1. 1

    I think keeping a roadmap in a public place in your repository and referencing it in your README is a first step.

    As far as user feedback, that all depends on the ‘openness’ of your project. Are decisions all made internally by your marketing department, or are the users part of that process?

    You can set boundaries on your issue discussions. Boundaries can be time frames for the discussion, and concentrating on issue at hand. Its good to be clear at the beginning what you’re seeking. When creating a issue you could specify you are seeking feedback and a decision will be made by X, or after reaching consensus; whatever your group process is.

    I personally think all discussions should happen as close to the code as possible, thankfully git(hub,lab) make this easy enough. The moment you start straying over to EXTERNALISSUETRACKER and some other tooling you start hitting user friction from ease of access to ease of finding relevant issues. (Not knocking those tools, they work, just from a OSS perspective they can create friction).

    Reaching your users about new releases? That should be an automated process and just hit as many relevant systems as possible. Do your users follow your software on twitter? Then toot! Do you only do github? Then update your README and Release there. Etc.

    RERO, I think its good to release MVP’s and build from there. Don’t prematurely build anything you don’t know you need, but do try to build your code in a maintainable way. Rather than waiting to release until feature X does a, b, and c; release it when it does a and get feedback on how its working. Refine the code, improve a, further iterate on b, and maybe c isn’t even needed anymore.

    And of course, have the semantic versioning argument if your software has the potential to ‘break’ or ‘change’ apis. Set some boundaries there too, you can follow semver as specified or declare where your edges are and how you’ll handle them.

    1. 10

      I use .lan only because it was the default in openwrt, but I like that this exists.

      1. 2

        You should avoid that and other made-up TLDs unless you’ve configured your DNS server/root with a .lan top-level domain zone file.

        1. 4

          Confused by this comment. Wouldn’t they have to do that to even use any made up TLD like .lan?

          1. 2

            I believe openwrt just uses that as the default name, but doesn’t do any DNS setup to handle it.

            1. 4

              That’s not true. dnsmasq in openwrt is configured to route foo.lan to whichever device advertised their name as foo with DHCP (or the ipv6 equivalent).

              1. 1

                Got it. I meant that if you did start using it, it wouldn’t work anyway so you’d have to set it up correctly. So you can’t use (or avoid) made up TLDs without DNS configuration.

                I guess I’m just being particular about the language but the OP to me communicated there’s a way to use a made up TLD without configuring DNS and that you should avoid doing so which doesn’t make sense.

                1. 1

                  Is this a bug in openwrt that could be fixed with a submitted patch?

          1. 31

            I prefer to see this type of project that builds upon what it considers the good parts of systemd, instead of systemic refusal and dismissal that I’ve seen mostly.

            1. 15

              Same. Too often I see “critiques” of systemd that essentially boil down to personal antipathy against its creator.

              1. 22

                I think it makes sense to take in to account how a project is maintained. It’s not too dissimilar to how one might judge a company by the quality of their support department: will they really try to help you out if you have a problem, or will they just apathetically shrug it off and do nothing?

                In the case of systemd, real problems have been caused by the way it’s maintained. It’s not very good IMO. Of course, some people go (way) to far in this with an almost visceral hate, but you can say that about anything: there are always some nutjobs that go way too far.

                1. 3

                  Disclaimer: I have not paid close attention to how systemd has been run and what kind of communication has happened around it.

                  But based on observing software projects both open and closed, I’m willing to give the authors of any project (including systemd) the benefit of the doubt. It’s very probable that any offensive behaviour they might have is merely a reaction to suffering way too many hours of abuse from the users. Some people have an uncanny ability to crawl under the skin of other people just by writing things.

                  1. 6

                    There’s absolutely a feedback loop going on which doesn’t serve anyone’s interests. I don’t know “who started it” – I don’t think it’s a very interesting question at this point – but that doesn’t really change the outcome at the end of the day, nor does it really explain things like the casual dismissal of reasonable bug reports after incompatible changes and the like.

                    1. 4

                      I think that statements like “casual dismissal” and “reasonable bug reports” require some kind of example.

                    2. 3

                      tbf, Lennart Poettering, the person people are talking about here is a very controversial personality. He can come across as an absolutely terrible know-it-all. I don’t know if he is like this in private, but I have seen him hijacking a conference talk by someone else. He was in the audience and basically got himself a mic and challenged anything that was said. The person giving the talk did not back down, but it was really quite something to see. This was either at Fosdem or at a CCC event, I can’t remember. I think it was the latter. It was really intense and over the top to see. There are many articles and controversies around him, so I think it is fair that people take that into account, when they look at systemd.

                      People are also salty because he basically broke their sound on linux so many years ago, when he made pulseaudio. ;-) Yes, that guy.

                      Personally I think systemd is fine, what I don’t like about it is the eternal growth of it. I use unit files all the time, but I really don’t need a new dhcp client or ntp client or resolv.conf handler or whatever else they came up with.

                      1. 4

                        tbf, Lennart Poettering, the person people are talking about here is a very controversial personality.

                        In my experience, most people who hate systemd also lionize and excuse “difficult” personalities like RMS, Linus pre-intervention, and Theo de Raadt.

                        I think it’s fine to call out abrasive personalities. I also appreciate consistency in criticism.

                2. 4

                  Why?

                  1. 7

                    At least because it’s statistically improbable that there are no good ideas in systemd.

                    1. 1

                      Seems illogical to say projects that use parts of systemd are categorically better than those that don’t, considering that there are plenty of bad ideas in systemd, and they wouldn’t be there unless some people thought they were good.

                      1. 2

                        Seems illogical to say projects that use parts of systemd are categorically better than those that don’t

                        Where did I say that though?

                        1. 2

                          I prefer to see this type of project that builds upon what it considers the good parts of systemd

                          Obviously any project that builds on a part of system will consider that part to be good. So I read this as a categorical preference for projects that use parts of systemd.

                  2. 2

                    There have been other attempts at this. uselessd (which is now abandoned) and s6 (which still seems to be maintained)

                    1. 4

                      I believe s6 is more styled after daemontools rather than systemd. I never looked at it too deeply, but that’s the impression I have from a quick overview, and also what the homepage says: “s6 is a process supervision suite, like its ancestor daemontools and its close cousin runit.”

                      A number of key concepts are shared, but it’s not like systemd invented those.

                      1. 1

                        s6 I saw bunch of folks using s6 in docker, but afaik that’s one of most not user friendly software i’ve been used.

                  1. 1

                    Nice tutorial; I’d also recommend watching https://www.youtube.com/watch?v=PLXmPgN6wVs so that you can be aware of the security implications of deploying on Linux/MIPS.

                    1. 6

                      So sad. I was on Freenode for almost 20 years. I met many people through that network. Made great friends, got jobs. Saw people pass away. My time on Freenode was a large part of my life, and its over now. Thats fine, I can adapt, I can move on. But its still sad to see something many worked hard to build destroyed so quickly and callously.

                      I am not interested at all in whatever they are attempting to build. Its clear they have ill intent.

                      1. 1

                        “Because we are responsible for fixing every problem an upgrade creates, another requirement is knowing how all components work together. Systemd doesn’t do that: it is a complex system which like a virus takes over the complete system.”

                        Takes over the complete system? eh. citation required. ArchArm with systemd is fine, I run it on a few Raspi’s and I haven’t had any issues updating on random cycles.

