This seems like a big improvement over having to install the Docker client. Are there other similar tools?
Checkout https://ko.build/advanced/limitations/ they offer some alternatives.
I don’t know if that’s really what you asked, but if you also don’t want to have docker where the code is deployed. Hashicorp’s Nomad supports other methods. For example they allow you to deploy an isolated binary, but also JVM and it’s even a system extensible via Plugins. So there’s a lot more options.
I like using nixpkgs’
dockerTools.streamLayeredImage to build the images, which you can then pipe into
docker load or whatever.
I love the concept. Still haven’t had any luck packaging even simple Go apps with Nix (IIRC there was a Mac-specific bug in some of the buildGoModule stuff, but I might be misremembering). Every time I touch Nix I go down a rabbit hole and never actually accomplish the seemingly-simple thing I set out to do.
Which is exactly why I bailed from it after 4-5 such sagas. Why couldn’t they just use a subset of Lua or Python? Or anything that’s easy to learn in an hour? No, it had to be a Haskell wannabe…
Makes me cringe super hard when I remember that I used to strongly advocate for language syntax. Gods, I would slap myself to Earth’s orbit if I could go back.
But yeah, Nix has some pretty solid ideas but it seems like they are not quite ready to wide adoption. Leaky abstractions, non-intuitive language, and gaps in the ecosystem for now prevent me to try and use it 24/7.
I feel this, but Nix the language isn’t even the hardest part. It’s just like extra friction. The hard part in my experience is tracing things through nixpkgs (no types, minimal docs, not-intuitive-to-me directory structure, terse naming conventions, etc), but there’s a long tail of friction-y things like the confusing CLIs, the docs which tell you to use one thing and the community who tell you to use a different thing, blogs that post snippets that work for NixOS but not vanilla Nix on Linux or MacOS (or vice versa), etc. Strongly agree on the fundamental vision of Nix, but there’s so much practical stuff holding back the idealist academic core ideas. I am rooting for it, but from the outside it feels like it needs a culture shift or a governance shift or something so this stuff gets more of the focus (I’m occasionally told that the community is already prioritizing this stuff, but every few years when I check in things are still pretty frictious).
Hm the series left me wanting, especially the post claiming success, which had very few quantified metrics of success in it.
Eg in dollar terms how much did they save in hosting? In a linked post they write “We aimed to lower hosting costs, improve performance, and further optimize our already-impressive reliability”. So where are the stats?
This type of serialized blogging about a big rewrite quite often peters out or quietly dies. The authors realize, after a few years of effort, that they’ve merely transitioned to a different architecture with its own warts and drawbacks.
It was, in fact, not a silver bullet.
Honestly, it might be a silver bullet. Since we have switched from Go to Python2 we have had absolutely no problems with werewolves at Khan Academy. :)
We have certainly moved on to wrestle with different problems. For instance, we’re doing a lot more AI stuff.
Hi! I work at Khan Academy, and we’re still pretty pleased with how things turned out, to the point where it’s no longer seems novel so we don’t write about it all that much. Also, over time it got increasingly hard to provide simple numbers to an external audience, since it wasn’t a big bang rewrite and switchover, but an incremental one.
It has saved us a fair amount of cloud computational resources, but since then we haven’t continued to run obsolete Python2 nor have we preserved exact equivalency in our Go code after the initial port as we continue to add and improve in Go. This makes it hard to have a comprehensive cost comparison. For instance, a particular endpoint saved us 50% in computational costs when ported directly from Python2 to Go. However, cloud hosting provider computational costs went up so the next month a different endpoint that we ported that was only 40% cheaper in Go, but it saved us the same amount of cost in dollars.
It will never not bother me that Rails, and many frameworks inspired by it, encourage grouping modules/classes together in a folder based on the design pattern puzzle piece that they represent, instead of organizing the modules related to a slice of an application’s domain together.
All of this fuss about what to name common abstraction(s) for interactions stems in no small part from Rails’ suggested directory structure. It encourages developers to think of what term(s) are worthy of being peers with “models” and “controllers”, when that’s really an orthogonal concern to their application’s domain.
I make this complaint with confidence, having shipped dozens of rails projects and still working with (or around) it every day.
But Rails does have this capability, with Engines. If you build a feature as an Engine, it’s actually quite close to the abstraction necessary for a logically distinct microservice. https://guides.rubyonrails.org/engines.html
Having actually gone down this path, you do not actually want to use Engines as a module abstraction. The boilerplate cost is way too high.
Hanami Slices are an implementation of this that is actually good.
And if you want to go fully decoupled you can use trailblazer. It still uses MVC concepts but is more like a widgets framework, so you can create decoupled partial models and views and re-use them across different parts of the application.
Almost every nontrivial C extension out there has threading bugs that are currently impossible to hit because of the GIL. It will take an enormous amount of effort to make all the old C code thread safe. That means in practice you may not be able to use a lot of useful libraries that rely on C code in a multithreaded python interpreter.
Sure, but this is how we make progress with software:
When I introduced Sidekiq to the Ruby community, there were still lots of gems with threading issues, including Rails itself. Now the ecosystem is thread-safe as Sidekiq usage grew and folks fixed the threading issues. It just takes a few years.
Data races are famously non-deterministic. Your tests will likely pass and you will still release a heisenbug into the wild.
I hate to be that guy who suggests rewriting in rust, but I came to this thread to lament the fact that my current favourite pastime (writing python modules in rust for the enormous performance boost) would be going away.
Maybe though… it wouldn’t be a bad idea?
A lot of these extensions are wrappers for third-party libraries, so what you’d be doing really is rewriting the third-party library and committing to maintain it forever.
