Threads for mwcampbell

  1. 3

    I suppose this opinion will be unpopular, because proprietary services are supposed to be inherently bad, but I’m disappointed that, AFAIK, neither GCP nor Azure currently have something equivalent to Amazon ECS as an alternative to Kubernetes. ECS isn’t merely a proprietary alternative to Kubernetes; it’s a container scheduler that has a shared, multi-tenant control plane and directly integrates with other AWS services such as VPC and ELB rather than forcing you to use them indirectly through committee-designed, common-denominator APIs (e.g. ingress controllers). If the author had been hosting on AWS rather than GCP, ECS would definitely have been the way to go.

    I want to unpack the bit about the control plane (not control panel as the article said). Kubernetes requires each cluster to have its own control plane, including an etcd cluster, an API server, and other stuff. And, last time I checked, a Kubernetes control plane has fairly high baseline resource consumption. When I installed k3s (stripped-down Kubernetes) on a bare-metal box last year, it had ~10% CPU usage while the cluster wasn’t doing anything. Given this, and the fact that the Kubernetes control plane is designed to be single-tenant, I would not be surprised if the managed Kubernetes services spin up one or more VMs per cluster to run the control plane. Few SaaS developers would choose to implement their product that way when designing for multi-tenant SaaS from the start, but Kubernetes isn’t designed for that. Think of the control plane as being like one of the open-source databases offered by Amazon RDS, Google Cloud SQL, etc. So it’s entirely reasonable that the managed providers charge what they do for the control plane.

    Having said all that, given that the author’s product seems to be compute-bound, and presumably doesn’t require instant startup of containers, a container cluster (whether Kubernetes or something like ECS) might be pure overhead in the first place. IMO the ideal solution would be to use something like GCE managed instance groups or EC2 auto-scaling groups, but with some way of turning something equivalent to docker-compose.yml into an immutable machine image that directly runs the container(s). LinuxKit is the most well-known implementation of this approach, though I’m not sure how well-maintained and suitable for production it is these days.

    If fly.io had VMs with GPUs, it might be a great choice for this use case, particularly with the new Machines API.

    1. 2

      I would not be surprised if the managed Kubernetes services spin up one or more VMs per cluster to run the control plane

      I am not going to contradict you, but it is possible to run a kubernetes control plane in containers (a cluster created with kubeadm does that!) so it’s entirely possible to run the control plane for customers in a kubernetes cluster (or ECS or …).

    1. 2

      I somehow went through most of my programming career so far (more than a decade) without even knowing that sampling profilers existed. I knew about instrumenting profilers, like Python’s profile and cProfile modules (and the old hotshot), which trace every function call, but I also knew that they added a lot of overhead and produced distorted results. I don’t remember if I finally learned about sampling profilers when I went to Microsoft in 2017, or shortly before. So I wonder if widespread awareness of sampling profilers is a fairly recent thing.

      1. 3

        Might be a Python thing? I think the most popular sampling profiler is py-spy, and it was only started in 2018 or so, and before that pyflame introduced the idea but it was started in 2016. I forget what was in use before that… possibly nothing?

        But back in 2005 or 2006, when writing C++, I was taught about whatever the full-system Linux profiler was back in the day, before perf came around.

      1. 2

        Holy smokes, what a list of classes. What does it look like? What does the button do? Well, it’s hard to figure out. Here’s the same example without Tailwind:

        This does not go on to show the same thing without Tailwind. The same thing without Tailwind is the HTML plus the exact same ugly CSS properties. So many complaints about Tailwind just skate by this. Doing a PR review of a frontend change is really, really hard because CSS is easy to write but very hard to read. When you complain about the unreadable class soup, you are complaining about the unreadable CSS properties that make a button a button.

        Tailwind is not a competitor to Bootstrap. It’s a competitor to Sass. It’s a way to generate CSS properties quickly by using a shorthand in the HTML.

        1. 2

          the unreadable CSS properties that make a button a button

          What makes a button a button, complete with all necessary accessibility behavior, is the button HTML tag name. Yes, the crappy default styles provided by browsers mean that it’s desirable to style a button. But those ugly CSS properties should be hidden away in a CSS file, behind a reasonable selector, either button (to style all buttons) or a sensible class name (to style only a particular kind of button).

          1. 3

            I thought about rewording “make a button a button” to “look like a button” but I was typing on my phone, oh well.

            those ugly CSS properties should be hidden away in a CSS file,

            Why? Moving the CSS away from the HTML makes it harder to look at the HTML and know why an element is there and what’s it doing. With Tailwind, if there’s a div that exists only to create a context for some other absolutely positioned element, you can see it because the HTML looks like <div class="relative">. You don’t have to toggle between two files to get a sense of what’s going on. In general, Tailwind gives you context for your HTML.

