1. 2

Oddball is hiring a Senior Full Stack Engineer (React, Rails) and a Devops engineer (AWS, Terraform). We work on cool projects like vets.gov and are partnered with AdHoc - the agency that salvaged the original healthcare.gov project. Fully remote, great compensation, US based only.

1. 1

Out of curiosity (I’ve always wanted to ask someone this), what’s the motivation for US-based only?

I’m an American living in Canada, and it’s a bit of a head-scratcher how often I see this. Having worked remotely for US companies in the past, I have trouble figuring out what it is that the companies adding this disclaimer are worried about.

1. 2

In this particular case the project we’re hiring for is under the umbrella of the US Gov’t, and any contractor/subcontractor is required to be located in the United States. (AFAIK).

1. 10

The security researcher also recommended we consider using GPG signing for Homebrew/homebrew-core. The Homebrew project leadership committee took a vote on this and it was rejected non-unanimously due to workflow concerns.

This is incredibly sad and makes me wonder what part of the workflow would have been impacted. Git automatically signs the commits I make for me once I have entered my password once, thanks to gpg-agent.

1. 3

They have a bot which commits hashes for updated binary artifacts. If all commits needed to be signed, it’d need an active key, and now you have a GPG key on the Jenkins server, leaving you no better off.

1. 2

But gpg cannot work with multiple smartcards at the same time, so maybe that’s a reason for some people. Either way there are simpler ways to deal with signing than gpg

1. 1

GPG signing wouldn’t have fixed this vulnerability as such, since presumably the same people not thinking about the visibility of the bot’s token would have equally failed to think about the visibility of the bot’s hypothetical private key

1. 12

Say what you will about the Ruby community, but I’ve never seen them fly into a moral panic over a tiny syntax improvement to an inelegant and semi-common construct.

The person-years and energy spent bikeshedding PEP 572 are just astoundingly silly.

1. 7

Say what you will about the Ruby community, but I’ve never seen them fly into a moral panic over a tiny syntax improvement to an inelegant and semi-common construct.

Try suggesting someone use “folks” instead of “guys” sometime…

1. 13

I switched to folks and do you know how satisfying of a word it is to say? “Hey folks? How’s it going folks? Listen up folks!” I love it.

On the other hand the interns weren’t too keen on “kiddos.”

1. 6

I’ve gotten used to saying “’sup, nerds” or “what are you nerds up to?”

1. 4

A man/woman (or nerd, I guess) after my own heart! This has been my go-to for a while, until one time I walked into my wife’s work (a local CPA / tax service) and said, “What up, nerds?” It didn’t go over so well and apparently I offended some people – I guess “nerd” isn’t so endearing outside of tech?

Thankfully, I don’t think I learned anything from the encounter.

1. 3

It’s not endearing within tech to anyone over 40.

1. 2

I generally only use it in a technical setting – so within my CS friend group from college, other programmers at work, etc… whenever it’s clear that yes, I am definitely not trying to insult people because I too am a nerd.

2. 1

as @lmm notes above, a minimalist, consistent syntax is an important part of python’s value proposition. in ruby’s case, adding syntactic improvements is aligned with their value proposition of expressiveness and “programmer joy”, so it’s far less controversial to do something like this.

1. 4

My experience is that this is just utterly wrong - I’m not even sure how to start to respond. Of course the best way to express a program fragment is a programming language. Of course the best way to think about a program is with a programming language. There is no distinction between programming and mathematics - of course you want to think mathematically about what you’re constructing, but the best languages for that are programming languages. Why would you want two subtly different descriptions of your program that need to be kept in sync when you could have one description of your program? Some programming languages distract from writing a good expression of your construction by making you specify irrelevant execution details, but the appropriate response is to avoid those languages. A good mathematical description of your algorithm is a program that implements your algorithm, given a decent compiler - and thankfully we’re good enough at those these days.

1. 9

Lobster’s own Hillel expressed it really well just a few days ago:

So many software development practices - TDD, type-first, design-by-contract, etc - are all reflections of the same core idea:

2. Sanity-check your plan

It’s reasonable to want that “plan ahead” stuff to be incorporated in the program (design by contract, tdd), but using an external plan can have a large chunk of the benefit.

1. 6

Maybe, but that’s not an argument for using a non-integrated, harder-to-check plan if you have the option of building the “plan” right into the program.

1. 4

Because there’s design tradeoffs in specification. Integration is a pretty big benefit but also a pretty big cost, often reducing your expressiveness (what you can say) and your legibility (what properties you can query). As a couple of examples, you can’t use integrable specifications to assert a global property spanning two independent programs. You also can’t distinguish between what are possible states of the system and what are valid states, or what behavioral properties must be satisfied.

2. 7

Strong disagree here; you get a lot more expressive power when using a specification language. Let me pose a challenge: given a MapReduce algorithm with N workers and 1 reducer, how do you specify the property “if at least one worker doesn’t crash or stall out, eventually the reducer obtains the correct answer”? In TLA+ it’d look something like this:

(\E w \in Workers: WF_vars(Work(w))) /\ WF_vars(Reducer)
=> <>[](reducer.result = ActualResult)


Why would you want two subtly different descriptions of your program that need to be kept in sync when you could have one description of your program?

I’ve written 100 line TLA+ specs that captured the behavior of 2000+ lines of Ruby. Keeping them in sync is not that hard.

1. 9

I’ve written 100 line TLA+ specs that captured the behavior of 2000+ lines of Ruby. Keeping them in sync is not that hard.

Keeping code in sync with comments that literally live along side them is even more “not that hard”, and yet fails to happen on an incredibly regular basis.

In my experience, in any given system where two programmer artifacts have to be kept in sync manually, they will inevitably fall out of sync, and the resulting conflicting information, and confusion or mistaken assumption of which one is correct, will result in bugs and other programmer errors impacting users. The solution is usually to either generate one artifact from the other, or try to restructure one artifact such that it obviates the need for the other.

1. 4

Keeping code in sync with comments that literally live along side them is even more “not that hard”, and yet fails to happen on an incredibly regular basis.

The difference is that if your code falls out of sync with your comments, your comments are wrong. But if your code falls out of sync with your formal spec, your code probably has a subtle bug. So there’s a lot more instutional pressure to update your spec when you update the code, just to make sure it still satisfies all of your properties.

The solution is usually to either generate one artifact from the other, or try to restructure one artifact such that it obviates the need for the other.

This has been a cultural problem with formal methods for a long time: people don’t value specifications that aren’t directly integrated into code. This has held the field back, because actually getting direct integration is really damn hard. It’s only in the past 15ish years that we’ve accepted that it’s alright to write specs that can’t generate code, and that’s why Alloy and TLA+ are becoming more popular now.

1. 6

The difference is that if your code falls out of sync with your comments, your comments are wrong. But if your code falls out of sync with your formal spec, your code probably has a subtle bug

What justifies that assumption. Some junior will inevitably, in response to some executive running in with their hair on fire over some “emergency”, alter the behaviour of the code to “get it done quick” and defer updating the spec until a “later” that may or may not ever arrive. Coming along and then altering the code to meet the spec then re-introduces the emergency situation.

The fundamental problem here is that you’ve created two sources of truth about what the application should be doing, and you cannot a priori conclude that one or the other is always the correct one.

1. 6

And what happens when that “emergency” fix loses your client data, or breaks your data structure, or ruins your consistency model, or violates your customer requirements, or melts your xbox, or drops completed jobs?

Yes, it’s true that sometimes the spec needs to be changed to match changing circumstances. It’s also seen again and again that specs catch serious bugs and that diverging from them can be seriously dangerous.

1. 2

And what happens when that “emergency” fix loses your client data, or breaks your data structure, or ruins your consistency model, or violates your customer requirements, or melts your xbox, or drops completed jobs?

Nobody’s arguing that the spec is useless, just that the reality is that it does introduce risks that require care and attention and which cannot be handwaved away with “keeping them in sync is not that hard” because sync issues will bite organizations in the ass.

2. 2

It’s only in the past 15ish years that we’ve accepted that it’s alright to write specs that can’t generate code, and that’s why Alloy and TLA+ are becoming more popular now.

It would be very helpful if you could at least generate test cases from those specs though. But then that’s why I work on a model based testing tool ;)

1. 2

Which one?

1. 3

Proprietary of my employer (Axini). Based on symbolic transition systems, a Promela and LOTOS inspired modeling language and the ioco conformance relation. Related open source tools are TorX/JTorX/TorXakis. Our long term goal is model checking, but we believe model based testing is a good (necessary?) intermediate step to convince the industry of the added value by providing a way where formal modeling can directly help them test their software more thoroughly.

1. 2

Really neat stuff. Thanks. I’ll try to keep Axini in mind if people ask about companies to check out.