Also, it’s not always only C – if you think you can build a better BLAS/LAPACK implementation (required for NumPy) than the current Fortran versions, you’re welcome to try it. But I think there’s a reason why Fortran continues to be the base for that stuff, and it’s not “because they hate Rust”.
A Rust adapter-wrapper from Python to some Rust and some C is still a totally valid pattern where you don’t rewrite the whole stack, but you add some correctness (say parsing, state machines, thorny inplace processing). It can be a spectrum.
A lot of these extensions are wrappers for third-party libraries, so what you’d be doing really is rewriting the third-party library and committing to maintain it forever.
I don’t mean to be glib, but isn’t that a bit of an entitled attitude that places an unfair burden on open-source maintainers? I see no reason that they shouldn’t commit to only maintain it as long as its useful for them. If someone else finds it useful, then they can either pay for support or maintain it themselves.
That’s assuming the Python API even makes that possible. For example the buffers API allows python side to cause data races and Rust can’t prevent that: https://alexgaynor.net/2022/oct/23/buffers-on-the-edge/
Parallelism is not the same as a speed-up. If a task takes 100 CPU seconds with Python, 10 threads/processes with full parallelism means 10 seconds to get a result, and those cores can’t be used for other things. The Rust equivalent might only take 1 CPU second on a single core. In some situations parallelism is good enough, but optimization tends to be much more valuable if you can manage it.
(Longer discussion: https://pythonspeed.com/articles/do-you-need-cluster-or-multiprocessing/)
Rust has a very strong unique ownership model. Python allows arbitrary aliasing. Two Python threads can share any objects that are returned from Rust. I think the only solution to this is to make everything that is exposed to Python adopt the
Sync trait. Anything in Rust that is mutable and
unsafe. The simplest way of doing that mostly correctly is to expose
Sync proxies that acquire a lock before calling into the real Rust objects (Rust has some nice lock guard types for doing this, so the
unsafe bit is in the standard library). It’s not clear to me that this would end up being easier than exposing C/C++ things.
Rust’s concurrency benefits rely on the Rust type system. When you are interoperating with code that has weaker constraints then there are lots of places for bugs to sneak in.
Rust Python: https://github.com/RustPython/RustPython
Unless the C code is doing stuff like using OS-level resources assuming there’s only one instance of it running (which is ekhm anyway because there can be multiple CPython processes,) it’s still going to run under GIL within the subinterpreter.
I played with implementing an ActivityPub server too. I found that implementing OAuth was painful but the biggest issue to me was the client-side APIs. No one really implements ActivityPub C2S1 so if you want your software to be useable by all of the various Mastodon iOS clients, you have to implement Mastodon’s custom client APIs. They do have basic documentation but it’s always a moving target because they aren’t standardized.
I added a few Unicode method names as Easter eggs to the Sidekiq source code a decade ago. It was surprisingly effective at finding bugs in developer tooling like RDoc.
What they never tell you is what they’re bound to. If they’re bound to my phone and I lose my phone I’m absolutely up seven ways to Sunday in trouble. How do I back them up? How do I recover them if my phone is stolen?
Normal reply from Google, Apple, etc, would be that you should enable
CloudSync(TM)(C)(R) and send all your personal information to their servers. So thay can protect you from whoever will want to get your personal data. This is how you can be sure that even if you lose your phone, your
passkeys(TM)(R)(C) will be safe*. (see our EULA, part 17A, section 126.96.36.199 what is our definition of passkey safety).
For Apple devices, Passkeys are stored in and synced by iCloud Keychain, which is end-to-end encrypted. (As far as I’m aware, it’s not possible to get iCloud Keychain not to use E2EE. Some categories of iCloud data are only encrypted if you turn on “advanced data protection,” but Keychain is not one of them.) I think Apple’s response would be that if you lose your iPhone, then what you need to do is to get a new iPhone, sign in to iCloud, let it sync, and then you have all of your passkeys again.
One counterargument to this is, “well, what about the time between losing my old phone and getting the new one?” I saw one Apple employee point out that if you had used a strong password—one that you were relying on a password manager to remember for you—then you’d be in the same situation. I’m not sure I totally buy that; at the moment, password managers (generally construed) run on a wider variety of computers than passkey-storing password managers. It’s entirely possible that you could lose your iPhone (thus losing access to your passkeys) but still have, you know,
pass running on your Linux desktop, so that you’d still have access to your passwords. But over time I’d expect more and more systems to add support for storing passkeys.
My understanding: you have a passkey per device. You log into your account with another device and revoke the passkey for your stolen phone. If you get the phone back, you re-enroll it with a new passkey.
Presumably this means you log in to the new device with a password, so you still need passwords? (or some alternative authentication)
It is definitely not only you, it seems that a lot of people think that the paper is worthless, because it has “wrong form” – doesn’t have working code, or doesn’t have formal proofs, or glosses over many details.
But to me that seems like an incorrect reaction? Like, it’s a perfectly fine written paper which presents an elementary algorithm in some level of detail. If this was a paper for novel 2-SAT algorithm, rather than for 2-MAXSAT, there would be zero questions like this.
It is possible to read the paper and just point out a specific flaw. Maybe some reduction is wrong, and there’s a counter-example, where the algo is giving a wrong result. Maybe some size calculation is wrong, and some graph is not N*M, but N^M. Maybe there’s some specific gap in the reasoning, like “and now we check if these two graphs are isomorphic using an obvious quadratic algorithm”.
I guess, the crux of my objection is that the paper is perfectly falsifiable as is — if one has read through the mobile book, has pen&paper and a couple of hours of free time, one can just go through the paper and decide if it is correct or not. Demanding more rigour here seems unwarranted.
Of course, one can say that the prior for this being correct is extremely low, and that its not worth the time to look for the error, but that seems substantially different from “no implementation = does not count”.
Demanding more rigour here seems unwarranted.