                        1. 2

                          I don’t understand why there aren’t more Pine64/Pi’s with 2 NICS. Just give me a selection of small boards with multiple network ports. I’m sure lots of other small embedded devs want the same. I’ll build tiny network gear all day and contribute back. I don’t need a small single nic pc.

                          1. 11

                            I opened this article expecting something terrible.. But uh. nope this is overblown.

                            1. 5

                              The author entirely misses the real concern here with this move: by using microsoft repos, microsoft controls the software you install. You want to apt install some application? Well, you’re going to get that application as it is distributed by microsoft, and (the real kicker) potentially modified by microsoft. Things might be rosey now, but the opportunity here for microsoft is likely too great for them to “ignore” for long.

                            1. 2

                              Rubocop has bad defaults (methods are limited to 10 lines max, really?) and no syntax for disabling checks for a block of code (so no exceptions are allowed).

                              1. 4

                                You may disable cops inline via magic comments.

                                # rubocop:disable Layout/LineLength, Style/StringLiterals
                                [...]
                                # rubocop:enable Layout/LineLength, Style/StringLiterals
                                

                                https://docs.rubocop.org/rubocop/configuration.html#disabling-cops-within-source-code

                                1. 2

                                  Now, if LineLength will be disabled in config, it will remain enabled in the part of file (or even multiple files?) after that closing comment. It’s not proper “disable in block” instruction.

                                  1. 2

                                    If you use a postfix comment like:

                                    def some_method # rubocop:disable Layout/LineLength
                                      […]
                                    end
                                    

                                    or:

                                    class SomeClass # rubocop:disable Layout/LineLength
                                      […]
                                    end
                                    

                                    it is block-specific. (Layout/LineLength is an ironic one given how postfixing these can make the lines quite long, but I’ve never faced that problem.)

                                2. 3

                                  It does have magic comments to disable checks. I find that sort of annotation distasteful, but it’s there.

                                  It has bad defaults - on that I agree. Which might be something to be looked-past, except how under-my-skin it is that those defaults are dubbed “the community’s guidelines” which I reject. It’s @bbatsov and the other maintainers’ curation based on participation in their issue trackers. That’s not the community. That’s A community, but every place I see rubocop, there’s exceptions that people configure. It’s not laid to rest, self-evident, universally agreed - any of that. What I consider a REASONABLE default would be to have tons of rules available, but only a few core ones enabled to start. There’s an “omakase” argument to make, sure, but at least don’t pretend to speak for the entire Ruby community.

                                  I liked this line from the article along these lines:

                                  The problem starts when it is viewed not as a tool, but as a set of divine commandments

                                  In fairness there WAS a survey they did about the defaults in May 2020 that got about 800 results. Several of the results that were shared showed how “unsettled” these formatting decisions are across the community. It was also shared here

                                  we’re definitely going to tackle the cop presets idea at some point and provide a smaller set of “essential” cops, alongside the current somewhat heavy-handed default set of cops.

                                  Edit: also want to be clear that I like code formatters - golang’s is great. I mostly think Rubocop goes too far. It’s a great thing to exist in the Ruby ecosystem, though, and I very much appreciate the hard engineering work put into it.

                                  1. 2

                                    There are things that I don’t like about the defaults, but I don’t know that @bbatsov has necessarily made the wrong choice. For example, there are practical reasons why I prefer trailing commas, and all the counterarguments I’ve seen are some variation of “it doesn’t look pleasing to me”, but there is no denying that it’s a minority opinion (roughly 1 in 4 according to the survey). So it is wrong to make no trailing commas the default? I don’t know that it is. Where is the cut off point for a majority opinion? 75%? 50%? 95%? It’s hard to say.

                                    Personally, I would prefer that the defaults only include things that have >90% agreement. As commenters have not been shy to point out, if people want the rules to be more strict they can edit the config and stop complaining about it. It cuts both ways.

                                1. 25

                                  I would love to see some examples where a company changed the license of their codebase to comply with a dependency. I have never seen this happen in my entire career, even though they are obligated to. I have seen countless examples of people rewriting code to rid of a dependency with an incompatible license, I have even done it myself.

                                  I understand and respect the pure ideology of strong copyleft licenses (that in a perfect world, everything would be open source), but I don’t believe that it actually yields more open source in the world. In practice, people simply avoid it and it yields more duplicated work that ends up either proprietary (more common worst case) or more permissive (best case).

                                  It is difficult to prove, but I feel that the “leading by example” ideology of permissive licenses is responsible for far more code being made open source in practice (though I acknowledge this is not everyone’s goal).

                                  1. 16

                                    I think OpenWRT exists because linksys had to do this.

                                    I was just looking into this question myself today and have this history of openwrt on my reading list if that helps.

                                    1. 5

                                      Linksys did that, and then stopped maintaining the code, and switched to another OS for most of its hardware. Was that VMX, perhaps? I don’t remember. Some commercial OS. They stated that the reason was that linux needed too much RAM, which I find difficult to believe. Slimming down a linux kernel is IMO likely to be simpler than porting a code base to a new OS, so I tend to believe that Linksys’ stated reason was a polite lie. They did release a single model that ran linux, and I bought that model.

                                      1. 4

                                        I believe it was VxWorks

                                        1. 1

                                          All the vendors do a fantastically bad job.

                                          https://www.youtube.com/watch?v=PLXmPgN6wVs

                                          1. 1

                                            When you say that everyone in a specific field does a fantastically bad job, you should also consider the possibility that your assessment might be off, and why that might be the case.

                                        2. 2

                                          Queued that up as well! I also had a WRT54G(L) for a very long time, excellent device.

                                        3. 11

                                          I have seen countless examples of people rewriting code to rid of a dependency with an incompatible license

                                          This is a very good case, IMO, and is my primary motivator for using (A)GPL on most of my newer work. I would much rather force the big bads to rewrite my code than simply profit off my work, and we have some evidence that they will do that to avoid (A)GPL sometimes.

                                          I would love to see some examples where a company changed the license of their codebase to comply with a dependency.

                                          I think to be fair on this one you have to also include all the code that started or stayed freedomware because of the requirement. This would include the example from the OP of the same downstream hosting the other project in compliance.

                                          1. 13

                                            I would much rather force the big bads to rewrite my code than simply profit off my work, …

                                            I don’t know who you imagine is “the big bads”, but in reality it’s a lot of people like me who release all their projects under permissive licenses like MIT.

                                            1. 11

                                              You can use an (A)GPL’d dependency on an MIT’d project, just the resulting “combined work” is effectively (A)GPL’d. Some projects even have build flags to choose to build in “GPL mode” or not depending on which dependencies you use. It’s all about goals.

                                              If you want your software to be used to build nonfree products so badly that you reimplement something under the GPL to use as a dependency for your otherwise MIT’d project… I mean, more power to you, right? It’s your choice.

                                              We have examples of Apple, Google, VMWare, Linksys, and others doing rewrites to avoid using GPL’d code, and I would say that is the point, for me.

                                              1. 15

                                                I wrote before:

                                                It is difficult to prove, but I feel that the “leading by example” ideology of permissive licenses is responsible for far more code being made open source in practice (though I acknowledge this is not everyone’s goal).

                                                My goal is to provide as much value to the society as possible through each unit of my effort. I want people to use my code, I want people to profit from my code even if I get nothing for it, I want people to build things they otherwise wouldn’t have built because my code enables it. I am going to make the effort to make my code as accessible and permissive as possible, this often means avoiding (A)GPL dependencies and often duplicating effort in the process.