1. 2

Thanks, I’ve also been regularly forwarding articles and comments by you to colleagues :)

1. 1

Cool! Glad thry might be helpig yall out.:)

3. 2

This was a problem in high-assurance systems. All write-ups indicated it takes discipline. That’s no surprise given that’s what good systems take to build regardless of method. Many used tools like Framemaker to keep it all together. That said, about every case study I can remember found errors via the formal specs. Whether it was easy or not, they all thought they were beneficial for software quality. It was formal proof that varied considerably in cost and utility.

In Cleanroom, they use semi-formal specs meant for human eyes that are embedded right into the code as comments. There was tooling from commercial suppliers to make its process easier. Eiffel’s Design-by-Contract kept theirs in the code as well with EiffelStudio layering benefits on top of that like test generation. Same with SPARK. The coder that doesn’t change specs with code or vice versa at that point is likely just being lazy.

2. 3

Why would you want two subtly different descriptions of your program that need to be kept in sync when you could have one description of your program?

For example to increase the number and variety of reviewers and thus reducing bugs.

A good mathematical description of your algorithm is a program that implements your algorithm

Are you thinking of a specific compiler? I agree that programmers think mathematically even when they use programming languages to express their reasoning, but I still feel some “impedence” in every language I use.

1. 3

For example to increase the number and variety of reviewers and thus reducing bugs.

That seems very unlikely though. Even obscure programming languages are better-known than TLA+. More generally I can’t imagine getting valuable input on this kind of subject from anyone who wasn’t capable of understanding a programming language. I find the likes of Cucumber to be worse than useless, and the theoretical rationale for those is stronger since test cases seem further away from the essence of the program than program analysis is.

Are you thinking of a specific compiler? I agree that programmers think mathematically even when they use programming languages to express their reasoning, but I still feel some “impedence” in every language I use.

I mostly work in Scala so I guess that influences my thoughts. There are certainly improvements to the language that I can imagine, but not enough to be worth using something other than the official language when communicating with other people.

1. 2

Sadly the Rust Edition Guide seems broken on iPad (and other mobile devices?) so it’s hard to learn more about these changes.

1. 3

The problem is, that we have to treat work as an environment where we do not feel like we are surrounded by predators. Sure, you can steal somebodies purse and car keys or even lunch to prove a point, but honestly, I do not see where that leads to. Yes there are bad guys and all that, but things have to stay in balance. Are we all supposed to have firearms on ourselves just in case? That is what this seems to lead to. Be afraid of everybody and trust nobody. What kind of a world is that?

Also, laptop locks are funny these days where everybody has a Mac and no way to lock them…

1. 7

Be afraid of everybody and trust nobody. What kind of a world is that?

Capitalism?

1. 2

“An armed society is a polite society.” -Robert Heinlein, Beyond This Horizon

The point of the talk is that security starts at the physical world, and that everyone is afraid of “evil hackers” or Russia/China, when they should be concerned about who’s in their facilities.

An unrecognized face should definitely be questioned, which is why at high security facilities (i.e. an airport), keys and cards are required to get into say, the data room, with an escort. Obviously, visitor badges should be required, and an escort is a good option, also, in order to keep out the bad guys at the physical layer (obviously, this doesn’t include security at every other layer, such as a legacy telephone system voicemail running on NT 4.0 that can be NetMeetinged into and compromised very simply, or someone having a 0-day for a service ran on-site and exposed to the public).

1. 3

“An armed society is a polite society.” -Robert Heinlein, Beyond This Horizon

By that definition the US is the politest place in the world. It clearly is not.

1. 1

It may not be, but then again, not everybody in the U.S. owns a firearm.

1. 10

The US does own many more firearms than other notoriously more-polite societies (Japan, say) though.

The obvious conclusion here is that there’s no real reason to think that the fun Sci-Fi Writer had any real insight into or facts to support his take on the topics of armed civilians, trust, and what makes for a livable society – at the end of the day it’s just a pithy turn of phrase.

1. 4

Im a pro-gun person from a former, murder capital in the South: Memphis, TN. Most of us would laugh at the quote given the number of assholes and thugs we’ve run into in our lives.

We do think a high amount of firearms, esp concealed, reduces number or success of physical attacks since many attackers are basically wimps or arent in top shape mentally. Many of us think of it as check against government worst-case scenarios. For many others, it’s a tradition, recreational activity, family bonding, protecting cattle/crops, and/or self reliance for food sources. A few deer can feed a poor family quite a while for the price of some bullets. Grocery stores nowhere near that cheap.

It doesn’t make the area more polite, though. Some situations are even scarier when they might have concealed weapons. Hell, some calm people become assholes when they have power of life and death at their fingertip.

1. 4

An armed society is a society that thinks problems should be solved with arms.

1. 1

An armed society is one that thinks a corrupt government might be a problem that takes guns to solve. That problem and solution is how America itself was created.

Then, they created a Constitution. It said most problems are to be solved by individual citizens within the country’s laws, legislative bodies, executive branch/agencies, and court system. And in pro-gun America, that most problems are resolved using those instead of the guns totally disproves your point in general case. Cops and gun owners rarely shoot people out here. Mostly gangsters doing that.

1. 1

While I agree with some of the “examples” listed, I don’t think it’s fair to say microservices are “hyped and volatile”. Microservice architecture isn’t some advent to the computing world. Conceptually, it’s been around for a long long time when you look at operating system kernels. I’d also argue that building software that “does one thing and does it well” is not a new idea either (i.e. UNIX design philosophy).

While the author has some good points, that one seems poorly thought out. Perhaps microservice means something different to the author?

1. 2

Conceptually many ideas, including NoSQL, have been around for ages. It seems clear to me that the criticism in both cases are in references to the fad of microservices-for-microservices-sake and NoSQL-for-NoSQL’s-sake fads in Web Application Architecture, where there is often no real rationale behind their choice other than they are the trendy topics on the web conference circuits.

(And yes, obviously, there are circumstances in which a microservices approach or a particular NoSQL solution make good sense – these are frequently not, unfortunately, the circumstances in which I have tended to see them used professionally).

1. 4

Indeed, major cryptocurrencies like Bitcoin and Ethereum have maintained their security quite well — better, arguably, than any other digital asset/payment system in history …

That’s a hell of a claim.

1. 2

Yeah, the MULTOS-based solutions seem to be fairing quite well. Mondex did, too, on its software and protocol assurance. The weakness was storing the value on a card with limits on tamper-resistance. There’s cryptocurrency “wallets” essentially doing the same thing with less security put into their software stacks. A few HSM’s and smartcards are also doing better on the hardware side for tamper-resistance. That different banks use different ones to check transactions within and between banks adds security through diversity.

I think the claim is well-refuted between the stronger implementations of prior work and fewer known compromises.

1. 2

Am I the only one that thinks that all these netflix things are extremely over-engineered? The bulk of their content is not even served from AWS, but from boxes that are close to the eyeballs.

I am not saying, I could build one in a weekend or anything like it, but what do all these servers do? There is hardly any user interaction, except search and maybe giving a rating. The search is also not that big, given the size of the catalog they serve per country. The traffic comes from local caches. What is all this for, except keeping engineers in the bay area busy?

1. 19

just a psa, I don’t and have never worked for Netflix, all of this is mostly conjecture from experience.

sure, I think that micro service bloat is probably a problem that they have. and many of the FANG companies suffer from NIH (not invented here syndrome), in some cases because of (IMO) broken promotion processes that require engineers to ship “impactful” work at all costs, and in others just because they have an unlimited amount of money to spend on engineering time.

That being said, even the most trivial problems become quite difficult at the scale that they’re working at – they have 125 million subscribers worldwide, which means peak time is almost all of the time. In addition, maybe you only use search and ratings, but what about admin UI’s? What do customer service teams use? What tooling do content creators use to get materials onto their platform, and what do they use to monitor metrics for content once it’s uploaded? What about ML and BI concerns, SOC2 concerns, GDPR concerns? I could go on forever perhaps. It’s very difficult to reconstruct all of the reasons for the way any platform evolved the way it did without getting a historical architecture overview. But! Their service is very reliable and their business is profitable, so they must be doing something right. (not that there isn’t always room for improvement)

1. 15

There was a good presentation at StrangeLoop last year: Antics, Drift, and Chaos. The short version is “Netflix is a monitoring company that, as an interesting and unexpected byproduct, also streams movies.”

1. 1

this is great! thanks for the link – I’ve got to get to strangeloop next year.

1. 1

What kind of monitoring do they do, do you know?

1. 3

We use Atlas for monitoring.

2. 1

The result and the press is not as important as the journey. Being able to failover that quickly such a huge infrastructure is impressive, but the most important part is how they managed to achieve this and improve their work-flow, resiliency, and many other things along the way!