I absolutely disagree. P=NP is the most famous problem in CS. If you’re going to claim to overturn it where 1000s of other CS experts have failed over the last 50 years, you need to supply more than hand-waving and zero peer review.
I think I disagree with that. The amount of peer review has zero bearing on whether the algorithm is correct or not. Physical truths are determined by experimental observations, mathematical truths are determined by the proofs. What other people think or say does not affect what actually is fact, and what is not.
You can and should use peer review as a heuristic for what is worth paying attention to. You can also use peer review as a proxy for cases you can not judge yourself.
But this is not the case where you can not judge yourself. This particular paper is elementary, you can just go and find a specific issue. It is falsifiable with little effort, you don’t need peer review shortcut if you can do the work directly.
But the nice thing about peer review, is it save the other million onlookers like myself having to wade through this as non-experts every time some crackpot thinks they have yet another P=NP solution.
I agree with both of you. Really, the author of any P=NP proof should provide extremely hard evidence:
Note that this last requirement looks a lot like the top comment here, itself mirrored from the orange site. This works because of the folklore that exponentially-large resolution trees naturally arise when proving pigeonhole problems for 3-SAT have no solutions; any P=NP proof must explain it and show how to defeat pigeonhole problems quickly.
If you really had a working algorithm for solving an NP-hard problem, you could also support your claim by posting some stranger’s private RSA keys.
Or if it’s fast enough, use it to mine a few bitcoin blocks.
I might be a fool but I am worried about non peer reviewed literature from an economic perspective. I find it hard to refute we live in an era of information overload. Given that we are just experiencing a boom of generative content, there will be much, much more academic production, making proofs that can be checked mechanically will be essential.
This is not too say that the idea is not merit of evaluation, and I believe we can agree that we have to be extra zealous of rigor in this case? Because if you read the paper, you will not find what you would expect - a hypothesis so deep being solved without the use of any new mathematics would yield to a simple argument? Contrast with the proof of fernat’s.
But I was too harsh on it, I am sorry for being impolite in this forum that is dear for us.
Uh. If this bears out, this is like…really big.
That being said I do not have the experience or knowledge to know whether this paper’s claims are valid.
Also, this wouldn’t be the first paper to make such a claim, and all such papers have thus far been found to be flawed.
But boy it would be neat to see the biggest unsolved problem in computer science fall.
Someone who understands this better than I do (i.e. anyone), I’d love to hear your opinion.
I’m not qualified to review the paper in-depth, but here’s a heuristical reason not to trust it: a big part of the reason P=NP is so hard is that it’s incredibly subtle. Lots of approaches fail because of one edge case or unconsidered consequence or a step that looks polynomial but is actually exponential. For that reason, any credible proof needs to be absolutely watertight, and every claim needs to be backed up with a proof.
So when the paper says
The first part τ1 is the time for computing the frenquencies of variable appearances in D. Since in this process each variable in a Di is accessed only once, τ1 = O(nm).
The second part τ2 is the time for constructing a trie-like graph G for D. This part of time can be further partitioned into three portions.
• τ21: The time for sorting variable sequences for Di’s. It is obviously bounded by O(nm log m).
• τ22: The time for constructing p*-graphs for each Di (i = 1, …, n). Since for each variable sequence a transitive closure over its spans should be first created and needs O(m2) time, this part of cost is bounded by O(nm2).
• τ23: The time for merging all p*-graphs to form a trie-like graph G, which is also bounded by O(nm2).
The third part τ3 is the time for searching G to generate its layered representaion. Since in this process, each edge in G is accessed only once and the number of all edges is bounded by O(nm2), we have τ3 = O(nm2).
The fourth part τ4 is the time for checking all the extended rooted subgraphs. Since each level in the layered represen- tation G′ of G has at most O(nm) nodes, we have O(nm2) nodes in G′ in total. In addition, the number of edges in each rooted subgraph is bounded by O(nm), the cost of this part of computation is bounded by O(n2m3).
It’s not proving any of these time bounds, it’s just saying “if you think about it really hard it’s obviously polynomial time.” But that’s where he’s most likely to be making a mistake! Especially because the claim in the fourth part, that the number of edges in each rooted subgraph is O(nm), is justified as
In this way, a rooted graphs now does not represent only a single subset of conjunctions satisfied by a certain truth assignment, but more than one subsets of conjunctions each satisfied by a different truth assignment. We can use the group numbers associated with edges to make such a recognition of different subsets. Obviously, in this way, the number of nodes at each level becomes bounded by O(nm).
Again, that’s not something he can say is “obvious”, and it’s potentially a place he’s wrong.
The whole paper is like that, which is why he hasn’t passed the credibility threshold.
I’m not qualified to review the paper in-depth,
TBH, the paper feels elementary. The only claim which need background knowledge to assess is that MAX-2-SAT is NP-hard, the rest is basically a from-scratch graph/combinatorial algorithm with claimed runtime complexity of n^2m^3, which fits on ten pages in paper-speak. So it seems that the required level to review this paper is “can be a TA for algorithms 101”.
Which is a strong heuristics: if P=NP is this simple, someone should have stumbled upon a proof half a century ago.
Of course, I did not do the virtuous thing of actually reading through the paper and finding the bug/convincing myself that, however surprising that is, P indeed is equal to NP.
The problem is a claim of P=NP can be published in polynomial time, but checking the claim takes non-polynomial time…
This reminds me, what was the conclusion of https://lobste.rs/s/apqrmz/this_destroyes_rsa_cryptosystem_by? That one was something you needed to be highly qualified to review.
The author is associated with a department of Computer Science, which makes it all the more suspicious that he lists no other co-authors or thanks any peer reviewers at the end.
His conclusion warrants a review from several peers before publishing.
