1. 1

    The OP have missed being knowledgeable in copyright law as well as laws related to personal information protection.

    1. 21

      I hope to see more of this — if workers with as much leverage as we have don’t speak up against technology we create being used for evil, we can’t call ourselves engineers.

      1. 13

        Relying on morality when incentives go the other way does not scale.

        1. 6

          Exactly. It has to be a large number of people that damage their mission directly or indirectly with media pressure. Otherwise, it’s something with no impact. At least people are following their principles, though.

          1. 6

            It has to be a large number of people that damage their mission directly or indirectly with media pressure.

            Can you trust an engineering company who ignores the opinions of its engineers?

            We are talking about one of the most celebrated company of western economy, often cited as an example of excellence.

            Leaving Google for ethical concerns poses a serious burden on the employment of these engineers that will probably be marked as dangerous employees for the time being.

            We can assume that this is something they knew, as Google don’t hire dumb guys.

            So why they quit?

            My bet is that the militar use of the Google’s artificial intelligence technology is so dangerous that these engineers felt obliged to leave the organization beyond any doubt.

            Otherwise, it’s something with no impact.

            Well, it’s a first step.

            And a courageous one.

            Its impact goes beyond the worldwide image of Google, beyond the direct issues in their production line.

            It is an example.

            1. 4

              Can you trust an engineering company who ignores the opinions of its engineers?

              It doesn’t matter. What matters here is (a) the companies’ goals/incentives, (b) how successful they are at achieving them, and (c) if a tiny number of engineers quitting changes that. Note that (b) includes implicit support by the many people who use their products and services voting with their wallet. The stuff in (a) means they’re anywhere from apathetic to damaging for a lot of ethical issues around privacy and making money. Due to (b), actions to damage them have to put a huge dent in that or make them think it will. (c) doesn’t do that. So, (c) is probably irrelevant to Google. The article itself says as much:

              “However, the mounting pressure from employees seems to have done little to sway Google’s decision—the company has defended its work on Maven and is thought to be one of the lead contenders for another major Pentagon cloud computing contract, the Joint Enterprise Defense Infrastructure, better known as JEDI, that is currently up for bids.”

              I gave them credit in my other comment for standing up on their principles. That’s respectable. It’s just that a “dozen” or so people quitting a company with over 70,000 employees with people waiting to fill their positions doesn’t usually change anything. They’d instead have to campaign in media or government aimed at stopping those contracts or drone operations. At least half the voting public and current President support military action overseas. The other half didn’t convince their prior President to stop drone use or strikes. There are also not large swaths of Google customers threatening to stop using Google Search, Gmail, etc if Google doesn’t turn down government contracts.

              So, quitting over this is pointless if the goal is to achieve something. At best, it’s a personal decision by those individuals to not be involved in something they disagree with that’s going to happen anyway. That’s fine but practically a separate thing from ending these contracts. If anything, we’ll just get a shift in Google employees from those who might leave over the contracts to people who range from favoring them or just griping about them continuing to work there. I think most will be in latter category.

              1. 2

                It’s just that a “dozen” or so people quitting a company with over 70,000 employees with people waiting to fill their positions doesn’t usually change anything.

                The fact is that fewer talented people will want to fill their position.
                This is a pretty serious issue, if engineers are the core resource of your company.

                Now, I’d guess most Google engineers don’t feel as important to the company as they feel the company is important to them. This happens in many companies, and I would guess Google has turned this kind of internal narrative into an art.

                The fact is that, instead, Google literally would not exists without those engineers.

                These few have shown exactly that: that working in Google is not that important.
                It’s a matter of time, but if Google do not take serious actions to avoid this general wake up, other engineers will follow. And the same might happen in Facebook, in Apple and in many other smaller IT companies.

                On the other hand, in Europe and everywhere else, people will start to ask why engineers from a company that operate in their territories, are so afraid for what the company is doing, to quit. To avoid the risk of being associated with the company future. To avoid sharing its responsibility.
                Politicians will be less friendly to a company that might be doing something really evil for a foreign state.

                I agree that more engineers should follow their example, but I know that life is not that easy.
                However people continuing to work there might organize to keep the company “on track”, and this might lead to the creation of a labor union.

                1. 4

                  The fact is that fewer talented people will want to fill their position.

                  You have to prove that assumption. Google changed their Don’t Be Evil motto doing sneakier and sneakier stuff overtime. They’re a surveillance company that hires brilliant people to do interesting work for high pay and good perks. They’ve had no trouble that I’ve seen keeping new people coming in. Status quo has the evidence going against your claim: it’s a shady, rich company with in-demand jobs whose shady activities haven’t changed that for years. There’s also nearly 70,000 workers mostly in favor of it with more trying to get in.

                  “However people continuing to work there might organize to keep the company “on track”, and this might lead to the creation of a labor union.”

                  That’s a different issue entirely. Given I am in a union, I think it would be cool to see it happen. Unlike OP topic, that could happen with higher probability. Silicon Valley will do everything they can to stamp it out in mean time, though. Still a long shot.

                  1. 0

                    The fact is that fewer talented people will want to fill their position.

                    You have to prove that assumption.

                    Not an assumption, but a deduction: people avoid cognitive dissonance, if possible.

                    A dozen people leaving a company cause of ethics, means that such company forced them too high on cognitive dissonance, and this will make Google relatively less attractive, in comparison to the alternatives: a talented engineer want to fix problems, not fool herself to avoid the pain of contradictions.

                    Our brain consume around 20% of our energy, after all.

                    This is the same reason that make me guess others will quit Google in the future.
                    Because now they have a new thinkable precedent.
                    A new, effective solution to reduce their cognitive dissonance.

          2. 2

            I agree. But we also can’t rely on companies that we don’t own to incentivize us to act in a moral fashion – engineers need a governing body for that.

            1. 1

              What about entering both US political parties and changing the policy? If you believe that killing people is wrong, maybe make it a law?

              Sometimes the only way to advance your field is to step out of it and fix the external systems. And war zones are definitely not a good environment in which to build global information network to advance everyone’s wellbeing…

            2. 1

              I think it’s definitely a factor. Many prominent business people would not like to be associated with payday loan companies, for example.

              I think this is less about being the silver bullet for problems, and more about being one of the 20 or 30 things we need to be doing to make the world A Better Place(TM)

            3. 13

              We can’t even speak up for honest pay for an honest day’s work–and that’s a lot less subjective than some arbitrary definition of “evil”.

              1. 4

                Why not both?

                1. 4

                  At least the “evil” one is super cloudy.

                  Say you are an engineer working at a company that builds control software for missiles. You are a pacifist, and so you decide to introduce a minor bug (or fail to patch a discovered bug) that causes the missile to not detonate when it lands.

                  • Are you good for not facilitating the loss of life?
                  • Are you evil for misleading your employer about the labor of yours that they’ve purchased?
                  • If the missile lands on a poor grunt and severs their legs causing them to bleed out over minutes instead of detonating properly and just kinda instantly killing them, are you evil for prolonging suffering?

                  That’s just scratching the surface of morality in engineering.

                  1. 6

                    That’s fair – and I should’ve been explicit earlier. I believe that there are (at least) two moral guidelines that should be taken into account.

                    The first is a professional code of ethics, similar to what ACM has here. Of course even this is cloudy – for example, in my opinion 1.2 “Avoid harm to others” would necessarily preclude working for a missile manufacturer in the first place. At the very least, if one views missiles and missile software as being a necessary “evil”, safeguards should be put in to protect human life at all cost, etc. etc. The minutiae of the professional code of ethics can and should be rigorously debated, because it provides a minimally viable base for how we should conduct ourselves. So for example, the question of whether or not working in the weapons manufacturing industry truly violates rule 1.2 should be an explicit discussion that is had in a professional organization (not a workplace per se).

                    The second guideline is in line with your own personal moral code. This is important because it provides for people who are religious (or not) or any other number of cultural influences that have caused a person to believe what they believe today. This, of course, has to be superseded by the professional code – for example, if I personally believe that discrimination based on what TV shows you enjoy is okay, that doesn’t mean that my personal morality should define what happens in a professional setting. But in the hypothetical case you provided, even if I don’t feel that writing that software goes against a professional code of ethics, if I am a pacifist, it goes against my personal code. I know from the professional code that purposefully writing bad or buggy software is wrong, and so my only option is to find another job in which both my personal and professional codes of ethics can be upheld.

                    1. 9

                      Why discuss an unlikely hypothetical rather than the issue at hand? Why the need to logically define evil beyond any confusion? This is not even possible in the general case for anything. Can you logically define ‘fun’ such that everyone agrees? At the end of day, evil means what people talking about it think it means, and it’s better to work off of that than to halt all discussion until we achieve the impossible task of absolutely grounding natural language in logic.

