I think “things that are consumables” such as batteries are those things that absolutely must be replaceable. SSD’s fit that category because they actually wear out over time.

                                                                              But I think you raise good points about other discrete components, not being able to upgrade my RAM sucks, but if it’s more reliable, performant, cheaper and uses less power than alternatives, then it’s a compelling choice.

                                                                              1. 5

                                                                                I agree that this is miniaturization and integration, but I’d argue it’s not strictly necessary for performance.

                                                                                AFAIK the M1 RAM is LPDDR4X-4266 and you can buy DIMMs[*] in this specification as well. The SSD is NVMe and as far as I know there’s nothing special about the signalling compared to an off-the-shelf NVMe SSD.

                                                                                integration can make things more reliable (i.e RAM slot failure)

                                                                                I don’t have any numbers to back this up, but my gut feeling is that in the average upgradable laptop the number of lifetime failures that require replacing the RAM is going to be equal or higher than the number of lifetime failures that require replacing the RAM slot - so there’s a gain and a loss here.

                                                                                I’d suggest it boils down to three things:

                                                                                • Integrating everything on one board (or one package in the case of the RAM) is cheaper to design, manufacture and test.
                                                                                • Integrating everything makes the product smaller and slimmer, and portable device consumers love slim products (as do Apple industrial designers, it would seem).
                                                                                • Upgrading or repairing laptop internals is not something the majority of laptop customers plan to ever do (unfortunately), and there is no other regulatory pressure requiring this (which brings us back to Right to Repair).

                                                                                [*] EDIT: I originally thought you could buy SO-DIMMs in this spec, but maybe only DIMMs. I think it’d be technically possible to have a small size & replaceable standard for these, but maybe the industry is going with soldered RAM to the extent that it doesn’t exist.

                                                                                1. 1

                                                                                  I wonder how much putting RAM on as an MCM lets them run LPDDR at those speeds/latencies.

                                                                                2. 1

                                                                                  especially if integration can make things more reliable (i.e RAM slot failure)?

                                                                                  And yet, the only failing RAM I had in a machine in the last 10 years was a MacBook Pro with on-board RAM. If the machine actually had a DIMM slot, it could’ve been replaced without replacing the whole logic board. (Since the MacBook Pro was just two days old, they replaced the whole system, of course.)

                                                                              2. 2

                                                                                This comment should be a separate post by itself. Thank you for the heads up!

                                                                                1. 2

                                                                                  Not a problem on mine somehow (918GB writes in 6 weeks).

                                                                                  1. 2

                                                                                    I’m second thinking getting an M1 now, maybe I’ll wait for this to be fixed. Hopefully, in time for the new macbook pros. :p

                                                                                    Still my current Linux laptop is 4 years old, and has <10TB TBW on its nvme. I haven’t used it a lot in the past 6 months but it has been in used daily before that. So, 918GB in six weeks still seems like a lot.

                                                                                    1. 2

                                                                                      shurg

                                                                                      Just checked my 3.5 year old MB12, it had 27.5TB writes over 182-ish weeks, which is roughly 0.9TB/6W. So yeah, it’s normal.

                                                                                      1. 1

                                                                                        I’ve had a 2019 MBP from work for almost a year now, and I’m at 65.8 TB written. I don’t think this is an M1 problem so much as a macOS problem (if indeed it’s actually a problem).

                                                                                        1. 1

                                                                                          Yes it’s certainly an OS issue.

                                                                                          Could be some combination of usage patterns with memory configuration. Like I don’t do npm or use any heavyweight IDEs, maybe they provoke the system to swapping out more.

                                                                                        2. 1

                                                                                          FWIW smartctl claims 27 TB written on my mid-2012 MBA11. I’m no expert, but I think my wearout is all zeroed out. Can’t upgrade past 10.15, not sure if OS matters.

                                                                                    2. 1

                                                                                      I have had this experience with macOS (VM) in general, testing my memory profiler’s OOM detection (https://pythonspeed.com/fil). it seems much more aggressive about swapping than Linux, to the point where I needed to come up with a different heuristic.

