1.  

    I found that managing yubikey ssh identities with gpg-agent was painless. I’ve never encountered issues with the agent forgetting the key, though I have a gpg-connect-agent updatestartuptty /bye in my shellrc file.

    1.  

      I mean, if it works for you, great! My experience with most of the gpg stack has been mostly negative, mainly because of the “jack of all trades, master of none” effect: gpg tries to support all the key types, ways of connecting to smartcards (directly and via pcscd), … – and at least for me, seems to suffer in usability as a result (too many moving parts and things that can go wrong). I think my machine has about 3 different types of GnuPG keyring, managed by different pieces of software (GNOME Keyring, pacman, gpg-agent itself, …). When it works, it’s great, but when it breaks…

      The PIV solution is interesting in that it seems to be much better designed (in contrast to the GPG API which is a complete tire fire, as far as I understand it) – and yubikey-agent seems to be a relatively simple Go app that just proxies authentication/signing commands through to pcscd and back.

    1.  

      I am quite interested on how eOS breaks FOSS licenses by paywalling the access to their builds which also raised the controversy in the past IIRC.

      1. 9

        How is that breaking FOSS licenses?

        1. 22

          It doesn’t. GPL doesn’t forbid re-selling software, as long as the source code is available to those users.

          1. 9

            It is baffling how many people do not understand this. People also do not understand that the GPL does not demand that you offer the software to everyone for download. It only demands that that you distribute the code to the parties receiving the software. That means I can create GPL software for a customer and as long as I given them a tarball of the source, all is fine.

            1.  

              I can download elementary OS for free. Do I get the source code?

              1. 6

                You should be offered the code, it’s not required that the code be part of the download. Read the GPL. It’s not that hard to decipher.

      1. 1

        This brings back memories of Motofone F3. It’s still my favourite phone to this day.

        1. 8

          For other people that might not know what this is, from their github repo:

          The largest collection of malware source code, samples, and papers on the internet.

          1. 6

            I appreciate the zines/papers sections in particular.

            1. 4

              Thanks. As far as I could tell, the front page is mostly ASCII art, which is basically impenetrable when using a screen reader to read the page.

            1. 3

              I’m at @x@toot.icyphox.sh. As for people to follow, some good accounts:

              That’s all I can remember off the top of my head. You’ll find people to follow as you use the network.

              Similar post from a year ago: https://lobste.rs/s/ywghuj/crustaceans_fediverse_where_are_you

              1. 3

                Just a word of caution regarding Alex Gleason. He seems to be a dedicated dev in the ActivityPub ecosystem, but his hot takes on some subjects make him quite unpalatable at times.

                1. 3

                  As far as I can tell he’s famous for being a bigot; I would strongly recommend adding his domain to your block list.

                  1. 1

                    I would strongly recommend adding his domain to your block list.

                    I preferred to challenge his more obvious bad takes directly instead of ignoring them. I didn’t get a feel that he’s a bigot, personally, just a troll. He blocked me after a couple of weeks of doing this unfortunately.

              1. 1

                I’m mariusor@metalhead.club. I mostly talk about my ActivityPub related projects.

                From the people I recommend for a follow:

                Daniel Stenberg of cURL fame.
                Sergey Bugaev works on wayland stuff and some interesting esoteric platforms.
                Drew DeVault - a lot of knowledge about various things, very little empathy for people that don’t share his opinions.

                1. 2

                  Drew DeVault’s Mastodon seems to be deleted.

                  1. 2

                    ddevault ragequit the fediverse a few months ago.

                  1. 2

                    I never understood why this doesn’t work like in C where you can define constants this way, not variables.

                    1. 3

                      Build times, perhaps. It allows objects in the build cache to be reused and modified at link time, rather than needing to recompile.

                    1. 6

                      … for implementing IRs

                      Just for completion’s sake, the author should rename make it clear in the post title, not at the end of it. There’s no point to inflame spirits more than it should

                      1. 3

                        Buttondown is a newsletter service, so the audience are people who subscribed to him and received it as emails. I personally give a lot more leeway for clickbaity email titles than clickbaity blog titles.

                      1. 29

                        One thing I don’t think I’m ever going to get is how much Go does in comments. In my mind, comments are a way to communicate something to other humans, or, sometimes, a way to communicate something to some external tool (such as a documentation generator). However, in Go, you configure whether the file should be built in comments, you write C code in comments with CGo, you write shell commands for code generation in comments, and, with 1.16, you embed data into your binary using comments.

                        I’m all for a kind of extensible meta language; a way to have commands in the code which the compiler proper will skip, but which official tooling might interpret. Something like a #pragma. But… in my mind, the official language toolchain shouldn’t extensively parse my comments.

                        On the positive side though, I think what embed does is really cool. More languages should have a way to embed arbitrary data into the binary (without hacks).

                        1. 17

                          If it helps, you can consider the string //go: to be equivalent to the string #pragma and not think of it as a comment. Reusing the comment syntax has the advantage that parsers/formatters don’t have to worry about parsing anything other than comments. Much like how a shebang (#!/usr/bin/env bash) happens to be a comment in a bunch of scripting languages.

                          1. 17

                            Yea, if it was only that, I wouldn’t have been too worried. However, you also have a case where a comment changes the semantics of the following import after the comment. The whole thing seems like a giant hack to me; like “changing the grammar is too much work, so we’ll just make the tooling parse your comments so we don’t have to change the compiler”. I’m not saying that’s how the process is; I’m saying that’s how it feels as an observer.

