1. 26

    This article doesn’t introduce anything new on the table, and it shrugs away security as “just use PGP” which is not a reasonable alternative. Why doesn’t anyone encrypted mails? Because PGP tooling sucks, it’s UX sucks and it doesn’t work as user friendly as for example signal/whatsapp/you name it.

    1. 12

      I’ve been training non-tech people on practical computer security. In the past couple of years we’ve switched from introducing PGP as a viable but very difficult/brittle option to just using it as an exercise to understand the ideas behind public-key cryptography and not strictly hierarchical trust models.

      Given how easy it is to accidentally downgrade the channel, using it for very sensitive information is just a bad idea. Email clients with PGP plugins etc. just aren’t a “reasonably safe by default” option.

      1. 7

        I agree. I find the “email is not private, so I don’t treat it as such” argument a bit moot. PGP is so easy to misuse that it nearly shouldn’t be seen as secure. Why try convincing people that the privacy story of email is okay instead of attempting to do better? :(

        1. 2

          Another problem with PGP and email are mobile devices. I do not want to download whole inbox to my phone, but I want to be able to search through them. With chats it is less of the problem, as I search history a lot less frequent than my email.

          1. 2

            That’s because the point of the article is not privacy; it’s spam, privacy and workflow management.

            1. -7

              PGP tooling is completely fine! You can’t just say something sucks without giving any reason for it!

              1. 15

                The first time I used PGP, I started by generating a key pair for myself and the first thing the program asked me was if I want to use Elliptic Curve Cryptography or RSA. Then it proceeded to ask for various details like key size and so on. At the time, I was either in the final year of my computer science degree or already obtained it, and there were some real head-scratchers among those questions. Is Elliptic Curve Cryptography really more secure? What is a good key length? Question over question. Now, if this is what the onboarding process feels like for someone who has spent a significant amount of their life studying computers, I cannot imagine what it feels like if you’re new to computers. There is no way the masses are going to use a tool that asks you deep cryptographic questions, some of which cannot even be answered by industry experts.

                PGP is fine in the sense that the software is robust and it works (though I’m really not a fan of the lack of perfect forward secrecy - I think it’s an issue that is hand-waved away far too often). But it’s not fine for people who just want to quickly connect without having to study cryptography - and that should be the target audience if you want widespread adoption.

            1. 18

              Email from a self-hosting perspective absolutely is, though. Absolute clusterfsck to try and configure.

              1. 10

                Configuration is one thing. Actually getting email delivered is another. I feel like you’re instantly on Google’s and Microsoft’s blacklist with your little server, marking all your messages as spam. It’s horrendous!

                1. 12

                  Email is now a cartel. Old thread about it.

                  tl;dr if you really want to die on that hill, start by choosing your VPS provider carefully…

                  1. 2

                    Damn, my VPS of choice is DigitalOcean and I have to tell people to maybe check their spam folder for my email. Annoying.

                    1. 1

                      I relay all my email from my VPS through my (personal) FastMail account, which is easy and works well enough. Thus far the volume is still well within my account limits, but if I go over them I’ll probably just use SendMail or whatnot.

                      You can probably do the same with gmail or other providers.

                  2. 2

                    I spent a few hours setting up DKIM and SPF, after which my emails were delivered to gmail addresses (haven’t checked ms, but I’ve heard they’re more lenient) without a hitch. Yes, it’s irksome to have to spend even that amount of time, but it’s not that much work.

                    1. 2

                      Microsoft often marks its official communications as spam (usually correctly :)) in my Office 365 account… With the cloud and hosts reusing IP addresses all the time the old spam-fighting methods simly do not work anymore (many were bad ideas even back then)

                      1. 1

                        DMARC can be painful to setup.

                        1. 0

                          It’s trivial what do you mean

                      2. 6

                        I don’t think this is related to the article’s content.

                        1. 5

                          I’m not sure I agree. Services like Mail in a Box and Mailcow make getting started a little simpler. Overall it is complicated, but email is a complicated system. Being complicated doesn’t mean it’s broken though.

                          1. 3

                            Which part is the most painful?

                            1. 3

                              I understand that email hosting used to be appalling and most of it still is but OpenSMTPD is actually really nice to use. I’ve chosen to write email apps over webapps for a couple things, e.g. self hosted instagram where I email photos from my phone to myself.

                              Just need OpenIMAP and OpenSpam and Open Everything Else and we are all good.

                              1. 1

                                Could you go into some more details about your OpenSMTPD based workflow? I’ve been thinking of building apps over email, but would love to hear about others’ usage.

                              2. -2

                                It’s really not that hard.

                              1. 1

                                I hate this proposal. It is not at all pythonic. Hiding isinstance checks with different syntax doesn’t mean they aren’t really there.

                                1. 1

                                  Please do not post stackexchange questions

                                  1. 2

                                    Why not?

                                  1. 12

                                    Imagine wasting such a huge portion of your interview asking about diversity, where of course ‘diversity’ just means ‘black Americans’ now. What a complete waste of time…

                                    1. 4

                                      Yet another pointless post making the same tired arguments against Go. “It isn’t Rust and therefore it is bad” repeated 50 times in a row is not novel. People wrote these posts years ago and the response from the Go community was clear: there’re tradeoffs and they aren’t interested in making them in this space. Not every language should be or wants to be like Rust. Go isn’t trying to cargo cult functional programming like Rust is.

                                      The author seems to completely ignore that it’s not bad design that you can do some work AND indicate an error. Why would that be bad design? That’s excellent design because it’s what actually happened! Rust makes it hard to represent partial success

                                      1. 9

                                        I think the article is more about highlighting the tradeoff. We all agree there is a tradeoff, so what’s wrong with highlighting it? There is also perception unlike those who design and implement Go, many who use Go is pretty unaware of the tradeoff. I was certainly unaware of this particular debug/pe bug.

                                        1. 3

                                          Rust doesn’t make it hard to represent partial success. You would just return a tuple similar to how you would in Go: fn do_stuff() -> (Option<Data>, Error). Working with that signature is certainly less ergonomic than working with a Result, but it’s not particularly hard. You don’t even strictly need the Option in a lot of cases, but I would include it to differentiate partial success and no success in the type system.

                                          1. 1

                                            You can also just return the same type as in Go, yes, but that somewhat defeats the purpose does it not?

                                            1. 4

                                              I don’t completely follow. The benefit I see is that I can tell via the type system that a function can only return data or an error by it using a Result and that a function can return data and an error via a tuple. It’s very hard for me to misuse the former, and the latter makes it clear that other states are possible. The fact that I would have just used a result if the function could only return data or an error communicates that the API has more possible outcomes to consider. In a public API, I would probably define an enum to explicitly declare all valid states:

                                              enum Fallible {
                                                Ok(Data),
                                                Part(Data, Error),
                                                Err(Error)
                                              }
                                              

                                              which is certainly more verbose, but I wouldn’t describe as ‘hard’.

                                              1. 1

                                                Yes, everyone agress there is benefit. Everyone also agrees there is cost, whether it is hard or verbose. Verbosity is also cost. Different people do value different things.

                                                1. 2

                                                  I didn’t claim there was no cost. I was just noting the narrow point that partial success in Rust is not particularly hard. I definitely agree the linked article did a poor job meaningfully engaging with the downsides of a more expressive type system.

                                              2. 3

                                                You have to explicitly encode this state, and it must be explicitly handled. It’s not like Go where you can be loosey-goosey in getting both then just doing as you want with it.

                                                1. 0

                                                  Yes and explicitly encoding it is just not worth the time or effort. It only very slightly reduces the chance of bugs for a lot more effort.

                                                  But again none of this discussion is new. It’s the same old religious language war between Go and Rust etc. All these points have been discussed to death.

                                                  I like being loosey goosey. You don’t. You can’t expect everyone to be like you.

                                            2. 1

                                              Rust makes it hard to represent partial success

                                              We embraced GraphQL at work, and now we’re faced with API responses on the form:

                                              {
                                                 data: { … }
                                                 error: { … }
                                              }
                                              

                                              It’s possible to get both data and error back at the same time – partial success. But who would use this?

                                              Maybe some people use lots of query/mutation batching so you send a bunch of things together? Or maybe for very specific data/error combos I could handle a partial success and make UI code that handles that specific situation.

                                              For the general case though, what do I do if I get data and error?

