1. 2

    I want to go through the whole thing later, when I have time, but right off the bat I notice it doesn’t grant trademark licenses. Doesn’t that already automatically disqualify it from being an FSF-approved license? I’m thinking of the Firefox example, though maybe that was DFSG?

    (That being said I’ve never had a problem with people protecting trademarks since they basically never have a real effect on the ability to use/modify/etc. the software. It might not fit the letter of the law in terms of the four freedoms but it fits the spirit.)

    1. 2

      This is the first I’ve heard of the FSF disqualifying licenses for not granting trademarks. Is that a recent decision (e.g. to reduce license proliferation)? I would have thought that’s a separate issue to copyright license approval, since so few FSF-approved licenses grant trademark licenses (MPL, MIT, BSD, …).

      When you say “FSF-approved” are you referring specifically to GPL compatibility?

      1. 1

        Sorry, I was completely wrong! I was thinking of https://en.m.wikipedia.org/wiki/Mozilla_software_rebranded_by_Debian and thought the FSF was involved, but it was just Debian.

        1. 3

          And Debian never considered Firefox non-DFSG. Mozilla considered Debian to be misusing the trademark (because they alter the source and build from source instead of using upstream binaries) and asked that they stop using the trademarks (for awhile, Debian ships officially-branded Mozilla products again)

          1. 2

            Debian was kind of the initial objector in the saga, but they only objected to one specific thing, the Firefox logo. In 2004, they replaced the logo with a freely licensed one in the version they shipped, because Mozilla wouldn’t relicense the logo PNGs/SVGs under a free license. But the browser was still called Firefox. That was the reason for a ‘-dfsg’ suffix in the package’s version number. Those kinds of minor changes are common though. Debian even does it to some GNU packages, because they don’t consider the GNU Free Documentation License with invariant sections to be DFSG-free, so they strip out a few offending info files & tack on a -dfsg suffix.

            You’re right that the name change came from Mozilla though, in 2006, when someone doing a review of the Firefox trademark seems to have objected to everything about Debian’s package: they didn’t like something with an alternate logo shipping under the “Firefox” trademark and for the first time they raised an objection to the patched source (which was patched for non-license reasons) shipping under that name. Which at that point pretty much required a rename, since even people who had thought the logo-copyright issue was petty/unimportant couldn’t accept a “no source patches allowed” condition in a free-software distribution.

          2. 2

            Yeah, “Iceweasel” was a Debian thing; IIRC Debian wanted to backport security fixes to stable released, but avoid including any new features. Mozilla didn’t want their “brand” on the less-featureful versions (even though it was all their software…), so trademark shenanigans ensued.

            The FSF do actually push their own Firefox rebrand called GNU Icecat (really imaginative naming all round!). It mostly seems to be about not “promoting” proprietary addons, etc. That doesn’t mean FSF don’t “approve” (in a technical/legal sense) the MPL as a Free Software copyright license, etc. It just means they might not advocate using certain software (Firefox), in favour of something else (Icecat).

      1. 2

        Now that’s a very useful list.

        Probably the most intriguing to me personally is Frink, which I didn’t know about. Although it’s a bit of an outlier on this list it seems. Most of the entries add units to general-purpose programming language in order to improve robustness and reduce likelihood of unit-related errors (analogous to an extra layer of typing, maybe?). While Frink is, as the author notes, “more of a tool for physics calculations than a general purpose programming language”. In that category the tool I’ve found most usable in the past is Mathematica.

        1. 4

          Honestly, the driving script in bash feels like it’s cheating. It actually feels like despite all the new toys, metaprogramming in C++ still isn’t that powerful.

          Couldn’t this be done more easily with lisp macros? I can sort of see how to do it with D compile-time structures.

          1. 3

            I don’t think there’s much point comparing such exercises across languages. For instance, with Template Haskell, you can run arbitrary Haskell code and even do IO at compile time, you could even write a 3D shooter, but I’d still say C++ templates are more powerful than TH in many aspects, due to the way they interact with the rest of their respective languages.

            1. 1

              Maybe I shouldn’t have said “powerful”, but “convenient”? I think it does make sense to have these comparisons at least for this example. In both Lisp and D, you have all of the language at compile time, so you can do just about anything.

              It appears that even when attempting a ridiculous feat, thus accepting some inconvenience, C++ compile-time features are still too onerous to put the whole game loop into them.