                      1. 6

                        It’s precisely because evil is so ill-defined that talking about it is difficult. As @mordae points out, it’s more effective to talk about other incentives.

                        And again, I’m not saying “halt all discussion”–quite the opposite! I’m saying that the issue is more nuanced than “don’t be evil”.

                        1. 1

                          I certainly agree with that. I still think it’s worth going into, because at a certain point you’re likely to end up doing it anyway. For instance, if we start talking about incentives, we might end up talking about how to incentivize people towards good, or at least, some concept of “not evil”. I’m not saying it trumps incentives or that this is a more effective approach, I’m just saying we should still have the discussion.

                          I think a trap we as engineers often fall into is to attempt to build everything up from laws and axioms. That doesn’t quite work for morality, and the nebulous nature of it means it rarely gets discussed. The software industry in particular is very focused on “solving problems” and never asks questions like “should we solve this problem?”

                          I guess another scary thing about it is that we can’t really empirically verify what the right answer is, and depending on the issue we might even have multiple valid answers. But sometimes just asking the question is worthwhile, even if we don’t have an answer.

                          Perhaps tech companies should start hiring philosophers.

                          1. 2

                            Perhaps tech companies should start hiring philosophers.

                            I’d argue that a good programmer is a philosopher almost by definition.

                            We talk like if our field was an engineering field but most of times we don’t build things constrained by the physical world (yeah I know what latency is… I said most of times :-D).

                            Or we talk like if our field was just applied math, pure and intangible, but then we talk about usability or we kill someone through a self driving car.

                            But ultimately we work with ideas.

                            The choice to ignore the ethics of our work is up to us.

                            But we have much more instruments to think about our role in the world than any “professional philosopher” hired to think for us (in the interest of the company).

                            1. 1

                              if we start talking about incentives, we might end up talking about how to incentivize people towards good, or at least, some concept of “not evil”.

                              That’s how you do it. In Google’s case, a publicly-traded company, that means you have to hit them in the wallet in a way that knocks out the contract. Alternatively, convince their management to change their charter or use other legal means to block whole classes of action in the present and future that they agreed were evil. I’m not sure if that would even work in Google’s case but one can start businesses like that in nonprofit or public benefit form.

                          2. 1

                            I think friendlysock was trying to illustrate the point with some examples. The comment succeeded given the other person understood the points. There’s nothing wrong with that. You said to instead work off claims about evil in this situation based on what people are saying. In this case, what does evil mean exactly to both those employees and various stakeholders in the United States? Based on the political debates, I know there’s quite a few different views on whether these programs are evil or not. Even within the main, political parties, in Silicon Valley, and in Google itself.

                            The only thing sure is that about 4,000 of Google’s 70,000 people plus some other folks writing a letter don’t like what Google is doing. Of the 4,000, only a dozen or so showed it’s worth not working for Google. So, that’s under under 1% of Google’s workforce. The others are continuing to support Google’s success, including that program indirectly, while protesting that program. They may or may not leave but I think most will stay: workers gripe more than they take action in general case, esp if employer’s actions is morally a mix to them or six digits are involved. If they leave, there’s a lot of people willing to take their place with no long term effect on Google. The remainder and some new hires collectively are apathetic to this or believe it’s morally acceptable.

                            Many of the people staying would probably tell you they’re decent people with Google doing a lot of good for the world (arguably true) despite this evil. We saw this in NeverAgain pledge. Others would tell you this kind of thing is inevitable enough that Google not doing it would make no difference. Some of them would even say it’s better if they do it so they can do it right minimizing harm. Yet another group will claim these programs prevent a larger number of deaths than they cause or prevent real damage vs hypothetical risks detractors talk about. People ranging from those developing software to those doing drone strikes might believe they’re saving lives in their work while the dozen that quit will be doing less valuable work in tech for their own benefit.

                            I don’t think there’s a clear answer of evil if I’m looking at the stakeholders in this discussion. They’re all over the place with it. The acting public is in a few camps: those doing a mix of opposing and tolerating drone operations who lost the election; those mostly supporting them whose party is in control; billions of dollars worth of users and businesses who don’t care enough to switch providers; tiny, tiny, tiny slice of revenue from those that will. Put in that light, nothing they’re doing will matter past their own conscience. Hell, those thinking the tech is evil might have been better off staying in there half-assing the programming on purpose to make it look like such tech just isn’t ready to replace people yet. There’s precedents for that with many of them in defense industry except for profit rather than moral reasons.

                  1. 3

                    I am working on a small side project in Haskell. A clone of PostgREST with less ambiguity in the interface and EXPLAIN-based VIEW introspection. So far it has been a lot of fun, especially the part where I’ve embedded Aeson in my own query parser.

                    I rather like the idea of using a single DB schema for the public API, letting an universal application server to take care of details. PostgreSQL is a very powerful piece of technology.

                    1. 1

                      What I think would make sense is for official cartographic agencies to start maintaining their respective regions of the map and contribute towards standardization and tool development. Public maps are a business enabler and could be considered public infrastructure.

                      Libraries are doing something similarly stupid. They are very frequently catalogizing individually instead of sharing the records and even when they share the records, they don’t publish them as open data – meaning projects such as Wikipedia / Wikidata cannot use them.

                      1. 1

                        I thing we could manage to legislate some mandatory contribution to dependency maintainers in software public tenders in Czechia.

                        There is no official weighted dependency graph of free software to use as a basis, though.

                        1. 8

                          The act of powering up a computer, waiting for it to boot, doing some work, and then waiting for it to shut down gracefully is a barbaric ritual from ancient times. In 2018, we’re all modern and hip and just want to open up the laptop lid and get to work. Unfortunately this is easier said than done and as such it really only works reliably with the right combination of supported hardware. And even then, bugs in various layers of the OS can cause it to suddenly stop working consistently after an OS update.

                          This is one of the things keeping me on MacOS. The laptops are expensive for what they are, but the Just Works factor is pretty high.

                          1. 10

                            This is one of the things keeping me on MacOS. The laptops are expensive for what they are, but the Just Works factor is pretty high.

                            Have you found that to still be the case with recent models and OS revisions? That’s also the reason I’m on macOS, but it’s gotten less true for me over the past 3-4 years. The worst is that sleep/hibernate no longer seems to work reliably, and it happens on two completely different devices, a MacBook Pro (2016 model) and a MacBook Air (2014 model). About once a month, one will fail to properly wake from sleep when opening the case. Sometimes it fails to wake entirely; sometimes it seemingly wakes but won’t turn the backlight on (in the 2nd case it sometimes flashes on briefly). Usually this ends up requiring a hard powercycle to fix. Googling suggests I’m not alone, and there’s a whole pile of cargo-cart suggestions for fixing it (NVRAM resets and such). That’s by far the worst issue, but there’s a bunch of software-side stuff seemingly getting more flaky too (especially the App Store app, which sometimes requires a reboot to convince the Updates tab to load).

                            In 10 years of using PowerBook and MacBook laptops 2004–14 I never had that kind of basic functionality fail to work flawlessly, and I would’ve completely agreed with you back then, which is why I kept buying them.

                            1. 6

                              I can confirm your experience - I sometimes have the issue with waking from sleep, and regularly see the OS freezing for extended periods of time (I do have a lot of applications open, but come on, it’s 2018). The quality of software has been declining over the last 4 years. Unfortunately, I still don’t see any better alternative.

                              1. 3

                                I am sorry, are you talking about your actual computer or was this a metaphor about human condition?

                                1. 2

                                  Haha, it’s true, we’re all sleepwalking through life most of the time.

                            2. 6

                              Get a Thinkpad.

                              1. 4

                                The laptops are expensive for what they are, but the Just Works factor is pretty high.

                                So, not really expensive for what they are, given that apparently no others do what they do, reliably?

                                1. 2

                                  I wasn’t clear that I was referring primarily to the hardware - Windows 10 laptops with better specs (especially the GPU) and comparable build quality can be significantly cheaper than a new Macbook Pro.

                                  1. 1

                                    It’s the Apple Tax: “In the end, we found each Apple machine to cost more than a similarly equipped PC counterpart, with the baseline Mac Pro being the exception. Usually the delta is around $50 to $150…”

                                    1. 2

                                      So firstly, that’s an article from 8 years ago, that also highlights Apple machines having longer battery life, better resistance to malware, and use higher quality materials.

                                      Secondly, the thread is about a feature that works quite reliably on Apple computers, but very poorly on generic PC’s running Linux.