                                              I can’t shake the feeling that partial success makes more sense for server side API, or library author rather than consumer of that API/lib.

                                              1. 1

                                                I’m not really thinking about web API stuff but about things like reading from files on USB sticks that are pulled halfway through for example.

                                            1. 53

                                              Yeah, I wrote some of the worst code of my entire life in the two years after reading Clean Code. I kept adding more and more functions into my code at different layers, and it made my code into a mess with way too much indirection for relatively simple problems. When reading back through the code months later, I would be hard-pressed to figure out where modifications needed to be made, and had to walk back a lot of my design decisions. Pretty embarrassing.

                                              It reached a breaking point when I went back to a previous project to ship something for a client months later, and every single file I had written had been thrown out because the senior developer on the project was sick of having to deal with it. I felt humiliated and spiteful, and then I grew from the experience a bunch.

                                              Lately I’ve been following the idea from Casey Muratori’s Semantic Compression post a bit, mainly this little tidbit:

                                              Like a good compressor, I don’t reuse anything until I have at least two instances of it occurring. Many programmers don’t understand how important this is, and try to write “reusable” code right off the bat, but that is probably one of the biggest mistakes you can make. My mantra is, “make your code usable before you try to make it reusable”.’

                                              It seems obvious, but it’s been helpful for me to avoid abstractions until I have a better sense of where the code is going (and usually only two instances of some code is too small a number for that).

                                              Making functions when you have obvious inputs and outputs can be nice too, although it can be more difficult when writing graphics code, which tends to be pretty stateful (part of the motivation for Carmack’s post in defense of inlined code).

                                              1. 12

                                                When reading back through the code months later, I would be hard-pressed to figure out where modifications needed to be made, and had to walk back a lot of my design decisions. Pretty embarrassing.

                                                This is such a good point. Code written in that style isn’t even read only it’s write only. All you can ever seem to do to change how any of it works is to delete swathes of code and write more because all the functionality is implemented in the form of class relationships rather than simple logic.

                                                Like a good compressor, I don’t reuse anything until I have at least two instances of it occurring.

                                                Very much agree with this too.

                                                1. 6

                                                  make your code usable before you try to make it reusable

                                                  Thanks for the Semantic Compression recommendation, and this quote in particular. I think I’ll get a lot of mileage out of this concept.

                                                  1. 2

                                                    I had a similar experience. Clean code rules are great to get you thinking about this subject, and actually get you to start experimenting with making maintainable code. But your first experiments will always end up very bad, no matter how many books you read on the subject. Only experience with your old code will teach you how to write better code.

                                                    1. 1

                                                      Wow, I came to the same conclusion of Semantic Compression just naturally. After awhile you realize how wasteful you’ve been codewise and adapt a better way of thinking.

                                                    1. 5

                                                      Haven’t watched yet, but I don’t think that we are. Going to watch the vid shorly! =]

                                                      Some of us are artists, some another flavor of assembly line worker. I think the first do it for a reason of passion for software while the second are only interested in making a living.

                                                      Think about how the day feels to you. Do you really feel like you’re doing any real engineering when you’re writing software? I’d be surprised if so.

                                                      1. 8

                                                        Having worked alongside and very closely with mechanical, electrical, and chemical engineers, I would say that yes, writing software is an engineering discipline as well. The similarities are pretty striking in terms of problem decomposition, modularity, planning, creativity, and so on. Engineering is about building something from nothing, which all these fields have in common.

                                                        1. 3

                                                          I think that based on your analysis, most artists are engineers too.

                                                          In my opinion, creating something from nothing is art, not necessarily engineering. Also, most software “engineers” maintain things that already exist. They aren’t creating something from nothing.

                                                          1. 3

                                                            I think that based on your analysis, most artists are engineers too.

                                                            Not sure I would jump all the way there, but they do have some things in common. Engineering also involves all the things that I listed in the previous sentence.

                                                            Also, most software “engineers” maintain things that already exist. They aren’t creating something from nothing.

                                                            Have you worked with any mechanical, electrical, civil, or any other of the traditional engineers? It’s at least 10x worse for them. How many bridges are designed from scratch vs an iteration of a previous design? How many EEs do something more than mix and match pre-existing circuits? And so on.

                                                            1. 3

                                                              How many bridges are designed from scratch vs an iteration of a previous design?

                                                              Writing a program is like building a bridge not like designing a bridge. Designing a bridge is like coming up with a new algorithm or improving an old one.

                                                              1. 1

                                                                Writing a program is like building a bridge not like designing a bridge.

                                                                I think this analogy is poor. If pressed to tell you what software process was like “building a bridge”, I would say installing software on a server - and we’ve gotten very good at making that fast and easy.

                                                                1. 2

                                                                  Both analogies partly work and partly don’t. That’s why I made such an effort to talk to people with firsthand experience in both sides of the discussion.

                                                        2. 2

                                                          I like this, I’ve always thought of myself of an artist.

                                                        1. 3

                                                          Thanks for sharing this. I found it really interesting. Before watching, I’d have probably said that I do believe the disciplines have certain things in common but that I think I’m more like a writer or a sculptor than an engineer.

                                                          This caught my attention in particular:

                                                          software is much (much much much …) more consistent than any other kind of engineering

                                                          It took me by surprise. I’d have said that environmental variability is so high with software that it breaks the consistency. The resistor example in the video feels like moving from one version of a compiler or library to another. The bugs that pop up due to environmental inconsistencies feel much more variable (I think) than resistor tolerances.

                                                          1. 2

                                                            Changing dependencies is changing your code. All the code you run is your code. It isn’t your environment. You are responsible for it, all of it.

                                                            1. 2

                                                              That is nice when it is true, but unfortunately sometimes you have to use tools and libraries that are part of a platform you don’t control. This is particularly common if you want to use the default app store on most consumer mobile devices.

                                                              When I use things like Apple’s keychain, for instance, I consider that my environment as opposed to my code; I can’t change it. And it used to feel like they broke something there in every release of the platform. I don’t know if that’s specific one is still a frequent source of pain as I don’t need to work much with that these days, but it used to be. That’s a prominent example of an aspect of software that feels less consistent to me than, say, resistor tolerances.

                                                          1. 4

                                                            Who would say no besides people who think that ‘engineer’ is a protected word that only applies to special people (themselves included of course) in their special club?

                                                            You use some solidified math to solve some problem? That’s engineering.

                                                            Fixing your neighbour’s bike is engineering. But some people would only call you a mechanic because you got your hands dirty.

                                                            This whole thing is just a semantic and status game. Not really worth your time, unless you enjoy it of course.

                                                            1. 5

                                                              Who would say no besides people who think that ‘engineer’ is a protected word that only applies to special people (themselves included of course) in their special club?

                                                              Among other things, it is the law of the land in Canada that “engineer is a protected word that only applies to special people.”

                                                              1. 4

                                                                You use some solidified math to solve some problem? That’s engineering.

                                                                My parents are mathematicians and physicists. I am an engineer. All of us use mathematics to solve (practical) problems. However, we think so differently that I can ensure you they are not engineers.

                                                                Fixing your neighbour’s bike is engineering. But some people would only call you a mechanic because you got your hands dirty.

                                                                I don’t believe it is. And that is why a brick layer is called a brick layer, not a civil engineer.

                                                                I find very easy to recognise an “engineer attitude”, but very difficult to define it.

                                                                I would say that engineers design efficient solutions using pre-existing scientific and mathematical theories, limited by certain constraints (usually the triplet quality–price–time).

                                                                That is the closest definition I can give to engineers.

                                                                1. -1

                                                                  I am an engineer.

                                                                  And that is why a brick layer is called a brick layer,

                                                                  Seems like a standard case of a special member of the special member club gatekeeping his specialness to me.

                                                                  1. 7

                                                                    It’s a standard case of trying to let a word keep its meaning as opposed to redefining it to be applicable to so many things that it becomes useless and a new word needs to be invented to describe the things a civil engineer does that a brick layer doesn’t.

                                                                    Otherwise a bricklayer is also a scientist, an educator, an artist, a manager, a leader, a <insert other general word people use to describe aspects specific to their kind of job>.

                                                                    1. 7

                                                                      I am disappointed that you had to take two of my sentences, take them out of context to defend your standpoint.

                                                                      So I will tell you why a brick layer is different from an engineer, and why on engineering course we had to layer bricks.