                                                I recognize that your goal is not the same, and that’s fine. I just hope that you also recognize the reality that Apple/Google/VMWare/Linksys etc don’t care at all, they’ll simply not even look at AGPL code and move on. If they find AGPL code in their stack by accident, they will purge it. If they’re caught in a situation where they are in legal trouble, they will do the absolute minimum to comply with that version and purge it moving forward.

                                                Overall, my bet is that choosing strong copyleft licenses has more of a net-negative effect on people who share my goal than any measurable effect on “the big bads”.

                                                1. 9

                                                  Apple/Google/VMWare/Linksys etc don’t care at all, they’ll simply not even look at AGPL code and move on

                                                  again, I consider that a win for me

                                                  1. 6

                                                    It sounds as if your primary aim is to prevent some some people from using your code, without blocking access for too many other people. As opposed to the BSD/MIT/Apache licenes, whose primary aim is to make software available for all to use, without any attempt at dividing the world into us and them.

                                                    1. 5

                                                      Close. The goal is to prevent some uses which in this world tends to leave out some users.

                                                      1. 1

                                                        The goal is to prevent some uses

                                                        It is obligatory at this point to remind everyone that the AGPL should not be considered a Free Software license, as it does not grant Freedom 0. In fact, its entire purpose is to withhold Freedom 0 from recipients of the software in order to try to gain leverage over them.

                                                        1. 8

                                                          The AGPL only triggers if you modify the software (since otherwise no copyright is in play and no license would be relevant). So if you just run unmodified software (freedom 0) the AGPL does not apply or restrict you.

                                                          1. 5

                                                            It is obligatory to point out that the people who defined Freedom Zero, and in doing so defined Free Software, also explicitly state that the AGPL is absolutely a Free Software license.

                                                            Your point is mooted.

                                                            1. 3

                                                              The FSF’s stance on freedom is that you shouldn’t be allowed to have too much of it, lest you use it to do things the FSF disapproves of.

                                                              The AGPL was simply a reaction to the discovery that there were more things of which the FSF disapproved and which had not been foreclosed by prior licenses, so a new license was concocted to ensure that dangerous freedom wouldn’t get around too much.

                                                              1. 3

                                                                The logical gymnastics of both using the FSF’s definition of Free Software while rejecting their definition of Free Software is awesome to behold, and honestly would put Simone Biles to shame.

                                                                1. 2

                                                                  I would flip that around and suggest that the rhetorical gymnastics the FSF uses to try to trick people into thinking their positions are coherent are something to see.

                                                                  Essentially, they want to bludgeon everyone else with an absolutist position, while never being held to that same absolutism in their own actions. Or, more succinctly, they want to be able to compromise “freedom” when they think doing so will achieve a higher/larger goal. But woe to anyone else who tries doing that – then they’ll tell you that compromising freedom is never acceptable, no matter how good or great the thing you’d achieve by doing it!

                                                                  Their adoption of the AGPL, which does not conform to their own original definition of Free Software and on those grounds never should have been accepted as a Free Software license, is just one especially obvious proof of that.

                                                    2. 6

                                                      My goal is to provide as much value to the society as possible through each unit of my effort.

                                                      I want freedom for users to educate themselves and contribute as opposed to becoming mindless consumers.

                                                      That’s why I believe AGPL is a good license for applications.

                                                      I also believe that for libraries and frameworks MIT, APL or MPL work better to achieve that goal.

                                                      Having more educated people - in my opinion - is better than having more usable code in the long-term.

                                                      1. 3

                                                        Overall, my bet is that choosing strong copyleft licenses has more of a net-negative effect on people who share my goal than any measurable effect on “the big bads”.

                                                        As someone who also prefers to release under permissive licenses: this, a million times. Big companies will always have a way to work around copylefted software, so it literally is not cutting them off from being able to do things the FSF disapproves of. Like, it’s not causing them to angrily shake their fists and yell “I would have gotten away with it, if not for you meddling Free Software kids!” It’s just causing them to use alternatives that aren’t under the FSF’s licensing regime.

                                                        Meanwhile, as the FSF gets ever more paranoid about ever more arcane “loopholes” in its licenses, the worries of small-time open-source developers go up as we juggle increasingly large transitive dependency trees that might have anything lurking in them. Not to mention whatever “loophole closure” the FSF might roll out next with brand-new extensions of what is or isn’t a derivative work.

                                                2. 9

                                                  I think the NcFtp client famously changed its licence to the GPL so it could use Readline… then in 1999 or so it switched licences again. The copyright.h file included in ncftp 1.9.5 says:

                                                  static char copyright[] = "@(#) Copyright (c) 1992, 1993, 1994, 1995 by NCEMRSoft and Copyright (c) 1985, 1989 Regents of the University of California.\n All rights reserved.\n";
                                                  

                                                  …but the comment at the top of that file says “All rights reserved” and:

                                                  Redistribution and use in source and binary forms are permitted provided that: (1) source distributions retain this entire copyright notice and comment, and (2) distributions may not be sold for profit on physical media such as disks, tapes, and CD-ROMS, without expressed written permission.

                                                  …which is granting some rights so clearly they’re not all reserved.

                                                  Meanwhile, Wikipedia cites a Common Lisp implementation named “CLISP” as having switched to the GPL but I’m not sure what licence it switched from.

                                                  As perhaps a more famous example, the Objective C system that Mac OS X used at least during the PPC era was GPL’d because back in the day NeXT wanted to use GCC as their compiler, and the FSF said they couldn’t use GCC and keep the Objective C bits proprietary. Of course, as soon as Mac OS X got serious momentum behind it, Apple poured resources into LLVM and Clang…

                                                  1. 4

                                                    That is a fascinating journey, thank you for sharing!!

                                                    Wonder if there’s anything more recent? Mid-90s certainly predates my career. I feel I am more in tune with modern open source culture, also I remember reading somewhere that more permissive licenses like MIT really took off in the era of Github.

                                                  2. 8

                                                    At a previous employer we wanted to use an AGPL-licensed library as part of our SaaS offering. We wrote the extensions that directly linked to it into its own microservice and licensed that as AGPL and put it on GitHub. Rest of the SaaS product stayed proprietary since calling the AGPL parts over HTTP does not trigger the AGPL. Well, the legalities on that are very unclear, since “intimate enough” on the GPL FAQ. Not sure if we did the right thing legally, and morally I’m even less sure.

                                                    Last I heard the library in question was relicensed as BSD, so the issue is moot and nobody is using the old one anymore.

                                                    1. 8

                                                      I promise you that Apple did not want to LGPL webkit, but they did really want to use KHTML in it. Google may or may not have open-sourced Blink if webkit hadn’t been copyleft, but they almost certainly wouldn’t have used a copyleft license.

                                                      1. 7

                                                        The place I work at builds tools that help other companies stay compliant with open source licenses. A lot of our bigger and most risk-averse customers (e.g. hardware manufacturers) actually take the stance that once GPL is brought into their first-party code, that code is “tainted” (i.e. you can’t make it compliant again just by removing the GPL dependency, because the commits where the GPL dependency were integrated are forever tainted by GPL and are forever in the commit history of any subsequent commits). Their default action is actually to publish “tainted” parts of their code base as open source to stay compliant - they feel that they’d rather publish some maybe-not-super-important parts of their IP rather than risk the trouble of a lawsuit.

                                                        1. 4

                                                          Place I used to work had a codebase under GPLv2 (containing lots and lots of GPLv2 source by other people), decided it would be convenient if their stuff was AGPL instead, got told “no that’s impermissible” (I can’t remember if they actually tried it out they got told no before actually trying it) and went with GPLv2 instead of making a huge mess out of it. Dunno if that’s close enough to count.