              Edit: After thinking about this for a second, I’m not sure it’s possible in D anymore since compile-time D functions have to be deterministic.

              1. 2

                I understand your point about the convenience, but my point is that the real purpose of the metaprogramming features isn’t to write interactive games. What matters is how it interacts with the run-time features. For instance, C++ templates are more powerful than Template Haskell, because of template argument deduction and due to how template instantiation can cause other templates to be instantiated seamlessly. Whereas in TH, you cause all template expansions by hand. Without considering the interaction with the rest of the language, the best metaprogramming would simply be generating C++ code using C++, then running that program as a preprocessing step. That’s why I think comparing the power of metaprogramming features accross languages through non-metaprogramming things you can do with them is pointless.

                1. 1

                  Ah, it does sound inconvenient in TH to not have automatic instantiations.

                  1. 1

                    Yeah, it is, TH is much more bolted-on in Haskell compared to templates in C++, but on the other hand, Haskell’s type system is vastly more powerful without metaprogramming, so you rarely really need it. As I said, hard to compare across languages :)

            2. 2

              In Lisp you have the full language in disposal at compile-time, so it’s way too easy.

              1. 1

                That was my first thought, that the actual game loop is still implemented at runtime (with a bash runtime), which is sort of cheating. On the other hand, since one of my research areas is modeling game mechanics in formal logic, it somehow feels natural to accept an implementation of a state->state' transition function as morally equivalent to an implemention of a game. :-)

              1. 3

                This seems like too general a question. There are many, many TSP algorithms suitable for different purposes, and they can be implemented in many different languages.

                If you in practice need to solve large graphs heuristically, I would use one of the existing packages rather than implementing your own, because it’s pretty non-trivial to implement a good heuristic solver. LKH is a state-of-the-art solver, I believe (free for non-commercial use). If you’re doing it more for education, you might be interested in Peter Norvig’s Jupyter Notebook walkthrough.

                1. 5

                  One variant of RSS that I like, but doesn’t seem to be commonly used, is PSS (proportional set size), which allocates memory usage of shared libraries proportionally to the various processes that are using them. Otherwise a shared library loaded by 5 processes ends up quintuple-counted in each process’s RSS, even though that memory is only used once total. I found that idea from smem, a tool that measures PSS.

                  1. 1

                    Thanks for showing this project!

                  1. 3

                    I’m disappointed that companies who own significant copyright in Linux (like RedHat or Intel) and industry groups like the BSA don’t go after intellectual property thieves like Tesla. There are plenty of non-Linux choices if companies don’t want to comply with the GPL’s license terms. Other car companies seem to be happy with VxWorks and similar.

                    What’s the point of asking China to comply with American IP if the US won’t even police its own companies?

                    1. 9

                      I’m pretty unsurprised that a company like Intel or Red Hat wouldn’t sue. Lawsuits are expensive, and it’s not clear a GPL suit would produce any significant damages (can they show they’ve been damaged in any material way?), just injunctive relief to release the source code to users. So it’d be a pure community-oriented gesture, probably a net loss in monetary terms. And could end up a bigger loss, because with the modern IP regime as de-facto a kind of armed standoff where everyone accumulates defensive portfolios, suing someone is basically firing a first shot that invites them to dig through their own IP to see if they have anything they can countersue you over. So you only do that if you feel you can gain something significant.

                      SFC is in a pretty different position, as a nonprofit explicitly dedicated to free software. So these kinds of lawsuits advance their mission, and since they aren’t a tech company themselves, there’s not much you can counter-sue them over. Seems like a better fit for GPL enforcement really.

                      1. 8

                        a GPL suit would produce any significant damages (can they show they’ve been damaged in any material way?

                        This is generally why the FSF’s original purpose in enforcing the GPL was always to ensure that the code got published, not to try to shakedown anyone for money. rms told Eben in the beginning, make sure you make compliance the ultimate goal, not monetary damages. The FSF and the Conservancy both follow these principles. Other copyleft holders might not.

                        1. 3

                          Intel owned VxWorks until very recently. Tesla’s copyright violations competed directly with their business.

                          1. 2

                            I’m not a lawyer but the GPL includes the term (emphasis added)

                            1. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

                            Even if monetary damages are not available (not sure if they are), it should be possibile to get injunctive relief revoking the right to use the software at all. Not just injunctive relief requiring them to release the source.