                                                                      Let’s take the civil engineering example. An engineer computes the theoretical forces over every part of the structure, evaluates which materials are able to sustain such stress and make sure that even additional and unexpected stress won’t tear down the structure (using the famous “security factor” in the computation). It is a knowledge work and has certain responsibilities attach to it: for example, if a bridge falls down and a single person dies, the responsible engineer is prosecuted for manslaughter (back in my country, at least).

                                                                      The brick layers, on the other hand, execute a skill work, in which their abilities comes less from acquired formal knowledge and much more from experience, and they are required to provide different guarantees, such as straight walls, proportion of sand and cement, properly spacing steel beams and so on. However, if the bridge falls, as a consequence or not of their job, they are not prosecuted for manslaughter; in fact, they are protected by law by a “shield” called engineer.

                                                                      This difference was engrained at us in university years so we would deeply understand the responsibilities of our profession.

                                                                      And, curiously, we also had classes where we would layer bricks and, afterwards, go to the lab to stress our little walls. From that particular class, I remember the professor tested our walls against the ones made by professional brick layers: all of ours collapsed easily, while the professional ones standed for the stress test. In the end, we got a lesson on trusting and respecting experienced brick layers and to stick to our expertise, but to understand our peers’ work.

                                                                      Therefore, it is fallacious to say an engineer is simply a title and there is no difference between an engineer and a bricklayer. It is as silly as saying as a pilot and a flight assistant are no different because both work at a flying plane.

                                                                      If your intention is to be politically correct, then let’s continue being correct and do not change meaning of words just to fix social injustices: let’s, instead, do as my aforementioned professor and show that we should respect the different types of jobs and, above it all, the symbiosis of them that makes a final product every body involved is proud of.

                                                                      There is no reason to call a mouse a cat so you can protect the mouse.


                                                                      My final remark: I felt unnecessarily disrespected by your suggestion that I belong to some sort of elite and trying to defend my privilege, especially because we never exchanged communications and because your quoted me in a convenient order to support your prejudice of me.

                                                                      Please, I ask you to stop for a minute next time you feel this urge to attack someone with different ideas from you and evaluate the person’s ideas instead of drawing and stating premature conclusions that might spoil the person’s day: you seem like someone that cares about equality and respect among people.

                                                                      1. 2

                                                                        Your arguments are basically 2 points. 1. Engineers use “formal knowledge”. 2. Engineers are liable for damage.

                                                                        For the first point, bricklayers have knowledge too. As stated by you. There’s no reason the knowledge of how to calculate forces should be privileged over the knowledge of how to lay bricks. For point 2, that is a legal issue. I don’t think words change their meaning based on how a legal system assigns liability.

                                                                        So I don’t see how any of these would qualify an ‘engineer’ as special.

                                                                        1. 2

                                                                          I have to disagree with you, again.

                                                                          For the first point, bricklayers have knowledge too. As stated by you. There’s no reason the knowledge of how to calculate forces should be privileged over the knowledge of how to lay bricks.

                                                                          Physicists use the same formal knowledge as civil engineers: mechanics and mathematics. Still, they have different professional names because they address problems differently.

                                                                          But my first answer to you was

                                                                          I would say that engineers design efficient solutions using pre-existing scientific and mathematical theories, limited by certain constraints (usually the triplet quality–price–time).

                                                                          And that is what differs the work done by an engineer from a bricklayer: the focus (i.e. spent most of its professional time) of the former is design using formal knowledge, while the latter focus on building a given design using acquired skill.

                                                                          (It doesn’t mean a bricklayer is forbid to design, but his design is most likely to lack the formal methodology applied in an engineer’s design.)

                                                                          So, in my perspective, what people call software architect is, actually, closer to a software engineer. And most people tend to call software engineer is simply a software developer.

                                                                          For point 2, that is a legal issue. I don’t think words change their meaning based on how a legal system assigns liability.

                                                                          I have to disagree with you: murder seems different from manslaughter even though in both cases a citizen killed the other. But the legal system names, judges and sentence people differently on name of the crime.

                                                                          So I don’t see how any of these would qualify an ‘engineer’ as special.

                                                                          It is so because of internal values. But if we compare “physician” to “nurse” (or, even stretchier, a “shaman”), or “pilot” to “steward”, then I think your internal values tend to disagree with your own statements.

                                                                          1. 1

                                                                            the focus (i.e. spent most of its professional time) of the former is design using formal knowledge

                                                                            An engineer once was asked to design a circuit. he looked up the reference design from the chip vendor, and copy and pasted.

                                                                            Was he engineering here? What formal knowledge and technique did he use?

                                                                            murder seems different from manslaughter

                                                                            This argument is basically “people in legal professions treat legally distinct catergories distinctly”. It doesnt prove much. Manslaughter is a legal term. People don’t use them generally.

                                                                            It is so because of internal values. But if we compare “physician” to “nurse” (or, even stretchier, a “shaman”), or “pilot” to “steward”, then I think your internal values tend to disagree with your own statements.

                                                                            You need to improve your mindreading skill. Pilots fly the plane, stewards don’t. Physicians and nurses are much more similar.

                                                                            1. 4

                                                                              Firstly, I would like to say that I like this discussion with you (when there is no personal attack): we have different points-of-view, and we keep pushing the discussion further.

                                                                              An engineer once was asked to design a circuit. he looked up the reference design from the chip vendor, and copy and pasted.

                                                                              Was he engineering here? What formal knowledge and technique did he use?

                                                                              By your statement, I will take a wild guess and assume you are not a hardware or electrical engineer.

                                                                              Hardware design is not simply putting elements in a board. Hardware design involves, among so many things:

                                                                              • choosing the correct components based on the constraints of the project, both technical, spatial, financial and time;
                                                                              • impedance matching among components;
                                                                              • electro-magnetic compatibility on the wiring and components;
                                                                              • thermal and power analysis of the design; and so on…

                                                                              Of the four tasks above, I would say the first one is that with the least amount of formal knowledge and relies mostly on skills. The other three heavily rely on formal knowledge (Physics).

                                                                              But back to your example, that is an attitude I could expect from an amateur hardware designer, a university student or, even, a junior engineer under supervision. Not from a professional engineer, in a professional environment: that is not what an engineer is expect to do, as I showed you by the small list of tasks when designing hardware.

                                                                              Pilots fly the plane, stewards don’t.

                                                                              That is the point I am trying to make, but on engineering: engineers design; builders build. And those are distinct activities.

                                                                              Physicians and nurses are much more similar.

                                                                              OK, we have a concept we converge.

                                                                              So, in your opinion, does it make sense to have a separate word for physicians and nurses? Does it make sense to you that physician is a protect word, associated with an union and have certain legal responsibilities? Do you see people calling nurses, midwives, physicians and surgeons all by the same word, “physician”? (Technically surgeons are physicians, but that is fine.)

                                                                              Clearly there are overlaps among all these professions but, to me, the core function of their job is different. And I would say that is clearer when comparing midwives to obstetrician: both deeply understand about pregnancy and are able to handle most cases of pregnancy, from the conception to the birth; however, that certain cases, formal knowledge (acquired in medicine school) is necessary to do the job properly.

                                                                              That is what I have been taught and daily observe about (software, but also other) engineering: frequently there is an overlap between programmers, architects and engineers but, at (a good amount of) times, more specialised and formal knowledge (and mindset) is necessary to address some of the technical challenges of the project.

                                                                              And, to me, that justifies the existence of the special university degree (engineering) and profession (engineer).

                                                                              1. 1

                                                                                So, in your opinion, does it make sense to have a separate word for physicians and nurses?

                                                                                Sure.

                                                                                Does it make sense to you that physician is a protect word, associated with an union and have certain legal responsibilities?

                                                                                no

                                                                                Do you see people calling nurses, midwives, physicians and surgeons all by the same word, “physician”?

                                                                                I go by the humpty dumpty rule of language usage. Words mean what you want them to mean. For communication, you simply have to make sure the other party knows your definition.

                                                                                By your statement, I will take a wild guess and assume you are not a hardware or electrical engineer.

                                                                                You are deflecting here. You are not addressing the scenario I presented, and instead restated your definition.

                                                                  2. 3

                                                                    people who think that ‘engineer’ is a protected word that only applies to special people (themselves included of course) in their special club?

                                                                    That’s the legal and universally acknowledged definition of the word.

                                                                    You also can’t go around calling yourself a lawyer without being in the special club. I don’t imagine you have a problem with that.