            Here’s some real HTML I have open in my editor now:

              <nav
                class="bg-black md:py-6"
                id="#top"
                data-ga-category="navbar"
                data-sf-campaign="701f4000000TVu3AAG"
                aria-label="main navigation"
              >
                <div class="flex flex-wrap items-center w-full max-w-6xl px-3 mx-auto mb-6">
                  <div class="flex items-center w-full md:w-1/2">
            

            I can see from this HTML that nav is there for semantic reasons and has a black background. On desktop plus, it gets some padding. The first div creates a flexbox container for the navbar and the second one is a flexbox subcontainer that is full width on mobile and half width on desktop. The alternative CSS is much harder to read!

            .navbar {
              background-color: #000;
            }
            
            @media (min-width: 850px) {
              .navbar {
                padding-top: 1.5rem;
                padding-bottom: 1.5rem;
              }
            }
            
            .navbar__wrapper {
              margin-left: auto;
              margin-right: auto;
              margin-bottom: 1.5rem;
              display: flex;
              width: 100%;
              max-width: 72rem;
              flex-wrap: wrap;
              align-items: center;
              padding-left: 0.75rem;
              padding-right: 0.75rem;
            }
            
            .navbar__other_wrapper {
              display: flex;
              width: 100%;
              align-items: center;
            }
            
            @media (min-width: 850px) {
              .navbar__other_wrapper {
                width: 50%;
              }
            }
            

            This is 35 lines of code vs 3!!

            In an ideal world, Tailwind would run through your CSS and turn long sequences of classnames into single, short optimized names (although I think is an NP hard SAT optimization problem in general). In practice, the HTML bloat doesn’t affect download times because the files always end up pretty small anyway. People are worried about optimizing a non-problem for aesthetic reasons.

            behind a reasonable selector, either button (to style all buttons)

            This ruins codebases. It is literally the single anti-pattern that makes CSS so hard to use in so many cases. It creates spooky action at a distance. Why is this link a different color? Where is this hover effect coming from? Why is my headline too large? How come there’s an extra margin between these elements? It creates an endless supply of headaches.

            You should style bare elements in only two cases: you’re creating a global reset to sane defaults or you’re working with a rich text content well and need to style the bare <p> <strong> <h3> etc. tags in that content well. Never use bare tags under any other circumstance if you value sanity.

          2. 1

            Here is the missing CSS from TFA:

            .button-menu-toggle {
              display: inline-flex;
              align-items: center;
              justify-content: center;
              border-radius: 0.375rem;
              background-color: #fff;
              padding: 0.5rem;
              color: #888;
            }
            
            .button-menu-toggle:hover {
              background-color: #eee;
              color: #777;
              outline: 2px solid transparent;
              outline-offset: 2px;
              box-shadow: white 0 0 0 0 inset, blue 0 0 0 2px inset, black 0 0 0 0;
            }
            

            This is 17 lines and it’s not even doing any of the responsive design stuff that really makes Tailwind MVP.

          1. 4

            Overall, this is my experience too. Folks that don’t do much front-end find CSS too burdensome, but I find ugly markup harder to work with over time (e.g. stacks of utility classes that really aren’t very flexible). There’s a lot of value in thinking about how that cascade is gonna cascade, and how your CSS variables can float down into them which can lead to some very minimal CSS and HTML.

            I do still think there’s a place for utility classes, but it should be used more sparingly than not. Every Layout has a common set of patterns you’ll often have to do, but instead of what our author does, I find a utility class like <div class="Stack Stack--wideGap"> to be more useful than the one class name per property (OR depending just letting the variables do their thing <div class="Stack FooComponent"> with .Stack { display: flex; gap: var(--Stack-gap, 1.6rem) } .FooComponent { --Stack-gap: 2.4rem }). Additionally, I find that this tends to scale better relying on flex and grid than doing owl selectors, > * + * as margin-* is not going to break down on smaller viewports as well as leveraging gap–it feels optimized for an older web that may not be worth everyone’s time budget (which if you make your site work on Netsurf, props to you for the compatibility!).

            I agree BEM sucks, but it isn’t an anti-pattern, it’s just really, really hard to read compared to basically all other naming schemes. The nice thing about it is that you can adjust your markup a little better. Did your junior dev think that navigations necessarily need to be in an <li>? Well, if it’s classed <li class="Navigation-item"> I can just slap that on the <a href class="Navigation-item"> and remove the often unnecessary list. Nesting can also get unclear as the project scales and it will be easier to find your class in the CSS file via ripgrep or whatever if you have a searchable name to it. Seeing that we disagree is the takeaway though: we should learn about other systems and use them when they make the most sense instead of taking everything as dogma. If you need a quick <button class="A"><span/></button> and .A > span { } makes the markup cleaner, then by all means, do that.