                                                                                    1. 4

                                                                                      Well, interesting:

                                                                                      $ time ./configure     --with-xpm=ifavailable --with-jpeg=ifavailable --with-gif=ifavailable --with-tiff=ifavailable --with-gnutls=ifavailable
                                                                                      checking for xcrun... xcrun
                                                                                      checking for make... yes
                                                                                      checking for GNU Make... make
                                                                                      checking build system type... arm-apple-darwin20.2.0
                                                                                      checking host system type... arm-apple-darwin20.2.0
                                                                                      configure: error: Emacs does not support 'arm-apple-darwin20.2.0' systems.
                                                                                      If you think it should, please send a report to bug-gnu-emacs@gnu.org.
                                                                                      Check 'etc/MACHINES' for recognized configuration names.
                                                                                      ./configure --with-xpm=ifavailable --with-jpeg=ifavailable     0.09s user 0.17s system 36% cpu 0.685 total
                                                                                      FAIL: 1
                                                                                      

                                                                                      Did OP compile it under the Rosetta emulation?

                                                                                      1. 2

                                                                                        You might want to find a different source of source code:

                                                                                        https://amitp.blogspot.com/2020/11/building-emacs-27-on-apple-arm-m1.html

                                                                                        Seems like there’s work in progress, but perhaps not finished yet.

                                                                                        1. 1

                                                                                          I’m curious, is that the right target triple? The arm bit generally means 32-bit Arm, arm64 is more common for 64-bit Arm (and even on 32-bit, you’re more likely to see something like armv7 than plain arm). The darwin bit is also interesting. Apple uses macos in their target triples so that the triple can differentiate between macOS, iOS, watchOS, and iPadOS.

                                                                                          1. 1

                                                                                            I’m not an expert on autotools, but from a quick research I can see that the arm part is taken from uname -p:

                                                                                            $ uname -p
                                                                                            arm
                                                                                            

                                                                                            Next, apple-darwin is hardcoded in build-aux/config.guess:

                                                                                              1368     echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
                                                                                            

                                                                                            and 20.2.0, or $UNAME_RELEASE is uname -r:

                                                                                            $ uname -r
                                                                                            20.2.0
                                                                                            

                                                                                            My guess is that it’s just autotools that uses such triple, not Apple (I wouldn’t bet my money on it though :D)

                                                                                            1. 1

                                                                                              If you run clang -v, what does it say for the ’Target: ’ line?

                                                                                        1. 34

                                                                                          Disclaimer: I represent a GitHub competitor.

                                                                                          The opening characterization of GitHub detractors is disingenuous:

                                                                                          The reasons for being against GitHub hosting tend to be one or more of:

                                                                                          1. it is an evil proprietary platform
                                                                                          2. it is run by Microsoft and they are evil
                                                                                          3. GitHub is American thus evil

                                                                                          GitHub collaborated with US immigration and customs enforcement under the Trump administration, which is a highly controversial organization with severe allegations of “evil”. GitHub also recently fired a Jewish employee for characterising armed insurrectionists wearing Nazi propeganda as Nazis.

                                                                                          It’s not nice to belittle the principles of people who have valid reasons to cite ethical criticisms of GitHub. Even if you like the workflow and convenience, which is Daniel’s main justification, other platforms offer the same conveniences. As project leaders, we have a responsibility to support platforms which align with our values. There are valid ethical and philosophical complaints about GitHub, and dismissing them because of convenience and developer inertia is cowardly.

                                                                                          1. 27

                                                                                            GitHub collaborated with US immigration and customs enforcement under the Trump administration

                                                                                            This makes it sound worse than it actually was, ICE bought a Github Enterprise Server license through a reseller. Github then tried to compensate by donating 500.000$ to “nonprofit organizations working to support immigrant communities”.

                                                                                            … other platforms offer the same conveniences.

                                                                                            Maybe, but they definitely lack the networking effect that was one of main points for curl to use Github.

                                                                                            1. 24

                                                                                              The inconsistency is what kills me here. Allowing ICE to have an account became a heinous crime against neoliberalism, meanwhile how many tech companies openly collaborated with the US military while we killed a million innocent people in Iraq? Or what about Microsoft collaborating with our governments surveillance efforts?