                                                          Replacing all the GPLv2 code in there would’ve cost about the company’s yearly turnover times two, prolly, so doing anything other than just complying with the license as written was a non starter.

                                                          1. 2

                                                            I know of several cases where the licensing was changed from foo to “either foo or gpl, your choice”, but I don’t think that’s what you really had in mind, right? You had in mind a change that grants users substantial additional rights?

                                                            So I agree with your intuition that the permissive licenses have achieved more, even if not quite the same.

                                                            1. 3

                                                              Right, what I had in mind is more going from “we have a proprietary/commercial license/closed source codebase” to “we open sourced it under AGPL/GPL to comply with the requirements of a dependency we just added or had all along and didn’t realize.”

                                                              1. 3

                                                                Yes, and I think that if that were a significant effect, then I would have noticed it by now.

                                                                FWIW I worked at Trolltech until 2001; the team members’ reactions to the mail we got from GNU fans from 1994 until I left weren’t in the least favourable. At the time I thought I was special, we were special, but maybe we weren’t. Maybe most people who are, uhm, educated by GNU fans react negatively to the experience.

                                                                1. 1

                                                                  Curious to hear more, what kind of mail did you get? Do you mean regarding most of the stack being GPL licensed?

                                                                  1. 1

                                                                    What stack being GPL? Libc and libX11 wasn’t, etc.

                                                                    GNU fans sent us a lot of mail that might be described, somewhat uncharitably, as walls of text written by people who had much spare time and little salesmanship talent. For someone who has code to write and customers to help, dealing with yet another clueless wall of text is unappealing or worse.

                                                            2. 1

                                                              I would love to see some examples where a company changed the license of their codebase to comply with a dependency.

                                                              I think this is a weird standard. Alternatively: examples where existing reciprocally licensed codebases were built upon instead of started from scratch?

                                                              • GCC and its myriad of backends including …
                                                                • Objective-C
                                                              • Linux
                                                              • Webkit / Blink
                                                              • MySQL
                                                              • Heaps of emulators
                                                              • Git
                                                              • ffmpeg
                                                              • Blender
                                                              • VLC

                                                              I feel like this is a target rich environment. What domains do you care about?

                                                              (* why is it always a company?)

                                                              1. 1

                                                                Consider it a focus group.

                                                                The viral clause affects two groups: People who want to the viral clause to bind others, and people who are bound by the clause and wouldn’t have chosen the GPL otherwise. If you want to know about the viral clause of the GPL, then it makes sense to look at the reactions of a focus group inside each group. GP’s question is a nice way to find some in the latter group.

                                                                1. 1

                                                                  The viral clause

                                                                  The use of “viral” makes me worry this isn’t a good faith response…

                                                                  The viral clause affects two groups: People who want to the viral clause to bind others, and people who are bound by the clause and wouldn’t have chosen the GPL otherwise.

                                                                  GPL code has no agency. That latter group chose to use GPL code. I see no complaints of “we pirated Oracle and now we have to pay a licensing fee” or “we pirated Oracle to get traction, and now we’re forced to rewrite.”

                                                                  And I think there are more than two groups. e.g. people who specifically choose to work on the GPL projects.

                                                                  1. 1

                                                                    “Viral” was common parlance when I learned about the GPL, in the early nineties. I agree that it has acquired more negative connotations since then.

                                                                    More unaffected groups don’t matter. Unless you want to argue that the pool of people who’ll work on, say, GPL’d code but not APL’d code or closed-source code is so large that it will affect companies’ strategy for theiir implementation work?

                                                                    1. 1

                                                                      I think most license selection is driven more by the authors and less by their lawyers, yes.

                                                                      P.S. https://en.wikipedia.org/wiki/Viral_license#History

                                                            1. 2

                                                              This is pretty similar to how we did things at Simple (no idea how that stack runs now). Here is a old blog about it: https://www.simple.com/blog/infrastructure-as-code

                                                              We ended up in the same place with Envoy, Route53 for service discovery, etc. When I left things were possibly headed towards k8s.

                                                              1. 59

                                                                10+ years ago, I blocked ads because I didn’t like them. Now I block them for security and privacy purposes. I think “ad blocker” is an outdated term. We should start calling them “browser firewalls.”

                                                                1. 4

                                                                  Very powerful messaging. I’m going to start using that, thank you.

                                                                  1. 3

                                                                    This is actually a hard term to define! You’re right, it’s gone from blocking ads to blocking trackers and other forms of telemetry. “browser firewalls” is good, but even that is slightly out of date - what about all the IoT devices that are sending your usage data over to some third party? That’s become a pretty big concern for a lot of people these days. I honestly don’t have a good answer to this that covers everything.

                                                                    1. 3

                                                                      For the IoT devices you need a actual firewall =)

                                                                      1. 2

                                                                        Sure, sorry - I just meant to try and point out the wider scope of the issue, I guess. “Browser firewalls” is good for browsers. :)

                                                                  1. 1

                                                                    Saw this happen. In 2007, with a Windows Office install deployed to every computer on the network at the same time..

                                                                    1. 4

                                                                      Always wondered who it was named after.

                                                                      https://en.wikipedia.org/wiki/Hans_Reiser

                                                                      Hans Thomas Reiser (born December 19, 1963) is an American computer programmer, entrepreneur, and convicted murderer.

                                                                      Cancel my meetings I’ve got some reading to do

                                                                      1. 12

                                                                        Yep. Perfect example of “well that escalated quickly.”

                                                                        I remember when it was in the news. I was sure Hans was innocent, given that one of his victim’s ex-boyfriends had already been in jail for murdering someone. I was genuinely shocked when he was found guilty and took the police to where he buried the body.

                                                                        Wired did a really good write up of it at the time.

                                                                        1. 7

                                                                          I actually had dinner with him a few months before the murder & I remember him ranting about his wife a lot at the time so I wasn’t that surprised.

                                                                          1. 10

                                                                            Also one of the early attempts the “geek defense” by framing himself as Asperger’s, throwing other autists under the bus with it. :/

                                                                            1. 4

                                                                              I was working at a startup that was using ReiserFS at the time, and he was doing contract work for us. I never met the dude, but it was very unsettling to be that close to the story.

                                                                            2. 1

                                                                              Yup! Kinda bizarre. I posted this excerpt several years ago:

                                                                              Reiser4 has a somewhat uncertain future. It has not yet been accepted into the main line Linux kernel, the lead designer is in prison, and the company developing it is not currently in business.

                                                                              https://tbolt.space/2013/12/03/the-future-of-reiserfs/

                                                                              1. 1

                                                                                There are a number of crime dramas about this as well.

                                                                                https://www.youtube.com/watch?v=A2Spetgu3tY

                                                                                1. 1

                                                                                  Oh you need to catch up to the Reiser4 FS story as well. Good readings.

                                                                                1. 7

                                                                                  I run X, Slack, and Zoom. I screen share all the time to pair program. The limiting factor for me isn’t Linux; its my DSL Internet. Single monitor, I3, Archlinux, FWIW.

                                                                                  Wayland is cool.. but its ‘Next Gen’, stuffs going to be broken there for some time.

                                                                                  1. 15

                                                                                    I’m having a hard time seeing how it threatens most consultants. It seems like it’s intended to crack down on those “consultants” who solely function as employees of a single company.