            1. 5

              Did your junior dev think that navigations necessarily need to be in an <li>?

              In this case, I think the junior dev is right. Having navigation links in a list is better for accessibility, because some screen readers announce the number of items in the list and let you skip past the list entirely. Granted, it may be enough to define a main landmark so a screen reader user can skip the navigation header altogether, but in general, the more tools a blind user has for skimming the page as a sighted user can naturally do with their eyes, the better.

              1. 1

                Skip links help a lot here, “skip to content”—along with the role/landmarks as mentioned. Some big navigational hierarchies might appreciate it, but I’ve seen a lot of cases where it’s not needed and can make the TUI experience worse because there can be a lot of newlines with just a single word on them.

            1. 2

              Congratulations on this achievement. Is there already something similar for code-signing Windows executables?

              1. 3

                I’m not sure: I haven’t seriously looked into the problem space on Windows. But I do believe the technical implementation on Windows is vastly simpler than on macOS. I’ve long wanted to implement this but I just haven’t had time to look into it.

                1. 3

                  I’d say “vastly simpler” is fair, though I might be tempted to add that the signatures are less useful as well. JSign is where I’d start if I needed this today.

                2. 3

                  Assuming you just mean Authenticode, it is close enough to the PKCS#7 CMS that it’s not hard to whip up something to do that. I did more than once a little over a decade back for internal build systems, but never won the arguments I needed to to get them released.

                  JSign is what I’d use if I needed that today.

                1. 26

                  In terms of big things, we’ve learned source control, and we’ve learned a bit about what makes it good or bad (no more RCS). We’ve learned that package repositories are good (this won’t get universal agreement, but respectfully, the naysayers are wrong). I think we’ve learned a little bit about what makes a good compiler error message.

                  I have a small list of mistakes from programming languages that I think are unlikely to be repeated:

                  • a mutable standard library date object (Java)
                  • “threadsafe” collections (and StringBuffer) that synchronize on the individual methods (add, get by index, remove), rather than implementing higher level concurrency features (Java)
                  • dynamic scope
                  • widespread implicit conversions (JavaScript). I suspect some implicit conversions might be considered, but converting arbitrary objects to “[object Object]” isn’t happening again.

                  Graydon Hoare has a list of mistakes that Rust avoided, which would be another good source. It’s on his livejournal, but I can’t find it right now.

                  In general, I wish more people would spend time accumulating and sharing this kind of wisdom. Too many discussions are closely tied to the ecosystem they happened in, and there’s too much starting from scratch.

                  1. 13

                    Here’s that post from Graydon you were talking about: things rust shipped without

                    1. 3

                      I think thread safe dynamic scope should come back as a replacement for module level state. :-)

                      1. 1

                        In terms of big things, we’ve learned source control

                        To this, I’d add that we’ve learned in a systemic way that a large substrate of open source code is an extremely powerful form of leverage. A lot of individuals are, I think, starting to learn the ways we might regret giving the industry that leverage, but I don’t think that’s a lesson the industry itself is really capable of learning.

                        That dichotomy sums up a lot of what I think about this: The industry is almost constitutionally incapable of broadly learning a great many of the things that individuals within it gradually come to understand, since so many of them are incompatible with the industry’s continued power and success, and with the ways it acculturates new technologists and bends them to its fundamental processes and economies.

                        “It is difficult to get a man to understand something, when his salary depends on his not understanding it.” - well, it’s difficult to get an industrial complex to understand that an industrial complex should be destroyed.

                      1. 31

                        There’s a legitimate reason for this, as explained by this HN comment (not written by me).

                        1. 6

                          This is a 500 error page, so instead of the image saying something like: “Drawing of a woman screwing in a lightbulb”, it makes more sense to use “500 internal server error” as the alt text.

                          It’s worth mentioning here that a browser used with a screenreader will indicate unambiguously that the user has landed on an error page, regardless of the page content. I usually don’t bother reading the content, because … what’s the point?

                          “Drawing of a woman screwing in a lightbulb” is excellent wordplay. The parse is ambiguous. The first thing I thought was, “How did they get a person inside a lightbulb?” Or maybe it’s just the drawing inside the bulb? “Drawing of a woman replacing a lightbulb” would be less loaded. For even less ambiguity: “This drawing depicts a woman replacing a lightbulb”.

                          1. 4

                            I’d argue that exposing the error code at all is an accessibility problem. It requires the user to know what 403 (or what have you) means, and there’s no reason for a non-technical user to know that. For any diagnostic purpose, the user can examine the actual HTTP response via other tools.

                            1. 10

                              I’d argue that exposing the error code at all is an accessibility problem. It requires the user to know what 403 (or what have you) means,

                              This mindset, taken to its extreme, leads to error messages like “something went wrong”. It’s at least partially responsible for things like the hijacking of NXDOMAIN by ISPs. NXDOMAIN hijacking serves two purposes: it prevents the “unwashed masses” from having to deal with a failure case, and it funnels them to ISP-controlled ad portals.