                                                                    You use some solidified math to solve some problem? That’s engineering.

                                                                    Not what it means or has ever meant.

                                                                  1. 101

                                                                    I don’t know whether it’s appropriate to make this meta point here, or if it should be a separate thread. Defaulting to here, feel free to tell me it should’ve been a meta post.

                                                                    This post is being down-voted as off-topic because it mentions race and gender, but that’s just people pushing a political viewpoint. Posts about hiring practices and salaries are considered on-topic, and so posts about who gets hired by tech companies are also on topic.

                                                                    To confirm this, I did searches on “hiring”, “salary”, “compensation”, “ageism”, “age discrimination”, and clicked a bunch of links. I generally avoided stories that had only 1-3 upvotes, though I wasn’t completely systematic (I looked at titles to guess whether they were relevant to the title, and clicked through to the articles to confirm relevance–a few had side-notes like “I won’t talk about sexism/ageism” which I treated as not being on topic). I did not find more than 1 off-topic vote on any story.

                                                                    My conclusion is that a significant subset of lobsters are happy to discuss how hiring should work, what effective hiring practices look like, how pay should be determined, etc, including age discrimination, but view any discussion of how race or gender affects that process as unacceptable. This is cowardly and intellectually dishonest.

                                                                    Recruiting/Hiring Compensation Ageism Misc
                                                                    1. 31

                                                                      Thanks for doing this research to make your point, I think it’s the one of the best ways to advance meta conversations. (Also an excuse for me to remind that I’ll run queries so we can build these shared understandings.)

                                                                      1. 7

                                                                        One thing to consider is that almost all of your examples have either the “culture” or “practices” tag. People who would have down-voted these stories as “Off-Topic” might have actually hidden these tags. I know I’m one of these people (I’ve only discovered the story we’re currently discussing because someone pointed me to it out of band).

                                                                        It would be interesting if @pushcx could run statistics on the most hidden tags. I wouldn’t be surprised if “culture” and “practices” are the most hidden ones.

                                                                        1. 9

                                                                          I think that’s reading too much in to it. Something hiring practices is mostly just about hiring and doesn’t touch all that much on politics, whereas this is a broad political topic (which also affects hiring, among many other things). Something like compensation also touches on politics, but significantly less so.

                                                                          Additionally – and perhaps more importantly – this is also a topic that has been discussed … a lot, and that is also highly controversial. I think a lot of people are just tired of it, and even tired of the discussions which generally don’t really seem to go anywhere and pretty much always have the same arguments that we’ve all seem 20 times already.

                                                                          In all honesty, I think your reply is kind of an example of that: you’re trying to guess what people’s intentions are with their downvotes and sling out accusations and insults. It’s not really a very productive kind of discussion. Perhaps it’s correct for a few downvotes, but are you sure it’s for all of them (or even any of them?)

                                                                          1. 15

                                                                            I think there’s a key point here - a topic being political doesn’t disqualify it from being also technical or relevant to professional practices like hiring. Is the bar for lobste.rs that content be technical, or that it be non-political?

                                                                            It seems like a misuse of the off-topic tag to flag discussions readers are tired of or which have been had often before. Requesting a politics tag so it can be filtered may be more appropriate.

                                                                            1. 10

                                                                              a topic being political doesn’t disqualify it from being also technical or relevant to professional practices like hiring

                                                                              I agree, and I’m actually in favour of a broad and lax interpretation of the “no politics” rule (more so than the current interpretation). I don’t have a problem with this story (I even upvoted it), or a discussion about whether or not the off-topic flags are appropriate. It’s just the “you’re being cowardly”-stuff that I don’t like, as people may very well have valid other “non-coward” reasons to flag.

                                                                              1. 7

                                                                                I’m personally against political content on lobste.rs because I think that, despite the undeniable importance of the discussions this article means to engender, politics overwhelms technical content and attracts people with nothing to say about technology but lots of awful opinions. A politics tag is not going to stem the cultural change that implies. I have an image of a eugenicist hellscape that used to be a tech news aggregator, and I’m scared of it.

                                                                                1. 2

                                                                                  As someone engaging in both of these kinds of arguments, I cannot see this effect. I see people who don’t engage with topics they consider political for lack of interest (I’m fine with that), but I have a hard time coming up with a particular person that does the reverse.

                                                                                  1. 8

                                                                                    I see people who don’t engage with topics they consider political for lack of interest

                                                                                    How do you know it’s for lack of interest? That’s certainly not why I typically don’t engage in “political” topics. I mostly stopped, many many years ago, for a few reasons:

                                                                                    • It’s nearly impossible to have meaningful political discussions online because everyone is so embedded in their tribe.
                                                                                    • I have grown more and more fearful of expressing opinions against the zeitgeist. @friendlysock said it really well in this thread and I fully agree with him.
                                                                                    • I got frustrated because every time I had a political discussion, it just went in circles.
                                                                                    • Even people, like Scott Alexander, who dedicate their intellect (far superior to mine) and enormous portions of their time, have eventually succumbed to the Wrath of the Internet.

                                                                                    Overall, discussing politics had a dramatic impact on both my own personal well being and of the people around me.

                                                                                    In every forum the discusses “politics,” with perhaps maybe a couple exceptions, it’s been a complete and total shit show. And that includes forums that loosely match my own politics.

                                                                                    There are significant reasons for not discussing politics outside of a desire to maintain the status quo. I don’t like the status quo, even though I’ve benefited from it. I’d love to see oodles of things change. Making some forums have “no politics” rules seems perfectly in line with that. Political discussion doesn’t need to happen everywhere.

                                                                                    N.B. I use the word “politics” above in a narrow scope, and I do not mean “literally any action.”

                                                                                    1. 5

                                                                                      Making some forums have “no politics” rules seems perfectly in line with that. Political discussion doesn’t need to happen everywhere.

                                                                                      The difficulty here is that many forums with no politics rules find it hard to apply those rules evenly over the political spectrum: someone posts something with a political undertone or implication which is in line with the political preference on that forum. This post is left alone. When someone replies to the political aspects of the post in a way which does not align with the politics favoured on that forum the reply is ‘no politics’ and the post is moderated or voted down. I’ve seen this happen fairly often on the orange site.

                                                                                      1. 2

                                                                                        Yup. Enforcing it fairly and evenly is pretty difficult, if not impossible. I’ve moderated various things over the years, so I really understand how difficult it is. But the alternative is just so much worse IMO. You can’t escape the Overton window.

                                                                                        I’ve found that just being transparent, and at least making an effort to be even handed, goes a long way. But that doesn’t work every time either.

                                                                                        It’s a process.

                                                                                      2. 2

                                                                                        I was a little imprecise there (reminder in the future: don’t post with 2 hours of sleep in 36 hours). I’ll try to salvage that: first of all lets replace “lack of interest” with “lack of engagement for whatever reason”.

                                                                                        I don’t agree with your statements there.

                                                                                        It’s nearly impossible to have meaningful political discussions online because everyone is so embedded in their tribe.

                                                                                        I disagree there, strongly. The internet has challenges for debate, especially due to it’s nature of not being able to quit a debate. Still, it gives a wide variety of viewpoints.

                                                                                        I have an equal distaste for politics discussions as I have for many tech discussions. Arguments are often absolute and tribalism in tech is extremely strong. Naming dissenting opinions like “Rust could learn a bit from Java” easily gets you flamed down.

                                                                                        The lure of politics is that everyone feels entitled to speak of it, even if they are rarely practitioners or literally have no experience with the problem at hand. For example, I rarely talk about community management and running conferences with random people because they’ve grown very accustomed to ignoring the pragmatics. And not talking about structural problems makes it impossible for hackers to fix them.

                                                                                        I’ll give you an example of both: I had very good conversations with people questioning if projects like “Rails Girls” actually reach their goal of bringing more women into Rails development. This is a fair challenge and one I and other organisers can answer on many levels. I have terrible conversations with people who start by asking why CoderDojos (a project that offers hacking meetups for kids) is not open to adults. The absurdity knows no bounds.

                                                                                        The other problem is that people obviously flaming a debate with the very first post, which makes any start of a good debate impossible. I’m totally into the right of moderators to close bad discussions down, or calling people out for being obviously just in for the fist fight. I think it isn’t done often enough.

                                                                                        And yet, on this very platform, I had many pleasing conversations.