                            I would’ve probably done something like C, where lines starting with # are obviously going to be interpreted differently from other lines. The compiler could ignore all lines starting with #, so that the tooling could add new directives in a backwards-compatible way, and parsers/formatters could largely ignore them. It just would’ve been a structured thing instead of essentially parsing prose.

                            1. 10

                              The whole thing seems like a giant hack to me; like “changing the grammar is too much work, so we’ll just (…)

                              This is how I feel about imports as strings. I see no good reason why we need quotation marks around the import paths in Go, it should be obvious for a parser how to deal with a path there. In general the Go syntax is… inconsistent at best.

                              1. 2

                                I see no good reason why we need quotation marks around the import paths in Go

                                This is a guess, but it may be to make plumbing easier in Plan 9/Acme. Syntax like <something> and "something" is easier to match than just something.

                                1. 1

                                  I think the comment you’re replying to is arguing that it’s not just "something" vs. something, but import "something" vs. import something.

                                  1. 2

                                    Yeah, I know, but multiple imports still need quotation marks to be plumbable:

                                    import (
                                        "path/to/package1"
                                        "path/to/package2"
                                    )
                                    

                                    works, whereas

                                    import (
                                        path/to/package1
                                        path/to/package2
                                    )
                                    

                                    wouldn’t.

                                    1. 2

                                      Not sure why that would be the case. the plumber gets the whole string either way, expanded out to the surrounding whitespace if there’s no selection.

                                      1. 3

                                        But the plumber has to know somehow that it is a Go import path. The quotation mark syntax in Go (and C) makes that clear.

                                        For example, should test, without quotes, really be treated as a Go/C import path? Wouldn’t that be too broad a rule?

                                        1. 1

                                          The plumber also gets a bunch of context, like the place you plumbed from. It should use that.

                                2. 2

                                  I thought the same at first, but it’s simpler for the lexer/tokenizer to not have to know what mode it’s in. It’ll (presumably) just output a STRING token, and it’s only the parser that has to know that it’s in an import directive. Go is partly about keeping parsing (and lexing) simple and fast.

                                3. 6

                                  It’s not my most favourite syntax either, but using #pragma or //go: seems like a really minor issue. I’m not sure what the motivation was for choosing //go: over # or #pragma.

                                  a case where a comment changes the semantics of the following import after the comment

                                  I assume you mean package foo // import "bar" type comments? That one, in particular, was a mistake IMO. But also kind of obsoleted by modules, and not really related to //go: directives.

                                  1. 1

                                    I don’t know what package foo // import "bar" does. Could you elaborate on it?

                                    I was talking mostly about CGo, where you have a giant comment with a mix of C code and #cgo pseudo-directives followed by a line with import "C", where the comment (minus the #cgo lines) is compiled by a C compiler and linked with the binary.

                                    1. 3

                                      It enforces that the package is imported as bar; often used for “vanity paths”; e.g. lobste.rs/mypkg instead of github.com/lobsters/mypkg. This prevents some problem where one dependency might use the lobste.rs path, and the other the github.com path. It’s a bit of a hack, and you can do the same with a go.mod file now.

                                      cgo is kind of a tricky beast, yeah; but also fairly rare. And since you can write any C code in that comment, I’m also not sure how else to do it? Overall, it seems to work fairly well and in the grand scheme of things, it seems like a fairly minor issue to me.

                              2. 37

                                But it’s a great way to pretend that it’s a small language with few reserved words.

                                1. 7

                                  Even with the comment syntax, Go has fewer reserved words than C.

                                  1. 7

                                    While I agree with your comment, it’s a non sequitur. Having fewer reserved words and being a smaller language are two different things. LISP has 0 reserved words, therefore it must be the smallest language, right?

                                    1. 4

                                      Go is still a small language.

                                2. 3

                                  This is the long-standing rationale for not having comments in JSON, and I think it stands the test of time (and complaints of programmers).

                                  1. 16

                                    This was just paternalistic nonsense on Crockford’s part. While I don’t really understand the Go author’s decision to use comments for pragmas, I would never in my life give up all comments to put a stop to it. An absolute textbook example of cutting off one’s nose to spite one’s face.

                                    1. 16

                                      I think it makes perfect sense for JSON’s intended usage as a data interchange format with good interoperability between all sorts of different environments. Extensions have made this much harder than it needs to be on more than a few occasions in the past.

                                      Now, if you want to use JSON for your config files then sure, it’s annoying. But that wasn’t the intended usage. If you’re driving a square peg through a round hole then you shouldn’t really complain about the peg shape but get a different peg instead.

                                      1. 7

                                        I still don’t buy it. If we’re considering the intended usage, one of the goals that gets thrown around is that it is “easy for humans to read and write” – just as long as they never need to convey something to another human being in the form of a comment!

                                        There are so many other under-specified parts of JSON, like what to do with large integers, or what happens when a document contains duplicate keys. It is extremely frustrating that comments were intentionally and unnecessarily stripped out, while the hard problems were apparently just ignored.

                                        1. 8

                                          HTTP or SMTP are easy for humans to read and write, and don’t have comments either because in the intended usage space it’s not really needed. Like those data formats, JSON is primarily intended to send text from one program to the other, and the “easy for humans to read and write” is more as a debugging and testing aid than anything else.