                                                                                    For people who are really doing consulting as a business and want the ability to have more than one client, by my read of the article there’s an easy out: set up an LLC, LLP or S-Corp. That’s cheap and easy and a very good idea (for more than just moving yourself outside the purview of this law) if you’re serious about being in the consulting business.

                                                                                    Am I missing some way this law threatens people who aren’t just using “independent contractor” as a loop hole to avoid an employment relationship and all the obligations that carries?

                                                                                    1. 6

                                                                                      This sounds much like the German law on Scheinselbstständigkeit (“fake independence”), but 2 loopholes closed in. The reason for that law to be passed was that companies happily circumvented all labor laws by putting people on contract: no obligations to pay them holidays, leave, social security, the ability to fire them easily. At the same time, they expected performance of a workforce: be there at 9, sit at your allocated desk, work 40 hours. Many even were confused when such a person suddenly started working for a different client. And that’s just IT. Making every package deliverer a contractor was quite common.

                                                                                      The “fix” for the first wave of legislation was to encourage people to form a limited company, which lead to the law getting stricter: this does not protect you anymore. There’s other loopholes, like working through a company that is in itself a shell for multiple people. This now requires registration (it’s literally called “employee lending”) - it is (sometimes) checked if your employee is actually under your command as a business owner. (Indications: who do they ask for leave days? You or your client?)

                                                                                      The huge problem of this is that businesses regularly skirt the rules, which makes the rules become stricter and stricter. Other companies have to shield themselves against being hit by such a restriction - people who end up proving that they are actually employees will be able to sue themselves into your company. And by such encouraging other people employed at the same time to do the same, easily costing you millions in social security (for the last few years).

                                                                                      We have weird situations like explicit “contractor desks” without markings to make clear that you are definitely not part of the workforce. Other companies have started to create “bridgeheads” where only some people are allowed to give contractors tasks and isolate them.

                                                                                      It’s an absurd situation, but in a weird way, I can’t hold it against the state: every loophole has been so aggressively used that something had to be done. Now we are now in a situation where the lawyers rule. And lawyers are damn conservative when it’s not clear where the boundary will move next.

                                                                                      1. 1

                                                                                        It’s an absurd situation, but in a weird way, I can’t hold it against the state: every loophole has been so aggressively used that something had to be done.

                                                                                        No, something doesn’t have to be done. But everyone always assumes that, so we get more and more laws which require more enforcement, more inspections, more friction, and less opportunity.

                                                                                        1. 3

                                                                                          No, something doesn’t have to be done.

                                                                                          Let me rephrase this, then.

                                                                                          If we want labor laws to remain relevant, then something has to be done. If you’re fine with de-facto employees working less than minimum wage with no benefits and no employee protections, then nothing needed done.

                                                                                          1. 2

                                                                                            We could either go for a completely different system (with different rules), but boundary skirting situations will always lead to those effects, independent of the boundaries.

                                                                                        2. 7

                                                                                          I feel like everybody pushing back against this is shilling for big business.

                                                                                          1. 4

                                                                                            My consulting business certainly fits the eight required criteria, including having more than one customer, an LLC, etc.

                                                                                            However this just adds additional risks that my customers may not want to deal with anymore. For example it may be easier to stop all consulting until things get sorted out.

                                                                                            1. 6

                                                                                              I think the original point of the law is to protect Uber drivers and similar gig economy people who are “exploited” by big business.

                                                                                              Lots of industries got exceptions added to the law so that their contractors wouldn’t be affected like medical doctors and hairdressers.

                                                                                              No one spoke up for software freelancers, so no exception for them.

                                                                                              Should be interesting have the unexpected effects work themselves through the system.

                                                                                              1. 2

                                                                                                No one spoke up for software freelancers, so no exception for them.

                                                                                                Not surprising, given our level of organisation/representation structurs.

                                                                                                1. 2

                                                                                                  Yeah this law was a bad idea, driven by hate of the Uber/Lyft business model (which I think is in turn driven by an ideological dislike of people having additional transportation options besides public transit). If “lots of industries” gain exceptions to the law because someone thought to lobby for that industry specifically, and other industries are getting screwed by the law because they happened not to have the right connections to get themsleves written an exception (I’ve seen freelance journalists and writers complain about this law in exactly the same terms as this article), then why was it a good idea for Uber/Lyft drivers in the first place?

                                                                                                2. 4

                                                                                                  I was not thinking of customers who’d be so irrationally risk-averse that they’d even stop using consultants who were obviously OK.

                                                                                                  The way I’m reading the news, it’d be a little surprising if there’s even a whiff of enforcement against anyone who’s not using 1099s in a few specific anti-patterns, so I hope your business does not suffer.

                                                                                                  I don’t expect this to make either of my CA-based customers change their practices at all.

                                                                                                  1. 3

                                                                                                    It’s actually not as surprising as you make it seem. Most big companies don’t hire independent contractors directly probably for very similar reasons; the consultant then has to go through one of the approved vendors of the big corp to be hired as a sub-contractor, which often eliminates the main benefits of being an independent contractor in the first place — much higher hourly rate (wouldn’t necessarily be possible anymore if a third party has to get their cut, too, plus all the potential liabilities for the employer to support unemployment benefits), the ability to deduct your own office space and equipment, being able to be hired and fired on a very short notice etc.

                                                                                                    1. 1

                                                                                                      Most big companies don’t hire independent contractors directly probably for very similar reasons; the consultant then has to go through one of the approved vendors of the big corp to be hired as a sub-contractor,

                                                                                                      While I can’t speak to “most”, that does not align with my experience. The ones I’ve dealt with (fortune 50/USG scale) have either been able to contract directly with us or direct a prime to contract with us on their behalf in a way that preserves the benefits you mention.

                                                                                                      The thing that would surprise me would be if the authorities in CA enforce this new law against anyone who’s not using 1099s in one or more of a few crappy ways. My gut is that any CA corporation who’s hiring subs from a company with any kind of customary structure will be completely outside the scope of what the CA government is going for with this law.

                                                                                              1. 2

                                                                                                I recently switched from using my macbook as my primary workstation to a desktop pc running Linux. I’ll admit, I’ve been a Linux user since the 90’s and my career has been in Operations so this hasn’t been a ‘brutal’ switch. Its also not the first time I’ve used Linux as my desktop.

                                                                                                I will say, copy & paste is wonky and I haven’t devoted any effort to resolving this, but I’m sure the Archlinux Wiki will set me straight.

                                                                                                Personally I find modern desktops too noisy, filled with buttons, notifications, and stuff I don’t care about, so I use i3. At any given time you’ll find Chrome (work), Firefox (personal), urxvt, emacs, and weechat-slack running on my desktop.

                                                                                                ‘dunst’ handles the few notifications I want pushed through, I have that tied to gcalcli that runs via cron to alert me for meetings.

                                                                                                ‘rofi’ is my quicklauncher. Its kind of like Alfred.app, you can hook it to scripts etc. I have simple shell scripts that will launch zoom with the right meeting-id’s for my ‘usual’ meetings.

                                                                                                Archlinux is fantastic though, and AUR fills the gaps when I do need to install something like Zoom, or the actual Slack client (which I do run, for slack video/calls to pair-program, it weirdly performs better than zoom).

                                                                                                As for Linux on a mac.. Its always going to be a lost cause; its too much of a walled garden. Anything other than MacOS is going to be subpar on that device. Just go to ebay and pickup a Thinkpad for <$200 and install a SSD.