                            1. 3

                              This is from GPLv2.

                              GPLv3 is a bit more lenient:

                              However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation.

                              Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.

                              Now, I think people should move to GPLv3 if they want this termination clausole.

                              And in any case, 5 years are completely unrespectful of the various developers that contributed to Tesla through their contribution to the free software they adopted.

                              To that end, we ask that everyone join us and our coalition in extending Tesla’s time to reach full GPL compliance for Linux and BusyBox, not just for the 30 days provided by following GPLv3’s termination provisions, but for at least another six months.

                              As a developer, this sounds a lot like changing the license text for the benefit of big corporates without contributors agreement.

                              When I read these kind of news I feel betrayed by FSF.
                              I seriously wonder if we need a more serious strong copyleft.

                              1. 2

                                It is not without contributor agreement. Any contributor who does not agree is free to engage in their own compliance or enforcement activity. Conservancy can only take action on behalf of contributors who have explicitly asked them to.

                                The biggest problem is that most contributors do not participate in compliance or enforcement activities at all.

                                1. 1

                                  Conservancy can only take action on behalf of contributors who have explicitly asked them to.

                                  Trust me, it’s not that simple.

                                  The biggest problem is that most contributors do not participate in compliance or enforcement activities at all.

                                  Maybe contributors already agreed to contribute under the license terms and just want it to be enforced as is?

                                  I’m sincerely puzzled by Software Freedom Conservancy.

                                  Philosophycally I like this gentle touch, I’d like to believe that companies will be inspired by their work.

                                  But in practice, to my untrained eye, they weaken the GPL. Because, the message to companies is that Conservancy is afraid to test the GPL in court to defend the developers’ will expressed in the license. As if it was not that safe.

                                  I’m not a lawyer, but as a developer, this scares me a bit.

                                  1. 3

                                    If contributors want they license enforced they have to do something about that. No one can legally enforce it for them (unless they enter an explicit agreement). There is no magical enforcement body, only us.

                                    Conservancy’s particular strategy wouldn’t be the only one in use if anyone else did enforcement work ;)

                                    1. 1

                                      You are right. :-)

                          2. 2

                            They’re asking China to comply with the kind of American IP that makes high margins, not the FOSS. They’re doing it since American companies are paying politicians to act in the companies’ interests, too.

                          1. 7

                            So I’m generally in favour of GDPR, but I didn’t know about this requirement:

                            If you have a business outside of the EU and you collect data on EU citizens, you should assign a representative in one of the member states for your business. This person should handle all issues related to processing. In particular, a local authority should be able to contact this person.

                            I get where this clause is coming from (it’s hard to enforce laws on people who aren’t in the EU), but this arguably seems like the most difficult part of the law to comply with for small projects, startups, and businesses.

                            If you even do so much as record IP addresses for traffic monitoring, you’re beholden to GDPR. Many of the other parts of that law (such as having a privacy policy, requiring consent, and allowing for deletion of data on request) are feasible to handle and automate. But this? If I’m reading this right this means that even a small side project or nascent startup hosted in the United States is going to have to hire or contract with someone in the EU for the purposes of satisfying this checkbox.

                            Am I reading this right?

                            1. 7

                              The linked full text of Article 27 does narrow that requirement beyond the general conditions for being subject to GDPR. The narrowing provision is in 2(a).

                              Rephrased to remove the double-negative and following up references to other articles, my read (as a non-expert, mind you!) is that the mandatory designation of a contact person in the EU only applies if, first of all, your processing of EU citizen data is “on a large scale” (vs. “occasional”), and furthermore includes one of the following three types of sensitive data:

                              1. “[S]pecial categories of data as referred to in Article 9(1)”. These are defined as “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership” as well as “the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”. Article 9 places more stringent requirements on processing this kind of data than the normal GDPR requirements.

                              2. “[P]ersonal data relating to criminal convictions and offences referred to in Article 10”. Fairly self-explanatory.

                              3. Data that is otherwise “[likely] to result in a risk to the rights and freedoms of natural persons”. The vaguest of the three, but in context seems likely to mean data that is similar to the kinds of data in #1 and #2. I would guess someone just logging IP addresses wouldn’t fall under this, since the whole provision is about personally sensitive data—stuff along the lines of race, religion, health conditions, criminal convictions, etc.