                                                                                              I’m not even engaging in what-about-ism here in the sense that you must be outraged at all the things or none. I’m suggesting that ICE outrage is ridiculous in the face of everything else the US government does.

                                                                                              Pick less ridiculous boogeymen please.

                                                                                              1. 20

                                                                                                I see a lot of the same people (including myself) protesting all of these things…

                                                                                                I feel like I should say something to make this remark longer, and less likely to be taken as hostile, but that’s really all I have to say. Vast numbers of people are consistently opposing all the things you object to. If you’re attempting to suggest that people are picking only one issue to care about and ignoring the other closely related issues, that’s simply wrong - factually, that is not what is happening. If you’re not trying to suggest that, I don’t understand the purpose of your complaint.

                                                                                                1. 13

                                                                                                  The inconsistency is what kills me here.

                                                                                                  Also:

                                                                                                  1. Free Software and Open Source should never discriminate against fields of endeavour!
                                                                                                  2. GitHub should discriminate against this particular organisation!

                                                                                                  and:

                                                                                                  1. We need decentralised systems that are resistant to centralised organisation dictating who can or can’t use the service!
                                                                                                  2. GitHub should use its centralised position to deny this service to this particular organisation!

                                                                                                  Anyway, how exactly will curl moving away from GitHub or GitHub stopping their ICE contract help the people victimized by ICE? I don’t see how it does, and the entire thing seems like a distraction to me. Fix the politics instead.

                                                                                                  1. 14

                                                                                                    Is some ideological notion of consistency supposed to weigh more heavily than harm reduction in one’s ontological calculus? Does “not discriminating against a field of endeavor” even hold inherent virtue? The “who” and “on what grounds” give the practice meaning.

                                                                                                    If I endeavor to teach computer science to under-served groups, and one discriminated against my practice due to bigotry, then that’s bad. If I endeavor to make a ton of money by providing tools and infrastructure to a power structure which seeks to violate the human rights of vulnerable populations, you would be right to “discriminate” against my endeavor.

                                                                                                    Anyway, how exactly will curl moving away from GitHub or GitHub stopping their ICE contract help the people victimized by ICE?

                                                                                                    I don’t think anyone here has suggested that if curl were to move away from github that it would have an appreciable or conclusive impact on ICE and it’s victims. The point of refusing to work for or with with ice or their enablers is mainly to raise awareness of the issue and to build public opposition to them, which is a form of direct action - “fixing the politics” as you put it. It’s easy to laugh at and dismiss people making noise online, or walking out of work, or writing a heated blog post, but as we’ve seen over the last decade, online movements are powerful forces in democratic society.

                                                                                                    1. 8

                                                                                                      Is some ideological notion of consistency supposed to weigh more heavily than harm reduction in one’s ontological calculus?

                                                                                                      If you’re first going to argue that 1) is unethical and should absolutely never be done by anyone and then the next day you argue that 2), which is in direct contradiction to 1), is unethical and should absolutely never be done by anyone then I think there’s a bit of a problem, yes.

                                                                                                      Because at this point you’re no longer having a conversation about what is or isn’t moral, and what the best actions are to combat injustices, or any of these things, instead you’re just trying to badger people in to accepting your viewpoint on a particular narrow issue.

                                                                                                      1. 3

                                                                                                        If you’re first going to argue that 1) is unethical and should absolutely never be done by anyone and then the next day you argue that 2), which is in direct contradiction to 1), is unethical and should absolutely never be done by anyone then I think there’s a bit of a problem, yes.

                                                                                                        does anyone say that though

                                                                                                    2. 12

                                                                                                      Your first two points are a good explanation of the tension between the Open Source and Ethical Source movements. I think everyone close to the issue is in agreement that, yes, discriminating against militant nationalism is a form of discrimination, just one that ought to happen.

                                                                                                      There was some open conflict last year between the Open Source Institute, and the group that became the Organization for Ethical Source. See https://ethicalsource.dev/ for some of the details.

                                                                                                      Your second two points, also, highlight a real and important concern, and you’ve stated it well. I’m personally against centralized infrastructure, including GitHub. I very much want the world to move to decentralized technical platforms in which there would be no single entity that holds the power that corporations presently do. However, while centralized power structures exist, I don’t want those structures to be neutral to injustice. To do that is to side with the oppressor.