                              I’m a strong believer in the old maxim that knowledge is power. Depriving a user of knowledge deprives them of agency.

                            2. 2

                              “Screwing in” is ambiguous too as some light bulb fixtures are bayonet-type.

                              1. 3

                                That doesn’t make it ambiguous.

                              2. 2

                                Yeah, that didn’t make sense to me either – even without that, the error is already described on the left, so why re-describe it in the alt text? If anything, the image is decorative so the “responsible” take should be to use alt=”” to have screen readers ignore it? (https://www.w3.org/WAI/tutorials/images/decorative/)

                                1. 1

                                  It’s worth mentioning here that a browser used with a screenreader will indicate unambiguously that the user has landed on an error page, regardless of the page content.

                                  Is this based on the assumption that the screen reader will read the title of every newly loaded page, or something else?

                                  1. 2

                                    Is this based on the assumption that the screen reader will read the title of every newly loaded page, or something else?

                                    Presumably I’ve just gotten lucky and always seen error pages with stock titles. So I have to walk back that assertion.

                                    1. 1

                                      I would imagine it would be based on the HTTP response code.

                                  1. 16

                                    The irony of complaining about restrictions imposed on an open source project by a freely-run package index is just to much.

                                    On the other hand, holy shit, PyPI let’s you publish packages without MFA? I knew python packaging was bad but I didn’t know it was that bad.

                                    1. 19

                                      On the other hand, holy shit, PyPI let’s you publish packages without MFA? I knew python packaging was bad but I didn’t know it was that bad.

                                      I don’t really understand this part. Several ecosystems does not enforce MFA and this has been common for years, why are we suddenly regarding this as an absolute requirement for publishing?

                                      Several package managers read directly from git repos (pip included), and github does not enforce anything either.

                                      1. 6

                                        Several ecosystems does not enforce MFA

                                        Oh dear. Ohhhhhh dear.

                                        I guess it’s been a long time since I used any package repository other than Clojars. That one is relatively small but it’s required MFA for a few years now so I just assumed the more professional ones had been … well, professional about it. I certainly wouldn’t trust a package repository that treated it as optional.

                                        1. 2

                                          Which professional ones are these that you’re thinking of?

                                          1. 5

                                            In my head, npm, Maven Central, Rubygems, and PyPi are all big enough to have multiple full-time professional staff employed to run them, but I’ll admit I haven’t looked into any of them in detail since I’m not a user of those languages. On the other hand I am a user of Debian, and I know that they don’t accept any packages that aren’t signed by their maintainers using GPG, which IMO is a big step up over just using MFA for login.

                                            1. 8

                                              npm currently requires MFA for maintainers of the top 500 most popular packages and will be expanding that. Sounds similar to PyPi. More info here: https://github.blog/2022-05-10-enhanced-2fa-experience-for-your-npm-account/

                                              1. 7

                                                Debian gets to do what they do because they’re not an open-to-the-public repository for publishing. To get a package into Debian you specifically have to go through a small set of trusted gatekeepers who use their credentials, and have been vetted by the Debian project.

                                                A public repository that lets anyone with a package sign up and start distributing simply cannot do that level of verification and vetting on every single package uploader, which is why they don’t do it.

                                                1. 3

                                                  Yeah, I understand the situation isn’t applicable to PyPi; it’s just an example of how having higher standards earns you a lot more trust.

                                                  1. 3

                                                    Maybe Debian-level packaging curation is the solution to the recent high-profile open-source supply chain problems. Drew DeVault certainly thinks so. Unlike him, though, I think language-specific package managers have their place, particularly because they support platforms that aren’t free Unix-likes. Perhaps PyPI, npm, cargo, etc. should have subsets of their packages that are heavily curated as in the distro package managers, and some of us could start restricting our dependencies to those subsets. I would contribute some money to help make this happen.

                                                  2. 4

                                                    In my head, npm, Maven Central, Rubygems, and PyPi are all big enough to have multiple full-time professional staff employed to run them, but I’ll admit I haven’t looked into any of them in detail since I’m not a user of those languages.

                                                    I’m unsure about Maven, but the rest of them are underfunded infra mostly driven by volunteers.

                                                    1. 3

                                                      Huh. I thought I remember reading a while back about npm, inc being a thing, and how they took venture capital or something.

                                                      1. 6

                                                        NPM Inc is owned by GitHub now.

                                                        1. 1

                                                          Ah, I forgot about this actually :)

                                            2. 6

                                              As much as I disagree with the post, I think it’s pretty fair and not ironic. They acknowledge that the change is in the index and its users’ interest. They just want a different solution and make their opinion public. If more people agree, maybe someone will be motivated enough to run it.