1. 1

I assume these other boxes are Very Important^TM for authorization and provides the search/indexing functionality of their service. The CDN boxes they ship out do nothing but host the videos, and not all videos exist on each box, so something would have to handle directing you to the correct node.

You can’t stream the videos if you can’t get authorization, so…

1. 1

Those boxes they ship to ISPs only hold a subset of content. They still have to deal with routing a request to the closest node with the content they want, and update the ISP cache box with that content when there’s a spike in demand for something that isn’t cached locally. If your AWS nodes are down and nobody on the ISP requested Star Trek in the last N hours, you’re up shit creek with the customer requesting it unless you have a good fail over strategy.

I doubt those ISP cache nodes do local authentication or billing, either.

1. 1

Do you know where the movie content lives though? I’d be surprised if any of it was served from AWS hosts, instead I’d expect it on a CDN somewhere. I don’t think @fs111 is saying that Netflix doesn’t do anything, but rather does their architecture actually make sense given what they do?

My two cents is that it is probably overengineered and that is probably because it happened organically because nobody really knew what they were doing. With hindsight we could probably say some things are needed or could be done simpler.

1. 2

The video content, at least as of a couple of years ago, is encoded by EC2 instances into a bunch of qualities/formats (some on demand, I believe?), which live in S3 and are shuttled to around to various ISP cache nodes as needed.

Netflix doesn’t use a CDN, they are a CDN.

1. [Comment removed by author]

1. 2

S3 isn’t geographically distributed at all. It’s RAID with a REST API. It’s nothing like a CDN – Netflix does all the CDN things (replication, dynamic routing-by-proximity, distributing content to multiple edges close to customers) at their own layer above the storage layer.

1. -1

I disagree with Stallman here.

If you surrender your data, then you do not have any right over them. If you upload your photos to facebook, then facebook has them.

For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.

1. 25

More and more we are getting forced to use services that spy on us. Cash is being phased out for credit cards and mobile payments. I can’t even pay for parking at my uni without installing their mobile app. We need laws to protect us from these companies because they are impossible to 100% avoid.

1. [Comment removed by author]

1. 40

Governments aren’t there to protect you.

That is literally what governments are for.

1. 3

Not anymore… at least here where I live, Government is composed of people and people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed. I see government as an instrument of power, some will use this power to help society, others to accumulate wealth at the expense of society.

1. 31

What your particular government does and what the purpose of the government is are two separate topics.

1. 2

That is true but still, you can probably agree with me that when dealing with the real world, the creators intention has very little bearing in whatever usage people do of something. For example: the web was a way to share scientific hypertext and now we’re doing crazy stuff with it, or, tide pods were supposed to be used for laundry… governments, much like many other human creations happened over time, in different places, with different purposes. Monarchy is government but one can argue that historically it was not meant to protect people, dictatorships also work that way. We can say that the “platonic ideal of a pure and honest government” is to protect people but thats just us reasoning after the fact. There are no “letter of intention” about creation of government which all governments across time and space need to follow. What we perceived as “purpose” has very little meaning to what actually happens.

Personally, I find most interesting when things are not used accordingly to the creators intention, this creative appropriation of stuff by inventive users is at the same time what spurs a lot of cool stuff and what dooms us all, we here in Brazil have a moniker for it “Jeitinho Brasileiro” which could be translated as an affectionate version of “the brazilian way”. Everyone here is basically born in a fractal of stuff whose real world usage does not reflect its ideal purpose to the point that it is IMHO what makes us creative and cunning.

1. 3

Monarchy is government but one can argue that historically it was not meant to protect people…

Well, monarchy was actually a simple protection racket. It enabled a significant growth of the agricultural society through stabilization of violent power — no raids, just taxes.

We can say that the “platonic ideal of a pure and honest government” is to protect people…

That’s unreasonable. Establishment of a democratic government is just a consensus seeking strategy of it’s electorate. A move from a simple racket to a rule of law that is a compromise of various interests.

In feudalism, people choose other people to follow. In democracy, people chose policies to enact. Both systems are very rough and fail in various ways, but democracy has evolved because it just makes more people a lot less unhappy than an erratic dictator ever can.

… people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed…

You seem to be alienated from the political process and perceive your government as something that is not actually yours to establish and control. That’s a very dangerous position for you to take, since government has a monopoly on violence. Of course others won’t take you automatically into consideration. That’s what you do every time you do virtually anything — you never take the full situation into account.

But you just can’t quite ditch the government… otherwise your neighbor might try building a nuclear reactor using whatever he got from the Russians, which is something you (and perhaps a few other neighbors) might be against. Then on the other hand, he might convince a few others that the energy will be worth it… so you meet up, decide on some rules that will need to be followed so as to prevent an armed conflict and in the end, some who originally opposed the project might even join it to ensure it’s safety and everyone will benefit from the produced energy.

1. 5

Friend, lets agree to disagree. What you say do make sense, I am not saying you’re talking bullshit or anything like that, on the contrary, I find your arguments plausible and completely in tune with what I’ve learned at the university buuuuut my own country has been a monarchy, an “empire”, a monarchy again, a republic, a dictatorship, a republic again, an who knows what will happen before 2018 ends.

Our experience, is vastly different than what is explained above. I haven’t said we’re out of the political process, heck, I’ve organized demonstrations, helped parties I was aligned with, entered all the debates I could long ago, I was a manager for a social program, and am married to an investigative journalist. I am no stranger to political processes, but it is a very simplistic approach to say “(…) your government as something that is (…) yours to establish and control”, this sidesteps all the historical process of governments here and how the monopoly of violence is used by the powerful (which might or might not be actual government) with impunity on anyone who tries to pull government into a different path. Couple weeks ago, one of our councilwoman was executed by gunshots to her car (where a friend of mine was as well as she worked for her), killing our rising star politician, and the driver, and forever traumatizing my friend. I have tons of stories about people dying while trying to change things. Talking about the root of feudalism is meaningless to whatever is happening today. Today people die for defending human rights here (and elsewhere).

Academic and philosophical conversations about the nature and contracts of government are awesome but please, don’t think this shit is doable, lots of people here died trying to improve the lifes of others. I don’t know if you’ve ever been to a place like here, those conversations don’t really apply (we still have them though).

2. 1

I do think it’s important for people to have the power to keep the government accountable. Without checks and balances the government looks after its own interests as opposed to those of its constituents.

2. 7

I clicked at your profile with absolute certain that you’d be from Brazil. Now I’m kinda depressed I was right.

1. 4

Can spot a Brazilian from miles away right? Don’t know if I laugh or cry that we’re so easy to recognize through our shared problems.

2. 3

I can feel your pain (and I admire your courage for talking in a public space about the issues you see in your government).

But @Yogthos is right: we should not be afraid of our governments, at least not of democratic ones.

In democracy the government literally exists to serve people. If it doesn’t, it’s not a democracy anymore.

1. 3

@soapdog @yogthos @dz This is an interesting discussion for me (though not appropriate for lobste.rs). Any interest in discussing this together, say over email or something else. I’ve always wanted to discuss this topic of government vs individual corporations but it’s a complex subject and hard to keep devolving into a bar-fight.

1. 0

Change the name then, not the definition of what it is.

2. 2

Shouldn’t governments primariy govern? For whatever reason, but usually something along the lines of “the common good” or “to protect (individual) rights”? But sometimes sadly also in the interests of the more powerful in society…

1. 0

Why do you believe that is the purpose of governments? Can you imagine a situation where something recognized as a government doesn’t protect it’s citizens in some cases?

Is the government supposed to protect you if you put your hand in a garbage disposal, slip in the shower, or attempt suicide?

2. 11

Governments aren’t there to protect you.

They’re definitely there to protect us. However, they’re also their own separate entity. They’re also a group of ambitious, often-lying people with a variety of goals. They can get really off track. That’s why the folks that made the U.S. government warned its people needed to be vigilant about it to keep it in check. Then, its own agents keep the individuals or businesses in check. Each part does its thing with discrepencies corrected by one of the others hopefully quickly. The only part of this equation failing massively is the people who won’t get the scumbags in Congress under control. They keep allowing them to take bribes for laws or work against their own voters. Fixing that would get a lot of rest in line.

We have seen plenty of protection of individuals by laws, regulations, and courts, though. Especially whenever safety is involved. In coding, the segment with highest-quality software on average right now is probably group certifying to DO-178B for use in airplanes since it mandates lots of activities that reduce defects. They do it or they can’t sell it. The private sector’s solution to same problem was almost always to lie about safety while reducing liability with EULA’s or good legal teams. They didn’t produce a single, secure product until regulations showed up in Defense sector. For databases, that wasn’t until the 1990’s with just a few products priced exhorbitantly out of greed. Clearly, we need a mix of private and public action to solve some problems in the marketplace.