                                                                                        I regularly frequent non-tech venues (gaming and music boards) and similar issues exist, but boards are often more tightly and better moderated, with moderators having a much better lingo for that moderation.

                                                                                        I also believe that the discussion techniques we are tought are for person to person discussion and new ones should be derived for online debates (such as: checking for peoples locale before assuming they are in silicon valley, as a I frequently experience when people tell me that Germans wouldn’t hold that opinion…).

                                                                                        I have grown more and more fearful of expressing opinions against the zeitgeist. @friendlysock said it really well in this thread and I fully agree with him.

                                                                                        But this is commonplace and has always been the case in hacker communites. There’s a huge strive for consistency in them. I’ll give an example: I believe that the hacker communities are fighting a losing war on many fronts because there’s certain sacred opinions. I have a number of opinions I usually hold back (e.g. that E2E encryption is not always necessary or that the belief the hackers do not work for the military or the secret service is mistaken).

                                                                                        Also, all hacker circles often pose as having a unified ethos, a problem for example visible in the very common belief, that the military using open source is not its original intention. Nothing could be further from the truth and some of the important figures in the early times of our community are hardcore pro-military.

                                                                                        I got frustrated because every time I had a political discussion, it just went in circles.

                                                                                        I appreciate that you have this experience, though mine differs.

                                                                                        Even people, like Scott Alexander, who dedicate their intellect (far superior to mine) and enormous portions of their time, have eventually succumbed to the Wrath of the Internet.

                                                                                        Scott Alexander succumbed to the NY Times for wanting to publish his name. I don’t condone this practice, but I don’t feel like the relevance to this debate.

                                                                                        In my point of view, we are paying down the cost of trying to keep politics out of hacker discussion boards. Shielding it off leads to two problems: lack of ability to have productive discussions (no training) and lack of engagement rules for them. Also, it leads to a very biased decision on what is political or not. Even just presenting a statistic can be considered a political act, depending on the subject, even if its method and analysis are technically interesting.

                                                                                        I would even go as far and say that the FOSS and Open Source communities are inherently exploitable by avoiding or not having found a path for discussions and thinking about its politics - absurdly, by people who understand the mechanics of politics.

                                                                                        This is the reason why I have a very liberal view on this topic: I appreciate that some people don’t like politics posts here, but I still see no evidence that they in any way impact the viability or usefulness of a platform where it’s also easy to just click the link above or below it.

                                                                                        P.S.: I want to keep this out of the main post, but I can’t help that if I notice that when thinking of “Person I have dissenting opinions with but like to argue over the internet”, “burntsushi” is definitely a name that pops up.

                                                                                        1. 4

                                                                                          I was a little imprecise there (reminder in the future: don’t post with 2 hours of sleep in 36 hours). I’ll try to salvage that: first of all lets replace “lack of interest” with “lack of engagement for whatever reason”.

                                                                                          Ah I see. I guess my comment could then be re-interpreted as, “the reasons for my lack of engagement are pretty unfortunate and may provide some insight into why a ‘no politics’ rule is useful.”

                                                                                          There are some things you’re saying that I agree with, and some I disagree with. I think the biggest thing I disagree with in your comment is the—what appears to be—equivalency you’re drawing between “political” discussion and hacker culture. I think a number of statements in your comment seem to be implying that, with this one in particular:

                                                                                          But this is commonplace and has always been the case in hacker communites. There’s a huge strive for consistency in them. I’ll give an example: I believe that the hacker communities are fighting a losing war on many fronts because there’s certain sacred opinions. I have a number of opinions I usually hold back (e.g. that E2E encryption is not always necessary or that the belief the hackers do not work for the military or the secret service is mistaken).

                                                                                          Where “this” in “this is commonplace” is, I think, referring to my fear of expressing opinions against the zeitgeist. When it comes to hacker culture, I don’t really have the same kind of fear about expressing contrary technical opinions, despite the fact that hacker culture obviously has its religious zealots and things can get pretty heated.

                                                                                          Maybe me being more clear would be productive. I’m not too afraid of getting shouted down by hackers over differing technical opinions. Similarly, I’m also not too afraid of getting shouted down for having political opinions that differ from the zeitgeist. What I’m afraid of is getting doxxed, and that having real consequences on my life and ability to help support my family. This kind of thing happens pretty regularly in the realm of politics (I can think of several examples off the top of my head), but is comparatively more rare in hacker culture. I’m guessing here, but the disparity is likely rooted in the exact point that you brought up: “The lure of politics is that everyone feels entitled to speak of it.”

                                                                                          Maybe the underlying mechanisms of tribes themselves are similar when comparing hacker culture and political divisiveness, but the stakes and degree of severity are absolutely not. That changes things. It adds an intensity to the discussions, and that’s what fundamentally drives my fear.

                                                                                          Scott Alexander succumbed to the NY Times for wanting to publish his name. I don’t condone this practice, but I don’t feel like the relevance to this debate.

                                                                                          The act of publishing his name is not the Wrath I was alluding to. One needs only question why he doesn’t want his name published. Part of it is because it would be bad for his medical practice (and that’s not relevant to this discussion), but the other part of it is that he believes he would be doxxed. And that is relevant to this discussion, because it is deeply interwoven with the exact same reasons why I have largely stopped discussing politics on the Internet.

                                                                                          I used to discuss politics on the Internet many years ago. It sounds like you’ve found a way to do it that strikes a balance, but I couldn’t. And to be honest, I don’t really see how I could. (Please keep in mind that fear is not the only reason I stopped, but it is the one I’m focusing on in this comment, because I think it’s the best way to point out the difference between hacker culture and general politics.)

                                                                                          This is the reason why I have a very liberal view on this topic: I appreciate that some people don’t like politics posts here, but I still see no evidence that they in any way impact the viability or usefulness of a platform where it’s also easy to just click the link above or below it.

                                                                                          I’ve never really bought this sort of thinking to be honest. It just seems like it ignores the fact that it seeps into many conversations, and just flat out ignoring it is hard. I’ve thought about leaving lobsters, in part, at least a few times because of it. (To be clear, I’ve thought about leaving not just because of the politics that seeps into lobsters, but also because of the bad faith technical discussion that is tolerated here.)

                                                                                          P.S.: I want to keep this out of the main post, but I can’t help that if I notice that when thinking of “Person I have dissenting opinions with but like to argue over the internet”, “burntsushi” is definitely a name that pops up.

                                                                                          :-)

                                                                                      3. 1

                                                                                        What is the reverse, sorry?

                                                                                2. 2

                                                                                  view any discussion of how race or gender affects that process as unacceptable. This is cowardly and intellectually dishonest.

                                                                                  There is no technical content in this post do I flagged it. I will continue to flag posts with no technical content.

                                                                                  1. 27

                                                                                    Most of your posts are technical, but I also see:

                                                                                    I do not believe there is any obvious definition of “technical” (certainly not any agreed upon one) that divides things this way.

                                                                                    1. 2

                                                                                      the author’s personal experience maintaining an open source project

                                                                                      Clearly had technical content.

                                                                                      comment thread

                                                                                      And thus not relevant at all to this discussion… Comment threads drift in how on topic they are and that’s accepted and normal on forums.

                                                                                      In comparison, spamming a technical forum with highly politicised and totally non-technical submissions isn’t acceptable at all

                                                                                1. 1

                                                                                  This is super refreshing to read. I think the trend towards self hosting, Linux from Scratch, and designing your own processors, motherboards, and firmware are all fascinating and laudable pursuits, but there is value for many people in being able to treat infrastructure as composable building blocks.

                                                                                  1. 2

                                                                                    I would say those are orthogonal issues.

                                                                                    • Control vs. outsourcing
                                                                                    • proprietary vs. open source
                                                                                    • composable vs. ???

                                                                                    In other words people don’t self-host because they want something “noncomposable”. And open source stuff is usually more composable anyway, so I’m not sure what you’re getting at.

                                                                                    They self-host because they want control (and sometimes cost, which may or may not be accurate etc.)

                                                                                    1. 2

                                                                                      n other words people don’t self-host because they want something “noncomposable”. And open source stuff is usually more composable anyway, so I’m not sure what you’re getting at.

                                                                                      I’m getting at the value of helpful abstractions that allow people who would not otherwise be able to to build complex and interesting systems.

                                                                                      Have you ever run an ElasticSearch cluster? It’s not easy and it’s REALLY easy to think you can and lose all your data.