                                      So, if you want to call “better, more reliable features” a TAX, then we have to agree to label any product anywhere that is objectively better than it’s competitors, and has a higher price, “Includes CompanyName TAX”

                                      Got a HP laptop that works faster than a piece of shit Chromebook? Must be a HP Tax.

                                      Got a BMW that has more comfortable seats than a Camry? Must be a BMW Tax.

                                      1. 3

                                        Any time a person ever gave me a set of Mac specs I was able to find a cheaper Windows machine that could do the same with hardware that works well. It’s not shocking at all to me given Apple’s marketing strategy of going for high margins. They’re currently one of the most profitable companies in the world with that strategy. Whereas, most of the other vendors became something more like commodities competing so hard on things like price. Your strawman comparisons don’t change that.

                                        1. 4

                                          And any time a person ever said to me “I found this non-Apple machine with the same features/specs” they conveniently leave out features that they personally don’t place value on.

                                          We can trade anecdotal stories all day, but the article you linked to, doesn’t really support your argument the way you seem to think it does.

                                          1. 2

                                            Yup. Buying a product purely on paper specs instead of including things like build quality seems foolish.

                                            Macs aren’t that expensive anyways when you compare them to machines in the same class, like ThinkPads, Surfaces, XPSes, Latitudes, etc.

                                  2. 2

                                    The thing keeping me on macOS is being able to use Control and Alt for emacs style shortcuts for editing text anywhere (like my browser’s URL bar) because all the system keyboard shortcuts use the Command key.

                                    https://jblevins.org/log/kbd

                                    1. 2

                                      Same. Apple can’t be beaten there in the current ecosystem. It just won’t happen. Unless Red Hat acquires a hardware vendor and builds a HatBook, there’s no chance. And they won’t do that because it’s not profitable enough.

                                      1. 6

                                        This is basically the idea behind Librem laptops.

                                        1. 7

                                          If only they had gigantic truckloads of money.

                                          1. 6

                                            Only way to make that happen is to vote with our wallets. :)

                                          2. 1

                                            I like the idea of librem, but unfortunately I cant see myself buying a laptop without a trackpoint…

                                          3. 2

                                            There are some nice vendors where this Just Works. I use system76. Dell xps developer laptops are also great linux laptops.

                                            1. 2

                                              As a very happy Surface Book user, I’d argue you’ve forgotten about the other OS vendor.

                                              1. 1

                                                I’ve had this working on a de-chromed chomebook and xubuntu for a long time, the key is using not too new hardware maybe?

                                                1. 1

                                                  That’s definitely the key. And while I’m glad you have a setup you’re happy with and have no doubt it works for you, I doubt it works for everyone, or even a majority.

                                            1. 1

                                              Okay, this is looking rather cool. I am definitely going to check up on them during LinuxDays.

                                              I hope that they keep going and will eventually offer a 1U rack-mounted router.

                                              1. 15

                                                It’s not worth it. I gave Matrix/Riot 2 years to become usable: fix performance, fix resource usage, behave like modern tech they are claiming to replace. It was not worth the effort.

                                                10 years of IRC logs from irssi: 500MB of disk space 2 years of moderate Matrix/Riot usage (with IRC bridges which I ran myself): 12GB Postgres database

                                                Insane. This tech is dead on arrival in my opinion.

                                                1. 2

                                                  At least when XMPP works, it works well; provided you aren’t getting screwed over by server/client inconsistency in support. When Matrix works, it’s slow as a dog, client and server. (Not to mention New Vector seems a bit…. fucky when it comes to competition in homeservers.)

                                                  1. 3

                                                    Yeah, XMPP’s weakness are the XEPs and the inconsistent implementation. It should have all been one consolidated protocol, but then it might not have had adoption due to complexity. sigh

                                                  2. 2

                                                    I’ll be honest, I looked into contributing to Dendrite (the Golang successor) but found the codebase a mess (and it uses gb, which is not the way the community as a whole has been moving for years, but that’s more of a personal preference I guess). Maybe they’ll get their act together but for now I’m going to pass.

                                                    1. 1

                                                      Thats a very odd thing to have an issue with. 12gb is fairly minor in todays terms. If you take a look at the source for a message in matrix you will see they each contain a whole lot more info than an IRC messsage such as the origin server, message type, event ID, room id and a whole lot more. Also riot supports inline media which on it’s own would take up 12GB with some moderate usage.

                                                      Matrix doesn’t aim to be a 1:1 copy of IRC, It supports a whole lot more features that users expect of modern software and that necessarily means more resource usage.

                                                      1. 4

                                                        The media is not stored in the Postgres database.

                                                        The software is slow. It should never have been written in Python, because they’re affected by the GIL. The database is poorly optimized and has lots of issues that require manual intervention like this: https://github.com/matrix-org/synapse/issues/1760

                                                        The best summary I can provide is this quote, “[The problem with Matrix ] has everything to do with synapse, bad signature design (canonicalized json vs http sigs) and an overall terrible agent model.”

                                                        1. 4

                                                          12GB Postgres database means poor performance unless you have good hardware. Try running it on an Rpi or a Scaleway C1. You’re not going to have a usable experience. Even a Digital Ocean $5/mo droplet won’t be usable.

                                                          Not everyone has a Dual Xeon with 64GB of RAM colocated. I do. It was even awful on that.

                                                          1. 3

                                                            I previously ran every application I made on crappy hardware to make sure it wasnt overbloated. If it worked there, probably be great on newer boxes. Seeing the $5 droplets mentioned all the time makes me think they might be a nice, new baseline. What you think since you mentioned them?

                                                          2. 2

                                                            Quassel manages to store all the same data, also in a PostgreSQL database, in much less than 12GB. If you add fulltext search, it still won’t be even close.

                                                            The problem is that Matrix as a project just has a lot of things left to fix, my current favorite is their “database” backend on Android

                                                            Matrix could be great, if they actually drop HTTP Longpolling, actually finish a native socket implementation, actually finish their Rust server implementation, replace their serialization format with a more efficient one, and so on, and so on.

                                                            In a few years Matrix may become great – for today, it isn’t there yet.

                                                            Disclaimer: I’m personally involved with IRC, and develop Quasseldroid, a client for the Quassel bouncer.

                                                            1. 1

                                                              finish their Rust server implementation

                                                              You mean in go.

                                                              I am backing the project on Patreon. Right now, I have completely replaced both XMPP and Messenger and I surely hope that it will improve over time.

                                                              1. 1

                                                                Oh, it ended up being go? Last I heard about it, someone was rewriting the server in Rust. Was that abandoned?

                                                                1. 1

                                                                  In don’t really know as I’ve started using the project only recently.

                                                          3. 1

                                                            Thanks for your feedback. I am yet to use it extensively so I cannot comment on the performance issues as of now.

                                                          1. 1

                                                            Matrix is not distributed, it’s federated. We already have good federated protocols.

                                                            1. 2

                                                              Care to name your favorites?

                                                              1. 2

                                                                In this space, SMTP and XMPP (both of which I use daily more than any other protocol) but also OStatus and newer social web stuff.

                                                                1. 1

                                                                  XMPP is broken for mobile (nobody bothers with the right XEPs) and does not feature a first-class MUC.

                                                                  1. 1

                                                                    I use XMPP for both person-to-person and MUC from mobile all day every day. So do most of my contacts :)

                                                            1. 6

                                                              I’ve been using Riot for about 2 years now. It shows promise, but has some teething issues:

                                                              • Initial implementation in Python is a resource hog. There’s an official effort to reimplement in golang, but it seems like the team’s time is mostly spent keeping the existing infrastructure running.
                                                              • E2E key validation is pretty bad. Every device has to verify every other device. As a result, no-one checks the authenticity of devices because it takes too long.
                                                              1. 1
                                                                E2E key validation is pretty bad. Every device has to verify every other device. As a result, no-one checks the authenticity of devices because it takes too long.
                                                                

                                                                You can just ignore this and press send anyway which makes it as secure as every other E2E service because manually checking everyones key is way too much work.

                                                                1. 2

                                                                  That’s the equivalent of adding a local exception when hitting a HTTPS website whose key is bogus.

                                                                  So yes, you’d get encryption, but not authentication. The recipient may not be who she/he says she is.

                                                                  1. 2

                                                                    I don’t think any of the other IM services have solved multi device E2E either but I seem to remember there being some work on when you sign in on another device you get a popup on your existing device asking if it’s yours and sharing the key.

                                                                    1. 2

                                                                      That (or something similar) is what they’ve said they are aiming for I think. A change I welcome!