I’m fine with this; I’ve been a 1Password user for years, and I guess I just don’t panic reflexively at the use of the word “telemetry”
They’ve taken VC funding, which means the MBAs have their foot in the door. Once the founders leave, a bean counter gets in charge and then they can abuse their user’s trust to monetize their user and telemetry data. It’s Doctorow’s Enshittification cycle.
Perhaps. I doubt the large majority of customers will care. Telemetry-phobia is pretty niche in the mainstream.
I would expect there to be ~no blowback, because people posting on message boards (myself most certainly among them) make up a vanishing small percentage of the market of folks who pay for 1Password.
Thanks for this! It was informative & clearly written.
RocksDB looks like it’s oriented toward servers – it’s optimized for write-heavy loads, has complex tuning, creates multiple files and seems to default to using a lot of memory (I’m calling 64MB a lot, for my purposes.)
There don’t seem to be as good options for client-centric embedded KV stores – LMDB seems to be EOL, libmdbx is developed by a pro-war Russian guy who hints that future versions won’t be available to people in the West, Berkeley DB is copyleft (a deal-breaker for me) and owned by, ugh, Oracle. One can of course use SQLite for KV storage but it seems awkward, plus it’s slower.
One can of course use SQLite for KV storage but it seems awkward, plus it’s slower.
I honestly would just stick with SQLite. Although the SQLite API for purely key-value use cases is awkward, the built-in support for basic types and the sqlite3 CLI are convenient. In terms of the performance, while SQLite is slower than RocksDB, you can still get very far1 with it, even on servers, unless you need to handle thousands of writes or reads per second.
EOL was probably the wrong TLA. What I meant is that it’s in maintenance mode; last I checked there hadn’t been any significant work on it since 2015. What I liked about libMDBX is that it picked up from there and kept going.
Isn’t that what the life cycle of an embedded key value store should be, though?
KV stores are critical pieces of infrastructure. They should be pretty stable/limited in scope.
This blog post reads as Stockholm Syndrome to me. Most stacks don’t have anywhere near as much instability and dependency breakage as npm.
I agree with the thrust of this, but the choice of the troubleshooting example is pretty unfortunate, I think.
Two engineers separately attempt to identify the root cause of the issue, but are unable to find the source of the problem after a week of investigation. A third engineer is brought in and is able to identify and resolve the issue within a few days.
It may make more sense to ask the third engineer to train the other engineers on their issue resolution methodology.
I’ve been that third engineer on multiple occasions and the problem is, in a lot of cases I’m not doing anything I could train anyone else to do even if they asked. In some cases even I don’t understand how I figured a problem out.
“Train someone else to resolve issues the way you do” presupposes that I have a well-defined checklist in my head that I methodically proceed through until I get to the step that resolves the problem. For simple problems, that’s kind of true, and I can tell people what I’m doing. But for the not-so-simple kinds of problems that would cause another team to ask for my help in the first place, it’s more like a series of intuitively-guided attempts to match against different patterns of problems that have puzzled me over the course of my career. My intuition is usually decent and before long, I have an “aha” moment. Then the person I’m working with asks, “How the heck did you know that was it?” and I have no answer.
If a manager comes to me and says, “Hey, can you take a couple weeks to train our team to pattern-match against your 35 years of professional experience?” it’s not going to be a useful exercise.
I think it can depend on the specifics. Sometimes when I find bugs, it’s something I can’t communicate to other people. In other cases, it’s because I knew a tool or approach that other people didn’t. Like in one case I solved something quickly because I was the only person who knew how to load old database snapshots. Showing other people how to do that meant they were able to solve similar issues quickly, too.
People also gather information differently, and watching how a more senior person gathers information can teach you useful tricks. Think things like
git bisect, writing testing scripts, using a debugger, even recording theories in a notebook.
In other cases, it’s because I knew a tool or approach that other people didn’t.
There are many cases I’ve seen in my years of a bug taking a long time to solve because of lack of knowledge of tools that would make things easier. There are two main aspects to this that I’ve noticed:
In the second case, it is usually accompanied by an ignorance of the questions that the tool opens up to you. If you don’t know that you can attach to a running process to debug it, for example, then you tend not to ask questions about dynamic analysis or profiling. (Admittedly, this is a bit of a crude case, but the point stands.)
Teaching the first point isn’t so hard. Teaching the second one can be a bit trickier.
I tend to use the technique that Raymond Chen refers to as ‘psychic debugging’: from what I know of the codebase, think about how I could introduce the bug, then come up with an experiment that tests whether this is actually how the big was introduced. The second half of this is teachable because it’s just a set of recipes. The first bit is probably something that you can learn only through experience because it’s the same skill as introducing desirable features (and if we had a reliable way of teaching that, the software world would be a much better place).
To the original example, it’s very possible that two people using this exact process would take different (but not reproducibly better or worse) times to find the same bug. I’ve spent days chasing bugs in the wrong place before and I’ve also found a bugs in minutes that other people spent days failing to find. It would be easy to cherry pick one of those examples and say that I am amazing or terrible at debugging and should teach / learn from other people, but often they were following exactly the same process. In some cases, the slow and useless person was tired me, the fast person was well-rested me.
Thanks for the feedback.
I used the example because it’s something that actually happened - the third engineer in the example actually asked me if it was okay for them to apply “go slow to move fast” and if we could accept slower resolution times in the short term to give them an opportunity to train others, and it turned out to be a great success for us.
I can certainly agree that it’s not something to be applied in all situations, and I wouldn’t ask someone to do this if they thought it wouldn’t be productive!
You can’t teach a mental model, you can only develop one yourself through years of experience and learning.
You can absolutely accelerate the development of a mental model with good examples, exercises, drills, and targeted training! It’s just that’s, uh, really hard to do and even harder to do at scale.