                                          There are so many other under-specified parts of JSON, like what to do with large integers, or what happens when a document contains duplicate keys. It is extremely frustrating that comments were intentionally and unnecessarily stripped out, while the hard problems were apparently just ignored.

                                          Sure, it could be improved, maybe, but as you mention these are not easy things to define in a compatible way since different languages deal with these things in different ways. But I don’t think that’s a good reason to introduce more interoperability issues.

                                  2. 2

                                    The comment syntax is mainly used together with cgo. Including a header instead of inlining C makes it feel less hacky and allows for syntax highlighting of the C code for a larger range of editors: // #include "project.h".

                                    1. 2

                                      IIRC there was discussion of adding pragma syntax, but it was decided that it’s not worth it to add yet another syntax, since there already existed comment-based pragmas that would have to be kept because of the go 1 compat promise.

                                    1. 6

                                      I get the emotional appeal of iconoclastically rejecting a conventional stack for something simpler. But I think running everything on a single machine is going too far.

                                      In 2015, my Christmas Day with my family was interrupted by the DDoS attack on Linode. I’ve also seen connectivity issues spanning multiple servers in the same data center at Vultr. So, while it causes cognitive dissonance (see my comments on the thread about colocating one’s own servers), I have better peace of mind relying on a redundant stack at AWS.

                                      Also, a highly available multi-tier architecture doesn’t have to have the kind of insane complexity that we like to ridicule in our caricatures. Many applications can get very far talking directly to a client-server RDBMS without a caching layer. Also, there are projects like PostGraphile that leverage advanced features of Postgres to provide things like real-time notifications and work queues without adding extra services like Redis, Kafka, or RabbitMQ to the mix. With something like PostGraphile, one can get very far with a managed Postgres service, a managed load balancer, and simple stateless application processes.

                                      1. 14

                                        Not all web-applications require a distributed stack. We are living at the start of an era of federated services targeting small communities. We need software that is cheap to run and deploy. Litestream helps to fill that niche very well.

                                        1. 5

                                          I wouldn’t say it’s purely an emotional appeal, though I think there’s a lot of “alternative-en-vogue” on Lobsters. It depends on the scale your running your web service. I write five-nine services for work and they take a lot of engineering. But when our company was smaller, we wrote to three-nines. And if you’re running a Fediverse node that hosts maybe a hundred users, you can probably get away with two-nines or less. If you’re running a Fediverse node for yourself, your uptime is probably how you’re feeling that day. I’m happy to see DB solutions target the entire breadth of web development. A lot of my personal web services just leverage a Postgres or Redis instance on the box.

                                          1. 2

                                            I think if you’re running a small-scale single-node service, SQLite is an even better choice than Postgres, etc., since it’s basically zero-configuration; there are no extra processes or logins or points of vulnerability. All it needs to know is what directory to put the DB file in.

                                          2. 1

                                            What do you use for the database? I would like a database-as-a-service (Postgres or MySQL) but haven’t used them or know which ones are good.

                                            I think having the database be “managed” and have some flexibility in the compute could be a good compromise. So you can fail over the web processes but leave someone else to manage the database.

                                            I used MySQL on Dreamhost a few times. It worked well but I remember having a performance issue. I did some trick in Python that made it fast, but it was slow in PHP (which surprised me). I guess I should try one of their dedicated plans, not shared plans. Although they may only let you connect from a single host – not sure.

                                            From my experience the single Dreamhost box that I run https://www.oilshell.org on has more than enough uptime and performance, but it doesn’t use any database. (It does use a few dynamic processes, though it’s mostly static)

                                            1. 2

                                              Amazon RDS is working well for me.

                                            2. 1

                                              I thought about this a few times and every time I ended up doing a rough math of a bill a DDoS attack could rack up in terms of bandwidth charges alone and it always brought me back to my senses: I will rely on as much protection $200 can buy me at Cloudflare and no more. Plus, there is always a chance to misconfigure an autoscaler and every time I see articles like https://news.ycombinator.com/item?id=25372336 (written by an ex-Googler), I think to myself: “Unless I am losing lots of money for every minute of downtime, I’d rather see my system go down for a few hours and be woken up by angry clients than wake up to see a $10k+ bill. It will be cheaper to offer them a discount next month in almost every case.”. If you think I am nuts, just check how AWS or GCP reimburses customers when they breach their own SLAs.

                                              Edit: here is my previous back-of-the-napkin math https://news.ycombinator.com/item?id=23554896

                                            1. 21

                                              The article never mentions the, in my humble opinion, most important part of good logging practices and that is structured logging. Without it you end up with weird regexes or other hacks trying to parse your log messages.

                                              1. 4

                                                As a sibling post notes, if you use structured logging you’re mostly throwing away the idea that the entries must be easily parsable by a human. If that’s the case, and we’ll need a custom method of displaying the structured logs in a human friendly way, I believe we should forego plain text all together and gain the benefits of logging directly to binary.

                                                1. 5

                                                  You can do human readable structured logging if you use key="value" formats inside text messages. Some people still prefer json, but there is a middle ground.

                                                  1. 2

                                                    If you need just key=value, that’s not really structured in my opinion.

                                                    1. 4

                                                      Why not?

                                                      1. 2

                                                        Because the amount of information added by this format would be infinitesimal over a line based logger with manual tokenization. The reason why you’d want a structured logger is to allow proper context to a message. Unless you’re working with simple cases, the structure that would offer such context is more than one level deep.

                                                        1. 3

                                                          Hmm, definitely not.