                                                                                      A managed service not only encapsulates ease of installation but also best practice around operational safety, backups, etc.

                                                                                      1. 1

                                                                                        Sure, that is a reasonable opinion… but I have trouble getting there from the original comment. Whether ElasticSearch is hosted or not doesn’t affect “composability”

                                                                                        1. 3

                                                                                          You’re right that was a poor choice of words. I’ll try to think up the perfect turn of phrase.

                                                                                          1. 1

                                                                                            I think it may come down to containerization or not. For better or worse, containers are more composable because the state is more isolated.

                                                                                            Hosted services are also isolated in that you can’t peek inside (again, for better or worse). But it seems like most people are self-hosting with containers these days. There’s a spectrum.

                                                                                            I agree composability is a desirable property but I aim to achieve that without relying on too many cloud services. I guess one way to do that is to only use cloud services with commodity interfaces, e.g. web hosting, SQL, etc. Rather than services which there is only of like BigQuery, etc.

                                                                                            1. 2

                                                                                              Containerization is one useful abstraction that can definitely help people achieve solutions quickly, but depending on the nature and operational characteristics of the system being containerized, that abstraction only gets you one step of the way towards solving your problem.

                                                                                              I’m sure there’s an ElasticSearch container, but will that help you understand how to operate it with 100% confidence when you can lose your entire data set if you unintentionally perform certain operations when you don’t have sufficient quorum?

                                                                                    2. 2

                                                                                      I think that’s a pretty ridiculous take. Nobody is proposing you should build your own operating system just that you can’t build a business just gluing other people’s products together.

                                                                                      1. 2

                                                                                        I think your response is also a straw man. For most software businesses, the value is not in having their own high-availability DB setup or load balancer or any of the other things that the big IaaS providers provide, but in the application that they develop on top of those services.

                                                                                        1. 2

                                                                                          I think the trend towards self hosting, Linux from Scratch, and designing your own processors, motherboards, and firmware

                                                                                          This is the straw man. :)

                                                                                          For most software businesses, the value is not in having their own high-availability DB setup or load balancer or any of the other things that the big IaaS providers provide, but in the application that they develop on top of those services.

                                                                                          Nobody is saying make your own load balancer, but RUN your own load balancer.

                                                                                          1. 1

                                                                                            But even just running your own load balancer, replicated DB, etc. has a cost that can often be better spent focusing on the application itself.

                                                                                        2. 1

                                                                                          I was using an extreme case to illustrate a point.

                                                                                          Wow the negativity bias around this topic is stunning :)

                                                                                          1. 2

                                                                                            The major providers are / are bound up in entities that exercise power on the scale of nation-states, and an unfathomable number of lives are affected by how their eating of the entire economic possibility space plays out. Meanwhile, it slowly begins to dawn on much of the heretofore quite privileged technical class that their lives are just as contingent and their livelihoods will not be spared once the machinery they’ve helped build finishes solving for the problem of their necessity.

                                                                                            So, like, of course there are negative feelings.

                                                                                            1. 1

                                                                                              You’ve invented quite the end game for yourself there!

                                                                                              Will there be job reductions and resultant economic pain as a result of the move away from the data center and towards more cloud/managed services? Hell yes there will be!

                                                                                              But those who want to work in this business will find ways to adapt and continue to add value.

                                                                                              I’ve been working in technology for ~32 years. This doesn’t make me magical or omniscient or even smart but what it does make me is a witness to several waves of seismic change.

                                                                                              I came into the job market in the early 90s when DEC was imploding, PCs were ascendant, and the large expensive workstations vendors were dead companies walking but didn’t realize it yet.

                                                                                              Everyone thought the world would end and we’d all be out of work too.

                                                                                              Will it be hard? Yes. Will there be a lot of people who can’t or don’t want to adapt and will be left behind? Undoubtedly. Is that bad? Yes. However it’s the way our industry works and has since its inception.

                                                                                              We are all turning the crank that drives the flywheel of increased automation, whether we administer our own database clusters or not. The move to managed and cloud definitely represents a notable pinch point, and we’ll see how painful the transition will be, but it’s one paradigm shift in an industry that creates paradigm shifts for a living.

                                                                                              I’ve actually thought for a while that in the longer term, as compute at scale becomes quite a bit smaller and even cheaper, we could see a move back away from cloud because when you can host your company’s compute cluster in a cube the size of a printer and we have algorithms that can encode and enact services at scale in an operationally safe way, the value cloud adds will dwindle.

                                                                                              I love my job, and I love this industry, and plan to continue playing in this pool until I die, whether someone’s willing to pay me for it or not.

                                                                                              I assert that the constant negativity many of us exhibit is neither necessary nor desirable and represents a kind of immaturity that we will eventually grow out of as our industry continues to mainstream.

                                                                                              We’ll see.

                                                                                              1. 1

                                                                                                However it’s the way our industry works and has since its inception.

                                                                                                I’d gently suggest this is sort of an admission that it’s not an endgame I’ve invented.

                                                                                                I’ve actually thought for a while that in the longer term, as compute at scale becomes quite a bit smaller and even cheaper, we could see a move back away from cloud because when you can host your company’s compute cluster in a cube the size of a printer and we have algorithms that can encode and enact services at scale in an operationally safe way, the value cloud adds will dwindle.

                                                                                                I’ve had similar thoughts, at various points along the winding path to where we are now, but I think in practice that it’s not just where the hardware lives but who owns it. And in practice the amount that the hardware’s owners are the hardware’s users instead of the companies that control the ecosystem is perpetually decreasing. Hobby-level undertakings of various sorts are vastly easier than they were a few decades ago, and an amazing range of tech is available to small-scale operators, but somehow none of this seems to be decreasing the net concentration of power.

                                                                                                I assert that the constant negativity many of us exhibit is neither necessary nor desirable and represents a kind of immaturity that we will eventually grow out of as our industry continues to mainstream.

                                                                                                I would in many ways prefer to see our industry destroyed and the ashes thoroughly salted, so I suppose it is safe to say that we fall on very different sides of this question. :)

                                                                                                1. 1
                                                                                                  However it’s the way our industry works and has since its inception.
                                                                                                  

                                                                                                  I’d gently suggest this is sort of an admission that it’s not an endgame I’ve invented.

                                                                                                  Forgive me but I don’t understand! I’m saying this ISN’T an endgame! Merely part of a larger cycle that we are in the throes of and have been forever.

                                                                                                  Sorry if I’m missing your point.

                                                                                                  1. 3

                                                                                                    Forgive me but I don’t understand! I’m saying this ISN’T an endgame! Merely part of a larger cycle that we are in the throes of and have been forever.

                                                                                                    Sorry, I think I should have been more clear. I’ve encountered the view that things are cyclical among a lot of the long-timer technical people I know, and I recognize its validity. I share it to a degree. I haven’t been in the game as long as you have (or most probably with anything like the depth of experience), but anyone who’s lived through a handful of major technical paradigm shifts along whatever axis should probably be able to recognize cycles in the system. All the stuff that was considered The Future when I was getting my start has been The Dead Past for long enough now that some of it’s coming back around in different costume for the 2nd or 3rd time.

                                                                                                    Two things, though:

                                                                                                    1. For an individual, the endgame is that the cycle will eventually dispose of you, your hard-won understandings, and the things that you have built, whether it takes one iteration or a dozen. To a first approximation, it will do this with no regard for the value of any person or thing. On one level that’s just the nature of life, but the technical economy has by now overdriven this process to an absurdly pathological extent. It burns people out and churns their work into dust at a rate and on a scale that is frankly anti-human, and it’s a reality that means ruthless mercenary calculation and a deep mistrust of the systems and cultures and communities we work within are more or less requirements for paying the rent.

                                                                                                    2. Once upon a time, I made a just-barely-workable and fairly satisfying living building some desktops, fixing some printers, running a mailserver, and hacking some e-commerce code. That job, that class of job, hasn’t utterly vanished, but it’s an endangered species. I probably wouldn’t know where to find one now if I needed it. I’ve been lucky and connected enough to migrate to other tiers of abstraction in other corners of things. But every thousand of that job that went away wasn’t replaced by a thousand jobs like I have now, and it definitely wasn’t replaced by a thousand jobs working on the stuff that made most of it obsolete from the point of view of the people who used to pay for it. In fact, a lot of the people who used to pay for it also don’t have those jobs now because instead they’re sharecropping for Amazon in an enclosed market that will eventually find them unnecessary.