1. 0

Governments shouldn’t impose speed limits, people should just drive at reasonably safe speeds.

Just because a particular behaviour might be most beneficial to a person, does not mean they will do it. Because consumers’ behaviour has not changed (and will not), this type of surveillance has proliferated to the point it’s nearly impossible to escape, even for the most dedicated privacy advocate.

1. 2

Funny you should mention that…the setting of speed limits to drive revenue irrespective of actual engineering and human factors is pretty well documented at this point.

3. 5

For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.

But that’s precisely what fails when dealing with Facebook et al, isn’t it?

No matter how assiduously you or I might refuse to sign up for Facebook and its ilk, block their tracking scripts, refuse to upload our photos, our text messages, our data – other people sign up for these things, and give these services permission to index their photos and text message logs etc, and Facebook builds a comprehensive shadow profile of you and I anyways.

There is no avoiding or opting out of this short of opting out of all human contact, at this point, and the “simple”-sounding solution of “let every individual decide for themselves!” completely fails to engage with the collective consequences that everyone is losing privacy regardless of what decision they make individually.

When your solution doesn’t engage with reality, it’s not useful.

1. 4

But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access

This will be true when everybody will be able to program and administrate a networking system.

That’s the only way people can understand what they are giving and for what.

Till then, you must protect them from people who use their ignorance against them.

1. 1

You can’t protect people from their own ignorance, long-term, except by education.

1. 3

You have to. No citizen can foresee the effects of all their actions. The technology we use today is too complicated to understand all of it.

That’s why generally everything needs to be safe by default.

1. 3

The technology we use today is too complicated to understand all of it.

The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.

That’s why generally everything needs to be safe by default.

Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.

No citizen can foresee the effects of all their actions.

Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.

~

We can’t make the world safe for people that won’t learn how to be safe, and efforts to do so harm and inhibit everybody else.

1. 6

The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth. … You can’t protect people from their own ignorance, long-term, except by education.

Try buying an oven that will spontaneously catch fire just by being on. It’s going to be complicated, because there are mandatory standards. And it’s a good thing they are this reliable, right? Leaves us time to concentrate on our work.

Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.

Because a lot of shouting from many sides went into the discussions before the laws were enacted. Much like you discuss your network infrastructure policies with your colleagues instead of just rewiring the DC as you see fit every once in a while.

1. 3

The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.

No.

Engineering is about finding solutions by using every bit of knowledge available.

Ignorance is an enemy to fight or work around, but for sure it’s not something to embrace!

That’s why generally everything needs to be safe by default.

Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.

I agree that we should work to make programming a common knowledge, like reading and writing so that everyone can build his computing environment as she like.

And to those who say it’s impossible I’m used to object that they can read, write and count just because someone else, centuries before, said “no, it’s possible to spread this knowledge and we have the moral duty do spread it”.

But all your example are wrong.

They are ancient technologies and techniques that are way simpler than programming: humans have learnt to master them and teach each generation how to do so.

We have to protect people.

The states and laws can help, but the first shield of the people against the abusive use of technology are hackers.

We must spread our knowledge and ethics, not exploit the ignorance of others for a profit.

1. 2

Are Nokia/HMD selling phones directly to end users? They only have to provide the source (or a written offer to provide the source) to anyone they’re supplying phones to. It’s up to whoever sells you the phone to provide the same to you. I’m not even sure section 3.c of GPLv2, which lets you pass on a written offer from someone else, can be invoked when selling phones since it specifically excludes commercial distribution.

1. 3

Are Nokia/HMD selling phones directly to end users? They only have to provide the source (or a written offer to provide the source) to anyone they’re supplying phones to.

They’re distributing OTA Android updates to end users (see eg: here). That alone is enough to require them to provide the source to any GPL software they are distributing to any users who receive it.

1. 17

Lmao bad defaults should not be kept. No defaults are frequently just another form of bad defaults.

1. [Comment removed by author]

1. 30

If it were only sysadmins who paid the price, I’d be a lot more sympathetic to this argument.

We can and should learn from decades of FAA practices and recognize that all sysadmins are human, all will make a mistake somewhere, and the correct response to that is to alter our tools and procedures to mitigate those mistakes, because we have not as yet succeeded in breeding the infallible human.

1. 3

Is there a pithy phrase that encapsulates the whole, “People make mistakes, proper tools and processes prevent them.”?

2. 5

That’d be great if it were actually the sysadmins being punished, not the users.

3. 1

If I’m remembered for nothing else, could it be this quote?

1. 4

Talking about the C++ parts, because I know nothing about D, and a leetle bit about C++: A core complaint of this article is summed up by this statement

All of this means that const actually provides zero guarantees about an object not being mutated

Yes, C++ is one of those languages where there are no guarantees. If you let a madman loose on your code base, you will need to look over your shoulder for the rest of your life.

But, I would describe C++ as the language of consenting adults. I’ve had code where I’ve passed an object as const but I needed to mark some things as mutable. This has happened to me because of locks and there is a nice discussion about mutable here.

I guess this article is another piece in a larger dialog that pushes for languages to save us from ourselves, but that protection always comes at a cost. Always.

1. 11

I think the issue is that even the brightest consenting adults keep making mistakes that have disastrous consequences. And you’re right that safety comes at a cost, but for a lot code it’s free, and we can explicitly mark things as footgun when needed, instead of it being the default.

1. 6

Yes, C++ is one of those languages where there are no guarantees. If you let a madman loose on your code base, you will need to look over your shoulder for the rest of your life.

I would suggest that a more useful rubric for evaluating safety features like const is less “will it save me from a madman in my codebase” and more “will it prevent me from gunfooting myself in some subtle way that ends up leaking sensitive information” or “killing a patient” or some equally costly event.

My feeling on features like this really changed when realized that to a first approximation, nobody is designing them to make madmen sane or idiots brilliant. Rather, these features are designed as a pragmatic, FAA-style response to the fact that we are human and that no amount of smarts or paying attention will ever prevent us from unintentionally screwing up, with terrible consequences. Therefore, our tools should accommodate our fallibility if we are ever to deliver less spectacularly crappy software than is the current norm.

1. 4

I’ve had code where I’ve passed an object as const but I needed to mark some things as mutable. This has happened to me because of locks and there is a nice discussion about mutable here.

This is not limited to c++. For example in Rust, std::sync::Mutex::lock borrows immutably, but when check implementation, you will see that all it does is call unsafe methods. The difference is that c++ does not pretend that locking is const, but rust pretends that locking is safe. In both cases it is up to author of library to make sure that logical constnes/safeness is preserved.

1. 0

C++ is a language for consenting adults.

Love this, going to have to steal it.

1. 7

Here Menard bases his comments on a Marxist view where talking of GOTO statements as “cheap” and procedure calls as “expensive” present an invalid dichotomy, since a capitalist economy tries to extract surplus value from open source work, and not from CPU cycles.

Hahahaha wow, this is really well done. I had to go back to the original to see if the author had based it on one of the points in the list or come up with it on their own.

1. 3

McCarthy, at least when I used to debate him on Usenet was a far right ideologue - but much nicer than the current ones. His parents were communist labor organizers.

1. 1

I knew it was somewhere:

There was a general confidence in technology as being simply good for humanity. I remember when I was a child reading a book called 100,000 Whys — a Soviet popular technology book written by M. Ilin from the early 1930’s. I don’t recall seeing any American books of that character. I was very interested to read ten or fifteen years ago about some extremely precocious Chinese kid and it was remarked that he read 100,000 Whys.

1. 1

I considered an intelligent thing as a finite automaton connected to an environment that was a finite automaton.

This suddenly reminded me of Legg’s and Hutter’s definition of intelligent agent… and indeed McCarthy is cited there: http://www.vetta.org/documents/legg-hutter-2007-universal-intelligence.pdf

1. 46

Half this article is out of date as of 2 days ago. GOPATH is mostly going to die with vgo as is the complaint about deps.

Go is kind of an example of what happens when you focus all effort on engineering and not research.

Good things go has:

• Go has imo the best std library of any language.
• Go has the best backwards compatibility I have seen (I’m pretty sure code from go version 1.0 still works today.).
• Go has the nicest code manipulation tools I have seen.
• The best race condition detector tool around.
• An incredibly useful in practice interface system. (I once used the stdlibrary http server over a serial port because net.Listener is a simple interface)
• The fastest compiler to use, and to build from source.
• Probably the best cross compilation story of any language, and uniformity across platforms, including ones you haven’t heard of.
• One of the easiest to distribute binaries across platforms (this is why hashicorp, cockroachdb, ngrok etc choose go imo).
• A very sophisticated garbage collector with low pause times.
• One of the best runtime performance to ease of use ratios around.
• One of the easier to learn languages around.
• A compiler that produces byte for byte identical binaries.
• incredibly useful libraries maintained by google: (e.g. Heres a complete ssh client and server anyone can use: https://godoc.org/golang.org/x/crypto/ssh)
• Lots of money invested in keeping it working well from many companies: cloud flare, google, uber, hashicorp and more.