                                                                                                      (Edit: I somehow wrote “every” instead of “everyone”. Too many editing passes, I guess. Oops.)

                                                                                                      1. 11

                                                                                                        To clarify: this wasn’t really intended as a defence of either the first or second points in contradictions, I just wanted to point out that people’s views on this are rather inconsistent, to highlight that the issue is rather more complex than some people portray it as. To be fair, most people’s worldviews are inconsistent to some degree, mine certainly are, but then again I also don’t make bold absolute statements about these sort of things and insult people who don’t fit in that.

                                                                                                        I think that both these issues are essentially unsolvable; similar to how we all want every criminal to be convicted but also want zero innocent people to be convicted unjustly. This doesn’t mean we shouldn’t try, but we should keep a level head about what we can and can’t achieve, and what the trade-offs are.

                                                                                                        I don’t want those structures to be neutral to injustice. To do that is to side with the oppressor.

                                                                                                        In Dutch we have a saying I rather like: “being a mayor in wartime”. This refers to the dilemma of mayors (and journalists, police, and so forth) during the German occupation. To stay in your position would be to collaborate with the Nazis; but to resign would mean being replaced with a Nazi sympathizer. By staying you could at least sort of try to influence things. This is a really narrow line to walk though, and discussions about who was or wasn’t “wrong” during the war continue to this day.

                                                                                                        I don’t think GitHub is necessarily “neutral to injustice”, just like the mayors during the war weren’t. I know people love to portray GitHub as this big evil company, but my impression is that GitHub is actually not all that bad; I mean, how many other CEOs would have joined youtube-dl’s IRC channel to apologize for the shitty situation they’re in? Or would have spent time securing a special contract to provide service to Iranian people? Or went out of their way to add features to rename the default branch?

                                                                                                        But there is a limit to what is reasonable; no person or company can be unneutral to all forms of injustice; it would be debilitating. You have to pick your battles; ICE is a battle people picked, and IMO it’s completely the wrong one: what good would cutting a contract with ICE do? I don’t see it, and I do see a lot of risk in alienating the government of the country you’re based in, especially considering that the Trump administration was not exactly know for its cool, level-headed, and calm responses to (perceived) sleights. Besides, in the grand scheme of injustices present in the world ICE seems small fries.

                                                                                                        And maybe all tech companies putting pressure on ICE would have made an impact in changing ICE’s practices, I don’t really think it would but let’s assume it would. But what does that mean? A bunch of undemocratic companies exerting pressure to change the policy of a democratically elected government. Yikes? Most of the time I see corporate influence on government it’s not for the better and I would rather we reduce this across the board, which would also reduce the potential “good influences”, but the bad influences vastly outnumber the good ones that this is a good trade.

                                                                                                        1. 6

                                                                                                          Yes, those are all fair and thoughtful points. I agree very much that with any system, no matter how oppressive, if one has a position of power within the system it’s important to weigh how much good one can do by staying in, against how much they can do by leaving. I rather wish I were living in times that didn’t require making such decisions in practice so frequently, but none of us get to choose when we’re born.

                                                                                                          On the strategic point you raise, I disagree: I do think the GitHub/ICE issue is a valuable one to push on, precisely because it prompts conversations like this. Tech workers might be tempted to dismiss our own role in these atrocities; I think it’s important to have that reminder. However, I very much acknowledge that it’s hard to know whether there’s some other way that might be better, and there’s plenty of room for disagreement, even among people who agree on the goals.

                                                                                                          When I was young, I was highly prone to taking absolute positions that weren’t warranted. I hope if I ever fall back into those old habits, you and others will call me out. I do think it’s really important for people who disagree to hear each other out, whenever that’s feasible, and I also think it’s important for us all to acknowledge the limits of our own arguments. So, overall, thank you for your thoughts.

                                                                                                          1. 2

                                                                                                            I recently read a really approachable article article from Stanford Encyclopedia of Philosophy (via HN), which I found really interesting and balanced in highlighting the tensions between (in this case study) “free speech” and other values. To me it also helps to understand that those apparent “conflicts of interest” are still rather possible to balance (if not trivially) given good will; and IMO that the “extreme positions” are something of a possibly unavoidable simplifications - given that even analyzing the positions of renowned philosophers, skilled at precise expression, it’s not always completely clear where they sat.