                                                                                                1. 37

                                                                                                  Because I’d rather admin a CA, manage cert signing, handle revocation (how does this get pushed out to servers?), and all that jazz, more than running some ansible scripts? Wait.. No, I wouldn’t.

                                                                                                  1. 11

                                                                                                    Hah. I thought about this a lot when I read this article.

                                                                                                    I think plenty of companies grow organically from a couple of dudes and as many servers, and before you know it you have 3 branch offices and 2 datacenters and a bunch of contractors, and it’s all well and good when everyone sort of trusts each other but then you get purchased and SOX’d and you have to scramble to make sure Larry who quit 3 years ago doesn’t have root on production still…

                                                                                                    I assume your ansible scripts are well documented, and are run when you’re on vacation? ;)

                                                                                                    I thought this article made a bunch of good points. Of course it’s an advertorial, but there’s enough meat in there to be interesting.

                                                                                                    1. 6

                                                                                                      I think plenty of companies grow organically from a couple of dudes and as many servers, and before you know it you have 3 branch offices and 2 datacenters and a bunch of contractors, and it’s all well and good when everyone sort of trusts each others but then you get purchased and SOX’d and you have to scramble to make sure Larry who quit 3 years ago doesn’t have root on production still…

                                                                                                      Precisely this. My team went from 2 DCs with maybe a few dozen machines between them to 6 DCs in various stages of commission/deccommision/use and hundreds (probably just over 1000) machines to manage. Running an ansible script to update creds on hundreds of machines takes a very long time even on a powerful runner. We’re moving to a cert-based setup and for the machines where it’s enabled it’s incredibly quick, lets us do key rotation more efficiently, and is just generally a huge improvement. It’s an economy of scale problem, as most are, ansible was fine when it was a couple of us, but not even at our relatively small Xe3 scale. I can’t imagine trying to do that on larger scales. Managing a few servers for CA and so on is a dream comparatively.

                                                                                                      1. 3

                                                                                                        What do you do with hundreds of machines?

                                                                                                        1. 2

                                                                                                          Currently? We wait.

                                                                                                          In the hopefully near future – something like OP

                                                                                                          EDIT: I feel like the brevity may be interpreted as snark, so I’m going to add some details to mitigate that as it wasn’t intended. :)

                                                                                                          Right now it takes a weekend or so to fully update everything, we mitigate some of it by running the job in stages (running only on pre-prod environments by product, only legacy machines, etc) It works out to running the same job a couple dozen times. That bit is automated. The real killer is the overhead of executing that many SSH connections from a single machine, basically. Running it in smaller chunks does mean we have a not entirely consistent environment for a while, but it’s pretty quick to run the job on a single machine if it fails or was missed. The runner has got flames painted on the side which helps, but it’s still quite slow.

                                                                                                          I think this is probably representative of a big disadvantage that Ansible has compared to something agent-based like Chef or Puppet, on some level I’m okay with that though because I think Chef/Puppet would just hide the underlying issue that direct key management is a little fraught.

                                                                                                          1. 3

                                                                                                            This is why I switched from Ansible to Saltstack - deploys are fast and it has a similar feel and structure as Ansible.

                                                                                                            1. 1

                                                                                                              So to piggy back on SaltStack, it’s also neat because you can do a distributed setup of multiple Masters.

                                                                                                              Makes it even faster for large fleets to roll out changes as each master manages a subset of the fleet with a salt master then farming out tasks to the other Masters to farm out to the minions/hosts.

                                                                                                            2. 2

                                                                                                              Another option may be to use a PAM module that updates the user’s authorized_keys file (from a central repo, such as LDAP) on attempts to lookup an account.

                                                                                                              I’ve done this in the past and it worked out okay for largish deployments.

                                                                                                              1. 2

                                                                                                                You don’t need to update the key file on disk from ldap, you can use ldap to produce the contents of the key file directly.

                                                                                                                https://man.openbsd.org/sshd_config#AuthorizedKeysCommand

                                                                                                                https://github.com/AppliedTrust/goklp

                                                                                                                1. 1

                                                                                                                  Also an option, but you need to ensure that there is a timeout and caching, etc as well. Updating the on-disk copy has this trivial and built-in (respectively)

                                                                                                                  1. 2

                                                                                                                    sssd does all that, and more

                                                                                                              2. 1

                                                                                                                Gah, sorry, let me rephrase: what sort of workload is it?

                                                                                                                (also, why not kerberos or something similar?)

                                                                                                                1. 2

                                                                                                                  I added an edit. As for kerberos, I just found this idea first – there was a FB article about it I came across a while ago (last year sometime, before this became a real problem), and started pushing for it. I work for an International BeheMoth, so changing things can be slow.

                                                                                                            3. 1

                                                                                                              I’ve reached this point too - considering moving the base stuff to either an os pkg and/or to use something like cfengine to distribute these faster than what ansible does. As an interim stage, I have a git pull-based ansible run on each box for the core, but I would prefer something that is more “reportable” than manually collating the status of packages on each system. Either way, I’m keen to store the CA info in an OS package, as a faster way to get boxes set up and updated.

                                                                                                              1. 1

                                                                                                                Precisely this. My team went from 2 DCs with maybe a few dozen machines between them to 6 DCs in various stages of commission/deccommision/use and hundreds (probably just over 1000) machines to manage. Running an ansible script to update creds on hundreds of machines takes a very long time even on a powerful runner.

                                                                                                                this is why you can keep your public key in a kind of centralised store, say, an LDAP server, and disable local storage of public keys entirely; sssd supports this model very nicely.

                                                                                                                (what irks me a bit about the advertorial above is that it conflates using host certificates and user certificates; and you can have one without another)

                                                                                                              2. 3

                                                                                                                I’ve managed ldap systems to handle distributed ssh / user authentication. I have less fear of that than anything CA related. I think its because OpenSSL taught me that all the tooling around it is terrible. Though I feel that Vault and other tooling is changing that slowly.

                                                                                                                1. 2

                                                                                                                  Probably about as well as crl’s get pushed out to server fleets, and accounts are actually deleted along with certificates revoked. Eg. Not bloody likely. ;)

                                                                                                                  1. 1

                                                                                                                    I think for every sysadmin who knows their sh*t, there are 10 who don’t. This article is meant for them.

                                                                                                                    1. 2

                                                                                                                      Fair enough; this probably also makes more sense for large (or very large) companies with a full team of ops/secops managing fleets of servers, coupled with some type of SSO solution (as mentioned in the article).

                                                                                                                      1. 3

                                                                                                                        I estimate that this becomes a problem once you surpass the the fact that more than 3 users need SSH access and have more than 30 machines accepting SSH-connections.

                                                                                                                        Below that, it’s probably not worth the effort, but the moment you reach those numbers you will probably continue to grow beyond that rapidly and it’s still possible to make the change with relative ease.

                                                                                                              1. 56

                                                                                                                Fortunately, it’s also the best of currently available major browsers, so it’s not exactly a hardship.

                                                                                                                1. 22

                                                                                                                  Not on macOS. Sure, it has a whole lot of great features, but it’s just slow. It feels slow, looks slow, and macOS keeps telling me that Firefox is using an excessive amount of power compared to other browsers.

                                                                                                                  I guess it’s too much to ask for, for Firefox to feel like a good, native macOS app, like Safari, but the fact of the matter is that that is why I don’t use it as my main browser.

                                                                                                                  1. 19

                                                                                                                    I use it on Mac OS X and it doesn’t feel slow to me at all. And it’s not using an excessive amount of power that I can tell. Perhaps it’s the version of Firefox being used?