                              1. 2

                                Cool, thanks for the explanation. It’s still a bit vague, but it sounds like this only applies if you’re doing large-scale processing of those more sensitive categories of data, which makes sense.

                                In general it looks like this was thought through pretty well. Still, I wouldn’t be surprised if you started to see “GDPR contact as a service” companies springing up around Europe in the coming years, for small businesses who accept EU customers but don’t have offices there.

                            1. 15

                              Tangential comment: I assume Google funded this in some way (either by paying a person to do it or offering money to the open source project). But, AFAIK, Git is not a Google project so I don’t really like that this introduction is coming from their blog as if it’s theirs. Maybe there is the official release somewhere else? Maybe I’m missing something and all this is kosher.

                              1. 14

                                Most of the Git core team is employed by Google to work on Git. The maintainer Junio Hamano is a Google employee whose job is to work on Git.

                                That is why this announcement is happening on the Google blog.

                                1. 8

                                  Git 2.18 is not yet released, so this is more of call for testing. Google-specific part here is that you can test against googlesource.com, because Google deployed v2 enabled server.

                                  1. 11

                                    It reads like an official announcement on behalf of the git project though, while not being on a git-related domain, which is what is somewhat surprising. Well, the first sentence does. The rest of the post wouldn’t have raised my eyebrow, but this part also confused me on first read regarding on whose behalf “we” is speaking here (Google? git? both?):

                                    Today we announce Git protocol version 2, a major update of Git’s wire protocol…

                                    1. 3

                                      Google employs many git and mercurial developers. Very few organizations do source control on the scale of Google so it makes sense for them to fund developers of the tools they use.

                                      1. 10

                                        Myself, and I don’t think @mjn, are disagreeing that Google does a lot with source control and probably spends a lot of money on supporting git. My concern/issue is that git is not a Google project so it doesn’t quite feel right that, what feels like an official announcements should be on their website.

                                        1. 3

                                          A google employee wanted to share some open source work they’d been doing so they used a company blog. That doesn’t seem weird to me.

                                          edit: I guess it’s worth adding that it wasn’t really announced in this blog post. You could have seen the discussions about this if you followed the git mailing lists.

                                          1. 6

                                            Google could have done a better job in this post explaining the relationship between Google, the author and the git project. One phrase would have made a ton of difference. For example, “I am John Foo, a Google employee and a member of the git core team” (with a link to some sort of proof on the git website)

                                            1. 2

                                              Well, there is such phrase, but at the end:

                                              By Brandon Williams, Git-core Team

                                  2. 1

                                    Did you mean Git is not a google project?

                                    1. 1

                                      Fixed, thanks.

                                  1. 6

                                    I wish we had this hysteria about the recent child protection acts that target prostitution specifically in the US, making life terribly dangerous for sex workers. There was a recent Reply All podcast where they interviewed a researcher who examined murder rates for women in markets as Craigslist offered their persons section (often used for adult services) to cities. The before and after picture is that murders went down 17% on average (that’s all women; not just sex workers, so we’re just talking correlation, not causation):

                                    https://www.gimletmedia.com/reply-all/119-no-more-safe-harbor#episode-player

                                    The GDPR, just like the child sex trafficking protection laws in the US, will be a real time case study and it will be interesting to see the effect over the new few years.

                                    I think American devs are afraid of the GDPR because we’ve seen how laws like this can backfire. Specifically the GDPR probably couldn’t pass in the US simply due to freedom of speech (which is why we can’t have a protected sex offender list like Australia does, or real criminal record expulsion).

                                    I like the idea of the GDPR, but I hope it doesn’t turn into a tool for censorship (like the Right to be Forgotten laws, which the EFF opposes).

                                    I think people should do their best to comply and some of the projects that have closed are being hysterical, but at the same time, people don’t really know what will and won’t be acceptable until we see actual enforcement and what that will involve.

                                    1. 10

                                      Sorry but why couldn’t the US have the GDPR and why is freedom of speech relevant?

                                      1. 3

                                        The theory is that the government isn’t allowed to interfere with people speaking.

                                        It’s of course not true: The US has Libel laws and can obviously choose to recognise protections for certain kinds of speech (e.g. secret/clearance documents, etc).

                                      2. 8

                                        I think American devs are afraid of the GDPR because we’ve seen how laws like this can backfire.

                                        I see this as: Devs are afraid because they have to comply to something (annoying) that they didn’t have before.