But for the not-so-simple kinds of problems that would cause another team to ask for my help in the first place, it’s more like a series of intuitively-guided attempts to match against different patterns of problems that have puzzled me over the course of my career. My intuition is usually decent and before long, I have an “aha” moment. Then the person I’m working with asks, “How the heck did you know that was it?” and I have no answer.
This has happened to me more than a few times. My only advice to my team members is to read a lot and read broadly. Just because something doesn’t seem like it is relevant doesn’t mean it won’t come up. Additionally, it’s important to understand the underlying architecture of projects, the fundamentals of environments, or the supporting theory behind constructs. If you only understand the API then your debugging tools will be limited.
This sort of commentary is beneath our community; if you must criticize, do it by engaging with ideas and not repeating namecalling and gossip.
It’s never beneath a community to remind people of an authority figure who has behaved in a biased or intolerant manner. He believes men make better programmers than women.
I think both of you are right: “Authority figure believes men make better programmers than women” is engaging with ideas, calling him “creepy uncle bob” without sharing sources is namecalling and gossip.
I’d even argue that the former statement is still off-topic, because it has basically nothing to do with the technical discussion at hand other than to say “hey, fellow tribe member, look at this outgroup person who has ”…it doesn’t really engage with the the actual issues of performance, software and engineering tradeoffs, or anything else; it just paints ’this person is icky” in slightly more detail.
That said, that would’ve been at least longer than two words so I guess there’s that.
Someone wanted to know if “Uncle Bob” referred to Bob Martin or someone else named Bob. “Creepy Uncle Bob” was a short and clarifying reply.
“‘Uncle’ Bob Martin” would’ve been equally short, faster to google, and normalized (I hold) better civility.
Whether they do or don’t, in fact, make better programmers, “he is creepy” has neither bearing nor any connection to the assertion. The only purpose is to insult.
For anyone seeing this comment thread and are wondering what this is about, https://blog.wesleyac.com/posts/robert-martin is a good read.
I personally think that we shouldn’t strive to divorce the ideas from the person, but this sort of conversation can move to meta thread if needed.
if you must criticize, do it by engaging with ideas and not repeating namecalling
Could you perhaps tell this to the person a few days back who dismissively referred to an interlocutor as “somebody who only lists python and webshit on their profile” in a thread on this same topic?
I’m sorry if the humorous term webshit causes particular offense; having made my living off of it for the last decade or so I feel no qualms in calling it by that name and also paying some small homage to a delightful (if no longer active) critic of HN culture.
I also point out that I didn’t go “creepy ubernostrum”, but instead “hey, I’m not sure if you actually have the background to viscerally understand some of the concerns folks that’ve done low-level programming have, have you actually done stuff in a non-interpreted language that isn’t Python?”–you then clarified that you had done C programming and that provided a bit of helpful context about what your experience was. These are rather different behaviors, as should be obvious at a cursory glance.
I’m sorry if the humorous term webshit causes particular offense;
“im sorry you were offended” is not an apology. (’m not OP, just pointing this out. Not sure if it was an intentional snub or accidental.
If you absolutely must gatekeep and refuse to engage with ideas unless/until you’ve been sufficiently convinced they came from someone with the “right” sort of background/experience, you still can do it without resorting to insulting terms like “webshit”. And if you avoid that, you won’t have to write non-apology apologies, either. Win-win!
My personal experience is that he gave a talk at lone star rubyconf that made me uncomfortable due to portrayal of women and I didn’t retain a single technical thing from the talk.
I did retain that discomfort and the memory that a woman walked out of the talk and then after being confronted with the way it made her feel (and me too TBH) he said it was okay because the sexist character stereotype was played by his daughter and didn’t acknowledge or apologize for his impact.
His name came up at a conf I helped organize as a person to invite and I shut it down. Just about everything I’ve ever heard or seen from him since has reaffirmed that gut decision.
Also while I agree generally we should try to be specific with criticisms I also have learned that it can be difficult to bring up some of these uneasy feelings. Especially on the internet. Usually the first thing that happens after “but why specifically do you not like X” is not an acknowledgement but rather an attack with a logical fallacy.
To expect good faith active criticism/critique, we also need to be supportive of people’s lived experiences even when they don’t affirm our own.
…and as a privileged white male it is very, very, very easy to ignore the impact of this sort of thing on others until you are outright slapped in the face with it, because so often the underlying message is that It’s Normal and Not A Problem.
Sure, but lots of people make me feel bad and uneasy, and I still wouldn’t think it acceptable to casually insult them over it.
(You know what makes me feel uneasy and, frankly, unsafe? “the creepy uncle bob” dropped casually into conversation.)
I personally don’t choose to protest his behavior and consistent replatforming in the same way, but I appreciate someone said something to open the door do an honest conversation.
Something about that original comment brought you out of your comfort zone. Now you have to consider if that act of discomfort is worse than the patterns of behavior of the person being described?
(This is a rhetorical question for reflection, I do not need or want an answer )
Now you have to consider if that act of discomfort is worse than the patterns of behavior of the person being described?
Why? Two wrongs don’t make a right; unease is no excuse for bad behavior.
(This is a forum - I shall answer anyway.)
Two wrongs don’t make a right; unease is no excuse for bad behavior.
I’m not asking you to have one action dominate/erase the other. Quite the opposite, I’m asking you to hold onto both at the same time and weight them accordingly. Then I’m asking that you communicate that weighting clearly.