                                                                                                                    1. 14

                                                                                                                      I’ve been sticking to Safari on MacOS because I’ve read that it really does make a difference to battery life (and I’m on a tiny Macbook so, you know, CPU cycles aren’t exactly plentiful). This thread just prompted me to check this for myself.

                                                                                                                      I opened a typical work mix of 10 tabs in both Safari 12.1 and Firefox 66.0.3 on MacOS 10.14.4: google calendar + drive, an open gdocs file, two jira tabs, this lobsters thread (well, it is lunchtime…) and the rest github. Time for some anec-data! :-)

                                                                                                                      After leaving both browsers to sit there for 10 mins while I made lunch (neither in the foreground, but both visible and showing a github page as the active tab), these are the numbers I eyeballed from Activity Monitor over about a 30 second period:

                                                                                                                      Firefox:

                                                                                                                      • Energy Impact: moving between 3.3 and 15.6, mostly about 4
                                                                                                                      • CPU: various processes using 0.3, 0.4, 0.5 up to one process using 1.4% CPU

                                                                                                                      Safari:

                                                                                                                      • Energy Impact: moving between 0.1 and 1.3, mostly around 0.5
                                                                                                                      • CPU: more processes than Firefox, but most using consistently 0.0 or 0.1% CPU

                                                                                                                      Firefox isn’t terrible but Safari seems really good at frequently getting itself down to a near-zero CPU usage state. I’ll be sticking with Safari, but if I was on a desktop mac instead I think I’d choose differently.

                                                                                                                      As an aside, Activity Monitor’s docs just say “a relative measure of the current energy consumption of the app (lower is better)”. Does anyone know what the “Energy Impact” column is actually measuring?

                                                                                                                      1. 5

                                                                                                                        I have had the same experience with Firefox/Chrome vs Safari.

                                                                                                                        I use Chrome for work because we’re a google shop and I tend to use Firefox any time my MacBook is docked.

                                                                                                                        But I’m traveling so much, I generally just use Safari these days.

                                                                                                                      2. 9

                                                                                                                        I use it on Mac OS X and it doesn’t feel slow to me at all.

                                                                                                                        If you can’t feel and see the difference in the experience between, say, Firefox and Safari, I don’t know what to tell you.

                                                                                                                        And it’s not using an excessive amount of power that I can tell. Perhaps it’s the version of Firefox being used?

                                                                                                                        Have you tried checking in the battery menubar-thing? There’s an “Using Significant Energy” list, and Firefox is always on it on my machine if it’s running. And that is both Firefox as well as Firefox Nightly, and it is so for all versions since a long time. My two installs are updated per today, and it’s the same experience.

                                                                                                                        1. 1

                                                                                                                          If you can’t feel and see the difference in the experience between, say, Firefox and Safari, I don’t know what to tell you.

                                                                                                                          There are plenty of people who can’t hear the difference between $300 and $2000 headphones. Yes, there are audiophile snobs who’re affronted by the mere idea of using anything but the most exquisitely constructed cans. But those people are a vanishingly small minority of headphone users. The rest of us are perfectly happy with bog standard headphones.

                                                                                                                          Apple likely had to descend through numerous circles of hell while hand-optimizing Safari for the single platform that it needs to run on. Will Firefox get there? Unlikely. Will most users even notice the difference? Most certainly not.

                                                                                                                          1. 6

                                                                                                                            They will when their battery life is abysmal and they start hearing that it’s because of Firefox.

                                                                                                                            I really want to see Firefox get more adoption, but there are a lot of techies with influence who will keep away because of this, myself included. It’s not a convenience thing - I just can’t get to mains power enough as it is in my job, so more drain is a major problem.

                                                                                                                            1. 1

                                                                                                                              They will when their battery life is abysmal and they start hearing that it’s because of Firefox.

                                                                                                                              The problem is that the feedback cycle isn’t even long enough for them to hear about this. The cause and effect are almost immediate depending on your display resolution settings with bug 1404042.

                                                                                                                              1. 3

                                                                                                                                This is what happens when you fight the platform.

                                                                                                                                1. 2

                                                                                                                                  This is what happens when the platform is hostile to outsiders.

                                                                                                                                  1. 8

                                                                                                                                    See, I don’t see it that way. I see it as Mozilla deciding on an architecture for their software that renders that software definitely suboptimal on the Mac. It’s just a bad fit. I’m not claiming that Mozilla should have done things differently – they are welcome to allocate their resources as they see fit, and the Mac is most definitely a minority platform. There are many applications that run on the Macintosh that are not produced by Apple that don’t have these problems.

                                                                                                                                    iOS is a different story, one where hostility to outsiders is a more reasonable reading of Apple’s stance.

                                                                                                                            2. 2

                                                                                                                              Now that I’m at work, I’m seeing what hjst is showing. This doesn’t bother me that much because I use the laptop at work more like a desktop (I keep it plugged in). But yes, I can see how Firefox might be a bit problematic to use on the Mac.

                                                                                                                            3. 1

                                                                                                                              I’ll have to check the laptop at work. At home I have a desktop Mac (okay, a Mac mini).

                                                                                                                            4. 4

                                                                                                                              There are known issues which are taking a long time to fix. Best example is if you change the display resolution on a retina Mac. You can almost see the battery icon drain away on my machine.

                                                                                                                              1. 3

                                                                                                                                I find it depends a lot on what FF is doing - usual browsing is fine, but certain apps like Google Docs or anything involving the webcam make it go crazy.

                                                                                                                                1. 20

                                                                                                                                  Google sites, unsurprisingly if disappointingly, don’t work as well in Firefox as they do in Chrome. But that’s really on Google, not Mozilla.

                                                                                                                                  1. 15

                                                                                                                                    They used to actively break them - e.g. GMail would deliberately feed Firefox Android a barely-functional version of the site. https://bugzilla.mozilla.org/show_bug.cgi?id=668275 (The excuse was that Firefox didn’t implement some Google-specific CSS property, that had a version in the spec anyway.) They’ve stopped doing that - but Google’s actions go well beyond passively not-supporting Firefox.

                                                                                                                              2. 5

                                                                                                                                For me, it feels faster than Chrome on MacOS, but the reason I don’t use it is weird mouse scroll behavior (with Apple mouse). It differs too much from Chrome’s behavior. I don’t know how to debug it, how to compare, what is right behavior (I suspect Chrome’s scrolling is non-standard and it dampens acceleration, while Firefox use standard system scrolling). It just feels very frustrating, but in subtle way: I become nervous after reading lots of pages (not right after the first page). I tried various mouse-related about:config settings but none of them had any effect (and it’s hard to evaluate results because differences are very subtle).

                                                                                                                                Maybe the answer is to use standard mouse with clicky scroll wheel, but I hate clicky scroll wheels. “Continuous” scrolling is one of the best input device improvements of recent times (however it would be better if it was real wheel/trackball instead of touch surface).

                                                                                                                                1. 1

                                                                                                                                  Have you tried Nightly yet? I believe there are some great improvements made recently for this. It isn’t all fixed, but it has improved.

                                                                                                                                  1. 3

                                                                                                                                    I’m on Nightly right now, and it hasn’t improved for me at least.

                                                                                                                                  2. -1

                                                                                                                                    I think macOS disadvantages apps that compete with Apple products. That’s unfortunate though.

                                                                                                                                    1. 7

                                                                                                                                      Any evidence for this statement?

                                                                                                                                      1. 9

                                                                                                                                        Do you have any proof?