                                                                      1. 1

                                                                        Keybase has an IM solution (the client is pretty bad) that supports multi device E2E.

                                                                  2. 1

                                                                    E2E key validation is pretty bad. Every device has to verify every other device. As a result, no-one checks the authenticity of devices because it takes too long.

                                                                    This sucks a lot, yeah. Especially with people using throwaway browser sessions.

                                                                  1. -1

                                                                    I disagree with Stallman here.

                                                                    If you surrender your data, then you do not have any right over them. If you upload your photos to facebook, then facebook has them.

                                                                    For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.

                                                                    1. 25

                                                                      More and more we are getting forced to use services that spy on us. Cash is being phased out for credit cards and mobile payments. I can’t even pay for parking at my uni without installing their mobile app. We need laws to protect us from these companies because they are impossible to 100% avoid.

                                                                      1. [Comment removed by author]

                                                                        1. 40

                                                                          Governments aren’t there to protect you.

                                                                          That is literally what governments are for.

                                                                          1. 3

                                                                            Not anymore… at least here where I live, Government is composed of people and people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed. I see government as an instrument of power, some will use this power to help society, others to accumulate wealth at the expense of society.

                                                                            1. 31

                                                                              What your particular government does and what the purpose of the government is are two separate topics.

                                                                              1. 2

                                                                                That is true but still, you can probably agree with me that when dealing with the real world, the creators intention has very little bearing in whatever usage people do of something. For example: the web was a way to share scientific hypertext and now we’re doing crazy stuff with it, or, tide pods were supposed to be used for laundry… governments, much like many other human creations happened over time, in different places, with different purposes. Monarchy is government but one can argue that historically it was not meant to protect people, dictatorships also work that way. We can say that the “platonic ideal of a pure and honest government” is to protect people but thats just us reasoning after the fact. There are no “letter of intention” about creation of government which all governments across time and space need to follow. What we perceived as “purpose” has very little meaning to what actually happens.

                                                                                Personally, I find most interesting when things are not used accordingly to the creators intention, this creative appropriation of stuff by inventive users is at the same time what spurs a lot of cool stuff and what dooms us all, we here in Brazil have a moniker for it “Jeitinho Brasileiro” which could be translated as an affectionate version of “the brazilian way”. Everyone here is basically born in a fractal of stuff whose real world usage does not reflect its ideal purpose to the point that it is IMHO what makes us creative and cunning.

                                                                                1. 3

                                                                                  Monarchy is government but one can argue that historically it was not meant to protect people…

                                                                                  Well, monarchy was actually a simple protection racket. It enabled a significant growth of the agricultural society through stabilization of violent power — no raids, just taxes.

                                                                                  We can say that the “platonic ideal of a pure and honest government” is to protect people…

                                                                                  That’s unreasonable. Establishment of a democratic government is just a consensus seeking strategy of it’s electorate. A move from a simple racket to a rule of law that is a compromise of various interests.

                                                                                  In feudalism, people choose other people to follow. In democracy, people chose policies to enact. Both systems are very rough and fail in various ways, but democracy has evolved because it just makes more people a lot less unhappy than an erratic dictator ever can.

                                                                                  … people will have their own agendas which might not include protecting other people or even obeying the laws they’ve passed…

                                                                                  You seem to be alienated from the political process and perceive your government as something that is not actually yours to establish and control. That’s a very dangerous position for you to take, since government has a monopoly on violence. Of course others won’t take you automatically into consideration. That’s what you do every time you do virtually anything — you never take the full situation into account.

                                                                                  But you just can’t quite ditch the government… otherwise your neighbor might try building a nuclear reactor using whatever he got from the Russians, which is something you (and perhaps a few other neighbors) might be against. Then on the other hand, he might convince a few others that the energy will be worth it… so you meet up, decide on some rules that will need to be followed so as to prevent an armed conflict and in the end, some who originally opposed the project might even join it to ensure it’s safety and everyone will benefit from the produced energy.

                                                                                  1. 5

                                                                                    Friend, lets agree to disagree. What you say do make sense, I am not saying you’re talking bullshit or anything like that, on the contrary, I find your arguments plausible and completely in tune with what I’ve learned at the university buuuuut my own country has been a monarchy, an “empire”, a monarchy again, a republic, a dictatorship, a republic again, an who knows what will happen before 2018 ends.

                                                                                    Our experience, is vastly different than what is explained above. I haven’t said we’re out of the political process, heck, I’ve organized demonstrations, helped parties I was aligned with, entered all the debates I could long ago, I was a manager for a social program, and am married to an investigative journalist. I am no stranger to political processes, but it is a very simplistic approach to say “(…) your government as something that is (…) yours to establish and control”, this sidesteps all the historical process of governments here and how the monopoly of violence is used by the powerful (which might or might not be actual government) with impunity on anyone who tries to pull government into a different path. Couple weeks ago, one of our councilwoman was executed by gunshots to her car (where a friend of mine was as well as she worked for her), killing our rising star politician, and the driver, and forever traumatizing my friend. I have tons of stories about people dying while trying to change things. Talking about the root of feudalism is meaningless to whatever is happening today. Today people die for defending human rights here (and elsewhere).

                                                                                    Academic and philosophical conversations about the nature and contracts of government are awesome but please, don’t think this shit is doable, lots of people here died trying to improve the lifes of others. I don’t know if you’ve ever been to a place like here, those conversations don’t really apply (we still have them though).

                                                                                  2. 1

                                                                                    I do think it’s important for people to have the power to keep the government accountable. Without checks and balances the government looks after its own interests as opposed to those of its constituents.

                                                                                2. 7

                                                                                  I clicked at your profile with absolute certain that you’d be from Brazil. Now I’m kinda depressed I was right.

                                                                                  1. 4

                                                                                    Can spot a Brazilian from miles away right? Don’t know if I laugh or cry that we’re so easy to recognize through our shared problems.

                                                                                  2. 3

                                                                                    I can feel your pain (and I admire your courage for talking in a public space about the issues you see in your government).

                                                                                    But @Yogthos is right: we should not be afraid of our governments, at least not of democratic ones.

                                                                                    In democracy the government literally exists to serve people. If it doesn’t, it’s not a democracy anymore.

                                                                                    1. 3

                                                                                      @soapdog @yogthos @dz This is an interesting discussion for me (though not appropriate for lobste.rs). Any interest in discussing this together, say over email or something else. I’ve always wanted to discuss this topic of government vs individual corporations but it’s a complex subject and hard to keep devolving into a bar-fight.

                                                                                      1. 0

                                                                                        Change the name then, not the definition of what it is.

                                                                                      2. 2

                                                                                        Shouldn’t governments primariy govern? For whatever reason, but usually something along the lines of “the common good” or “to protect (individual) rights”? But sometimes sadly also in the interests of the more powerful in society…

                                                                                        1. 0

                                                                                          Why do you believe that is the purpose of governments? Can you imagine a situation where something recognized as a government doesn’t protect it’s citizens in some cases?

                                                                                          Is the government supposed to protect you if you put your hand in a garbage disposal, slip in the shower, or attempt suicide?

                                                                                        2. 11

                                                                                          Governments aren’t there to protect you.

                                                                                          They’re definitely there to protect us. However, they’re also their own separate entity. They’re also a group of ambitious, often-lying people with a variety of goals. They can get really off track. That’s why the folks that made the U.S. government warned its people needed to be vigilant about it to keep it in check. Then, its own agents keep the individuals or businesses in check. Each part does its thing with discrepencies corrected by one of the others hopefully quickly. The only part of this equation failing massively is the people who won’t get the scumbags in Congress under control. They keep allowing them to take bribes for laws or work against their own voters. Fixing that would get a lot of rest in line.

                                                                                          We have seen plenty of protection of individuals by laws, regulations, and courts, though. Especially whenever safety is involved. In coding, the segment with highest-quality software on average right now is probably group certifying to DO-178B for use in airplanes since it mandates lots of activities that reduce defects. They do it or they can’t sell it. The private sector’s solution to same problem was almost always to lie about safety while reducing liability with EULA’s or good legal teams. They didn’t produce a single, secure product until regulations showed up in Defense sector. For databases, that wasn’t until the 1990’s with just a few products priced exhorbitantly out of greed. Clearly, we need a mix of private and public action to solve some problems in the marketplace.

                                                                                          1. 0

                                                                                            Governments shouldn’t impose speed limits, people should just drive at reasonably safe speeds.

                                                                                            Just because a particular behaviour might be most beneficial to a person, does not mean they will do it. Because consumers’ behaviour has not changed (and will not), this type of surveillance has proliferated to the point it’s nearly impossible to escape, even for the most dedicated privacy advocate.