Zooming out a bit: When it comes to criticizing/critiquing a protest (or insult in this case) there are 4 options of observable behavior:
Support the comment only (and therefore also condemn the target behavior)
Support the comment but also support the target behavior (weird, but possible…maybe you just like insults or something)
Condemn the comment only (and by omission support the target behavior)
Condemn the comment and the target behavior
(Technically 5 options if you count “do nothing” as an option)
It’s an over simplification, but in general you get it. It’s a classic true/false two-by-two grid. I observe that you’ve condemned the comment and I don’t see anything about Bob’s behavior. To an observer (me), this omission is prioritizing the use of an insult and by omission implicitly supporting the behavior. Basically option number 3.It’s about priority and observable actions
If you are actually in camp number 4 where you don’t like the insult, but also you want to condemn the target’s behavior…then you need to say that explicitly. Otherwise option number 3 is the same used by bad faith actors.
For example during black lives matter protests, fox news covered it…but they prioritized the protests and downplayed the topic (police killing people). They said “they should protest, just not like that”. This is a bad faith tactic to support an unpopular position without seeming to support it.
This isn’t a new phenomena either. Here’s a direct quote from a person we now consider famous for protesting well:
A step further
the white moderate, who is more devoted to “order” than to justice; who prefers a negative peace which is the absence of tension to a positive peace which is the presence of justice; who constantly says: “I agree with you in the goal you seek, but I cannot agree with your methods of direct action”;
If you want to be absolutely crystal clear about your intentions when talking about a protest the pattern I try to use is:
<x>, which they’re talking about”
That way it’s unambiguous to anyone reading that you’re not arguing in bad faith, you do support thing
<x>, and also you don’t prefer it being done that way. The third step is important because some bad faith actors will claim they support the cause, but then spend all their airtime bashing the method of protest. That’s why I’m using the word “prioritizing”. It’s a variation on “don’t tell me your values, show me your budget”. If someone spends all their time protesting a protest, it’s indistinguishable from being a counter-protester.
I’m not demanding you speak with this pattern. I’m telling you what i’m observing about your behavior, how it’s making me feel, and how I want people to communicate their condemnation for a protest/insult in general.
What am I asking? I would love it if you threw up your arms and shouted “wow, I finally see how my comments have been misinterpreted. I didn’t realize this was a common bad faith tactic and I’ll work extra hard to be more clear, also I still don’t like the insult but agree that after everything I’ve read that Uncle Bob should not be someone we prop up as a role model to be emulated”. But that’s a lot to ask.
I ask: Read my words, try to hold onto the idea that there might be some truth in them.
Zooming out a bit: When it comes to criticizing/critiquing a protest (or insult in this case) there are 4 options of observable behavior:
I disagree with your matrix. You are omitting “have no opinion about the target behavior” - and also “consider the target behavior offtopic entirely”.
That way it’s unambiguous to anyone reading that you’re not arguing in bad faith
It’s hard to see what “bad faith” even means here. Are you suggesting that you weight my comment differently depending on my stance regarding what Uncle Bob did? Why?
It feels like you’re coming at this from a perspective of, something like… “the thing of highest importance is that we all agree that Uncle Bob = bad. Within these bounds, we may then debate the validity of certain rhetorical tactics.” Like there is a risk that if I communicate insufficiently my stance on Uncle Bob, you may accidentally misinterpret my comment as written by an ally, rather than an enemy, which would “obviously” color your reaction. If this is a bad interpretation, I apologize - but it is this totalitarizing mode of engagement in particular that raises my hackles.
If anything the disagreement might be this: I do not believe you can ban political speech and I believe this insult to be political in nature. The personal is political. If you’re in for a long, but good, watch “How to Radicalize a Normie” video on youtube is very good and speaks to this phenomenon.
When you remove the tools to speak out against behavior you believes harms your community, when you silence lived experiences, it’s far from a neutral position. This is why I used the word “protest”.
To bring that back to this thread: “This political stance is of topic” is indistinguishable in impact (if not intent) from “Let’s rename Lobsters to ‘I love everything Bob says’”. Yes this is hyperbole, but the sentiment I believe holds true.
“This political stance is of topic” is indistinguishable in impact (if not intent) from “Let’s rename Lobsters to ‘I love everything Bob says’”.
If you genuinely believe that these stances are indistinguishable in impact I think there is a fundamental misalignment here that probably can’t be reconciled.
One of the core ethical points you are touching on is “Does failure to condemn an activity constitute material support for it?” That’s a long-running question, one that is quite open to debate by respectable and good people on all sides, and also is something that is quite unsettled basically wherever it comes up.
Does failure to condemn an activity constitute material support for it
If there’s an online exchange about someone who has done harmful things and a commenter chooses to spend hours solely arguing against the ways that people have brought up their grievances that’s not “failure to condemn” that’s active and willful support.
I think neutrality itself is a deeply political stance; it’s just one which I happen to hold. (Radical centrism ho! The personal is political, and my political orientation is pro-neutrality.) I guess we’ve arrived at a value disagreement? Regardless, I cannot control your interpretation of my opinion, but it’s still worthwhile to note that it matches neither my interpretation nor my intent. (Though I accept it as an outcome. (No, that’s not the same thing as intending it.))
That said, I do believe that speaking out against behavior, certainly in this particular way, also harms the community.
I think neutrality itself is a deeply political stance
I guess I agree. There’s a whole country known to have a “neutral” political ideology: Switzerland. So it’s certainly a possible state in our DnD matrix i.e. “chaotic neutral”. This is their intention, but through action or inaction everything they do has non-neutral impacts on those around them.
It’s my experience that advocating for neutrality favors the status quo. Essentially in any situation you can ask: “who would benefit from my action” or alternatively “who would benefit from my inaction”.
That said, I do believe that speaking out against behavior, certainly in this particular way, also harms the community.
An interesting point hidden here. I don’t think I’ve stated exactly what I’m wanting.
When you say “harm” I think you want people to be civil and nice on this forum (which this most recent reply is both, thank you for that). I want that, too.