                                                                                                            https://plato.stanford.edu/entries/freedom-speech/

                                                                                                            edit: though I am totally worried when people refuse to even discuss those nuances and to explore their position in this space of values.

                                                                                                            1. 7

                                                                                                              Anyone with a sincere interest in educating themselves about the concept of free speech and other contentious issues will quickly learn about the nuances of the concepts. Some people will however not give a fig about these nuances and continue to argue absolutist positions on the internet, either to advance unrelated political positions or simply to wind people up.

                                                                                                              Engaging with these people (on these issues) is generally a waste of time. It’s like wrestling with a pig - you’ll get dirty and the pig enjoys it.

                                                                                                              1. 3

                                                                                                                I’m not sure I agree that anyone who makes a sincere effort will learn about the nuances. The nuance is there, but whether people have the chance to learn it is largely a function of whether the social spaces they’re in give them the chance to. I’m really worried about how absolutist, reactionary positions are the bulk of discussion on social media today. I think we all have an obligation to try to steer discussions away from reductive absolutism, in every aspect of our lives.

                                                                                                                With that said, it’s clear you’re coming from a good place and I sympathize. I only wish I felt that not engaging is clearly the right way; it would be easier.

                                                                                                                1. 5

                                                                                                                  I’ll have to admit that my comment was colored by my jaundiced view of the online conversation at this point in time. “Free speech” has become a shibboleth among groups who loudly demand immunity from criticism, and who expect their wares to be subsidized in the Marketplace of Ideas, but who would not hesitate to restrict the speech of their enemies should they attain power.

                                                                                                                  I’m all for nuanced discussion, but some issues are just so hot button it’s functionally useless in a public forum.

                                                                                                                  1. 4

                                                                                                                    I completely understand, and that’s very fair.

                                                                                                                    I agree with your assessment but, purely for myself and not as something I’d push on others, I refuse to accept the outcome of stepping back from discussion - because that would be a win for reactionary forms of engagement, and a loss for anyone with a sincere, thought-out position, wherever they might fall on the political spectrum.

                                                                                                                    It’s fine to step back and say that for your own well being, you can’t dedicate your efforts to being part of the solution to that. You can only do what you can do, and no person or cause has a right to demand more than that. For myself, only, I haven’t given up and I’ll continue to look for solutions.

                                                                                                        2. 6

                                                                                                          There are a lot of people in the OSS community who don’t agree with your first point. You might find it contradictory, or “wrong” (And sure, I guess it wouldn’t be OSI certified if you codified it in a license). But it’s what a decent part of the community thinks.

                                                                                                          And the easy answer to your comment about helping, let’s do the contrary. ICE has policies. Selling them tools to make it easier is clearly helping them to move forward on those policies. Just like AWS was helping Parler exist by offering its infrastructure. You can have value judgements or principles regarding those decisions, but you can’t say that it doesn’t matter at all.

                                                                                                          And yeah, maybe there’s someone else who can offer the services. But maybe there are only so many Github-style services out there! And at one point it starts actually weighing on ICE’s ability to do stuff.

                                                                                                          Of course people want to fix the politics. But lacking that power, people will still try to do something. And, yeah, people are allowed to be mad that a company is doing something, even they probably shouldn’t be surprised.

                                                                                                          1. 4

                                                                                                            And yeah, maybe there’s someone else who can offer the services. But maybe there are only so many Github-style services out there! And at one point it starts actually weighing on ICE’s ability to do stuff.

                                                                                                            I’d expect ICE to be more than capable of self-hosting GitLab or some other free software project.

                                                                                                            Of course people want to fix the politics. But lacking that power, people will still try to do something.

                                                                                                            I don’t think it’s outside of people’s power to do that, but it is a lot harder, and requires more organisation and dedication. And “doing something” is not the same as “doing something useful”.

                                                                                                            As for the rest, I already addressed most of that in my reply to Irene’s comment, so I won’t repeat that here.

                                                                                                        3. 12

                                                                                                          no disagreement with your main point, but… a crime against neoliberalism?