Go is getting something that looks like a damn good versioning story, just way too late:

Go should have in my opinion and order of importance:

• Ways to express immutability as a concurrent language.
• More advanced static analysis tools that can prove properties of your code (perhaps linked with the above).
• Generics.
• Some sort of slightly more sophisticated pattern matching .

Go maybe should have:

• More concise error handling?
1. 53

I have been involved with Go since the day of its first release, so almost a decade now, and it has been my primary language for almost as long. I have written the Solaris port, the ARM64 port, and the SPARC64 port (currently out of tree). I have also written much Go software for myself and for others.

Go is my favorite language, despite everything I write below this line.

Everything you say is true, so I will just add more to your list.

My main problem with Go is that, as an operating system it’s too primitive, it’s incomplete. Yes, Go is an operating system, almost. Almost, but not quite. Half and operating system. As an operating system it lacks things like memory isolation, process identifiers, and some kind of a distributed existence. Introspection exists somewhat, but it’s very weak. Let me explain.

Go presents the programmer with abstractions traditionally presented by operating systems. Take concurrency, for example. Go gives you goroutines, but takes away threads, and takes away half of processes (you can fork+exec, but not fork). Go gives you the net package instead of the socket interface (the latter is not taked away, but it’s really not supposed to be used by the average program). Go gives you net/http, instead of leaving you searching for nginx, or whatever. Life is good when you use pure Go packages and bad when you use cgo.

The idea is that Go not only has these rich features, but that when you are programming in Go, you don’t have to care about all the OS-level stuff underneath. Go is providing (almost) all abstractions. Go programming is (almost) the same on Windows, OpenBSD and Plan 9. That is why Go programs are generally portable.

I love this. As a Plan 9 person, you might imagine my constant annoyance with Unix. Go isolates me from that, mostly, and it is great, it’s fantastic.

But it doesn’t go deep enough.

A single Go program instance is one operating system running some number of processes (goroutines), but two Go program instances are two operating systems, instead of one distributed operating system, and in my mind that is one too many operating systems.

“Deploying” a goroutine is one go statement away, but deploying a Go program still requires init scripts, systemds, sshs, puppets, clouds, etc. Deploying a Go program is almost the same as deploying C, or PHP, or whatever. It’s out of scope for the Go operating system. Of course that’s a totally sensible option, it’s just doesn’t align with what I need.

My understanding about Erlang (which I know little of, so forgive me if I misrepresent it) is that once you have an Erlang node running, starting a remote Erlang process is almost as easy as starting a local Erlang process. I like that. I don’t have to fuck with kubernetes, ansible, it’s just a single, uniform, virtual operating system.

Goroutines inside a single process have very rich communication methods, Go channels, even mutexes if you desire them. But goroutines in different processes are handicaped. You have to think about how to marshal data and RPC protocols. The difficulty of getting two goroutines in different processes to talk to each other is the about the same as getting some C, or Python code, to talk to Go. Since I only want Go to talk to Go, I don’t think that’s right. It should be easier, and it should feel native. Again, I think Erlang does better here.

Goroutines have no process ids. This makes total sense if you restrict yourself to a single-process universe, but since I want a multi-process universe, and I want to avoid thinking about systemds and dockers, I want to supervise goroutines from Go. Which means goroutines should have process ids, and I should be able to kill and prioritize them. Erlang does this, of course.

What I just described in the last two paragraph would preclude shared memory. I’m willing to live with that in order to get network transparency.

Go programs have ways to debug and profile themselves. Stack traces are one function call away, and there’s a easy to use profiler. But this is not enough. Sometimes you need a debugger. Debugging Go programs is an exercise in frustration. It’s much difficult than debugging C programs.

I am probably one of the very few people on planet Earth that knows how to profile/debug Go programs with a grown-up tool like DTrace or perf. And that’s because I know assembly programming and the Go runtime very well. This is unacceptable. Some people would hope that something would happen to Go so that it works better with these tools, but frankly, I love the “I am an operating system” aspect of Go, so I would want to use something Go-native. But I want something good.

This post is getting too long, so I will stop now. Notice I didn’t feel a need for generics in these 9 years. I must also stress out that I am a low-level programmer. I like working in the kernel. I like C and imperating programming. I am not one of those guys that prefers high-level languages (that do not have shared memory), so naturally wants Go to be the same. On the contrary. I found out what I want only through a decade of Go experience. I have never used a language without shared memory before.

I think Go is the best language for writting command-line applications. Shared memory is very useful in that case, and the flat, invisble goroutines prevent language abuse and “just work”. Lack of debugger, etc, are not important for command-line applications, and command-line applications are run locally, so you don’t need dockers and chefs. But when it comes to distributed systems, I think we could do better.

In case it’s not clear, I wouldn’t want to change Go, I just want a different language for distributed systems.

1. 11

I’ve done some limited erlang programming and it is very much a distributed OS to the point where you are writing a system more than a program. You even start third party code as “applications” from the erlang shell before you can make calls to them. erlang’s fail fast error handling and let supervisors deal with problems is also really fun to use.

I haven’t used dtrace much either, but I have seen the power, something like that on running go systems would also be neat.

1. 5

Another thing that was interesting about erlang is how the standard library heavily revolves around timers and state machines because anything could fail at any point. For example gen_server:call() (the way to call another process implementing the generic service interface) by default has a 5 second timeout that will crash your process.

2. 2

Yes, Go is an operating system, almost. Almost, but not quite. Half and operating system. As an operating system it lacks things like memory isolation, process identifiers, and some kind of a distributed existence.

This flipped a bit in my head:

Go is CMS, the underlying operating system is VM. That is, Go is an API and a userspace, but doesn’t provide any security or way to access the outside world in and of itself. VM, the hypervisor, does that, and, historically, two different guests on the same hypervisor had to jump through some hoops to talk to each other. In IBM-land, there were virtual cardpunches and virtual cardreaders; these days, we have virtual Ethernet.

So we could, and perhaps should, have a language and corresponding ecosystem which takes that idea as far as we can, implementation up, and maybe it would look more like Erlang than Go; the point is, it would be focused on the problem of building distributed systems which compile to hypervisor guests with a virtual LAN. Ideally, we’d be able to abstract away the difference between “hypervisor guest” and “separate hardware” and “virtual LAN” and “real LAN” by making programs as insensitive as possible to timing variation.

3. 18

How can vgo - announced just two days ago - already be the zeitgeist answer for “all of go’s dependency issues are finally solved forever”?

govendor, dep, glide - there’s been many efforts and people still create their own bespoke tools to deal with GOPATH, relative imports being broken by forks, and other annoying problems. Go has dependency management problems.

1. 2

We will see how it pans out.

2. 15

Go has the best backwards compatibility I have seen (I’m pretty sure code from go version 1.0 still works today.).

A half-decade of code compatibility hardly seems remarkable. I can still compile C code written in the ’80s.

1. 11

I have compiled Fortran code from the mid-1970s without changing a line.

1. 1

Can you compile Netscape Communicator from 1998 on a modern Linux system without major hurdles?

1. 13

You do understand that the major hurdles here are related to the external libraries and processes it interacts with, and that Go does not save you from such hurdles either (other than recommending that you vendor compatible version where possible), I hope.

2. 1

A valid point not counting cross platform portability and system facilities. Go has a good track record and trajectory but you may be right.

3. 5

Perfect list (the good things, and the missing things).

1. 3

The fixes the go team have finally made to GOROOT and GOPATH are great. I’m glad they finally saw the light.

But PWD is not a “research concern” that they were putting off in favor of engineering. The go team actively digs their heals in on any choice or concept they don’t publish first, and it’s why in spite of simple engineering (checking PWD and install location first) they argued for years on mailing lists that environment variables (which rob pike supposedly hates, right?) are superior to simple heuristics.

Your “good things go has” list is also very opinionated (code manipulation tools better that C# or Java? Distrribution of binaries.. do you just mean static binaries?? Backwards compatibility that requires recompilation???), but I definitely accept that’s your experience, and evidence I have to the contrary would be based on my experiences.

1. 4

The fixes the go team have finally made to GOROOT and GOPATH are great.

You haven’t had to set, and should’t have set GOROOT since Go 1.0, released six years ago.

(which rob pike supposedly hates, right?)

Where did you get that idea?

1. 5

Yes, you do have to set GOROOT if you use a go command that is installed in a location different than what it was compiled for, which is dumb considering the go command could just find out where it exists and work from there. See: https://golang.org/doc/go1.9#goroot for the new changes that are sane.

And I got that idea from.. rob pike. Plan9 invented a whole new form of mounts just to avoid having a PATH variable.