                                                                                            1. 2

                                                                                              Funny you should mention that…the setting of speed limits to drive revenue irrespective of actual engineering and human factors is pretty well documented at this point.

                                                                                        3. 5

                                                                                          For public utility, it is fine to restrict the collection and usage of personal data. But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access to your entire search history for wifi access at the coffee shop is worth it.

                                                                                          But that’s precisely what fails when dealing with Facebook et al, isn’t it?

                                                                                          No matter how assiduously you or I might refuse to sign up for Facebook and its ilk, block their tracking scripts, refuse to upload our photos, our text messages, our data – other people sign up for these things, and give these services permission to index their photos and text message logs etc, and Facebook builds a comprehensive shadow profile of you and I anyways.

                                                                                          There is no avoiding or opting out of this short of opting out of all human contact, at this point, and the “simple”-sounding solution of “let every individual decide for themselves!” completely fails to engage with the collective consequences that everyone is losing privacy regardless of what decision they make individually.

                                                                                          When your solution doesn’t engage with reality, it’s not useful.

                                                                                          1. 4

                                                                                            But for private corporations, the private individuals should be able to decide for themselves if giving a corporation access

                                                                                            This will be true when everybody will be able to program and administrate a networking system.

                                                                                            That’s the only way people can understand what they are giving and for what.

                                                                                            Till then, you must protect them from people who use their ignorance against them.

                                                                                            1. 1

                                                                                              You can’t protect people from their own ignorance, long-term, except by education.

                                                                                              1. 3

                                                                                                You have to. No citizen can foresee the effects of all their actions. The technology we use today is too complicated to understand all of it.

                                                                                                That’s why generally everything needs to be safe by default.

                                                                                                1. 3

                                                                                                  The technology we use today is too complicated to understand all of it.

                                                                                                  The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.

                                                                                                  That’s why generally everything needs to be safe by default.

                                                                                                  Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.

                                                                                                  No citizen can foresee the effects of all their actions.

                                                                                                  Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.

                                                                                                  ~

                                                                                                  We can’t make the world safe for people that won’t learn how to be safe, and efforts to do so harm and inhibit everybody else.

                                                                                                  1. 6

                                                                                                    The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth. … You can’t protect people from their own ignorance, long-term, except by education.

                                                                                                    Try buying an oven that will spontaneously catch fire just by being on. It’s going to be complicated, because there are mandatory standards. And it’s a good thing they are this reliable, right? Leaves us time to concentrate on our work.

                                                                                                    Then why would we trust policies enacted by a handful of citizens deemed able to create laws any more than individual citizens making their own decisions? That’s a far riskier proposition.

                                                                                                    Because a lot of shouting from many sides went into the discussions before the laws were enacted. Much like you discuss your network infrastructure policies with your colleagues instead of just rewiring the DC as you see fit every once in a while.

                                                                                                    1. 3

                                                                                                      The entire field of engineering is predicated on being able to do things without understanding how they work. Ditto beer brewing, baking, cooking, and so forth.

                                                                                                      No.

                                                                                                      Engineering is about finding solutions by using every bit of knowledge available.

                                                                                                      Ignorance is an enemy to fight or work around, but for sure it’s not something to embrace!

                                                                                                      That’s why generally everything needs to be safe by default.

                                                                                                      Bathtubs are not safe by default. Kitchen knives are not safe by default. Fire is not safe by default. Even childbirth isn’t safe by default, and you’d think that would’ve been solved generations ago by evolution.

                                                                                                      I agree that we should work to make programming a common knowledge, like reading and writing so that everyone can build his computing environment as she like.

                                                                                                      And to those who say it’s impossible I’m used to object that they can read, write and count just because someone else, centuries before, said “no, it’s possible to spread this knowledge and we have the moral duty do spread it”.

                                                                                                      But all your example are wrong.

                                                                                                      They are ancient technologies and techniques that are way simpler than programming: humans have learnt to master them and teach each generation how to do so.

                                                                                                      We have to protect people.

                                                                                                      The states and laws can help, but the first shield of the people against the abusive use of technology are hackers.

                                                                                                      We must spread our knowledge and ethics, not exploit the ignorance of others for a profit.

                                                                                            1. 4

                                                                                              I’m sure there’s value in understanding the ideologically best case scenario but without living in the real world, with established, incumbent legacy technological systems and social structures, this perfect case scenario has no possibility to be implemented, or get anywhere close.

                                                                                              For anything like these ideas to be deployed needs huge social change first.

                                                                                              1. 21

                                                                                                The value of RMS is that he serves as a platinum standard against which to check proposals. What he suggests is usually not possible, but it is almost always right.

                                                                                                1. 11

                                                                                                  Or left, actually.

                                                                                                  EDIT: Sorry, couldn’t help myself.

                                                                                                  RMS really expands the discussion field a lot and without him, we would be making compromises from compromises – seen from a perspective that includes him. And frankly, things are (rather slowly) moving his way.

                                                                                                2. 2

                                                                                                  Exactly. Better to invest writeups in stuff that can actually happen since it meets real-world requirements.

                                                                                                  1. 1

                                                                                                    “real-world requirements” like what?

                                                                                                    1. 2

                                                                                                      Like how the market decided to avoid paid offerings in favor of free, surveillance-driven offerings to the tune of a billion users or so with tens to hundreds of billions of dollars going to those companies. Go tell everyone using Facebook, Google, freemail, Twitter, etc that they make money selling them out so they need to quit. They won’t. They value the free services over their own privacy, safety, and freedom at least as far as the surveillance impacts those. That some or most of them don’t fully understand the tradeoff they made doesn’t change the fact that they have most of the money and votes to dictate what going on.

                                                                                                      Stallman starts with the premise that we’re for ideological reasons going to ban surveillance-oriented businesses by default. As in, people might give up Facebook, Google, freemail, Twitter etc. They’re not going to. So, his proposal isn’t grounded in reality to begin with. He should start with “Most people want this system, will give billions to those who build such systems in a way that grabs huge numbers of users, and will vote for politicians that protect such systems.” Then, his proposal needs to go from there to get the support of those people. Looks nigh impossible for his position to work if he starts with real-world requirements. Whereas, something like Europe’s data protection laws sounded good to me from the beginning as a starting point on addressing this stuff. At the least, I learned what Facebook had on me. ;)

                                                                                                      If anything, what he’s really proposing is voluntary action that will be taken by niche companies who usually won’t be financially successful enough to fight governments or big companies in Congress or court. Knowing that ahead of time would make even fewer people join such a cause. Better to start with what’s going on in the real world in terms of existing user preferences, regulations, laws, etc. Then, work on improvements from there in a way that they’re marketable to users, customers, and/or voters.

                                                                                                      1. 1

                                                                                                        i see what you’re saying but i don’t think any of those obstacles are truly requirements. for some people, constant surveillance of the entire population is a “requirement.” but really these are just forces that need to be overcome. i don’t know how you draw the line and say that some modest amount of change is possible, but RMS’s proposal is not.

                                                                                                1. 2

                                                                                                  This is going to be great tech eventually. I am really looking forward to it.

                                                                                                  1. 10

                                                                                                    The year of Linux on the desktop might come as a bit of a somber victory.

                                                                                                    1. 3

                                                                                                      I am still waiting for the GNOME VR Desktop. Something like this.

                                                                                                      1. 2

                                                                                                        Maybe @crazyloglad can help you out. See his latest post.

                                                                                                        1. 1

                                                                                                          Thanks. I’ve seen the post already, though.

                                                                                                      2. 1

                                                                                                        Any bets on when Windows Subsystem for Linux becomes Windows kLinux (a la Debian kFreeBSD)?

                                                                                                        Or what about X Windows? That would be the cheekiest desktop environment name yet.

                                                                                                        Speaking of X11, has Wayland or Mir or something killed it yet? I haven’t paid attention to Linux on the desktop since I got my first MacBook Pro in 2013. Other than seeing my coworkers stop to fiddle with CLI incantations every time they move their laptop more than half an inch. “One sec, I have to [something something xrandr] before I unplug my monitor or it’ll kernel panic.” I guess if they’re using xrandr they’re not using Wayland.

                                                                                                        “But at least I have 32gb RAM.” Ya, the server under my desk has 96gb RAM, and unlike your laptop I can use it from anywhere I have WiFi. iTerm2+SSH is the premier Linux desktop environment.

                                                                                                        My coworkers on Linux are good sports about it though, they know they’re masochists. The ones who dare to unplug their laptops anyway, which is a fairly unpopular practice.