                                                                                                          1. 4

                                                                                                            I think they mean against the newest wave of liberal politics in the US. Not the actual term neoliberalism which—as you clearly know—refers to something completely different, if not totally opposite.

                                                                                                          2. 10

                                                                                                            there are active campaigns inside and outside most companies about those issues. It’s not like https://notechforice.com/ exists in a bubble. Amazon, Google, Microsoft, Palantir, Salesforce and many others have been attacked for this. Clearly the DoD created the Silicon Valley and the connections run deep since the beginning, but these campaigns are to raise awareness and build consensus against tech supporting imperialism, concentration camps and many other crimes committed by the American Government against its citizens or foreign countries. But you have to start somewhere: political change is not like compiling a program, it’s not on and off, it’s nuanced and complex. Attacking (and winning) stuff like Project Maven or ICE concentration camps is a way to show that you can achieve something, break the tip of the iceberg and use that to build bigger organizations and bigger support for bigger actions.

                                                                                                            1. 1

                                                                                                              Clearly the DoD created the Silicon Valley and the connections run deep since the beginning

                                                                                                              Oh, I’d love to be red-pilled into that!

                                                                                                          3. 22

                                                                                                            This makes it sound worse than it actually was, ICE bought a Github Enterprise Server license through a reseller.

                                                                                                            LA Times:

                                                                                                            In a fact sheet circulating within GitHub, employees opposing the ICE contract wrote that the GitHub sales team actively pursued the contract renewal with ICE. The Times reviewed screenshots of an internal Slack channel after the contract was renewed on Sept. 4 that appear to show sales employees celebrating a $56,000 upgrade of the contract with ICE. The message, which congratulated four employees for the sale and was accompanied by emojis of a siren, bald eagle and American flag, read “stay out of their way. $56k upgrade at DHS ICE.” Five people responded with an American flag emoji.

                                                                                                            It was not as at arm’s length as they’d like you to believe. Several prominent organisations rejected offers of parts of the $500k donation because they didn’t want to be associated with the ICE contract. Internally the company was shredded as it became clear that GitHub under MSFT would rather be torn apart inside than listen to employees and customers and commit to stop serving ICE in the future.

                                                                                                            There were plenty of calls to cancel the contract immediately, which might’ve been a pipedream, but even the more realistic “could we just not renew it in future” was met with silence and corporatespeak. Long-serving employees asking “well, if this isn’t too far for us, what concretely would be over the line?” in Q&A’s were labelled hostile, and most certainly not answered.

                                                                                                            1. 16

                                                                                                              We could debate the relative weight of these and other grievances here, but I’d rather not. My point is simply that the ethical concerns are based on reason, and Daniel’s blithe dismissal of them is inappropriate.

                                                                                                              1. 7

                                                                                                                Could you elaborate on the reasons?

                                                                                                                You state that the reasons exist, and you give an example of someone you think github should reject as a customer. But you don’t talk about what those reasons are, or really go into principles, rationales or philosophy at all.

                                                                                                                I worry that without a thought-through framework, your attitude degenerates into mindless shitstorms.

                                                                                                                1. 4

                                                                                                                  He has not engaged with the ethical concerns you raise. That may well be because he is simply not aware of them. You are overinterpreting that as “blithe dismissal”.

                                                                                                              2. 10

                                                                                                                The firing of the employee has been reversed.

                                                                                                                1. 10

                                                                                                                  Just a honest question: does this poop management actually makes them look better to you? Despite this being a reaction to public outrage that would have hurt the company? Like, do you think they that out of guilt or something like that?

                                                                                                                  1. 3

                                                                                                                    Considering the fired employee was reinstated and the head of HR resigned, this looks like a much more substantive concession than the employment status Ctrl-Z that internet outrages usually produce.

                                                                                                                    1. 3

                                                                                                                      how? isn’t the “let’s sacrifice a scapegoat without fundamentally changing anything” a quite common strategy?

                                                                                                                      1. 2

                                                                                                                        None of us know the details of this case. It’s way too easy to form a conclusion from one party, especially if they’re not bound by law from discussing sensitive HR details openly.