I also want people to feel safe and included. I want people to speak their minds and have productive conflicts and disagreements and get the full range of experience from members. I don’t want a sanitized utopian facsimile of a community.
To get that inclusion, we must be tolerant. Paradoxically to be a tolerant community, we must be intolerant of intolerance (paradox of tolerance). This is also touched on in “Radicalizing a Normie”.
You don’t want a world where people are freely slinging insults around (we’re not /r/programming after all). I want a world where someone who loves programming and wants to come and share doesn’t feel like they belong due to their gender.
At the end of the day, that’s what I prioritize most.
I mean: I don’t think it’s as simple as a difference in goals. You have a bunch of political theory behind your view, and also behind my view in yours: me, likewise. It’s just politics.
One thing I want to highlight: the idea that “we must exclude those who defected against our political norms elsewhere” is not just a matter of different goals; I disagree with this fundamentally. I think that … fundamentally, I actually disagree with the very idea that we should infer quality of belonging from the adherence of a site to the enforcement of global ingroup and outgroup standards. I think that’s bad. So it’s not, I want to emphasize, that I want people who are put off by Uncle Bob to “not belong”; it’s that I reject the entire paradigm that leads to that judgment.
But yeah, not something we’ll resolve here probably.
I want a world where someone who loves programming and wants to come and share doesn’t feel like they belong due to their gender.
An unfortunate typo. I want to include people. I hope that was clear via the rest of the message.
Just goes to show how fraught text only comms can be :/
he said it was okay because the sexist character stereotype was played by his daughter
For my part, I’m fine with calling someone who behaves in the quoted way “creepy.” That behavior is creepy, doubly so if he didn’t acknowledge the issue because that increases the likelihood that he’s blind to other creepy behavior. He’s a broken stair that others need to be warned about and sometimes individuals need their visceral reaction to “creepy” to jolt them into recognizing that.
I think my problem with this whole idea is that it presumes that social spaces should be or are already homogenized, so that one single standard of acceptable behavior can govern all of them. I believe we agree (?) both that “creepy” massively compresses the communicated information and that it primarily serves as a social enforcement or consensus-finding mechanism; I would guess our main disagreement would be first that the consensus in question is so vital that it needs to be universalized, and that it is acceptable to attempt to enforce it on a totally unrelated site and a topic that is only related in that Bob is a participant in a technical debate, in which he exhibits no problematic behavior.
The classic term is “unsafe”. Bob to my knowledge neither poses a safety threat to anybody nor is credibly accused of posing a safety threat to anybody, has not behaved in an inappropriate way towards any specific person; as far as I can tell the worst he is accused of is bad language.
(Behavior isn’t inherently creepy. Creepiness is a culturally mediated relation between creeper and creepee; it is not inherent in any single person or action. The phrase “X is creepy” elides this fact; optimistically for compression, cynically for manipulation. If “I am creeped out by your actions”, this is primarily on me; if “you creep me out”, this is primarily on you.)
(PPS: learning about how to recognize rhetorical framing is annoying; you start seeing it everywhere.)
(PPPS: My visceral reaction to “creepy” is getting unreasonably angry at the person saying it.)
(the funniest part of this is that everyone knew what i was alluding for, everyone recognized that it’s a creepy behaviour but for the sake of their personal comfort so many people were going out on a limb to defend platforming the creep)
This post has a curious absence of even mentioning distrust of Google with yet more of our personal data, which was a major theme of discussion in all venues I saw this issue mentioned in, and certainly seemed to play a major part in distrust of an opt-out configuration.
Because they’ve been very clear: it doesn’t collect personal data. It’s designed to determine how and when people use various language features, anonymously.
Yes, because Google is not a company that would like to collect more and more data overtime, because it is so trustworthy that a ton of people rejected this.
The post claims to summarise the discussion. It glaringly does not summarise the discussion.
Your comment doesn’t actually address what I said, it addresses something else entirely. Do you have an answer to what I said?
I’m not understanding what you’re angry about. I agree with mperham that it’s quite a stretch to consider which language features are being used by a random golang toolchain installation as “personal” information.
I also don’t see any claim to summarize the discussion in the original blog post.
Seems like you just want to be angry at Google and yell at anyone who dares defend them, even when (in this case) Google seems to be trying to do the “right” thing.
I couldn’t find where it claims to summarize the discussion. Can you quote the passage that leads you to believe that?
See my top-level comment for an explicit examination of the second paragraph. I would characterize it as manufacturing consent or astroturfing; a top-down plan is being described as community-approved.
I assumed other topics fell under the statement in the second paragraph that said:
In the GitHub discussion, there were some unconstructive trolls with no connection to Go who showed up for a while
Some of us are still advocating for more usage of Level 1. Modern servers are unbelievably powerful and reliable.
For example, the rise of sqlite as an alternative to more complex DBs which run on separate machines. One way to simplify a system is to use parts which require less maintenance and administration.
Right up until you need any kind of high availability, then you start adding replication layers to SQLite and grow something as complex as a traditional RDBMS.
There’s a huge class of apps which don’t need high availability but would benefit hugely from a simplified deploy and cheap hosting costs. I think Mastodon or WordPress are perfect examples.
I agree on blog hosting (if it’s down, I doubt many people care), I’m less sure with Mastodon, at least long term. If my email is down, that’s increasingly problematic because people use it for time-sensitive communication. I don’t think Mastodon is in the same space yet, but it aspires to be.
Why do you need containers for running a single binary? I suppose it would make sense if everything else in the stack is running in containers and you want to create isolated networks, but part from that, idk. Perhaps someone could enlighten me?