                                                          Structured logging is about decorating log events with just enough of a schema to make them machine parseable, so that searching, aggregating, filtering, etc. can more than a crapshoot. Deeply nested events significantly increase the complexity of that schema, and therefore the requirements of the consumer.

                                                          By default, structured logs should be flat key/value pairs. It gets you the benefits of richer parseability, without giving up the ability to grep.

                                                2. 2

                                                  Excellent point. That’s become such second nature to me by now, that I forgot to even mention it!

                                                  1. 1

                                                    On top of that, structured logger if implemented properly, can often be faster and be operated at granular levels (like the other comments pointed out, sometimes you do want to on-fly turn on some logs at some locations, not all logs at all locations).

                                                    1. 1

                                                      I love structured logging, with one caveat: the raw messages emitted (let’s assume JSON) are harder for me to scan when tailing directly (which I usually only do locally as we have better log querying tools in the cloud), in contrast to a semi-structured simple key-value format. Do you all use a different format than JSON? Or a tool that transforms structured logs to something more friendly to humans, eg. with different log levels displayed in different appropriate colors, eg. JSON syntax characters diminished, for local tailing?

                                                      1. 5

                                                        At Joyent, we used the Bunyan format. Each line in the file was a separate JSON object with standard properties, some mandatory and some optional, and freeform additional properties. We shipped a tool, bunyan, that was capable of acting as a filter that would render different human readable views of the JSON. For example, you would often run something like:

                                                        tail -F $(svcs -L manatee) | bunyan -o short
                                                        

                                                        It also had some rudimentary filtering options. It also had a relatively novel mode that would, instead of reading from a file or standard input, use DTrace probes for different log levels to allow you to dynamically listen for DEBUG and TRACE events even when those were not ordinarily present in the log files. The DTrace mode could target a particular process, or even all processes on the system that emitted Bunyan logs.

                                                        1. 1

                                                          Hi, what were the required fields? Was it just a unique request ID? Thanks for sharing about bunyan. Even though it’s been out for a while I was unaware of it.

                                                        2. 5

                                                          Do you all use a different format than JSON? Or a tool that transforms structured logs to something more friendly to humans, eg. with different log levels displayed in different appropriate colors, eg. JSON syntax characters diminished, for local tailing?

                                                          We use JSON and the only tools I use are grep and jq. And although I am pretty much still a novice with these two, I found that with the power of shell piping I can do almost anything I want. Sometimes I reach for the Kibana web interface, get seriously confused and then go back to the command line to figure out how to do it there.

                                                          I wrote a simple tutorial for the process, just a couple of weeks ago.

                                                          1. 1

                                                            If you rely on external tools to be able to make sense of your logs, why not go all the way, gain the speed and size benefits that binary logs would bring, and write your own log pager? I feel like the systemd folks had the right idea even when everyone was making fun of them.

                                                            1. 3

                                                              I don’t think the average employer would be happy subsidizing an employee writing a log pager instead of implementing something that would bring a tangible result to the business. The potential money savings by using binary logs probably doesn’t outweigh the new subs/increased profits of churning out more features.

                                                              1. 1

                                                                To me that sounds like an excuse. The world is not made up of only software that is beholden to the all mighty shareholder.

                                                                1. 1

                                                                  I mean, yes, if you’re developing something in your personal time, go bananas on what you implement.

                                                                  But I also know my manager would look at me funny and ask why I’m not just shoving everything into CloudWatch/<cloud logging service>

                                                              2. 2

                                                                I’m sure most problems with systemd journals are fixable, but they’ve left a very bad taste in my mouth for two main reasons: if stuff gets deleted from under them they apparently never recover (my services continue to say something like “journal was rotated” until I restart them), and inspecting journals is incredibly slow. I’m talking magnitudes slower than log files. This is at its worst (I often have time to make a cup of tea) when piping the output into grep or, as journalctl already does by default, less, which means every byte has to be formatted by journalctl and copied only to be skipped over by its recipient. But it’s still pretty bad (I have time to complain on IRC about the wait) when giving journalctl filters that reduce the final output down to a few thousand lines, which makes me suspect that there are other less fundamental issues.

                                                                I should note that I’m using spinning disks and the logs I’m talking about are tens to hundreds of GB over a few months. I feel like that situation’s not abnormal.

                                                                1. 1

                                                                  If you rely on external tools to be able to make sense of your logs, why not go all the way, gain the speed and size benefits that binary logs would bring, and write your own log pager?

                                                                  It’s hard to imagine a case at work where I could justify writing my own log pager.
                                                                  Here are some of the reasons I would avoid doing so:

                                                                  • Logs are an incidental detail to the application.
                                                                  • Logs are well understood; I can apply a logging library without issues.
                                                                  • My application isn’t a beautiful and unique snowflake. I should use the same logging mechanisms and libraries as our other applications unless I can justify doing something different.
                                                                  • JSON is boring, has a specification, substantial library support, tooling, etc.
                                                                  • Specifying, documenting, and testing a custom format is a lot of work.
                                                                  • Engineering time is limited; I try to focus my efforts on tasks that only I can complete.
                                                                  1. 2

                                                                    Logs are an incidental detail to the application.

                                                                    I think this is trivially disproved by observing that if the logs stop working for your service, that is (hopefully!) a page-able event.

                                                                    Logs are a cross-cutting concern, but as essential as any other piece of operational telemetry.

                                                                    1. 1

                                                                      Logs are a cross-cutting concern, but as essential as any other piece of operational telemetry.