                                                                                                                        So while I can project a hope that this is a lasting change at GH, you are free to cynically dismiss it as window dressing. The facts, as we know them, support either view.

                                                                                                                  2. 17

                                                                                                                    Aye, and I commend them for that. But that doesn’t change the fact that “retaliated against an employee who spoke out against Nazism” is a permanent stain on their reputation which rightfully angers many people, who rightfully may wish to cease using the platform as a result. Daniel’s portrayal of their concerns as petty and base is not right.

                                                                                                                    1. 2

                                                                                                                      Not only that but the HR person who fired him was fired.

                                                                                                                      1. 4

                                                                                                                        Probably out of convenience and not actually the person who gave the order. At least, I think that’s the case more than we know.

                                                                                                                        1. 5

                                                                                                                          The person who resigned was the head of HR. It almost certainly wasn’t the person who made the call, or even their manager, it was likely their manager’s manager. That sends a pretty strong signal to the rest of HR that there will be consequences for this kind of thing in the future.

                                                                                                                          1. 1

                                                                                                                            Damn, the head of HR!? What a turnover. Maybe that means they’re taking this more seriously than I thought at first.

                                                                                                                    2. 7

                                                                                                                      Every time someone asked me to move away from GitHub it’s been because “it’s not Free Software” and various variants of “vendor lock-in” and “it’s centralized”. I am aware there are also other arguments, but those have not been stated in the two instances people asked me to move away from GitHub. What (probably) prompted this particular Twitter thread and that doesn’t mention ICE or anything like that (also: 1 2). Most comments opposed to GitHub on HN or Lobsters don’t focus on ICE either.

                                                                                                                      That you personally care a great deal about this is all very fine, but it’s not the most commonly used argument against GitHub.

                                                                                                                      There are valid ethical and philosophical complaints about GitHub

                                                                                                                      According to your view of ethics, which many don’t share.

                                                                                                                      1. 2

                                                                                                                        I think that asking someone to change their infrastructure based solely on personal preferences is a step or two too far, be it based on ethics or ergonomics (“all the other code I use is on GitHub, yours should be too”).

                                                                                                                        It’s at the very least a bunch of work to move, and the benefit is likely small. You’ve already made a choice when deciding to put your code where it is, so why would you want to change it?

                                                                                                                        If asked, I’d recommend using something other than Github to work against the monoculture we’re already pretty deep in, but I don’t see myself actively trying to persuade others to abandon them.

                                                                                                                      2. 4

                                                                                                                        Isn’t sr.ht hosted and incorporated in the US? Or are only points (1) and (2) valid? :-D

                                                                                                                        GitHub also fought the US Gov to get the Iranian developer access to their platform, which is also helping your platform as far as I know. https://github.blog/2021-01-05-advancing-developer-freedom-github-is-fully-available-in-iran/

                                                                                                                        Any organization that is large enough will have some incidents which, when cherry-picked, can be used to paint the organization as evil. But really what happens is that they represent humanity. In terms of evil, you don’t have to look far to see much worse groups of people than GitHub.

                                                                                                                        IMO a more compelling argument would be centered around how he is an open-source developer, depending on a closed platform. Daniel’s utilitarian view is understandable but also short-thinking. He is contributing towards building this monolith just by using it.

                                                                                                                        1. 21

                                                                                                                          Or are only points (1) and (2) valid? :-D

                                                                                                                          None of the points Daniel raises are valid, because they’re strawmen, and bad-faith portrayals of actual positions.

                                                                                                                          Actual argument: “GitHub, an American company, is choosing to cooperate with ICE, an American instutition which is controversial for its ethical problems”

                                                                                                                          Bad faith re-stating: “GitHub is American thus evil”

                                                                                                                          There is nuance here, and indeed you’ve found some of it, but a nuanced argument is not what Daniel is making.

                                                                                                                        2. 6

                                                                                                                          collaborated with US immigration and customs enforcement

                                                                                                                          I think “is American and thus evil” definitely covers this.

                                                                                                                          1. 2

                                                                                                                            Why are two [1, 2] of your most popular projects primarily hosted on github?