                                            1. 21

                                              Even worse, Lenovo is claiming, rightly or wrongly, that this is a contractual obligation by MS. https://download.lenovo.com/pccbbs/mobiles_pdf/Enable_Secure_Boot_for_Linux_Secured-core_PCs.pdf

                                              1. 24

                                                Got to give Lenovo some credit for how they complied, though. They could have made it so you would have to go through a complicated process of adding the keys you need to boot anything other than Windows. But they put a simple toggle switch to enable the most common case (you are booting a Linux distribution that uses the Microsoft 3rd party shim for secure boot).

                                                1. 14

                                                  Why are you disrupting the daily “Five minutes of hate for corporate America?”

                                                  1. 14

                                                    To be fair, that’d be corporate China you’d be hating on.

                                                    1. 1

                                                      Is M$ a Chinese company now?

                                                      1. 17

                                                        Microsoft isn’t, but Lenovo is.

                                                        1. 1

                                                          And the complaint is about M$ forcing their crap onto a HW vendor. I cannot imagine Lenovo doing this on their own. There is no money in that.

                                                          1. 7

                                                            I mean, for all we know, Lenovo might be getting a good deal out of this as well – sure, there may be no money to be taken straight from customers for it, but that’s not the only source of money nor the only metric for a good deal. Just because it was a contractual obligation (if it was) doesn’t mean it was a bad deal or that Lenovo were forced to make it.

                                                            Not sayin’ you’re not right to suspect Microsoft being nasty here, just that I’ve found it best to distribute suspicion evenly (and in very generous amounts :-D) among corporate actors.

                                                    2. 9

                                                      Well, I will say that assuming this was actually a contractual obligation, the culpability is on Microsoft, and Lenovo did the best they could. I’m not letting Microsoft off the hook at all here.

                                                      1. 0

                                                        Because some tech people still work at M$ for some reason. It’s mind boggling how legions of people who dedicate their life to understanding technology end up creating walled gardens.

                                                        1. 11

                                                          I don’t think it’s that mind boggling. Creating walled gardens is lucrative and M$ pays pretty okay.

                                                          1. 2

                                                            Ok. One shouldn’t be surprised by people being willing to do questionable things for money. But this is literally working on something that they are probably going to be working around one or two employers later.

                                                            Or is it different in the US? Is it like really simple to just call one of your friends at M$ and get them cooperating, unlike from EU?

                                                            1. 4

                                                              The overwhelming majority of developers in the world will not be effected by this. It’s not like a .NET developer is going to go out of their way to replace the OS on their work laptop.

                                                              1. 2

                                                                I have done exactly that and it’s great for me, and actually great for my company, to have at least one person who knows their way around a linux machine (my system dependencies better match cloud dependencies and build chains, if nothing else). And dotnet works really well natively on linux now.

                                                                I would hope that developers as a group are curious enough that this is pretty common. Realistically I’m sure that the “majority” will only ever use Windows but I like to think and hope it’s not the “overwhelming majority”.

                                                              2. 3

                                                                But this is literally working on something that they are probably going to be working around one or two employers later.

                                                                I think you’re wildly overestimating how many developers will ever voluntarily try to run linux on a laptop (as opposed to a server).

                                                                1. 5

                                                                  While not fully representative, almost every year the Stack Overflow survey has Linux on personal machines around the 30% ballpark.

                                                            2. 3

                                                              It’s not like M$ is somehow worse than all the other big tech companies. I’m sure one could quibble over details, but at a high-level, I’d argue they are all basically the same in terms of walled-garden love.

                                                              1. 4

                                                                Sure, but M$ walling off the general purpose computer segment would affect me way more than Google with Apple claiming the phone segment. I make a living off Linux on my (and some of my clients’) productive general purpose computers after all.

                                                                And I am surprised that other devs don’t mind. I though the idea was that we are the ones who could always walk away and disrupt as much as we’d like.

                                                                If this continues, we won’t be able to install Linux and Kodi on a NUC to provide 4k video for the occasional movie screening in our favorite coffee. It would have to be Windows. Meaning, among other things, no SSH remote administration, license fees, reboots in the middle of the movie and so on.

                                                                We’d have to buy either underpowered RPis or some unlocked industrial devices at much higher price point.

                                                                Or my aunt’s laptop. She can’t afford a new one, so she has an old Lenovo with Linux. Making the device useful for couple more years. Do we just throw them away once the Windows support ends? Or do we run insecure and/or slow devices?

                                                                I kinda like how things are now. The freedom of compatible hardware and software without artificial barriers is just more productive.

                                                                1. 4

                                                                  I generally agree with you, I think it’s a bad precedent and I don’t like where it’s going either.