                                                                                                    I guess what I’m saying just boils down to: The cycles operate within something larger. The something larger has a direction. The direction is one I have come to generally fear and loathe.

                                                                                                    1. 2

                                                                                                      There are still loads of generalist sysadmin/IT department jobs for places that aren’t tech-focused.

                                                                                        3. 1

                                                                                          The way people use “incorrect” here is really frustrating. What precisely about my statement does someone deem “incorrect” - the bit about Linux from Scratch being a laudable pursuit or the bit about being able to treat managed services as building blocks?

                                                                                          It doesn’t say “I disagree” it says “incorrect”.

                                                                                        1. 2

                                                                                          For me, this is a prerequisite for switching to FreeBSD. I have used Sway for years and I’m not going back to X. Keep up the good work, hikari people.

                                                                                          1. 6

                                                                                            Well, you could continue to use Sway, you don’t need to switch to Hikari to use FreeBSD.

                                                                                            If you ever start feeling nostalgic for Compiz wobbly windows though, check out Wayfire :)

                                                                                            1. 3

                                                                                              prerequisite for switching to FreeBSD. I have used Sway for years and I’m not going back to X

                                                                                              I’ve gone back to X. On sway I get terrible screen tearing and awful lag when watching fullscreen video.

                                                                                              1. 4

                                                                                                This sounds like a graphics driver issue? Did you watch video with a video player, in a computer game or ie. in Firefox that has Wayland support?

                                                                                                1. 4

                                                                                                  Probably. Part of the problem with software today is that it’s hard to know. Could be drivers, could be YouTube, could be Firefox, could be anything really. But it doesn’t happen in X.

                                                                                                2. 3

                                                                                                  Is that an X video player instead of a native one?

                                                                                              1. 1

                                                                                                This is really cool, I’ve never been able to move myself from bspwm for X. But I’m actively searching for new WMs, particularly ones that borrow from cwm’s tagging feature. I tried AwesomeWM, but it just didn’t have the lightweight “Unix” feel that bspwm has.

                                                                                                1. 3

                                                                                                  Try dwm. I use it because I never use any of the features of any of the other tiling WMs anyway, but with dwm I can easily change stuff because it’s written <2k LOC of very simple C.

                                                                                                  Not sure what cwm’s tagging is but dwm has something called tagging.

                                                                                                1. 14

                                                                                                  Every time there’s a UI change, everybody hates it. Your brain doesn’t like unfamiliar things.

                                                                                                  If you don’t change your UI, 10 years later people laugh at you for having UI from the last decade.

                                                                                                  1. 4

                                                                                                    Users want everything to work the same way even if it’s not efficient or productive https://lawsofux.com/jakobs-law.html

                                                                                                    Users spend most of their time on other sites. This means that users prefer your site to work the same way as all the other sites they already know. graphic

                                                                                                    Users will transfer expectations they have built around one familiar product to another that appears similar.

                                                                                                    1. 3

                                                                                                      for a site named “law of UX”, it has bad UX. White on yellow text, vertical text, detail in text background, low information density, too much void leading to excessive scrolling, 3 points split into 3 columns instead of a list. useless landing area.

                                                                                                    2. 1

                                                                                                      Their other ui mods were change. I wasn’t happy but I resigned myself to it. That was just change.

                                                                                                      This changes where things are, how things scan, how far I need to move my head (from none to lots), how easy it is to find releases (a tiny blue link instead of styled text in a list of other such things)… This change was for the sake of change.

                                                                                                      1. 1

                                                                                                        That’s because every time there’s a UI change it’s for the worse.

                                                                                                        If you don’t change your UI, 10 years later people laugh at you for having UI from the last decade.

                                                                                                        And yet their old UI was still more usable

                                                                                                      1. 23

                                                                                                        Every single time I see a warning from python asyncio that a future wasn’t awaited, or a warning from node that a promise wasn’t used, I think that we got await backwards.

                                                                                                        This feels like it’s the right way to do it. Awaiting should have been implicit, and taking a task and doing abstract work with it should have been the special case.

                                                                                                        1. 9

                                                                                                          It always blows my mind that it’s not a hard error to use a promise without having awaited it. Javascript will let you silently if (promise) { missiles.launch() } while all promises evaluate to true. At least Python spits out a warning, but it has the same underlying broken behavior.

                                                                                                          1. 4

                                                                                                            That particular error is mainly due to weakness of lack of type system and “truthy” casts rather than await-specific. Object would evaluate to true too (e.g. instead of if (authorization.canLaunchMissiles)). OTOH Rust also needs explicit .await, but won’t compile if future {} or if some_struct {}.

                                                                                                            With implicit await I’d be worried about mutexes. Rust has both sync and async versions of a mutex, each with very different uses. What does “colorblind” mutex do? And how do you guarantee that code in your critical section doesn’t become automagically async, risking a deadlock?

                                                                                                            1. 2

                                                                                                              In Zig, the expectation will presumably be that you either support both modes or you compile-time error on the one you don’t support. Problem solved.

                                                                                                              Note: it’s not clear how you would achieve the same thing in Rust, if it would even be possible.

                                                                                                              1. 3

                                                                                                                Rust gives you a warning at compile time if a Future is not awaited, at least. It’s actually the same infrastructure that they use to warn about unused Result values (that equates to unchecked errors).

                                                                                                          2. 4

                                                                                                            This is more like a co-routine based system like Go has rather than an event-based concurrency system like JavaScript.

                                                                                                            1. 18

                                                                                                              Yes that’s exactly right. Go + manual memory management + runtime in userland = zig evented I/O mode.

                                                                                                              1. 3

                                                                                                                This is perhaps explained in the video, but does switching to io_mode = .evented effectively make every function async? It’s clear that plain function calls are transparently converted to await async call(). To do so, the calling function must also be async, correct? At least, if the example given truly matches the equivalent Python given.

                                                                                                                1. 5

                                                                                                                  It doesn’t make every function async automatically, but if you are hinting that it can propagate to many functions, yes that is an accurate observation. Any suspend point makes a function async, and await is a suspend point, as well as calling an async function without using the async keyword.

                                                                                                                  1. 1

                                                                                                                    Yes that’s what I meant, thank you!

                                                                                                              2. 3

                                                                                                                This is more like a co-routine based system like Go has rather than an event-based concurrency system like JavaScript.

                                                                                                                These days, a lot of languages are adding some sort of async/await functionality for dealing with I/O and/or concurrency.

                                                                                                                I have not understood why doing async/await is preferrable to putting focus on cheap contexts and composable communication and synchronization primitives, e.g. Go’s goroutines and channels. To me, a future that you can await, be it constructed through async or manually, looks a whole lot like a suspended thread with its associated stack. No matter whether you’re doing traditional threads or async/await, the compiler needs to generate code that manipulates the two key data structures of an independent unit of execution: a program counter to keep track where you are executing and a list of call frames where you are coming from. Threads implement this through the PC register and call frames on a stack*. Async/await implementations remember all the continuations they have, containing the equivalent information as the PC register. Continuations continue in other continuations, building the equivalent of a list of call frames where you are coming from.

                                                                                                                My assumption is that threads and and async/await have the same expressive power. It also seems that they implement conceptually equivalent data structures. What is the reason for having both in a language? Am I missing something?

                                                                                                                • I am not including, for instance, general purpose processor registers here. For a context switch, they can be saved to the stack if needed. Depending on ABI and cooperativity of your threading implementation, all registers might be already saved to the stack at the time of context switch anyway.
                                                                                                                1. 3

                                                                                                                  Rust 0.x had this model, and dropped it because:

                                                                                                                  • coroutines must a runtime, and Rust doesn’t want to be tied to one. Rust aims to usable everywhere (including drivers, kernels, plugins, embedded hardware, etc.)

                                                                                                                  • coroutines need small stacks and ability to swap stacks on context switches. This adds overhead and complexity. Segmented stacks have very bad performance cliffs. Movable stacks require a GC. OTOH async/await compiled to a state machine is like a stack of guaranteed fixed size, and that stack can be heap-allocated and easily handled like any other struct.

                                                                                                                  • It’s incompatible with C and every other language which wants single large stack. Foreign functions will not (or don’t want to be bothered to) cooperate with the green thread runtime. This is why in Go calling out to C code has a cost, while in Rust it’s zero cost and Rust can even inline functions across languages.