1. 4

you do did have to set GOROOT if you use a go command that is installed in a location different than what it was compiled for

So don’t do that… But yes, that’s also not required anymore. Also, if you move /usr/include you will find out that gcc won’t find include files anymore… unless you set $CPPFLAGS. Go was hardly unique. Somehow people didn’t think about moving /usr/include, but they did think about moving the Go toolchain. Plan9 invented a whole new form of mounts just to avoid having a PATH variable. No, Plan 9 invented new form of mounts in order to implement a particular kind of distributed computing. One consequence of that is that $path is not needed in rc(1) anymore, though it is still there if you want to use it.

In Plan 9 environment variables play a crucial role, for example $objtype selects the toolchain to use and $cputype selects which binaries to run.

Claiming that Rob Pike doesn’t like environment variables is asinine.

1. 20

“So don’t do that…” is the best summary of what I dislike about Go.

Ok, apologies for being asinine.

2. 1

I always compiled my own go toolchain because it takes about 10 seconds on my PC, is two commands (cd src && ./make.bash). Then i could put it wherever I want. I have never used GOROOT in many years of using Go.

2. 0

C# and Java certainly have great tools, C++ has some ok tools. All in the context of bloated IDE’s that I dislike using (remind me again why compiling C++ code can crash my text editor?). But I will concede the point that perhaps C# refactoring tools are on par.

I was never of the opinion GOPATH was objectively bad, it has some good properties and bad ones.

Distrribution of binaries.. do you just mean static binaries? Backwards compatibility that requires recompilation???

Dynamic libraries have only ever caused me problems. I use operating systems that I compile from source so don’t really see any benefit from them.

1. 4

This is a problem with any language or library. You need to know what is available in the Python library and what it does to use it effectively. You need to know the binaries in /bin to use the shell effectively. And so on.

It’s just like learning a human language: Until you use the vocabulary enough to get comfortable, you are going to feel lost, and spend a lot of time getting friendly with a dictionary.

1. 8

This is a problem with any language or library. You need to know what is available in the Python library and what it does to use it effectively. You need to know the binaries in /bin to use the shell effectively. And so on.

I think this probably misses the point. The Python solution was able to compose a couple of very general, elementary problem solving mechanisms (iteration, comparison), which python has a very limited vocabulary of (there’s maybe a half dozen control constructs, total?), to quickly arrive at a solution (albeit while a limited, non-parallel solution, one that’s intuitive and perhaps 8 times out of 10 does the job). The standard library might offer an implementation already, but you could get a working solution without crawling through the docs (and you could probably guess the name anyways).

J required, owing to its overwhelming emphasis on efficient whole-array transformation, selection from a much much much larger and far more specialized set of often esoteric constructs/transformations, all of which have unguessable symbolic representations. The documentation offers little to aid this search, complicating a task that was already quite a bit less intuitive than Python’s naive iteration approach.

1. 5

For a long time now, I’ve felt that the APL languages were going to have a renaissance. Our problems aren’t getting any simpler, so raising the level of abstraction is the way forward.

The emphasis is on whole array transformation seems like a hindrance but imagine for a second that RAM becomes so cheap that you simply load all of your enterprise’s data in memory on a single machine. How many terrabytes is that? Whole array looks very practical then.

For what it’s worth, there is a scheme to the symbols in J. You can read meaning into their shapes. Look at grade-up and grade-down. They are like little pictures.

J annoys me with its fork and hook forms. That goes past the realm of readability for me. Q is better, It uses words.

What I’d like to see is the entire operator set of, say, J brought into mainstream languages as a library. Rich operations raising the level of abstraction are likely more important than syntax.

1. 5

J annoys me with its fork and hook forms. That goes past the realm of readability for me.

In textual form I agree. The IDE has a nice graphical visualization of the dataflow that I find useful in ‘reading’ that kind of composition in J code though. I’ve been tempted to experiment with writing J in a full-on visual dataflow style (a la Max/MSP) instead of only visualizing it that way.

1. 3

I find it a lot easier to write J code by hand before copying it to a computer. It’s easier to map out the data flow when you can lay it out in 2D.

1. 1

Have you looked at Q yet?

2. 1

That would be a very useful comparison of the usability of a compact text syntax vs visual language. I imagine that discoverability is better with a visual language as by definition it is interactive.

3. 2

I started implementing the operators in Scala once - the syntax is flexible enough that you can actually get pretty close, and a lot of them are the kind of high level operations that either already exist in Scala are pretty easy to implement. But having them be just a library makes the problem described in the article much much worse - you virtually have to memorize all the operators to get anything done, which is bad enough when they’re part of the language, but much worse when they’re a library that not all code uses and that you don’t use often enough to really get them into your head.

1. 1

It could just be a beginning stage problem.

1. 1

It could, but the scala community has actually drawn back from incremental steps in that direction, I think rightly - e.g. scalaz 7 removed many symbolic operators in favour of functions with textual names. Maybe there’s some magic threshold that would make the symbols ok once we passed it, but I can only spend so much time exploring the possibility without seeing an improvement.

1. 1

Oh. I’d definitely go with word names. Q over J. To me, the operations are the important bit.

2. 5

The difference is that Python already is organized by the standard library, and has cookbooks, and doesn’t involve holistically thinking of the entire transformation at once. So it intrinsically has the problem to a lesser degree than APLs do and also has taken steps to fix it, too.

1. 2

How easy is it to refactor APL or J code? The reason I ask is that I have the same problem with the ramdajs library in JavaScript, which my team uses as a foundational library. It has around 150 functions, I don’t remember what they all do and I certainly don’t remember what they’re all called, so I often write things in a combination of imperative JS and ramda then look for parts to refactor. I’m interested to hear whether that’s possible with APL, or whether you have to know APL before you can write APL.

1. 5

I’m really amused they generate a C file and call out to gcc / clang. I wonder if they plan to move away from that strategy.

1. 3

This is a draft implementation of the concept, so probably yes.

1. 2

What would be gained by moving away from that?

1. 6

For one, no runtime dependency on a C compiler.

C compilers are also fairly expensive to run, compared to other more targeted JIT strategies. And it’s more difficult to make the JIT code work nicely with the regular uncompiled VM code.

Take LuaJIT. It starts by compiling the Lua code to VM bytecode. Then instead of interpreting the bytecode, it “compiles” the bytecode into native machine code that calls the interpreter functions that would be called by a loop { switch (opcode) { ... } }. That way when the JIT compiles a hot path, it directly encodes all entry points as jumps directly into the optimized code, and all exit conditions as jumps directly back to the interpreter code.

Compare this to a external compiled object, which can only exit wholesale, leaving the VM to clean up and figure out the next step. A fully external object—C compiled or not—can’t thread into the rest of the execution, so its scope is limited to pretty isolated functions that only call similarly isolated functions, or functions with very consistent output.

1. 2

Compare this to a external compiled object, which can only exit wholesale, leaving the VM to clean up and figure out the next step. A fully external object—C compiled or not—can’t thread into the rest of the execution, so its scope is limited to pretty isolated functions that only call similarly isolated functions, or functions with very consistent output.

This doesn’t seem to be related to the approach Ruby is taking, though? They’re callng out to the compiler to build a shared library, and then dynamically linking it in. There shouldn’t be anything stopping the code in the shared object from calling back into the rest of the Ruby runtime.

1. 2

Right, it can use the Ruby runtime, but it can’t jump directly to a specific location in the VM bytecode. It has to call a function that can execute for it, and will return back into the compiled code when that execution finishes. It’s very limited, compared to all types of code being able to jump between each other at any time.

2. 4

exec’ing a new process each time probably gets expensive.

1. 3

Typically any kind of JIT startup cost is quite expensive, but as long as you JIT the right code, the cost of exec’ing clang over the life of a long running process should amortize out to basically nothing.

I’d expect that the bare exec cost would only become a significant factor if you were stuck flip-flopping between JITing a code section and deoptimizing it, and at that point you’d gain more from improving your JIT candidate heuristics rather than folding the machine code generator in process and continuing to let it flip-flop.

There are other reasons they may want to move away from this C-intermediary approach, but exec cost doesn’t strike me as one of them.

1. 1

Walking around Tokyo, I often get the feeling of being stuck in a 1980’s vision of the future and in many ways it’s this contradiction which characterises the design landscape in Japan.

Could this also be because many American films in the 80’s about the future used Japanese culture? Rewatching the original Blade Runner made me think about this.

1. 3

Japan is one of our favorite places to visit, but there is a definite retro-futuristic vibe going on. Cash everywhere, or single-purpose cash cards instead of credit cards, fax machines, high-speed Internet access on your feature phone, no air conditioning or central heat but a robot vending machine at 7/11.