                                                                  Security being used to enforce stupid things is bad for everyone, not just us that want to run non-Windows.

                                                                  The part I don’t really agree with is that Google or Apple’s or …’s influence is somehow not as bad, they are, just in different ways.

                                                                  1. 1

                                                                    I think that in the past couple of years the general awareness of embedded computing skyrocketed. Thanks to Arduino, RPi and many others.

                                                                    I believe that I will get my Linux phone eventually. Who knows what happens from there?

                                                                    PC lockdown is a trend in the other direction.

                                                              2. 1

                                                                For the record, I agree with the “unkind” assessment of my comment, but I was definitely not trolling.

                                                                I truly believe that people who help build these walled gardens should think about harm they are doing instead of just throwing arms up in the air “it’s just a job”.

                                                          2. 14

                                                            IMO this requirement is entirely reasonable. I think it’s more important for a company to provide strong defaults for the majority of its customers than to make things easy for competitors, and that shouldn’t change just because a company is the dominant player. Notice I said defaults, not forced restrictions. Booting an alternative OS is an esoteric task that only a tiny percentage of PC customers will ever do, and I think it’s fine to require such customers to tweak a security setting in their firmware, particularly since they don’t have to disable Secure Boot altogether. Defaults can never be perfect for everyone, but I think that having the strongest security by default for the majority of users is the right call here.

                                                            1. 10

                                                              I doubt that it would be legal in Norway: Lock-in mechanisms (innelåsende mekanismer), hereunder missing compatibility, is unfair according to Forbrukertilsynet.

                                                              If you don’t know Forbrukertilsynet, they were the first to forbid DRM on music, for similar reasons.

                                                              1. 4

                                                                Do they forbid DRM on video?

                                                                Regarding this article, I don’t think that this is a real lock-in mechanism. It is a simple toggle to enable the shim and also another toggle that can disable secure boot altogether. I don’t think it is a lock-in to require a few keypresses to change some settings when the default is argubly more secure.

                                                                1. 1

                                                                  Yes, video shouldn’t be any different. Famously, as DVD-Jon found out, it’s not illegal to break DRM. Note that this is specifically about bought music and bought video.

                                                                  I don’t think it is a lock-in to require a few keypresses to change some settings when the default is argubly more secure.

                                                                  That sounds like a key point. But it also depends on their informational obligations: How many expectations are broken, and do you need to be Matthew Garrett to debug it? I don’t think I could have guessed “the 3rd party key” if I hadn’t read the news today. If you can’t do it with the knowledge that can be expected of a customer, well, that’s a dark pattern, which is also forbidden.

                                                                  1. 4

                                                                    I should add what I feel the law should be similar to the concept where they are required to allow it to be easily turned off so the user can actually own the machine, while at the same time be required to fix any issues that come up for that device during the lifetime + some extra duration of it (so no disabling of the functionality ten years later).

                                                                    So installing your own operating system doesn’t violate the warranty, and the warranty of a fitness for purpose includes fixing any issues booting up the device using third party software - so if you have a disk with debian on it that boots on a few other contemporary machines but doesn’t on this particular laptop - or even better multiple separate machines all being this laptop - then they are required to fix it.

                                                                    1. 4

                                                                      I think EU might be slowly getting there with the sideloading mandate. I don’t think they will explicitly cover different OSes, but the wording might be loose enough for courts to pry it wide open. Also, FSFE is probably lobbying as much as possible to include the OSes explicitly.

                                                                      1. 2

                                                                        I’m convinced they’re in as well, I’m not very hopeful. It’s going to include too many holes. If you think FSFE is lobbying, what do you think MS is doing? They’ve been proven that they abuse their monopoly and that they don’t stop on “lobbying” and go straight for bribe and corruption.

                                                                        EU might get the doors cracked a little. But wide open? I’m not hopeful.

                                                              2. 3

                                                                As the article states though, turning the 3rd-party signing key toggle on by default would not weaken the security model.

                                                                1. 3

                                                                  I think requiring users to install their own security keys in order to install Linux would be unreasonable. But IMO, having to change one toggle switch in the BIOS is fine.

                                                                  1. 3

                                                                    Yeah, I mean, slippery slope and all, but the first time I installed Linux on my computer like 20 years ago I had to fiddle with way more BIOS settings than a toggle switch. As long as I don’t have to recite incantations at the EFI shell, this just falls under the old “tinker with your machine until you get to the login prompt” dance that I do about twice during a laptop’s useful life.

                                                              1. 3

                                                                @teh_codez linked to this from another story, so I decided to spin this off into its own discussion.