                                                                      I rely heavily on logging for the services I support but the applications I wrote for work have only error reporting. They are used by a small audience and problems are rare; I might get a crash report every 18 months or so.

                                                                      1. 1

                                                                        Ah, yeah, I presume the context here is services.

                                                                2. 1

                                                                  Agreed. jq is a really nice tool. It made the decision to transition to using JSON for logging very easy.

                                                                3. 3

                                                                  Don’t use JSON, use logfmt.

                                                                  1. 1

                                                                    Yes! Logfmt is the good stuff. But it’s only semi-structured. Why not use JSON and a tool to transform to logfmt (with nested data elided probably) when needing to scan as a human?

                                                                    1. 1

                                                                      Logfmt is fully structured, it just doesn’t support nesting, which is an important feature! Structured logs should be flat.

                                                                4. 1

                                                                  I’m surprised it wasn’t mentioned, but the larger advantage of passing a logger around to constructors is the ability to then have nested named loggers, such as

                                                                  Battery.ChargingStatus.FileReader: Failed to open file { file: "/tmp/battery charge", error: ... }
                                                                  Battery.ChargingStatus: Failed to access status logs, skipping report
                                                                  
                                                                1. 10

                                                                  The solution is to use an object instance for your logger, the same as you should with a database, or other external dependencies, then use dependency injection to provide the logger to the code that generates logs.

                                                                  I know that’s the proper way to do things, but I hate having a logger instance past around to every single script and object. That’s what I used to do and I went back to a global instance, which can be initialised differently for test units or the app. Much simpler and good enough for my use. It makes the code a bit less modular since you have to make sure that this global logger has been initialised somewhere, but so much better than this extra dependency everywhere.

                                                                  In fact, I wonder if an object that is passed absolutely everywhere via dependency injection doesn’t in the end count as a global object anyway, and could be made one to simplify the code.

                                                                  1. 7

                                                                    I don’t think there can ever be a single “right” way to do this. The key is to know the caveats. If you’re willing to accept the extra cognitive load that comes with handling a global safely, as a trade-off against the extra overhead of passing objects around, I think that’s fine.

                                                                    I prefer the more explicit approach (especially on large projects, with many developers–many of whom will NOT be careful about global state), but of course YMMV.

                                                                    1. 2

                                                                      The way I like to look at it is that logging is an added behavior that we can separate from business logic. With this in mind, we can decorate the pieces of biz logic with logging at the entry point of the application. This way we can properly test biz logic without knowing anything about logging, and test logging without knowing anything about the biz logic. We can even inject faulty implementations to test logging when something goes wrong. And we can also decorate the dependencies of our dependencies… so turtles all the way down. An approach like this will inevitably push your codebase to be extremely modular. Too modular, to the point it can make people uncomfortable. I see this modularity as good thing, but not a lot of people share this same point of view… In any case, this is how I usually approach it. So +1 for dependency injection :-)

                                                                      Here’s a pseudo-code example:

                                                                      // ---
                                                                      
                                                                      interface Emailer {
                                                                        Send(EmailMessage)
                                                                      }
                                                                      
                                                                      // ---
                                                                      
                                                                      interface Logger {
                                                                        Trace(string)
                                                                      }
                                                                      
                                                                      // ---
                                                                      
                                                                      class StdoutLogger implements Logger {
                                                                        public Trace(message: string) {
                                                                          print(os.Stdout, message)
                                                                        }
                                                                      }
                                                                      
                                                                      // ---
                                                                      
                                                                      class SendGridEmailer implements Emailer {
                                                                        constructor(client: SendGridClient) {…}
                                                                      
                                                                        public Send(e: EmailMessage) {
                                                                          client.SendEmail(client.NewEmail(…))
                                                                        }
                                                                      }
                                                                      
                                                                      // ---
                                                                      
                                                                      class VerboseEmailer implements Emailer {
                                                                        constructor(logger: Logger, emailer: Emailer)
                                                                      
                                                                        public Send(e: EmailMessage) {
                                                                          logger.Trace("sending email")
                                                                          emailer.Send(e)
                                                                          logger.Trace("email sent")
                                                                        }
                                                                      }
                                                                      
                                                                      // ---
                                                                      
                                                                      main() {
                                                                        new VerboseEmailer(
                                                                          new StdoutLogger(),
                                                                          new SendGridEmailer(…)
                                                                        ).Send(new EmailMessage(…))
                                                                      }
                                                                      
                                                                    2. 2

                                                                      So don’t give it to everything. That means not everything can log. Which is great! Logging should be a considered and deliberate action, like any other important thing in your application.

                                                                      1. 1

                                                                        Sometimes there are good reasons for having a static variable in a program. This is one of them.

                                                                        1. 1

                                                                          Eh, nah. Few things are true process singletons, and loggers ain’t one of them.

                                                                        2. 1

                                                                          In fact, I wonder if an object that is passed absolutely everywhere via dependency injection doesn’t in the end count as a global object anyway, and could be made one to simplify the code.

                                                                          Keeping dependencies explicit ensures that each component is testable in isolation from others, and establishes a clear rule — the possible effects of a component are constrained by its inputs, i.e. no side effects — which helps enormously in the understanding (and therefore maintenance) of programs.

                                                                        1. 2

                                                                          That would have been an interesting timeline to visit. In our timeline the Linux console is regressing, they recently removed the scroll back buffer (i.e. shift-pageup does nothing).