                                                                                                                            1. https://github.com/swaywm/sway

                                                                                                                            2. https://github.com/swaywm/wlroots

                                                                                                                            1. 19

                                                                                                                              I have been gradually moving off of GitHub, but not all at once. A few months ago I finished migrating all of the projects under my user namespace (github.com/ddevault) to SourceHut. Last week I also announced to my GitHub Sponsors supporters that I intend to leave the program, which is almost certain to cause me to lose money when many of them choose not to move to my personal donation platform (which has higher payment processing fees than GitHub does, so even if they all moved I would still lose money). If you intend to imply that I am a hypocrite for still using GitHub, I don’t think that holds very much weight.

                                                                                                                              Regarding those two projects in particular, some discussion was held about moving to gitlab.freedesktop.org last year, but it was postponed until the CI can be updated accordingly. In any case, I am no longer the maintainer of either project, and at best only an occasional contributor, so it’s not really my place nor my responsibility to move the projects elsewhere. I think that they should move, and perhaps a renewed call for doing so should be made, but it’s ultimately not my call anymore.

                                                                                                                              1. 10

                                                                                                                                If you intend to imply that I am a hypocrite for still using GitHub, I don’t think that holds very much weight.

                                                                                                                                Nope, I was just genuinely curious since I don’t follow you that closely, and hadn’t heard any explanation or reasoning why those repos are still on github when I have heard you explain your position regarding github multiple times. So it seemed odd, so I asked.

                                                                                                                                In any case, thanks for explaining! I hope those projects are moved off too (@emersion !)

                                                                                                                                1. 6

                                                                                                                                  Cool, makes sense. Thanks for clarifying.

                                                                                                                                2. 2

                                                                                                                                  I love that you represent another point of view here. I firmly believe that free software needs free tools. We don’t want history to repeat. And Yes, there will be some sacrifice for the switch.

                                                                                                                                  Watching your actions closely for months, You represent how a free software leader should be.

                                                                                                                            1. 33

                                                                                                                              My hat to the author for taking the time to not shame the dev and providing context around how “common” the issue is. I really like this article, How to learn cryptography as a programmer and A furry’s guide to end-to-end encryption. Very informative and accessible.

                                                                                                                              1. 8

                                                                                                                                Agreed, it’s all too common for articles like this to have a very condescending tone. Well done, article!

                                                                                                                                One thing I think the article is missing is that it doesn’t mention OTR (https://en.wikipedia.org/wiki/Off-the-Record_Messaging) which solves the specific problem the RSA-using developer was trying to address.

                                                                                                                                1. 2

                                                                                                                                  I believe the double ratchet system used in Signal (which is recommended in the article) is a direct descendent of OTR.

                                                                                                                              1. 5

                                                                                                                                We had our first snow yesterday, so I’ll probably be out doing snowy things.

                                                                                                                                1. 1

                                                                                                                                  I use Reeder (https://www.reederapp.com/) with the newly added standalone RSS engine that syncs my devices via iCloud. It’s all I’ve ever wanted from an RSS reader, very happy with it.

                                                                                                                                  1. 1

                                                                                                                                    I use Resilio Sync myself which have worked out great. Syncthing looked like a great FOSS alternative to me but I never took the plunge to migrate over to it. A friend of mine did experience issues with it consuming 100% CPU on his FreeNAS setup which is why i have been hesitant.

                                                                                                                                    Are there any other good alternatives for syncing between Android and Linux/BSD?

                                                                                                                                    EDIT: ZFS snapshot integration would be a killer feature.

                                                                                                                                    1. 2

                                                                                                                                      About that last thing, I have a vague plan for using SyncThing at work with a setup like this:

                                                                                                                                      • a server that for each shared folder:
                                                                                                                                        • is a SyncThing device
                                                                                                                                        • exposes it to SMB for access to files without needing to install syncthing
                                                                                                                                        • does hourly, daily, monthly, yearly snapshots
                                                                                                                                      • syncthing client installed on everyone’s computers (and possibly phones)
                                                                                                                                      1. 1

                                                                                                                                        I use Resilio Sync for sharing files within our family. But I would strongly discourage anyone to switch it now. It is a great product, but updates have been very slow, with known issues going unaddressed for months. It seems like they have lost interest in their non-enterprise product.