                                                                This hits close to home for me right now, because in the desktop app I’m currently developing for my tiny bootstrapped SaaS company, I’ve struggled with whether to just use Electron as the third (maker) tribe would, or try to make something efficient like the second (hardware hacker) tribe would (albeit in Rust rather than C++). I would personally be much happier with the result in the second case. But it’s possible that no actual users would care (indeed, the feedback so far during the private beta suggests that they don’t, but maybe these early adopters have better hardware than some potential users). My business partner certainly wants me to go with whatever’s expedient, as the maker tribe would. Yes, it’s about being able to make money sooner, but more charitably, I also acknowledge that it’s about getting a useful product into the hands of users sooner. But all of the negativity against Electron that I’ve taken in from programmer discussion sites makes it really hard to just plow ahead like I don’t know or care what kind of crap I’ll be inflicting on my users. I wonder how common it is for solo desktop app developers (the few that are left?) to be in this position these days.

                                                                1. 3

                                                                  If I were you, I think I would go with Electron first to gauge interest. If the interest is there, then you can pivot to something more efficient as a treat to yourself.

                                                                1. 12

                                                                  The crucial part of this is how the password / master key and decrypted secrets are kept secure in memory. I hope the daemon at least stores secrets in pinned RAM and zeroes out memory when it’s freed. Are there mechanisms that keep other processes like debuggers from being able to inspect the daemon’s address space?

                                                                  (I’m not familiar with Unix key managers in general, just with Apple’s Keychain, which has pretty tight integration with the kernel and hardware trust module to keep it secure.)

                                                                  1. 23

                                                                    there is a discussion on lwn about this between the author and mjg59. https://lwn.net/Articles/893327/

                                                                    1. 36

                                                                      Welp, that’s Drew in a nutshell. He’s a very productive and innovative programmer doing fascinating & crucial work, and also a dick. I keep hoping he’ll tone down his confrontational tone, because I’m a fan of his work, but his stuff won’t last or be widely adopted if he can’t build a strong community around it. Sadly his behavior never changes, and it’s always driving people away who might otherwise be receptive to his projects and messages.

                                                                      Here it comes with the additional downside that he can’t process legitimate criticism, which will interfere with his project being as good as it could be.

                                                                      For anyone who doesn’t feel like reading the thread, mjg59 points out that the security feature for storing keys securely (keeping them out of memory space) only works on Linux, yet Hare works on other operating systems (like BSD). Drew considers this a feature, not a bug, calling it opportunistic improvements in security. Various people suggest it would be better to refuse to do the thing if it isn’t secure, that opportunistic improvements allow adversaries to target systems that lack the security feature, and it’s very hard for end users to know if a programmer used the library correctly (in this case, only on Linux). The conversation doesn’t really proceed further, in part because Drew calls people asking him to engage with mjg59 and/or his criticisms “hero worship”.

                                                                      1. 20

                                                                        Thanks very much, I have the feeling you’ve just saved me half an hour of stressful reading. :)

                                                                        1. 6

                                                                          I think you are being far ruder by calling someone ‘a dick’ on a forum where they can’t defend themselves. Probably better to say nothing.

                                                                          1. 9

                                                                            In case there’s some variation of English slang causing confusion here, I meant “dick” as shorthand for “not careful with the feelings of others”. I think this is just objectively true, an accurate description of his actions, or the pattern of his actions over time.

                                                                            But you raise a valid point: I could have used more polite language, which could improve clarity, and been more gentle with my tone, at the cost of some emotional content. I think often in communication there is a conflict between genuinely communicating your emotions as you’re feeling them, versus realizing that your current emotions may be unhelpful and taking time until you can communicate something else genuinely instead.

                                                                            1. 2

                                                                              Why can’t he defend himself here?

                                                                              https://lobste.rs/u/ddevault oh

                                                                            2. 5

                                                                              I’m normally pretty biased against Drew for the same reasons, but it seems to me like mjg59 is the aggressor here.

                                                                              Drew explained his rationale, and then more-or-less said “let’s agree to disagree on this.” However rather than letting it go, everyone just kept pushing, stating the same points over and over in an incredibly harsh and disrespectful tone.

                                                                              They all obviously had some valid concerns (which I agree with), but in this context it’s borderline trolling, and Drew handled it fairly well given the circumstances.

                                                                              1. 8

                                                                                Maybe it’s ethically derelict to build and release a language which regresses the state of the art in memory safety.

                                                                                1. 3

                                                                                  Everything’s a tradeoff. Rust’s borrow checker is one tool of many for helping programmers write correct code, not a moral imperative for all new systems languages. Plenty of thoughtful programmers are skeptical about the effectiveness of Rust’s approach to memory safety, and the cost of that approach with regard to other things that are important, like comprehensibility. For example, see this HN thread from Ron Pressler. Maybe he’s right; maybe he’s wrong. My point is that the question is by no means settled enough that a language designer rejecting Rust’s approach to memory safety should be considered ethically derelict.