                                                                          1. 3

                                                                            Just wait until the kernel implementation is removed altogether and moved into logind.

                                                                            1. 3

                                                                              I’m somewhat in two minds about that. Back in the old days, the kernel just spoke a very primitive protocol to an RS-232 or similar and all of the clever terminal logic was implemented in hardware in the terminal. In the slightly less old days, IBM PCs (though not most other microcomputers) had a hardware text mode for the monitor and the OS started talking to that and so needed to emulate a bunch of terminal features but got others for free from BIOS services. In the modern world (and on early ’90s UNIX workstations), the simples interface that the hardware provides is a frame buffer.

                                                                              This difference made the built-in terminals very slow on Linux on 32-bit SPARC workstations and meant that a lot of work was needed to make them fast on UEFI systems (which don’t have the old BIOS text mode).

                                                                              I’d generally much rather see the kernel provide a dumb framebuffer and run a userspace program to handle the terminal. A userspace program can do things like allocate a file for persistent logging, use malloc on pageable memory to get large amounts of back trace support, incorporate a TrueType Font renderer without security issues and so on. It has to shunt data to a device fast enough that users won’t notice, which is quite easy with an X server running on a dumb framebuffer and a terminal emulator running in a separate process and so should be fairly trivial without X11 in the way.

                                                                              The one case where this might be problematic is recovery. On Linux, with the initrd infrastructure, that’s far less of an issue than on something like *BSD (where you’d be left without a terminal if the root filesystem didn’t mount) because you can bundle the userspace program and are only stuck if you’re in a situation where the kernel can’t successfully launch a statically linked program from memory (and if your system is that badly broken, having a terminal emulator in the kernel probably won’t help).

                                                                              Windows NT never assumed that the hardware supported text mode and so boots a recovery mode with the simple GUI and ConPTY running in userspace.

                                                                              1. 2

                                                                                *BSD (where you’d be left without a terminal if the root filesystem didn’t mount)

                                                                                Interestingly, FreeBSD can easily do “initrd”/“initramfs”. The loader can load -t md_image your.file, the kernel can mount an FS from that ramdisk as the root fs, and the userspace there can ask the kernel to reroot (reboot -r) into your actual system. It’s just that nobody uses this in normal circumstances because the loader can just load required kernel modules directly from the disk :)

                                                                                1. 1

                                                                                  I believe that all your requirements are exactly the features of kmscon. It needed kms or other framebuffer device, and then as a user, you replaced the getty with kmsconvt. It supported UTF-8 glyphs and had a proper configuration file.

                                                                                  More details at the archlinux wiki

                                                                                  1. 1

                                                                                    I’ve used this to boot a FreeBSD kernel that was loaded via JTAG and which then mounted most of the FS via NFS, but it’s not part of the normal workflow. I believe that, now that the reroot stuff has landed, it’s easier to make this a default part of the FreeBSD process (you could boot from your ramdisk and then, once you’ve validated that you can mount /, unmount it and throw away the pages used for the ramdisk. This isn’t part of the normal boot flow though.

                                                                                2. 2

                                                                                  You’re joking, but there was such a replacement from one of systemd’s devs in the form of kmscon. As far as I remember it was discontinued at one point, but I don’t recall the reason.

                                                                                  I would love to see a modern replacement for the tty susbset, even coming from the systemd team.

                                                                                3. 2

                                                                                  they recently removed the scroll back buffer (i.e. shift-pageup does nothing).

                                                                                  Really!? What was the motivation for that change?

                                                                                  1. 3

                                                                                    Announcement. tl;dr: was declared broken and therefore removed.

                                                                                    1. 1

                                                                                      I would also like to find that out. Just haven’t had time to check.

                                                                                    2. 1

                                                                                      It has always been kinda iffy… if you switch between VTs it stops working anyway… (edit: i mean like it would be cleared)

                                                                                      But what they should do is just pass through shift+pageup to the application if they aren’t going to do anything with it. Then programs like my nested terminal emulator could handle the scrollback itself.

                                                                                      1. 1

                                                                                        Do they actually eat shift+pageup now? Well you can always rebind the command in your nested terminal to something else. My tmux reacts to bare pageup on its own (tmux is smart about it, sending pageup into a text editor inside still works fine)

                                                                                    1. 20

                                                                                      You don’t need a blockchain for a verifiable voting process. Even though I’m a big fan of mathematically provable accuracy, much simpler changes in the US-voting process would already provide a huge overall improvement.

                                                                                      I am content with the voting procedures in Germany, where you don’t have huge counting facilities but break it down into small stations where only 200-400 votes each are counted, and every citizen allowed to vote is assigned to one station only. The process (voting and counting) is completely public and you can witness it as long as you don’t interfere in the process. If you place your vote your name is checked off on the list, greatly reducing the risk of double-voting. Mail-in-voting is also possible, but then you are not allowed to cast a vote in person and you must have applied for the mail-in-ballot weeks before the election.

                                                                                      Germany has 80 million inhabitants, but given these circumstances, you can easily validate an election with a relatively small number of poll watchers. I don’t know why the US is using counting machines, has no voter-ID and accumulates everything into huge counting facilities. If it’s not malfeasance, it’s incompetence at best.

                                                                                      1. 2

                                                                                        I you haven’t watched this documentary about how US elections work, I truly and strongly recommend you to do so. Such system doesn’t need “simple changes”, it needs to stop being used at all. And it’s not about a partisan discussion between company A or B favouring party X or Y, it’s a huge global concern.