                                        the GDPR probably couldn’t pass in the US simply due to freedom of speech

                                        I don’t see the link between GDPR and freedom of speed. GDPR is about user data retention. Freedom of speech is pretty key in most countries in western Europe, and I don’t think they plan anything to sabotage it.

                                        I like the idea of the GDPR, but I hope it doesn’t turn into a tool for censorship

                                        Again, GDPR is about user data retention. You could probably use that to censor a company in some way, but that would be pretty hard to prove and the company censored would first have to be audited for that matter.

                                        I think you might mix-up GDPR with something else.

                                        1. 5

                                          I see this as: Devs are afraid because they have to comply to something (annoying) that they didn’t have before.

                                          That’s wrong. They did need to keep my data safe from being hacked off their servers, there was simply little-to-no threat of law.

                                          Again, GDPR is about user data retention.

                                          GDPR is not about data retention. There’s no minimum or maximum time that you have to retain data.

                                          I’m doing a fair amount of GDPR consulting at the moment, and this isn’t the strangest theory I’ve heard about the regulations.

                                          There’s a big chunk about keeping data safe. If you have personal data, you have a responsibility to keep yourself from being hacked. That means using best practices for minimising risk like encryption and deleting it when you don’t need it anymore, and understanding who in your company can access the data (and when they do it).

                                          There’s also a big chunk about making sure if you use personal data, you’re only using it in a way that the subject would approve of. This really means being able to demonstrate (perhaps to a regulator) why you think you have their consent to use this data. Records and contracts can help, but the subject can also back out at any time and needs to have controls to do so.

                                          You could probably use that to censor a company in some way

                                          You cannot. If you believe a company is using your data inappropriately, you report them to a regulator. You do not get to “prove your case” and you won’t be asked to show up in court. The regulator will assess the situation and prioritise it based on the claim and risk for further damage. The regulator will talk to that company and find out what is going on and correct the issue.

                                          If that non-compliance is egregious and wilful, then the regulator has a pretty big stick, but this is far removed from “censoring a company” in any possible interpretation of the term.

                                          1. 4

                                            They did need to keep my data safe from being hacked off their servers, there was simply little-to-no threat of law.

                                            No they didn’t. If it’s for-profit and no laws stopping it, then keeping your data in a barely-secure form is legal and maybe even beneficial for the organization. Most organizations that have data breaches take a financial hit before going back to normal. Strong investments in security cost money every year. Managers might also believe they reduce productivity if applied everywhere. The managers apathetic to security wanting more ways to make money will see your data as an asset whose leaking barely concerns them.

                                            So, capitalist companies operating under their theory of morality in a system with no liability for data-related externalities should continue to collect on you ignoring as many risks as they can get away with. That’s what most were doing before regulation forced them to care a little more. Also, why I support such regulations.

                                            1. 2

                                              Thank you very much for correcting my false ideas.

                                              GDPR is not about data retention.

                                              I’m not a native speaker but to me retention is the fact of holding the data, so indeed, holding it securely. In addition of that I particulary meant the “Right to erasure” and “Right of access”, I’m more familiar with the side of friends having to deal with the documentation process (to actually have somewhere why you can hold this data). But I”m by no means an expert on the subject.

                                              By censoring I was thinking that since the proof that you need to hold a data might be pretty subjective, the regulator could probably damage a company which business is holding the data, but I agree that it’s very extrapolated.

                                              1. 4

                                                No problem.

                                                If you (a business) actually need to hold data on a subject, then indeed the “proof” is quite subjective. You have to feel comfortable you can convince regulators that your processing is a part of you providing a service for that subject, and that they would expect you to use their data in this way. Simple examples might be keeping someone’s address in order to ship them goods that they ordered.

                                                If you are an individual and you want to compel a company to remove/erase data they have on you, understand that they can ignore such a request with regards to things like the address they used to ship goods (among other reasons).

                                                If you are an individual and you want to ask a company to provide data they have on you, it should be easy to do so with regards to things like the address they used to ship goods to you. They’re under no obligation (however) to discover who you are – that is, if you send them an IP address they’re not required to link any information or activity they have on that IP address to you.