                                                                                                                                        Anecdotally I use a lot of third-party apps that are a lot better than Apples contemporaries.

                                                                                                                                        I just think the truth is that Firefox’ hasn’t spent enough time on optimizing to each platform, and on macOS where feel and look is a huge deal, they simply fall through.

                                                                                                                                        1. 1

                                                                                                                                          The reports that Firefox has issues on macOS and Apple’s behaviour with iOS, for starters.

                                                                                                                                          1. 7

                                                                                                                                            Often the simplest solution is the correct one, meaning that it’s more likely that Firefox just hasn’t optimized for macOS properly. If you look at the bug reports on the bug tracker, this seems to be the case.

                                                                                                                                            Also if your theory were to be correct, why is other non-apple browser like chromium not having these issues? Could it perhaps be that they have in fact optimized for macOS, or do you propose that apple is artifically advantaging them?

                                                                                                                                            1. 13

                                                                                                                                              pcwalton hints at twitter that gains that e.g. Safari and Webkit have is through the usage of private API in macOS. You could probably use those API as well from Firefox, at the cost of doing tons of research on your own, while Webkit can just use them. (further down the thread, he hints at actually trying to bind to them)

                                                                                                                                              https://twitter.com/pcwalton/status/1068933432275681280

                                                                                                                                              1. 3

                                                                                                                                                That’s very interesting, and it’s probably a factor. However these are problems that Firefox have, not all third-party browsers. No Chromium based browser have these issues, at least in my experience. Maybe it’s through privat API that you can optimise a browser the most on macOS, but it doesn’t change the fact that Firefox is under-optimised on macOS, which is why it performs as it does.

                                                                                                                                                1. 8

                                                                                                                                                  Point being: Chromium inherits optimisations from apples work which Mozilla has to work hard to develop in a fashion working with their architecture. Yes, there’s something to be said about organisational priorities, but also about not being able to throw everyone at that problem.

                                                                                                                                                  I’m really looking forward to webrender fixing a lot of those problems.

                                                                                                                                                  1. 1

                                                                                                                                                    And it’s a sad fact, because I’d love to use Firefox instead of Safari.

                                                                                                                                                    1. 7

                                                                                                                                                      Sure, from a users perspective, all of that doesn’t matter.

                                                                                                                                                      Just wanted to say that this is hard and an uphill battle, not that people don’t care.

                                                                                                                                                      The Firefox team is well aware of those two contexts.

                                                                                                                                              2. 0

                                                                                                                                                It’s certainly possible. But at the very least Apple has little incentive to have Firefox work well on macOS. Chrom{e|ium} is so widely used, that Apple would hurt themselves if it didn’t work well on macOS.

                                                                                                                                                I’d be a bit surprised if Mozilla is really falling down on optimising Firefox on macOS. It’s not as if Mozilla is a one man operation with little money. But perhaps they decided to invest resources elsewhere.

                                                                                                                                          2. 1

                                                                                                                                            That’s true in cases where apps want you to pay for features (like YouTube not offering Picture-in-Picture since it’s a paid feature and Apple wants money for it to happen) but not true in the case of Firefox. Unfortunately, Firefox’s JavaScript engine is just slower and sucks up more CPU when compared to others.

                                                                                                                                        2. 7

                                                                                                                                          Yeah, I’ve switched between Firefox and Chrome every year or two since Chrome came out. I’ve been back on Firefox for about 2 years now and I don’t see myself going back to Chrome anytime soon. It’s just better.

                                                                                                                                          1. 3

                                                                                                                                            Vertical tabs or bust.

                                                                                                                                          1. 1

                                                                                                                                            Are the search stats in the article true? What are people using these VPNs for? Only time I ever need to use a VPN is to connect to my work’s network from home.

                                                                                                                                            Am I missing something?

                                                                                                                                            1. 5

                                                                                                                                              I have a handful of friends overseas, and they use VPNs to dodge government filters (e.g. Telegram/FB services being blocked by governments).

                                                                                                                                              Personally, I just use it when I’m connecting to dodgy wifi (e.g. free airport hotspots). Additionally, for some reason youtube doesn’t work on AT&T LTE for me, so I use it for that.

                                                                                                                                              There’s also the ‘privacy’/‘security’ theme that these VPN services advertise, maybe many people just install the first VPN app they can find because it says it’ll protect their privacy.

                                                                                                                                              1. 3

                                                                                                                                                They are helpful for hiding traffic/metadata from ISPs and governments which have influence over those ISPs.

                                                                                                                                                1. 3

                                                                                                                                                  A lot of people use VPN’s to stream overseas, pirate software, and of course privacy.

                                                                                                                                                  1. 2

                                                                                                                                                    I have a LowEndBox instance running OpenVPN. I use it as an (admittedly feeble) way to reduce the ease with which my ISPs (and hence intelligence agencies) can monitor my internet usage.

                                                                                                                                                    1. 2

                                                                                                                                                      Not to pick on you specifically, but a few people have mentioned hiding from their ISP, but that seems specious. Is there reason to believe your ISP wants to monitor your internet usage any more than LowEndBox wants to monitor your usage? Don’t you already trust your ISP with your real life identity, home address, credit card number, and (probably) SSN?

                                                                                                                                                      And unless you’ve gone through the trouble of doing offline key exchange or something like that, can’t your ISP MITM your connection to the VPN anyway?

                                                                                                                                                      1. 4

                                                                                                                                                        ISPs are the easiest entry-point for your government to perform bulk surveillance, so they are quite likely to pass on traffic flows. LowEndBox are likely to pass on traffic flows to their government, but as long as that’s a different one it’s far less of an issue.

                                                                                                                                                        ISPs are also allowed to sell your traffic flow data for advertising in many parts of the world. LowEndBox could, too, but they would have very few users and much less information about who they are, so it wouldn’t be very profitable.

                                                                                                                                                        The ISP could also MITM connections, but that’s rather more expensive and much more likely to be discovered (by eg host key verification).

                                                                                                                                                        1. 2

                                                                                                                                                          Yes, my ISP has my identity, which is one of the reasons why I’d like them to not know absolutely everything else about me. My ISP is also under the legal influence of my government, whereas my VPS host is not (directly). It’s far from foolproof, but it (should) minimise the amount of data that is passively collected. I have no doubt that if I were actively targeted for monitoring, it’d all come apart without much effort.

                                                                                                                                                          I’m not sure about MITM. The key was generated on the VPS and transferred via SSH. How would a MITM attack work? (That’s a genuine question - I’m happy to be educated).

                                                                                                                                                      2. 2

                                                                                                                                                        It really depends on the country in which you (currently) reside.

                                                                                                                                                        I lived in many countries around the world and, aside from avoiding being tracked (which is a fair point), several countries block a whole range of websites, for instance:

                                                                                                                                                        • Vietnam: any wordpress website is not available (due to a ban on it after it was used to ‘attack’ the communist party)
                                                                                                                                                        • Japan: certain porn
                                                                                                                                                        • Turkey: pretty much all porn
                                                                                                                                                        • China: pretty much anything popular non-Chinese
                                                                                                                                                        • India: teamviewer doesn’t work with most ISP I tried

                                                                                                                                                        And then you have countries in which they might not advertise that they are blocking certain things but visiting certain websites with certain keywords might make you go on a list.

                                                                                                                                                        So, there are real reasons to use a VPN. Btw, being a ‘modern’ developer in China is extremely difficult without a VPN (usually just connecting to HK).

                                                                                                                                                        1. 1

                                                                                                                                                          In many countries, porn