                                                                                        The process (voting and counting) is completely public and you can witness it

                                                                                        That’s exactly what a blockchain allows you to do, in real time and also globally. Any external observer can audit and monitor the whole process, and not just one polling station.

                                                                                        Mail-in-voting is also possible

                                                                                        By using blockchain tools you don’t need mail voting in the first place, basically because you can vote from wherever you want. The key difference is that you can verify inclusion of your vote for yourself. In mail voting, you simply hope that it will reach the polling station on time (if at all), that it won’t be opened, disclosed, tampered with, dismissed, etc.

                                                                                        Blockchain will not be the solution for everything, but payments, notarization, contracts and governance are among the best use cases that you can find for it, as of today.

                                                                                        1. 26

                                                                                          That’s exactly what a blockchain allows you to do, in real time and also globally.

                                                                                          No it does not. It allows people with a certain depth of understanding of a complex technology to do that. Not the general public, which is what /u/FRIGN is talking about. As somebody who has counted votes in a German elections a few times I can tell you the system works and is understandable by anyone. Blockchains or even computers are def. not.

                                                                                          1. 5

                                                                                            Exactly. I’ve thought along similar lines (we could have mathematically secure elections, asset transfers, etc.) except that the layperson barely understands computers, let alone crytographic keychains, private keys, the necessity to keep said private key safe and accessible, etc.. All of these solutions take for granted there’s ubiquitous+secure cryptographic identities for everyone, which alone is a logistical nightmare. My parents certainly couldn’t understand it, and would certainly lose their keypair or have it stolen.

                                                                                            Paper is simple, universally understood, and difficult to make fraudulent at scale.

                                                                                            1. 4

                                                                                              This highlights the problems with pushing electronic voting now. Even if you have a perfectly accurate system, it can only be trusted by a limited amount of specialized individuals, and not the majority of the populace. For e-voting to be viable, you have to grow a new society that can understand how such processes work. That will take a very long time, I’d say 100 years at least. That doesn’t mean that it isn’t worth exploring e-voting now (to the contrary, I think that research in this area is very important for future trust), but I think that trying to push for utilization now is useless and even harmful for it.

                                                                                              1. 3

                                                                                                Right. Chase the magic out of the system.

                                                                                                I’ve daydreamed about whether there are some wins to be had by grafting cryptographic processes in on top of paper ballots (themselves, but also the whole chain of custody) in a way that actually helps chase more magic out of the system… (but taking care to avoid some pitfalls around making coercion easier)

                                                                                                Regardless of the crypto, though, at least one problem is designing a process that is resilient to the kinds of low-probability events that are likely to happen somewhere during larger elections.

                                                                                                1. 1

                                                                                                  Personally I don’t really understand this “everyone must understand the process” argument. There are plenty of elements in a modern life where we need to act based on faith in the system.

                                                                                                  I refuse to acknowledge that elections can’t be one of them, if an electoral process would be at least as convenient and safe as voting by mail.

                                                                                                  The biggest issue by far, in my opinion, in today’s politics is that the public at large is mostly uninterested in casting their ballot, and that anything we can do to increase the number of people participating should be done without thinking twice. When presidents are being elected with the vote of one third of the population, that is a serious problem. When laws get passed by people elected by a legislative group that reached barely 20% of the population, that’s really, really bad.

                                                                                                  An electronic system could even supplant a whole electoral college in my opinion. Having every citizen be able to cast their ballot in 5 minutes would lead to a truly democratic process, where no representative needs to be voted in office and squander public money.

                                                                                                  It’s baffling to me that in today’s age people are clinging to these antiquated methods, and instead of trying to find viable solutions, the large majority hides behind the “vast amount” of literature speaking against using blockchain technology for voting.

                                                                                                  1. 2

                                                                                                    Personally I don’t really understand this “everyone must understand the process” argument. There are plenty of elements in a modern life where we need to act based on faith in the system. I refuse to acknowledge that elections can’t be one of them, if an electoral process would be at least as convenient and safe as voting by mail.

                                                                                                    You are entitled to that opinion, but it is a very weak argument. You are basically saying that we should replace a working and trusted system with one that nobody can really understand just because we can and because other systems are opaque too? That makes no sense, sorry.

                                                                                                    The biggest issue by far, in my opinion, in today’s politics is that the public at large is mostly uninterested in casting their ballot, and that anything we can do to increase the number of people participating should be done without thinking twice. When presidents are being elected with the vote of one third of the population, that is a serious problem. When laws get passed by people elected by a legislative group that reached barely 20% of the population, that’s really, really bad.

                                                                                                    Sure, blockchains are not going to do any of that. Not one bit of it. These problems are completely orthogonal to the discussion of using blockchains for political elections. Do you think even one person from the non-voting part of the general public is going to the election because they use a blockchain? I am sorry, but you are living in a bubble if you honestly believe that.

                                                                                                    It’s baffling to me that in today’s age people are clinging to these antiquated methods, and instead of trying to find viable solutions, the large majority hides behind the “vast amount” of literature speaking against using blockchain technology for voting.

                                                                                                    You have not come up with one example where the blockchains solves anything that you list in the paragraph above this. Just because something is old, does not mean it is bad. The new and shiny normally comes with new problems. Understandability is one of them in this case that you just glance over. Why you do that is unclear, but I guss you just want blockchain b/c it is cool.