                                          2. 5

                                            the GDPR probably couldn’t pass in the US simply due to freedom of speech

                                            It would obviously depend on the details, but it’s not inconsistent with the US’s view of free speech to regulate various kinds of commercial record-keeping and enforce privacy and access protections on those records. For example, healthcare data is fairly strongly regulated in the US, and this hasn’t been found to be a constitutional problem. (The “right to be forgotten” laws are a different story.)

                                            1. 1

                                              I health company (insurance, hospital, whoever) is bound by HIPPA. A school is bound by FERPA. They can’t divulge information. But if someone leaks someone else’s medical records and a news paper publishes them, that information is protected in the paper. Now wherever the leak happened, that’s a problem if it was someone covered under HIPPA.

                                              Criminal records can’t be expunged in the US. Not really. While your record was public, some other company scooped that data up and can sell it forever even if your official record is clear. Maybe we’ll have laws that will force companies to ignore those styles of background checks (some states probably do).

                                              Actually this is a good question, how does the GDPR affect collecting data about people who aren’t your customers or who ever visit your website or store front? Does it say anything about collecting public data?

                                          1. 1

                                            How is this possible? The theoretical lower bound on sorting is O(n*log(n)) (without knowledge of the structure of the data); machine learning or not.

                                            1. 2

                                              I suspect that the training phase encodes knowledge of the structure of the data into an algorithm that only works on similar data.

                                              1. 2

                                                In that case the title is very, very misleading :º

                                                1. 1

                                                  Yeah, I don’t think the claims in this paper would be accepted as-written if the authors submitted it to a machine-learning conference or journal. You can title a paper anything you want on arXiv though, for better or worse.

                                            1. 2

                                              ICANN addressing any issue by publishing a confusing, contradictory policy delivered very late with no real transparency around roadmap/intentions sounds about right.

                                              1. 1

                                                I’m a little surprised the x87 is even involved here - doesn’t targeting “modern” x86 usually involve using the scalar SSE instructions since they have behave more predictably than x87 does?

                                                1. 3

                                                  Even if your compiler emits exclusively SSE instructions for actual arithmetic, the de-facto-standard calling conventions on x86 (but not x86-64), cdecl and stdcall, return floating-point values from functions by sticking them onto the x87 FPU stack. So there will still be a handful of x87 instructions emitted solely to push/pop the FPU stack, even if no other x87 features are used, which seems to be what’s happening here. That convention was set ages ago and changing it would break ABI compatibility.

                                                  1. 1

                                                    Interesting, thank you!

                                                1. 1

                                                  Is there a modern version of this that works across a bunch of lisp installs?

                                                  1. 1

                                                    I would expect not because the limitation was a bug in the TI lisp machine. The CL implementations I’m familiar with (SBCL, Clisp, CCL) all follow the standard and will happily grow bignums as large as memory allows.

                                                    1. 1

                                                      Clisp’s implementation notes claim that there is an upper bound:

                                                      BIGNUMs are limited in size. Their maximum size is 32*(2^16-2)=2097088 bits. The largest representable BIGNUM is therefore 2^2097088-1.

                                                  1. 12

                                                    I can’t really get behind just ignoring headers because some engineer feels like they aren’t useful anymore.

                                                    1. 8

                                                      He doesn’t just “feel like”, he has a justified technical position, and I don’t see any counter arguments to any of his points.

                                                      1. 5
                                                        • Via is actually useful, if properly used, and can detect request loops outside your network
                                                        • Expires is actually useful if you need to expire a response at a specific date, Cache-Control doesn’t do that, it’s only use isn’t “expire my content and don’t cache”
                                                        • X-Frame-Options is needed to support older browser, IE only supports a minimal version of CSP since 10, if you support older clients, XFO is a good security addition as CSP may not be available
                                                        1. 5

                                                          The repeated use of “deprecation” without obvious links to the RFCs superceding those deprecations doesn’t help. Further, the entire point of the article is pretty clearly to help advertise Fastly (which presumably wants to go after some of Cloudflare’s market).

                                                          Like, it’s an interesting read, but I’m a bit concerned about people putting their services behind providers that sanctimoniously decide to break with RFCs because it might get them more business.

                                                        2. 3

                                                          From the bit at the end it doesn’t sound like they’re doing anything to the headers by default? These are headers they recommend stripping out, and there’s an example at the end of how to strip out individual headers if you want to, but a site owner would have to actually do that to have any effect.

                                                          1. 1

                                                            Yeah, I don’t really see the problem here.