                                                                                                        1. 4

                                                                                                          Your coworkers either have the worst hardware ever, or are running incompetently configured OS that should be shot. None of the desktop Debian or Ubuntu users I support know there is a terminal. This isn’t a problem with X11, but something insane in your coworkers’ particular systems.

                                                                                                          1. 1

                                                                                                            Yes I suspect my coworkers getting the worst of it are running hip configurations. I ran Linux on my laptops for many years without bullshit problems like that. Although I didn’t constantly connect and disconnect peripherals, including monitors, which seems to be a common element in my coworkers’ instability issues. X11 doesn’t handle external monitors all that well to begin with, but it really hates it when you detach a monitor with the laptop lid closed. The hardware is also all pretty new, so I don’t doubt there are driver issues. The kernel panics likely come from foolishly trying to get Intel/NVIDIA dual graphics working, when the only sensible choice is to install the NVIDIA binary drivers, pin the graphics to the NVIDIA card, and eat the lost battery life.

                                                                                                            My problems were more related to limited software selection, screwing around with package managers**, and overall quality of the experience, e.g. battery life, stuff like the above NVIDIA nonsense, hopping between WiFi networks, not wanting to carry two large flat folding bricks hinged together, powered by a third smaller, yet still shockingly heavy brick that couldn’t be left behind lest I needed my laptop for longer than 2 hours.

                                                                                                            Nonexistent integration with my phone, when I use my phone constantly, also didn’t do Linux any favors. And obviously MacOS integrates quite well with an iPhone.

                                                                                                            The hardware you manage was clearly well picked for Linux compatibility. Or you’re just lucky. I think that entire category of problem is total bullshit. I’m happy to pay Apple to care about it, because I fucking don’t anymore.

                                                                                                            **I’m extraordinarily qualified to level this criticism against Linux.

                                                                                                          2. 3

                                                                                                            Wayland is default on fedora now. Sounds like they basically rolled their own linux there. I’ve never had that experience even when I used Gentoo. SSH is very good though.

                                                                                                            1. 1

                                                                                                              Wow! That’s a big move by Fedora! But they always have been fairly aggressive about trying new technologies, and been willing to roll them back.

                                                                                                              1. 2

                                                                                                                GNOME on Wayland is the Ubuntu 17.10 default as well. But they’re falling back on X11 for 18.04 which is an LTS release.

                                                                                                            2. 2

                                                                                                              Any bets on when Windows Subsystem for Linux becomes Windows kLinux (a la Debian kFreeBSD)?

                                                                                                              You’ve got it backwards: it’s Ubuntu kWindows. In its previous incarnation (interix/SFU/SUA) there were some materials about it being usable as a Gentoo distribution, but I was never clear on whether that was just an April Fools thing or not.

                                                                                                              Speaking of X11, has Wayland or Mir or something killed it yet?

                                                                                                              No. Some distributions are still pushing those other things, but they’ve always looked like solutions in search of problems (edit: to me; I haven’t seen any need to “upgrade” and X11 still works and still has distro support).

                                                                                                              1. 7

                                                                                                                solutions in search of problems

                                                                                                                The problem is extremely obvious: X11 is a horrific pile of garbage.

                                                                                                                • the protocol is synchronous! doing anything at any moment can be slow because the server is busy with other clients.
                                                                                                                • the protocol is bloated, just creating a window requires tons of weird properties and whatever crap (== tons of those synchronous calls). ancient junk like server-side graphics are part of the core protocol that must be kept around forever.
                                                                                                                • the “modern” (OS X Public Beta is almost 18 years old now) desktop stuff (compositing and accelerated client-side rendering) has been bolted onto that protocol, the old parts aren’t useful for it, so what the heck does the X server still do? it’s a glorified IPC broker! with a slow protocol from the 80s! yay!
                                                                                                                • the input system is a total mess. Touchscreen support is awful, you can now get touch events but your fingers will always move the damn cursor too! And what’s on the inside… there are actually multiple input systems, the old ones aren’t completely gone, and “there are three people on this planet that know how XInput2 works”.
                                                                                                                • the security model is “everyone has access to everything”. Go ahead, sandbox an untrusted X11 app into a container, now it can’t read your SSH key from the filesystem, but the server will happily give it your keystrokes while you’re typing the password for that key.
                                                                                                                • screen tearing. Running a compositor with vsync on under xorg does NOT guarantee a tear-free experience. Sometimes a “TearFree” option in the DDX’s settings can help. Sometimes.
                                                                                                                1. 1

                                                                                                                  Use the XSecurity extension.

                                                                                                                2. 1

                                                                                                                  Thanks for the update about X and Wayland. :)

                                                                                                                  I know it’s currently kWindows, but if Microsoft doesn’t want to invest heavily in Windows it makes sense to make Windows another desktop environment for Linux. They’ve already ported SQL Server to Linux. They’ve built an Ubuntu userspace in Windows. It seems like they’re prepping the ecosystem to swap out the kernel.

                                                                                                                  1. 2

                                                                                                                    I know it’s currently kWindows, but if Microsoft doesn’t want to invest heavily in Windows it makes sense to make Windows another desktop environment for Linux. They’ve already ported SQL Server to Linux. They’ve built an Ubuntu userspace in Windows. It seems like they’re prepping the ecosystem to swap out the kernel.

                                                                                                                    What would Windows have to offer as a DE? There are decades worth of programs that are only available as windows binaries - there’s still no other real option for gaming, even when it comes to games published today - and drivers for a lot of old hardware are in a similar situation. And on the technology side, the NT kernel and NTFS are arguably better than the Linux alternative, whereas the windows shell and UI layer is… there.

                                                                                                                    To my mind it would make more sense to double down on the kWindows route. An OS where you can run both windows tools and unix tools and have them work together seamlessly is a pretty compelling proposition - if they really want to cut costs they could swap out Explorer/Aero/… in favour of KDE or Gnome. Having .net core and maybe even a UWP runtime available for other platforms makes sense - the biggest challenge these days is getting developers to create a native desktop app at all, and Google is Microsoft’s biggest competitor where it matters, so having UWP be an attractive proposition for developers who might otherwise use Electron (or just a webapp) should take priority over trying to disadvantage other platforms - but there’s a lot of value left to be extracted from the long tail of windows use, particularly in industry (which is why this is a different scenario from classic MacOS).

                                                                                                                    1. 2

                                                                                                                      If they made a DE using the Windows UI framework (is that UWP?), hosting Windows programs, and a compatibility layer for Windows binaries, that could be interesting. Essentially taking Wine to its logical conclusion. Supporting legacy apps is already handled through a compatibility layer in Windows 10. It’s not too much of a stretch to imagine Microsoft doing a deep port of the UI layer, the compatibility layer(s), and the surface level of the kernel to a large unified Linux.exe runtime.

                                                                                                                      I couldn’t make a compelling argument either way of whether the Windows userspace or the NT kernel is more valuable. But if Microsoft is doubling down on Cloud and Office, well, Cloud is Linux and Office is a desktop app. That was basically my logic. Visual Studio Code is Typescript, if Office goes the same way then they won’t need the Windows DE or NT at all. Will that happen? Literally no clue. Microsoft has done a great job of surprising me lately.

                                                                                                                      Azure supposedly gets its marketshare by integrating with legacy on-prem Windows Server deployments. Does that mean NT is valuable, or Active Directory / C#.NET / SQL Server are valuable? I don’t know much about anything in the Windows Server space except SQL Server, so again I really can’t say. All I know for sure is SQL Server is rock solid tech, and it’s been ported to Linux.

                                                                                                                      Those are the things I see that lead me to suspect kLinux. As you can see, I have a pretty limited understanding of the Windows / NT platform as a whole, so my guesses don’t hold any particular authority. I don’t know how compelling kWindows may be, since I don’t know the motivations of anyone who may be compelled by kWindows.

                                                                                                                      I know lots of legacy industry is stuck on Windows, but lots of that sector refuses to move off XP. If they aren’t upgrading regardless, does it make sense to maintain NT for them? Would it make sense for Microsoft to continue building on NT, or throw it into maintenance mode, leaving Windows LTSB the only remaining NT-based Windows distribution?

                                                                                                                      Whatever happens, these be interesting times.

                                                                                                                      1. 2

                                                                                                                        If they made a DE using the Windows UI framework (is that UWP?)

                                                                                                                        Sort of. UWP is their latest application runtime, there are a number of older ones as well (WPF, System.Windows.Forms in .Net, MFC,…); what I’d call the “windows UI framework” acts as a backend for all of them.