                                                                                                    1. 1

                                                                                                      I’m not saying we should replace working system, like tomorrow. What I’m saying is that we should be working in finding alternatives that ensure a wider participation in the electoral process, and once they are proved to be fool proof then maybe yes we can replace the good old paper ballots.

                                                                                                      Also I’m not saying that the blockchain is the way to do it, like I mentioned in a different message in the thread, I don’t have any knowledge in that area. What I’m saying is that people hide behind the excuse that blockchain is not viable instead of trying to find alternatives.

                                                                                                      And the way you’re misinterpreting my words through your own bias is painful and offensive.

                                                                                            1. 17

                                                                                              please, please, please before you waste your time “fixing” voting by adding blockchain, take a glance through the copious amounts of literature about why that, A. will not help and B. is not the actual issue with voting in America

                                                                                              1. 1

                                                                                                Some links to that copious amount of literature would be appreciated.

                                                                                              1. 5

                                                                                                Maybe a better link for this would be the actual blog post.

                                                                                                As a blockchain ingoramus, why would a ledger that’s supposed to store votes need “miners”?

                                                                                                Followup question, why would this ledger be part of the larger Ethereum one (this seems to be implied in the blog I linked)?

                                                                                                1. 2

                                                                                                  Let me attempt an answer:

                                                                                                  why would a ledger that’s supposed to store votes need “miners”?

                                                                                                  Because the security of the system is based on it being decentralized and each ‘miner’ or ‘hosting provider’ in this case should not be too big or relied on or that guarantee goes out the window.

                                                                                                  The issue really has two sides to it, consensus and sybil resistance. Blockchains solve these problems with ‘longest chain’ and ‘proof of work’ respectively. Now to completely explain this I’d need to answer the second question:

                                                                                                  why would this ledger be part of the larger Ethereum one (this seems to be implied in the blog I linked)?

                                                                                                  The purpose of the chain is not really to store the votes but to compute the result of the election. Ethereum is turing complete so someone could rely on the security of that network to secure this computation from manipulation.

                                                                                                  Ethereum is not really valuable enough to trust with something like the US elections and nakomoto consensus is also not very reliable since it’s security does not degrade gracefully and ‘selfish mining’ makes it feasible to achieve some advantage with as little as a third of the compute in the network (I’ve even heard 23% is enough but don’t have a source).

                                                                                                  The consensus mechanisms we know about are:

                                                                                                  • classical consensus (where everyone talks to everyone and the network is closed, so all participants are predetermined and hardcoded to some extent).
                                                                                                  • nakomoto consensus (allows for an open network where anyone can participate but at the cost of being expensive in many ways..)
                                                                                                  • stochastic consensus (also allows open networks, much cheaper and faster than both of the other options)

                                                                                                  The issue is really that this stuff is all too bleeding edge to trust our social systems with. I think that by the time anyone would take seriously replacing voting with these distributed systems we will already have made democratic organizations on these networks that have similar properties as nation states do today.

                                                                                                  1. 1

                                                                                                    Thank you. I can’t say I fully understand your reply, my knowledge is much too basic for it.

                                                                                                    However I assume (rather hope) that in a network where participants in the election are already known (through a voter registry) combined with existing unique identification (see the example of Estonia’s electronic ids) the need to involve an existing system (like Ethereum) is not needed. If the need for “proof of work”, miners and oracles are eliminated I feel like everything can be done much simpler. (Of course I’m glossing over a lot of the steps that would ensure an impartial, anonymous electoral process, that Ethereum might already provide.)

                                                                                                1. 11

                                                                                                  cgdb built from master was the only usable linux debugger I found when I looked a few years ago, providing an experience similar to that of 22 year old Visual Studio but with more crashes. Other gdb wrappers either don’t work or are unusable. lldb is unusable too.

                                                                                                  It’s unfortunate, but really not any different to the rest of linux userspace…

                                                                                                  1. 1

                                                                                                    I keep wishing RemedyBG would come to linux.

                                                                                                  1. 4

                                                                                                    This isn’t a very interesting or useful link: project status and a git commit summary. This is better.

                                                                                                    https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.10-Released

                                                                                                      1. 1

                                                                                                        At the same time is just the relevant content, without the megabytes of ads that Phoronix has.

                                                                                                      1. 3

                                                                                                        A lot to ponder on, but I’m very disappointed that this type of research limit itself to raising issues with electronic voting instead of actually trying to find answers to these issues. This type of defeatism is annoying to me personally.

                                                                                                        At the same time it’s also annoying that some the signaled problems are present in mail in voting, and the research does not seem to acknowledge that.

                                                                                                        I feel like an acceptable electronic system should be at least as safe(or unsafe) as a mail in ballot system, as it fulfills more or less the same function: an alternative method for the people for which queuing at a voting station is undesirable or impossible.

                                                                                                        1. 5

                                                                                                          Slavery was bad. That doesn’t necessarily mean that all slave owners (like George Washington) were complete monsters, nor does it mean the word “master” had any negative connotation back then.

                                                                                                          Any shred of positive intent that I was trying to assume on behalf of the author was immediately thrown out the window here. They might as well have written #notallslaveowners

                                                                                                          1. 5

                                                                                                            Maybe Felipe just wants to say that dismantling all the positive contributions of people that also have bad ones is a failing strategy for society as a whole. Or at least that’s how I interpret what he said.

                                                                                                            I don’t think that jumping straight to vilifying and name calling is a good way to further the discussion.