                                                            Nobody’s forced to look at headers they’re not interested in, and the extras don’t hurt anything, except for using a bit of bandwidth.

                                                          1. 5

                                                            A troubling aspect of the Axiom of Choice is either affirming or denying it results in some pretty unintuitive implications (but different ones). Here’s a list of some bizarre results if you deny AoC. The basic problem is that AoC is provably equivalent to dozens of other statements, so in taking a position on it, you implicitly take a position on all those others too as a package deal.

                                                            1. 1

                                                              Meh, denying AC is also pretty weird, but you can just refuse to include that too.

                                                            1. 6

                                                              Kind of meta-productive: put online a paper-reading log with notes on papers I’ve read, so I can find them again and remember what I found useful/interesting in them. Mostly for my own reference, but maybe interesting to others.

                                                              I realized I had mostly been externalizing this kind of thing on social media—Tweeting out papers, submitting them to lobste.rs, etc.—which is fine, except when it comes time to find a paper again. Trying to remember keywords I used in my tweet so I can use Twitter search to dig up a paper I remember reading isn’t a great UI for searching research notes. Hence I started a local log in March, and now got around to rendering it to HTML, plus backfilled it with as many old Tweet threads & Facebook notes as I could find from last year.

                                                              1. 1

                                                                re paper-reading log

                                                                I thought about doing that myself for the CompSci stuff. I look at way more than I post. Someone might find some of it useful but I wouldn’t want to flood an aggregator with it. It’s cool you’re doing it. Some interesting stuff there. :)

                                                              1. 9

                                                                Not that I’m against federation but so far my experiences weren’t great. For email I can change servers on a whim, or at least do forwarding only with a very simple SMTP, same for XMPP - for Mastodon on the other hand… meh. Realistically it’s running your own instance forever or change handles or join one of the big ones where you don’t own your identity. I actually prefer non-federated systems where I kinda trust the admins more than bad federation (based on my criteria).

                                                                1. 2

                                                                  Changing servers for XMPP or SMTP also usually involves “changing handles”… unless you mean pointing domain at new server, which you could do for Fediverse as well…

                                                                  1. 1

                                                                    Really? Last I checked Mastodon didn’t really support it and also, how would you even find an instance that accepts your “hostname” and thus would automatically host your users (sure, sometimes it’s only one).

                                                                    I’m running pleroma now but used to run Mastodon and even if it’s theoretically possible I’d still say it’s miles more hassle than email. Sure, if I had friends I could just ask to “care about my domain”.. but hardly anyone runs those. So, yeah, maybe it’s “just” a numbers game and everything’s not shaken out or still badly documented, but especially the forwarding part would be nice and afaict doesn’t really make sense in this context.

                                                                    1. 7

                                                                      Mastodon semi-recently added profile redirects. They don’t actually forward your messages or followers or anything, but they’re at least an official way of marking an account as having moved elsewhere. Partial solution obviously, but thought I’d note it, because I only recently found out it existed.

                                                                      1. 2

                                                                        Oh, instances people are running may not currently support it, similar to how most public mailservers won’t let you host a custom domain with them.

                                                                        This is a social problem, and one worth working on.

                                                                  1. -1

                                                                    Repetitive, irrelevant, and … pointless.

                                                                    Much of the man page corpus is just plain wrong. Many changed the code and never bothered to change the documentation. One can easily get misled.

                                                                    UNIX/POSIX … is getting massively “bit-rotted” in its old age. Time for different metaphors, possibly maintained by ML to keep them effective and relevant?

                                                                    1. 13

                                                                      Do you have any examples of outdated manpages? Your comment is awfully vague.

                                                                      1. 5

                                                                        I run across examples semi-regularly, and try to report upstream when I find them (some upstreams are easier to report to than others). Mostly I’m pretty happy with manual pages, though.

                                                                        Just recently, I noticed that pngcrush(1) on Debian is missing the newish -ow option. Upstream doesn’t ship a manpage at all, so Debian wrote one, but it doesn’t stay in sync automatically. Therefore I should probably report this to Debian. Upstream does ship a fairly complete pngcrush -v help text though, so I wonder if the manpage could be auto-synced with that.

                                                                        I’m pretty sure I’ve reported a bunch of others in the past, but the only example that comes to mind at the moment is that privileges(5) on illumos used to be years out of date, missing some newer privileges, but it was fixed fairly quickly after I reported a bug.