                                                                                                                        Supporting legacy apps is already handled through a compatibility layer in Windows 10.

                                                                                                                        Yes and no. AIUI it’s more first-class than that makes it sound; the NT kernel has always been designed to have multiple “personalities” all of which are on an equal level. And even if it’s a “compatibility layer”, I would expect some of it is just running the real win32 code directly.

                                                                                                                        I couldn’t make a compelling argument either way of whether the Windows userspace or the NT kernel is more valuable.

                                                                                                                        Thinking about it more, the points I would make would be: 1. Windows UI without windows program compatibility has been a dramatic failure when it’s been tried (WinRT, Windows Phone, WinCE before that). 2. The Linux kernel doesn’t offer so much - the very fact that Debian/kFreeBSD is a thing shows that.

                                                                                                                        if Microsoft is doubling down on Cloud and Office, well, Cloud is Linux and Office is a desktop app. That was basically my logic. Visual Studio Code is Typescript, if Office goes the same way then they won’t need the Windows DE or NT at all. Will that happen?

                                                                                                                        Azure supposedly gets its marketshare by integrating with legacy on-prem Windows Server deployments. Does that mean NT is valuable, or Active Directory / C#.NET / SQL Server are valuable? I don’t know much about anything in the Windows Server space except SQL Server, so again I really can’t say. All I know for sure is SQL Server is rock solid tech, and it’s been ported to Linux.

                                                                                                                        If they’re going to abandon windows entirely, Office and SQL server are applications that they could sell for Linux (or any other platform), sure. If they were going to do that, it would make sense for them to sell their own distribution (though even then, probably BSD-based rather than Linux for licensing reasons, just like Apple). And it would be damaging to their reputation if their distribution couldn’t run older, traditional windows programs.

                                                                                                                        But I just don’t see what they gain by doing that compared to going 90% of the way but leaving the NT kernel in place. Building a new application like VS code to be cross-platform from day 1 is easy. Porting an existing application that’s actively maintained and build on the latest versions of all their technologies, like SQL server - that’s not quite so easy, but still relatively straightforward. Porting the older frameworks like MFC, and then testing all the edge cases that older applications use - that’s much harder, verging on impossible (Wine is still really unreliable despite a lot of development effort). And it’s those ancient, business-specific applications that keep enterprises on Windows - if you don’t have perfect support for those, it’s much harder to make the case for buying “MS Linux” rather than just running CentOS or something.

                                                                                                                        Those are the things I see that lead me to suspect kLinux. As you can see, I have a pretty limited understanding of the Windows / NT platform as a whole, so my guesses don’t hold any particular authority. I don’t know how compelling kWindows may be, since I don’t know the motivations of anyone who may be compelled by kWindows.

                                                                                                                        In a sense I’m already using kWindows - I use a Surface Book so I run Windows as the first-party OS, but I use Ubuntu on Windows for some of my work. (Again compare with OSX, which is kind of “kDarwin” - BSD userland, able to run *nix programs, but their own kernel and display layer).

                                                                                                                        The way I see it an OS is mostly the glue between the applications and the hardware. Occasionally there are compelling OS-level features, but mostly you’d use a particular OS because it had the best support for your hardware or because it had the best support for your applications.

                                                                                                                        (That Linux is popular at all is kind of an accident of history - Debian et al were built on Linux because it was the free kernel that was available at the time. Debian/Gentoo/Arch/… are compelling because of their package repositories and being free, RedHat is compelling because it’s the cheapest officially supported platform for running Oracle/Maya/…. If it hadn’t been for the lawsuit, all those distributions might have been built against a BSD kernel, and little would be different (speaking as a FreeBSD user myself). The one thing that changes my calculus here is Docker - that’s the one thing Linux-the-OS can do that other OSes can’t, even if only for artificial reasons. But even then, many developers working on systems that run under docker manage to get by on OSX, so it doesn’t seem like a real blocker)

                                                                                                                        Making SQL server available for Linux makes sense from this perspective if you squint: SQL server is something that application developers use as a backend, so by making it available as widely as possible you make application developers more likely to use the Microsoft stack and support Windows. The same logic applies for “current” application runtimes - .net and UWP. But for “legacy” runtimes that no-one’s writing new applications against, porting them to Linux would only hurt MS: it would mean more applications available for Linux, and wouldn’t help windows at all.

                                                                                                                        I know lots of legacy industry is stuck on Windows, but lots of that sector refuses to move off XP. If they aren’t upgrading regardless, does it make sense to maintain NT for them? Would it make sense for Microsoft to continue building on NT, or throw it into maintenance mode, leaving Windows LTSB the only remaining NT-based Windows distribution?

                                                                                                                        Updating has to happen sooner or later, for the sake of the hardware if nothing else. “Run on new hardware, run cool new software, but keep 100% compatibility with your existing custom applications and custom peripherals” is a pretty good proposition, and I suspect accounts for a lot of NT sales.

                                                                                                            1. 12

                                                                                                              And yet lots of advices in that article are memes popular amongst growth hacking ninjas and top VC bloggers:

                                                                                                              • “comments are code smell”

                                                                                                              • “use quality checks” with “complex heuristic algorithms”

                                                                                                                I’m strongly against this. Usually these are checks like “cyclomatic complexity”, and locally in each method, despite it’s intended for whole loosely defined “chunk of code”. For example, Rubocop has it turned on by default and forbids nested if’s even if logic is clear. It encourages (or even forces) creation of false abstractions by splitting code chunks to methods or even classes, which leads to classical spaghetti code (with method calls instead of gotos). Counting ifs is not “complex heuristic algorithm”, it’s dumb bureaucracy.

                                                                                                              • “use docker”

                                                                                                                Bundling operating system with program to fix library linking issues is huge increase of complexity and this article tells to reduce complexity. I think Docker is usable for clusters only, it’s not designed for provisioning development environments.

                                                                                                              1. 4

                                                                                                                I used to thing this way since I think I was molded by the ruby world, but I’m much happier now that I just use if’s when I need them and let my functions be 200 lines long if I have 200 lines of work to do. I don’t know why I used to be so averse to it, but now I use a lot of just raw scopes with comments rather than pulling code out into functions.

                                                                                                                  var data
                                                                                                                  { // get data
                                                                                                                      ...
                                                                                                                      data = x
                                                                                                                  } 
                                                                                                                

                                                                                                                Rather than making a getData function that will never be used anywhere else to satisfy some need for short functions.

                                                                                                                1. 2

                                                                                                                  I hope I won’t ever have to read your code. Function shape communicates intent.

                                                                                                                  EDIT: Name, arity, argument and return value types. Even the body of the function can be easily glanced. Does it loop? Does it branch? Does it handle any failures?

                                                                                                                  Your description have reminded me of a Haskell code base I have tried to understand recently. One with rather long functions with many local variables and nested functions without clear scope delimitation. The author freely mixed data processing with the domain logic (your getData example), which obscured the meaning by lots and lots of tiny details.

                                                                                                                  I would say that programs should be broken into small units of understanding. Not necessarily for reuse, but mostly to eliminate the amount of context one needs to take into account.

                                                                                                                  1. 1

                                                                                                                    Shape? Like name + arity?

                                                                                                                    Edit: I swear it’s actually pretty readable

                                                                                                                    1. 3

                                                                                                                      For myself, I think the value of pulling code into functions is to make the inputs and outputs clear. Just scoping a block of code in a function doesn’t limit what that scope can access and, IMO, can make it harder to understand. Functions enforce this. I find value in that.

                                                                                                                      1. 1

                                                                                                                        I go back and forth on it but I think it’s general fairly clear from the way I lay things out what the hypothetical return value you would be, and I think it’s nice to just be able to read a whole function and understand it entirely without jumping to function definitions. If you’re not interested in that detail, it’s also not hard to just skip over a block.

                                                                                                                        I think I like having the details mordae is complaining about available, and won’t bother to split it out unless one of these sub-blocks feels overwhelming. I’m not against functions or anything, but I do think splitting things out is overvalued. These blocks are already in a function that has a shape, it’s just a nice intermediate level of structure between chopping it up and just dumping the code straight into the body.

                                                                                                              1. 1

                                                                                                                No comment on the Go-thing, but it might be interesting to wrap your data logic in stored procedures and work from there.

                                                                                                                1. 4

                                                                                                                  *sigh* continuations are one of those things I have trouble with.

                                                                                                                  The conceptual idea is easy enough to grasp, but I have trouble reasoning about them in code - especially about when they would be a useful choice.

                                                                                                                  If anyone has links to some good material about continuations with real world practical use cases - not just the simple arithmetic expressions, I’d really appreciate them.