(We kept having children and so we haven’t gotten to travel internationally for a while now, but that’s our memory of it.)

1. 2

The feature phones have died – everybody on the train is staring at their iPhone or Android, now. Contactless smart cards (Suica, Passmo, etc), used for train fares, are gaining momentum as payment cards in 7/11 etc, but otherwise it’s still mostly a cash-only.

Otherwise it’s pretty much the same.

2. 2

Living in NYC, it feels like the 70’s version of the future!

1. 4

A solid list, with one question mark.

Lynn Conway started life as a man. does this mean he/then her achievements give equally credited to men/women?

1. 53

No. Trans women are women.

1. 10

Thank you . I want to live in a world where this is just taken as a given. Lets start with our little world here people.

1. 8

What is the goal of creating a list of women in CS? If it’s to demonstrate to young girls that they can enter the field, it seems unproductive to include someone who grew up experiencing life as a man.

If the goal of creating the list is some kind of contest, then it’s counterproductive for entirely different reasons.

1. 28

someone who grew up experiencing life as a man

Do you know any trans women who have said they grew up experiencing life as a man? I know quite a few and none of them have expressed anything like this, and my own experience was certainly not like that.

However, if you mean that we were treated like men, with the privilege it brings in many areas, then yes, that became even more obvious to me the moment I came out.

Regardless, trans folks need role models too, and we don’t get a lot of respectful representation.

1. 22
$curl https://www.hillelwayne.com/post/important-women-in-cs/ | grep girl | wc -l 0  The motivation for the post are clearly layed out in the first paragraph: I’m tired of hearing about Grace Hopper, Margaret Hamilton, and Ada Lovelace. Can’t we think of someone else for once? It’s a pretty pure writeup for the sake of being a list you can refer to. On your statement about “girls”. It’s quite bad to assume a list of women is just for kids, it’s also bad to assume trans women can’t be examples to (possibly themselves trans) girls. 1. 4 That’s not a motivation, that’s a tagline. The primary reason I would refer to a list like this is if I was demonstrating to a young woman considering CS that, perhaps despite appearances, many women have historically made major contributions to the field. I’m not sure what else I would need something like this for. 1. 5 Maybe its not for you to distribute but for women to discover … 2. 1 I don’t see why it’s bad to assume that. It feels like it would be a pretty serious turn off to me if I we’re looking for successful women and found people who were men into adulthood. I find it hard to imagine that I’m unique in that feeling. I’m sure it feels good for trans people but I’d that’s your goal admit the trade-off rather than just telling people they’re women and not transwomen. You can berate people for not considering trans-women to be the same as born women but it will likely just keep them quiet rather than convince them to be inspired. 1. 20 people who were men into adulthood Now I’m curious what your criteria are, if not self-identification. When did this person cease to be a man, to you? When they changed their name? When they changed their legal gender? When they started hormones? When they changed their presentation? When they got surgery? What about trans people who do none of that? E.g. I’ve changed my name and legal gender (only because governments insist on putting it in passports and whatnot,) because I had the means to do so and it bothered me enough that I did, is that enough? What about trans people who don’t have the means, option, or desire to do so? When biologist say that there’s not one parameter that overrides the others when it comes to determining sex¹, and that it makes more sense to just go by a person’s gender identity if you for whatever reason must label them as male/female, why is that same gender identity not enough to determine someone’s own gender? 3. 16 If it’s to demonstrate to young girls that they can enter the field, it seems unproductive to include someone who grew up experiencing life as a man. This is a misunderstanding of transexuality. She grew up experiencing life as a woman, but also as a woman housed in a foreign-feeling body and facing a tendency by others to mistake her gender. Does that mean she faced a different childhood from many other women? Sure. But she also shared many of the disadvantages they faced, frequently to a much stronger degree. Women face difficulty if they present as “femme” in this field, but it is much more intense if they present as femme AND people mis-bucket them into the “male” mental box. 2. 14 If they identified as a woman at the time of accomplishment, it seems quite reasonable that it’d count. For future work, just think about it in terms of trans-woman extends base class woman or at least implements the woman interface. In any event, your comment is quite off-topic. Rehashing this sort of stuff is an exercise that while interesting is better kept literally anywhere else on the internet–if you have questions of this variety, please seek enlightenment via private message with somebody you think may be helpful on the matter, and don’t derail here. 1. 7 The point of this is not to give more achievements to women… It’s to showcase people who were most likely marginalized. 1. [Comment removed by author] 1. 9 This is definitely not what life is like for trans people pre-transition. 2. [Comment removed by author] 1. 0 It’s ridiculous to allow this framing to suppress a reasonable point. 2. 3 Depends on where a person is on political spectrum. I’d probably note they’re trans if targeting a wide audience, not if a liberal one, and leave person off if a right-leaning one. 1. 5 what they dont know wont hurt them. As far as the right is concerned , she is a woman … 2. 2 It is irrelevant, and you asking this is offensive. 1. -1 Interesting question. I think it may be met with hostility, as it brings to mind the contradiction inherent in both claiming that sex/gender is arbitrary or constructed and also intentionally emphasizing the achievements of one gender. Based on the subset of my social circle that engages in this kind of thing, these activities are usually highly correlated. Picking one or the other seems to get people labeled as, respectively, some slang variation of “nerd”, or a “TERF”. 1. 34 Can we please not for once? Every time anything similar to this comes up the thread turns into a pissfight over Gender Studies 101. Let’s just celebrate Conway’s contributions and not get into an argument about whether she “counts”. 1. 10 Much as I sympathize, transgender is controversial enough that merely putting a trans person on a list that claims all its members are a specific gender will generate reactions like that due to a huge chunk of the population not recognizing the gender claim. That will always happen unless the audience totally agrees. So, one will always have to choose between not mentioning them to avoid noise or including them combating noise. 1. 20 I would like to live in a world where trangender isnt controversial and we dont have to waste energy discussing this. Can lobsters be that world please ? 1. 18 Perhaps this is why we get accused of pushing some kind of agenda or bringing politics into things, by merely existing/being visible around people who find us ”controversial” or start questioning whether our gender is legit or what have you. I usually stay out of such discussions, but sometimes feel the need to respond to claims about trans folks that I feel come from a place of ignorance rather than bigotry or malice, but most of the time I’m proven wrong and they aren’t really interested in the science or whatever they claim, they just want an excuse to say hateful things about us. I’ve had a better than average experience on this website, when it comes to responses. 1. 6 I cant speak for everyone on the side that denies trans identity. Just my group I guess. For us and partly for others, the root of the problem is there is a status quo with massive evidence and inertia about how we categorize gender that a small segment are countering in a more subjective way. We dont think the counters carry the weight of status quo. We also prefer objective criteria about anything involving biology or human categorization where possible. I know you’ve heard the details so I spare you that That means there will be people objecting every time a case comes up. If it seems mean, remember that there’s leftists who will be quick to counter anything they think shouldn’t be tolerated on a forum (eg language policing) on their principles. For me, Im just courteous with the pronouns and such since it has no real effect on me in most circumstances: I can default on kindness until forced to be more specific by a question or debate happening. Trans people are still people to me. So, I avoid bringing this stuff up much as possible. The dont-rock-the-boat, kinder approach wouldve been for person rejecting the gender claim to just ignore talking about the person he or she didnt think was a woman to focus on others. The thread wouldve stayed on topic. Positive things would be said about about deserving people. And so on. Someone had to stir shit up, though. (Sighs) And I agree Lobsters have handled these things much better than other places. I usually like this community even on the days it’s irritating. Relatively at least. ;) 1. 6 For us and partly for others, the root of the problem is there is a status quo with massive evidence and inertia about how we categorize gender that a small segment are countering in a more subjective way. I know you’re a cool dude and would be more than happy to discuss this with you in private, but I think we all mostly agree that this is now pretty outside the realm of tech, so continuing to discuss it publicly would be getting off topic :) I’ll DM you? 1. 7 I was just answering a question at this point as I had nothing else to say. Personally, Id rather the political topics stay off Lobsters as I voted in community guidelines thread. This tangent couldnt end sooner given how off topic and conflict-creating it is. Here’s something for you to try I did earlier. Just click the minus next to Derek’s comment. This whole thread instantly looks the way it should have in first place. :) 2. 4 I find the idea that everyone who disagrees with these things should avoid rocking the boat extremely disconcerting. It feels like a duty to rock it on behalf of those who agree but are too polite or afraid for their jobs or reputations to state their actual opinions, to normalize speaking honestly about uncomfortable topics. I mean, I also think it’s on topic to debate the political point made by the list. 1. 4 I agree with those points. It’s why I’m in the sub-thread. The disagreement is a practical one a few others are noting: “I mean, I also think it’s on topic to debate the political point made by the list.” I agree. I told someone that in private plus said it here in this thread. Whether we want to bring it up, though, should depend on what the goal is. My goal is the site stays focused on interesting, preferably-deep topics with pleasant experience with minimal noise. There’s political debates and flamewars available all over the Internet with the experience that’s typical of Lobsters being a rarity. So, I’d just have not brought it up here. When someone did, the early response was a mix of people saying it’s off-topic/unnecessary (my side) and a group decreeing their political views as undeniable truth or standards for the forum. Aside from no consensus on those views, prior metas on these things showed that even those people believed our standards would be defined by what we spoke for and against with silence itself being a vote for something. So, a few of us with different views on political angle, who still opposed the comment, had to speak to ensure the totality of the community was represented. It’s necessary as long as (a) we do politics here and (b) any group intends to make its politics a standard or enforeable rule. Countering that political maneuvering was all I was doing except for a larger comment where I just answered someone’s question. Well, that plus reinforcing I’m against these political angles being on the site period like I vote in metas. You can easily test my hypothesis/preference. Precondition: A site that’s usually low noise with on-topic, productive comments. Goal: Identify, discuss, and celebrate the achievements of women on a list or in the comments maintaining that precondition. Test: count the comments talking about one or more women versus the gender identity of one (aka political views). It’s easier to visualize what my rule would be like if you collapse Derek’s comment tree. The whole thread meets the precondition and goal. You can also assess those active more on politics than the main topic by adding up who contributed something about an undisputed woman in CompSci and who just talked about the politics. Last I looked, there were more users doing the politics than highlighting women in CompSci as well. Precondition and goal failed on two measurements early on in discussion. There’s a lot of on-topic comments right now, though, so leaned back in good direction. Time and place for everything. I’d rather this stuff stay off Lobsters with me only speaking on it where others force it. It’s not like those interested can’t message each other, set up a gender identity thread on another forum, load up IRC, and so on to discuss it. They’re smart people. There’s many mediums. A few of us here just want one to be better than the rest in quality and focus. That’s all. :) And it arguably was without that comment tree. 2. 2 The dont-rock-the-boat, kinder approach wouldve been for person rejecting the gender claim to just ignore talking about the person he or she didnt think was a woman to focus on others. The thread wouldve stayed on topic. Positive things would be said about about deserving people. Do you believe the most deserving will be talked about most? If you have a population that talks positively about people whether or not they are trans, and you have a smaller population that talks only about non trans people and ignores the trans people, Which people will be talked about most in aggregate? It isn’t kinder to ignore people and their accomplishments. It is also very strange for technology people to reject a technology that changes your gender. What if you had a magic gun and you can be a women for a day, and then be a man the next, why the hell not? We have a technology now where you can be a man or a women or neither or both if you wanted to. Isn’t technology amazing? You tech person you! 1. 7 At that time, when you turned on your computer, you immediately had programming language available. Even in 90’s, there was QBasic installed on almost all PCs. Interpreter and editor in one, so it was very easy to enter the world of programming. Kids could learn it themselves with cheap books and magazines with lot of BASIC program listings. And I think the most important thing - kids were curious about computers. I can see that today, the role of BASIC is taken by Minecraft. I wouldn’t underestimate it as a trigger for a new generation of engineers and developers. Add more physics and more logic into it and it will be excellent playground like BASIC was in 80s. 1. 5 Now we have the raspberry pi, arduino, python, scratch and so many other ways kids can get started. 1. 10 Right, but at the beginning you have to spend a lot of time more to show kid how to setup everything properly. I admire that it itself is fun, but in 80’s you just turned computer on with one switch and environment was literally READY :) 1. 7 I think the problem is that back then there was much less competition for kids attention. The biggest draw was TV. TV – that played certain shows on a particular schedule, with lots of re-runs. If there was nothing on, but you had a computer nearby, you could escape and unleash your creativity there. Today – there’s perpetual phones/tablets/computers and mega-society level connectivity. There’s no time during which they can’t find out what their friends are up to. Even for me – to immerse myself in a computer, exploring programming – it’s harder to do than it was ten years ago. 1. 5 I admire that it itself is fun, but in 80’s you just turned computer on with one switch and environment was literally READY :) We must be using some fairly narrow definition of “the ‘80s”, because this is a seriously rose-tinted description of learning to program at the time. By the late 80’s, with the rise of the Mac and Windows, the only way to learn to program involved buying a commercial compiler. I had to beg for a copy of “Just Enough Pascal” in 1988, which came with a floppy containing a copy of Think’s Lightspeed Pascal compiler, and retailed for the equivalent of$155.