                                                                                                                  • Rust values predictability and control. When blocking code becomes magically non-blocking there are a lot of implicit behaviors and code running behind the scenes that you don’t directly control.

                                                                                                                  1. 1

                                                                                                                    coroutines need small stacks and ability to swap stacks on context switches. This adds overhead and complexity. Segmented stacks have very bad performance cliffs. Movable stacks require a GC.

                                                                                                                    You don’t need small stacks but just 64-bit and overcommit. Allocate an X MiB stack for each thread and rely on the kernel to do the obvious correct thing of only committing pages you actually use.

                                                                                                                    Of course if you need to support 32-bit systems or badly designed operating systems this doesn’t work but it’s a very reasonable design trade-off to consider

                                                                                                                    1. 2

                                                                                                                      Fair point. That’s a clever trick, although you may need to call the kernel for every new coroutine, which makes them heavier.

                                                                                                                      It’s not for Rust though: it supports even 16-bit CPUs, platforms without an OS, and microcontrollers without MMU.

                                                                                                                      1. 1

                                                                                                                        It’s a viable approach in C, yet C supports all those things too. Is the difference that Rust wants a unified approach for all platforms from 16-micros to supercomputers, unlike the fragmented land of C? If that is the case then I suppose that’s a reasonable trade-off.

                                                                                                                        1. 1

                                                                                                                          Yeah, Rust takes seriously ability to run without any OS, without even a memory allocator, without even Rust’s own standard library. That makes it favor solutions without any “magic”.

                                                                                                                          async fn only generates structs that don’t do anything, and you have to bring your own runtime executor to actually run them. That lets people choose whether they want some clever multi-threaded runtime, or maybe just a fixed-sized buffer that runs things in a loop, or like Dropbox did, a special executor that fuzzes order of execution to catch high-level race conditions.

                                                                                                            1. 31

                                                                                                              Managed services frequently determine the shape of your application, the velocity of feature delivery, and, when gone deep in, it removes the capability to use sophisticated open source software.

                                                                                                              This kind of smear-it-on-everything advice is not good. You need to analyze what your software does, where it will be, what the organization needs, and what it plans to need.

                                                                                                              It’s going to be operated well. The expertise that the cloud providers can provide and the automation they can afford to implement will likely surpass what you can do, especially across multiple services.

                                                                                                              That, in the most blunt sense: depends. Wildly. EC2 is a good service. DynamoDB is deeply limited. GKE is not deeply configurable. Azure has some strange APIs.

                                                                                                              It’s going to be cheaper. Especially when you consider employee costs. The most expensive AWS RDS instance is approximately $100k/year (full price). It’s not an apples to apples comparison, but in many countries you can’t get a database architect for that salary.

                                                                                                              Dollar for dollar, but that’s not even appropriate level analysis. You need to analyze what it does to the system under delivery: limitations, expansions, and integration work.

                                                                                                              It’s going to be faster for development. Developers can focus on connecting these pieces of infrastructure rather than learning how to set them up and run them.

                                                                                                              Same as above.


                                                                                                              The advent of managed services and writing integrations/overlays has given a lot of people extremely well paid jobs. Thought should be put into this decision: second and third order effects will start to outweigh simplistic considerations like the above.

                                                                                                              “My cloudformation changes are taking a week to be applied” -> iterate that problem enough and you’ve delayed releases by months, costing far more in reputation, income, morale, etc than that Staff Engineer you didn’t want to hire.

                                                                                                              1. 4

                                                                                                                MASSIVE DISCLAIMER I WORK ON GOOGLE CLOUD

                                                                                                                Azure has some strange APIs.
                                                                                                                

                                                                                                                But, it has APIs, right? If you self-manage, do you want to spend engineering hours making your own API? I don’t think I would. I’d rather build my product.

                                                                                                                1. 7

                                                                                                                  If you self-manage, do you want to spend engineering hours making your own API? I don’t think I would. I’d rather build my product.

                                                                                                                  It is your product! Every part of your product is your product. Every dependency of your product is your product.

                                                                                                                  1. 4

                                                                                                                    This depends, heavily, on what that service adds and what that service API looks like. The worse the API is, the fewer cases it covers, the worse it is for me. The more commodity the tool is, the more comfortable I am in using it, because it implies I can (1) migrate (2) there’s competition vs providers. My “effectiveness” moat needs not to be a thin wrapper over an API, it needs to be much better.

                                                                                                                    Every third party thing I integrate demands hours of work, design review, etc. The rough complexity of integrations is n!, n being the number of integrations(technically each third party thing has its own complexity count).

                                                                                                                    Our own code might be something like polynomially expensive to maintain. If you can keep your complexity count under the complexity count that I take in - both initially and over time (dev time, ops time, maintenance time), then you will win.

                                                                                                                    Note that I’ve personally been in an org which was so bought into a certain cloud provider that it had no ability to innovate via, e.g., using Apache projects, and all improvements came from the cloud provider… we’d essentially stalled out. New divisions actually wound up spinning their own devops orgs because we’d become so incapable at delivering new tools because “not supplied by cloud provider”.

                                                                                                                    What we’re actually talking about is called vertical integration in the general case. It can be enormously effective if you can swing it.

                                                                                                                    Let me ask you this question: how much does Google use from AWS? (Mind, I don’t think you can answer. ;) But Google is notorious for writing its own software).

                                                                                                                    edit: Note that what I’m saying is not “Don’t use cloud services/SaaS services”. It is: understand deeply what you’re doing and the ramifications of your choices, both technically and organizationally.

                                                                                                                1. 6

                                                                                                                  Great read! I use scp quite a lot. It sounds like I should learn sftp.

                                                                                                                  1. 15

                                                                                                                    I’d really recommend rsync instead. As the article mentions, it’s essentially a drop-in replacement for scp and it’s much more performant in most use cases.

                                                                                                                    1. 8

                                                                                                                      This. Also, while rsync can be used like a drop-in scp replacement, it can do a lot more than that and for copying or syncing whole trees or filesystems there’s nothing better. Just as ssh is the swiss-army knife of secure connections, rsync is the swiss-army knife of file tree copying / moving / duplicating. It’s well worth becoming thoroughly familiar with its command-line options.

                                                                                                                      1. 5

                                                                                                                        rsync is a bit painful about when it copies files or directories and where exactly they will end up in what situations. I came to prefer https://github.com/DragonFlyBSD/cpdup because its UI is safe enough for me.

                                                                                                                        1. 3

                                                                                                                          You only have to remember one basic Unix rule: foo is the directory itself and foo/ is the contents of the directory

                                                                                                                      2. 2

                                                                                                                        Doesn’t rsync require a server, or at least rsync binary to be present on the remote machine?

                                                                                                                        1. 2

                                                                                                                          No server required on remote, but yes you do need the binary on remote. I haven’t had any problems with it not being installed places I need, but you may have some different targets than I do. There are a couple of statically compiled copies of rsync you can drop in for different arches.

                                                                                                                        2. 1

                                                                                                                          rsync can’t do what scp -3 does, can it?

                                                                                                                          1. 1

                                                                                                                            Can’t say I’ve ever used -3. So without -3 it sounds like it tries to copy directly from one remote to another, but with -3 it’ll copy to the local machine and then pass the file through to the remote? If I understand correctly, then I believe you’re correct, rsync has no builtin capabilities for handling copying between two remotes. You’ll have to setup port forwards.

                                                                                                                        3. 7

                                                                                                                          sftp behaves very similarly to ftp when it comes to commands, plus any recent releases come with tab completion for both local and remote files.

                                                                                                                          All you’ll probably ever need is put filename, get filename, put -r folder, get -r folder, ls, lls, cd, lcd. You can also run commands locally like “!vim filename”.

                                                                                                                          It’s very easy to get used to.

                                                                                                                          1. 2

                                                                                                                            Tried it out today. Seems nice and easy to use

                                                                                                                        1. 4

                                                                                                                          What I’d really like is for there to be a real push to provide plain text or similar alternatives to JS-heavy pages. Something like AMP++, in the same way that you can email someone a multipart email with an HTML component and a plain text component.

                                                                                                                          I just want to use w3m. The only thing I use X for is a web browser. If I could open a different TTY on each monitor and browse the web easily in w3m I wouldn’t need X at all. I can watch videos using mpv -vo=tct (or -vo=drm if I’m feeling fancy).