                                                                                                                  1. 7

                                                                                                                    I think that they are useful as language building tool, but not a sensible choice for your everyday programming. You (or preferably the base library authors) should hide them in more opinionated abstractions. Much like we hide goto with various flow control mechanisms.

                                                                                                                    It’s simple to implement cooperative threading with proper IO scheduler using continuations, you can also implement generators or exception handling system.

                                                                                                                    1. 3

                                                                                                                      I had trouble with them as well and ended up building them into my statement-oriented language to understand them better. Perhaps that works better for you, like it did for me?

                                                                                                                    1. 2

                                                                                                                      The post talks about developing multiple languages for a single project and using them all together. Wouldn’t this mean before starting on a project you would have to learn every version used in the project and mess things up and forget something that works somewhere in the project works different in another section?

                                                                                                                      1. 3

                                                                                                                        Languages develop organically. You start by writing functions; you abstract these into libraries; then you start to notice patterns in the use of the libraries and try to abstract those; and eventually you notice that the abstractions don’t quite work out, and what you’d really like is a language for assembling the pieces offered by the libraries.

                                                                                                                        What Racket does is blur the line between library and language (as the paper explains). A library can export “language constructs” just as well as it can export functions.

                                                                                                                        For instance, consider file descriptors. You provide a library of files, including ways to open and close them. You notice that people are constantly screwing up, opening the file and forgetting to close it. You could provide a function that does both, and takes as an argument what to do in-between, but that’s unwieldy. So you can provide a constructwith-file, if you will — that lets people say what they want to do, and does the file opening and closing automatically. At some point you may even realize everyone should be using with-file only, and there’s no need to provide explicit opening- and closing-functions at all (after all, people might also close files before opening them). Voilà, you’ve gone from functions to a little language for dealing with files…seamlessly.

                                                                                                                        1. 2

                                                                                                                          Yes, but you get used to it the same way you learn to use a library. In a way, after you learn Racket, you lose respect for most contemporary dynamic languages…

                                                                                                                          The only reason to use them is that they have more batteries.

                                                                                                                        1. 26

                                                                                                                          Wow. Just wow. Selected citations from comments:

                                                                                                                          This destroyed 3 production server after a single deploy!

                                                                                                                          Make a pull request and help out!

                                                                                                                          Not a single pull request was merged in the last 2 months that came from an outside contributor. There are currently over 70 PRs open and none of them have any activity from the npm team.

                                                                                                                          How about we give the two person team more than 24 hours to run npm unpublish npm@5.7.0?

                                                                                                                          I’m not sure if you’re joking, but that command only allows unpublishing versions published within 24 hours, and not older.

                                                                                                                          1. 5

                                                                                                                            They were not kidding about these PRs and no activity from the npm team.

                                                                                                                            If you look at the last 2 years commit chart, It really shows a huge disparity.

                                                                                                                            How long can a project like this go without accepting or even commenting on others attempt of contributing to their software?

                                                                                                                            1. 2

                                                                                                                              They’re not a lot better about issues either. I submitted an issue about NPM 5 breaking stuff 8 months ago. Nobody ever responded, and the problem persists.

                                                                                                                              (In case anyone from NPM is listening: https://github.com/npm/npm/issues/17391)

                                                                                                                              1. 3

                                                                                                                                My experience is that yarn is very good at responding to issues and in accepting PR:s – so probably better to go there if one wants to fix or improve some aspects of an npm cli client

                                                                                                                                1. 0

                                                                                                                                  I’m sure Yarn is a lot better on a technical level… but I’m really not comfortable using a Facebook product.

                                                                                                                                  1. 3

                                                                                                                                    Introducing Yarn: a new package manager for JavaScript from @fbOpenSource, @tildeio, @googledevs & @exponentjs.

                                                                                                                                    https://twitter.com/yarnpkg/status/785857780838232064

                                                                                                                                    So much more of a community project than say eg. React

                                                                                                                          1. 19

                                                                                                                            A major reason I use Debian is that, as a user, I consider 90% of software lifecycles to be utterly insane and actively hostile to me, and Debian forces them into some semblance of a reasonable, manageable, release pattern (namely, Debian’s). If I get the option to choose between upstream and a Debian package, I will take the latter every single time, because it immediately has a bunch of policy guarantees that make it friendlier to me as a user. And if I don’t get the option, I will avoid the software if I possibly can.

                                                                                                                            (Firefox is the only major exception, and its excessively fast release cadence and short support windows are by far my biggest issue with it as a piece of software.)

                                                                                                                            1. 5

                                                                                                                              I never really understood why short release cycles is a problem for people, but then I don’t use Debian because of their too long ones. For example, the majority of Firefox’s releases don’t contain user-visible changes.

                                                                                                                              Could you elaborate what your problems with Firefox on Debian are? Or why software lifecycles can even be hostile to you?

                                                                                                                              1. 8

                                                                                                                                I’m with you. I update my personal devices ~weekly via a rolling release model (going on 10 years now), and I virtually never run into problems. The policies employed by Debian stable provide literally no advantage to me because of that. Maybe the calculus changes in a production environment with more machines to manage, but as far as personal devices go, Debian stable’s policies would lead to a net drain on my time because I’d be constantly pushing against the grain to figure out how to update my software to the latest version provided by upstream.

                                                                                                                                1. 3

                                                                                                                                  I’ve had quite a few problems myself, mostly around language-specific package managers that break something under me. This is probably partly my fault because I have a lot of one-off scripts with unversioned dependencies, but at least in the languages I use most (Python, Perl, R, shell, etc.), those kinds of unversioned dependencies seem to be the norm. Most recent example: an update to R on my Mac somehow broke some of my data-visualization scripts while I was working on a paper (seemingly due to a change in ggplot, which was managed through R’s own package manager). Not very convenient timing.

                                                                                                                                  For a desktop I mostly put up with that anyway, but for a server I prefer Debian stable because I can leave it unattended with auto-updates on, not having to worry that something is going to break. For example I have some old Perl CGI stuff lying around, and have been happy that if I manage dependencies via Debian stable’s libdevel-xxx-perl packages instead of CPAN, I can auto-update and pull in security updates without my scripts breaking. I also like major Postfix upgrades (which sometimes require manual intervention) to be scheduled rather than rolling.

                                                                                                                                  1. 2

                                                                                                                                    Yeah I don’t deal with R myself, but based on what my wife tells me (she works with R a lot), I’m not at all surprised that it would be a headache to deal with!

                                                                                                                                2. 7

                                                                                                                                  Every time a major update happens to a piece of software, I need to spend a bunch of time figuring out and adapting to the changes. As a user, my goal is to use software, rather than learn how to use it, so that time is almost invariably wasted. If I can minimize the frequency, and ideally do all my major updates at the same time, that at least constrains the pain.

                                                                                                                                  I’ve ranted about this in a more restricted context before.

                                                                                                                                  My problem with Firefox on Debian is that due to sheer code volume and complexity, third-party security support is impossible; its upstream release and support windows are incompatible with Debian’s; and it’s too important to be dropped from the distro. Due to all that, it has an exception to the release lifecycle, and every now and then with little warning it will go through a major update, breaking everything and wasting a whole bunch of my time.

                                                                                                                                  1. 4

                                                                                                                                    Due to all that, it has an exception to the release lifecycle, and every now and then with little warning it will go through a major update, breaking everything and wasting a whole bunch of my time.

                                                                                                                                    I had this happen with Chromium; they replaced the renderer in upstream, and a security flaw was found which couldn’t be backported due to how insanely complicated the codebase is and the fact that Chromium doesn’t have a proper stable branch, so one day I woke up and suddenly I couldn’t run Chromium over X forwarding any more, which was literally the only thing I was using it for.

                                                                                                                                    1. 2

                                                                                                                                      Ha, now I understand why I use emacs. It hasn’t changed the UX in years, if not decades.

                                                                                                                                    2. 4

                                                                                                                                      Because you need to invest into upgrading too much of your time. I maintain 4 personal devices with Fedora and I almost manage to upgrade yearly. I am very happy for RHEL at work. 150 servers would be insane. Even with automation. Just the investment into decent ops is years.

                                                                                                                                      1. 2

                                                                                                                                        For me there is an equivalence between Debian stable releases and Ubuntu LTE ones, they both run at around 2 years.

                                                                                                                                        But the advantage (in my eyes) that Debian has is the rolling update process for the “testing” distribution, which gets a good balance between stability and movement.

                                                                                                                                        We are currently switching our servers from Ubuntu LTE to Debian stable. Driven mostly by lack of confidence in the future trajectory of Ubuntu.