                                                                      2. 1

                                                                        I really want to see documentation generated via machine learning systems. I wouldn’t want to use that documentation for anything, but I’d like to see it.

                                                                      1. 6

                                                                        Wow, Wiring is an impressive masters project.

                                                                        1. 6
                                                                          • E-Mail (Postfix+Dovecot) + XMPP (Prosody) + TeamSpeak3 on one server
                                                                          • websites and files (Syncthing) and misc shit (IRC bots, Discord bots) on another
                                                                          • Syncthing on home NAS, also Subsonic (but I never really use it)
                                                                          • OpenVPN and socks5-proxy via SSH on demand (I rarely need those)

                                                                          Actually I think the only thing I’m not self-hosting is one Wordpress blog at wordpress.com (don’t want to have my real name associated with it, but it’s only a gaming blog, nothing super secret).

                                                                          1. 3

                                                                            What has your experience hosting your own email been like? I’ve idly considered it, but it’s a famously unfriendly service to deal with (spam, major providers deciding your messages are spam, all the onerous metaprotocols to combat spam) and I’m happy with Fastmail’s service.

                                                                            1. 9

                                                                              I’ve been hosting email myself for 15+ years. Postfix made it easier to configure (Sendmail was… complicated, in comparison, in my opinion.) Dovecot works really well for IMAP/POP3. Finally Let’s Encrypt allows you to get a nice certificate relatively easily.

                                                                              Greylisting helped a lot to reduce spam, but spam is still a nuisance - especially if you don’t have good filtering in your mail client (I’m using crm114).

                                                                              Setting up SPF, DKIM and DMARC can be a little complicated, but it seems to work fine, as long as all email from your domain is sent from a well defined set of IPs.

                                                                              1. 6

                                                                                I’ve not had many problems, but there’s a bit of luck of the draw in getting a clean IP. I have SPF and DKIM set up (not DMARC), with the self-signed certificate that Debian auto-generated, and that seems to be enough to get mail delivered to the big providers.

                                                                                For incoming spam, I reject hosts that: 1) lack valid RDNS, or 2) are on the Spamhaus ZEN RBL. This seems to catch >95% of spam. Minor config hint if you’re using the free Spamhaus tier: you need to set up a local DNS resolver (I use unbound) so you query directly, otherwise your usage gets aggregated with whoever else is using your upstream DNS, which probably exceeds the free tier.

                                                                                Like the other commenters, I use Postfix, which is reasonably nice, and has good documentation.

                                                                                1. 6

                                                                                  Mostly positive. I had that discussion this morning on IRC, so I’m gonna quote myself to not retype everything:

                                                                                  [...] on a "decent" hoster blacklist-wise and not DO or something
                                                                                  and it's been running for 10 years, I don't seem to have the typical 
                                                                                  "gmail thinks I am spam"-problem
                                                                                  usually.
                                                                                  interestingly I had it yesterday when sending something to myself
                                                                                  but dunno, empty body, 25mb-video.. who knows
                                                                                  I hardly use my gmail-account
                                                                                  

                                                                                  But thinking about it, sending a job application in November ended up in the spam folder for 2 people and I only got a reply once I pinged them out of band. That was a shitty experience, but as I hate using GMail I prefer this to a years-long shitty experience using it :P

                                                                                  If I was to “start over” these days I might go to a dedicated email hoster like FastMail, but I think it’s just too expensive. I have 4 people with their main email addresses on my server and it costs me 10 EUR /month and I get to host other “communication” services as well. For FM it would be 15-20 USD per month and I still haven’t found out if I could use “a low amount of” domains and not just “use your own (one) domain”. Sure it takes some maintenance work, but it’s part hobby, part learning experience and part keeping in touch how stuff is done as it touches on my dayjob, depending on which role at what company I do. (Been running my own mailserver for roughly 15 years I guess)

                                                                                  1. 3

                                                                                    if I could use “a low amount of” domains and not just “use your own (one) domain”.

                                                                                    You can, I have 5 domains * under one, one-user account. It’s explicitly spelt out here: https://www.fastmail.com/help/account/limits.html

                                                                                    № domains 100, plus 1 for every user in the account

                                                                                    * – One with my AFK name, and four domain hacks, of which I have a guilty pleasure of buying ;-)

                                                                                  2. 3

                                                                                    Generally, problem free since I started doing it in the mid 2000s.