Kids these days have it comparatively easy – all the tools are free.

1. 1

Windows still shipped with QBasic well into the 90s, and Macs shipped with HyperCard. It wasn’t quite one-click hacking, but it was still far more accessible than today.

2. 4

Just open the web-tools in your browser, you’ll have an already configured javascript development environment.

I entirely agree with you on

And I think the most important thing - kids were curious about computers.

You don’t need to understand how a computer program is made to use it anymore; which is not necessary something bad.

1. 4

That’s still not the same. kred is saying it was first thing you see with you immediately able to use it. It was also a simple language designed to be easy to learn. Whereas, you have to go out of your way to get to JS development environment on top of learning complex language and concepts. More complexity. More friction. Less uptake.

The other issue that’s not addressed enough in these write-ups is that modern platforms have tons of games that treat people as consumers with psychological techniques to keep them addicted. They also build boxes around their mind where they can feel like they’re creating stuff without learning much in useful, reusable skill versus prior generation’s toys. Kids can get the consumer and creator high without doing real creation. So, now they have to ignore that to do the high-friction stuff above to get to the basics of creating that existed for old generation. Most won’t want to do it because it’s not as fun as their apps and games.

1. 1

There is no shortage of programmers now. We are not facing any issues with not enough kids learning programming.

1. 2

I didnt say there was a shortage of programmers. I said most kids were learning computers in a way that trained them to be consumers vs creators. You’d have to compare what people do in consumer platforms versus things like Scratch to get an idea of what we’re missing out on.

3. 4

All of those require a lot more setup than older machines where you flipped a switch and got dropped into a dev environment.

The Arduino is useless if you don’t have a project, a computer already configured for development, and electronics breadboarding to talk to it. The Raspberry pi is a weird little circuit board that, until you dismantle your existing computer and hook everything up, can’t do anything–and when you do get it hooked up, you’re greeted with Linux. Python is large and hard to put images to on the screen or make noises with in a few lines of code.

Scratch is maybe the closest, but it still has the “what programmers doing education think is simple” problem instead of the “simple tools for programming in a barebones environment that learners can manage”.

The field of programming education is broken in this way. It’s a systemic worldview problem.

1. 1

Those aren’t even close in terms of ease of use.

My elementary school circa 1988 had a lab full of these Apple IIe systems, and my recollection (I was about 6 years old at the time, so I may be misremembering) is that by default they booted into a BASIC REPL.

Raspberry Pis and Arduinos are fun, but they’re a lot more complex and difficult to work with.

2. 3

I don’t think kids are less curious today, but it’s important to notice that back then, making a really polished program that felt professional only needed a small amount of comparatively simple work - things like prompting for all your inputs explicitly rather than hard-coding them, and making sure your colored backgrounds were redrawn properly after editing.

To make a polished GUI app today is prohibitive in terms of time expenditure and diversity of knowledge needed. The web is a little better, but not by much. So beginners are often left with a feeling that their work is inadequate and not worth sharing. The ones who decide to be okay with that and talk about what they’ve done anyway show remarkable courage - and they’re pretty rare.

Also, of course, back then there was no choice of which of the many available on-ramps to start with. You learned the language that came with your computer, and if you got good enough maybe you learned assembly or asked your parents to save up and buy you a compiler. Today, as you say, things like Minecraft are among the options. As common starting points I’d also like to mention Node and PHP, both ecosystems which owe a lot of their popularity to their efforts to reduce the breadth of knowledge needed to build end-to-end systems.

But in addition to being good starting points, those ecosystems have something else in common - there are lots of people who viscerally hate them and aren’t shy about saying so. A child just starting out is going to be highly intimidated by that, and feel that they have no way to navigate whether the technical considerations the adults are yelling about are really that important or not. In a past life, I taught middle-school, and it gave me an opportunity to watch young people being pushed away by cultural factors despite their determination to learn. It was really disheartening.

Navigating the complicated choices of where to start learning is really challenging, no matter what age you are. But for children, it’s often impossible, or too frightening to try.

I agree with what I took to be your main point, that if those of us who learned young care about helping the next generation to follow in our footsteps, we should meet them where they are and make sure to build playgrounds that they can enjoy with or without a technical understanding. But my real prediction is that the cultural factors are going to continue to be a blocker, and programming is unlikely to again be a thing that children have widespread mastery of in the way that it was in the 80s. It’s really very saddening.