I can think of two reasons. The first, as you say, is that you have some infrastructure for deploying containers, making things look like containers is useful. The second is that there’s often more to a system than just the program. You probably have configuration and data. The configuration is easy to add as a new container layer. The data may be stored in a separate service (e.g. accessed via the network) but if it’s filesystem based the container orchestration tools provide a good way of attaching filesystem trees to containers.
There’s also a bad reason: security. People often conflate containers (a distribution and orchestration model) with a specific isolation mechanism. On Linux this is a mess of cgroups, namespaces, and seccomp-bpf that keeps having security holes. On most cloud platforms, it’s VM isolation because the shared-kernel model doesn’t give sufficiently strong guarantee for tenant isolation.
There’s also a silly but real argument: cost. A lot of cloud providers have container billing that does finer accounting of memory and CPU usage than their IaaS (VM) services and so running a program on their container infrastructure is cheaper than running it on a rented VM.
Security is a really good reason. The “security holes” you’re talking about are kernel exploits - not enough for tenancy, certainly, but definitely nice given that putting something in a container is virtually free.
That said, it’s worth noting that this is a build tool.
For “security” using containers is not needed as you can have that on Linux without all that fuss. Just deploy binary and systemd’s unit for your service (which in case of single binary can be even within your binary with just single command away) and you are good to go. Much less stuff needed, and also this can give you some additional features that not all container runtimes provide.
If you want to use systemd, go for it. Obviously there’s nothing you can do with a container that can’t be done natively - but if you’re already using containers there’s some good stuff that you get “for free”.
Putting something in a container and checking the ‘isolation’ box on a cloud provider (gvisor on GCP and IIRC firecracker on AWS) is a lot easier than managing Linux hosts and configuring all of the security/isolation stuff yourself.
They are sometimes kernel exploits, they are sometimes misconfigurations in policy. For example, there was one that I recall that was caused by the fact that the Docker seccomp-bpf policy didn’t default to deny and so a kernel upgrade added a system call that allowed a container escape. Sometimes they’re exploits but, importantly, they’re exploits relative to a threat model that 99% of the kernel code was never written to consider. The Linux kernel still doesn’t really have a notion of a jailed process (unlike the FreeBSD or Solaris kernels) and so you are reliant on the kernel enforcing isolation built out of a set of distinct subsystems that were not designed together and where any kernel subsystem may forget a check.
You might want to run some benchmarks before deciding that it’s free. Depending on the workload, it can be as much as a 20% perf hit to run via
runcLinux versus running in the root namespace with no seccomp-bpf policy or custom cgroup. For others, the overhead is close to zero. The overhead can be even worse depending on the filesystem layering mechanism that your container platform is using (some of the union-based drivers can have a huge impact on anything with a moderately large disk I/O component).
Sure. These are increasingly rare though.
I don’t really agree. The kernel has long had a security model of “unprivileged users should not be able to escalate privileges”. It has not had “privileged users should not be able to escalate to kernel” until much more recently.
I don’t know what notion of jailed you want but namespaces certainly seem to fit the bill. They’re a security boundary from the kernel that applies to a namespaced process.
I think the point here is that, yes, the Linux kernel is a security trashfire, but I think you are underestimating the effort to escape a sandbox. Building a reliable kernel exploit, even for an nday, can be weeks or months of work.
For a lot of stuff you could use a wide range of tools. For example Nomad’s (isolated) exec driver.
Regarding security. Running Go binaries with pledge and unveil is really easy and great.
Usually run it with this simple rc-script then, just replacing
This is not always true though, because often these more “finer accounting” solutions have a higher price on their own, so it really depends on utilization.
Likely it’s for people who are running Kubernetes so everything has to be a container.
Binaries are not a deployable unit. Containers are.
I sort of see your point, but I’m inclined to argue the contrary. Statically linked binaries essentially are a deployable unit. Maybe you’d argue that containers can bundle configuration, but so can binaries. Maybe you’d make some distinction about “not needing to recompile the binary to change configuration” but you still need to rebuild the container which is the more expensive part by far (for a Go app, anyway), even with a decent hit rate on the build cache–there’s no fundamental difference between compiling a binary and running a Docker build except that the latter is wayyyyy more complex and expensive (in most cases, you need a daemon running installed rather than just a compiler/toolchain).
Containers are great for apps that can’t easily be distributed as a static binary (particularly when it would be very large, since container layers are individually addressable/cacheable) or for cases where you’re deploying a static binary in a containerized environment (e.g., your org uses k8s), but a single binary absolutely is a unit of deployment.
It isn’t though. Show me the cloud service that allows me to deploy a single Linux binary.
What cloud providers support isn’t useful for answering the question. One can easily imagine a cloud service that takes a static elf file and drops it into a firecracker VM—the reason this doesn’t exist (to my knowledge) is that their customers are typically deploying apps in languages that don’t have a good story for static ELF binaries (and the ones that are can just wrap their binaries in a container), not because ELF isn’t a deployment format.
updating code in a lambda with a zipped binary is significantly faster than with a binary in a container.
Typically containers run one app each anyway, but in my experience it’s just generally nice to have one unified format to build, distribute and run server side software. I can build an image on my windows computer, throw it onto my mac and it works with zero changes then I can push that same image up to our hosting provider and it runs there too, and we can switch hosting provider (which I have done a few times) with minimal effort. Sure, under the hood you’ve got EXE, ELF, DMG, PKG, etc on all the various operating systems but when it comes to getting production code live, containers really do make life easier!
Agreed, but I still think it would be cool if we orchestrators had decent support for ELF files. I’m pretty tired of creating all of these single-binary containers just because there’s no way to run binaries without taking on the full burden of managing one’s own hosts.
That’s a sensible requirement. How hard could it be for the hosting providers to detect an EXE / ELF file and just wrap it inside a stereotypical container? I’d think it’s something close to a five-line shell script.