                                                                              2. 3

                                                                                but his stuff won’t last or be widely adopted if he can’t build a strong community around it. Sadly his behavior never changes, and it’s always driving people away who might otherwise be receptive to his projects and messages.

                                                                                And yet: https://drewdevault.com/2022/03/14/It-takes-a-village.html

                                                                                I hope to one day be as successful at building a community.

                                                                                1. 12

                                                                                  This is a fair point. Drew’s projects have communities built around them, bigger and more cohesive than anything I’ve built, for sure. Maybe that’s good enough, Drew has hit his goals, and he can afford to antagonize whoever comes across on the internet; perhaps his work has enough reach, and wouldn’t benefit from attracting more or different kinds of people.

                                                                                  I’m reminded of an old article about Usain Bolt, the fastest man in the world (still? Certainly when it was written), and how in one famous record-setting race, he turned around, saw that no one else was close to him, and coasted the rest of the way to the finish line. The piece suggested that this was representative of his approach to running in general. It then asked (as many have before and since) how fast could Usain Bolt run if he actually tried? https://www.esquire.com/sports/a7058/usain-bolt-bio-0410/

                                                                                  Well, how much community could Drew build if he, like, stepped away from the keyboard for a few minutes every time he was about to flame, insult, or even threaten people? Does it matter?

                                                                                  In actuality, we know that Drew has not hit all of his goals, and he is not entirely happy with the status quo. https://drewdevault.com/2022/05/30/bleh.html Drew has been so abrasive to so many people that now even members of his communities who are simply using his stuff get grief for being willing to work with him. He’s unhappy about that, he says he’s working to improve, and he asks for another chance. He recognizes a problem and claims to want to address it. But every time I look at new work from him, there’s new examples of him being a dick.

                                                                                  In other words, he’s already successful in building community, yes, but I think his abrasiveness is the biggest obstacle to further improvements, and Drew might even agree with that statement.

                                                                                  1. 7

                                                                                    If people are harassing his users, perhaps blaming the harassers rather than the victims is in order.

                                                                                    1. 2

                                                                                      Harassing them isn’t good. But I get the point that you try to distance yourself from people which defend (or introduce) the project of a person you really don’t want to get involved with.

                                                                                2. 1

                                                                                  Oh, it’s the Hare guy. I feel like he’s actively harmful to the image of whatever project will employ his aid and just having him there is detrimental regardless of his technical ability.

                                                                                  1. 1

                                                                                    Do you know him?

                                                                                    1. 5

                                                                                      I know his opinions that get loudly posted on every message board such as here (before he was banned for his self-promotion) and reddit, in addition to his bad behavior such as what is showcased here.

                                                                                      In short, I would never willingly use his products or work with him after these exposures 🤷🏽‍♂️

                                                                                      1. 4

                                                                                        I know his opinions that get loudly posted on every message board such as here (before he was banned for his self-promotion) and reddit, in addition to his bad behavior such as what is showcased here.

                                                                                        And yet, Torvalds got a pass for many, many years. The man has a history of terrible public statements, E.G., referring to OpenBSD developers as masturbating monkeys. He has been downright abusive to many, including contributors to his projects. Examples are numerous. I’m more than happy to cite. I challenge anyone to show me just one example of where Drew Devault has displayed these levels of wanton cruelty.

                                                                                        One could be forgiven for thinking that there might be some double standards in the free software community. Torvalds is a darling of the corporate types, and as another horrible, cruel person once said: when you’re a star, they let you do it. You can do anything…

                                                                                3. 7

                                                                                  What a rude comment thread. The module that people are piling in on Drew about is clearly documented to do what it does (with the caveat that it doesn’t say which kernels it provides security on).

                                                                                  The readme is 4 paragraphs long and the code is like 50 low-density lines, it’s not like this info is hidden.

                                                                                  1. 16

                                                                                    One shouldn’t be required to read the program’s source, and the docs of the APIs it calls, to know whether it’s fit for purpose. Especially when this is a security-related feature.

                                                                                    1. 5

                                                                                      Even more: If such security can’t be guaranteed I may as well store my secrets in plaintext, that way I don’t get a false sense of security. (At the end of the day I’ll be vulnerable every time I decrypt my secrets. And if they are ever flushed to disk I’m vulnerable forever.)

                                                                                      1. 2

                                                                                        The comment thread isn’t about the application himitsu, though. The starting post in that comment thread specifically asks about the API and links to it:

                                                                                        https://git.sr.ht/~sircmpwn/hare/tree/master/item/crypto/keystore - as an app developer targeting the standard library, how do I know whether or not my keys are going to be stored securely or not?

                                                                                        The API is specifically documented as being “low-level” and “not recommended for non-experts”. In the context of talking about this API, I think that:

                                                                                        1. It is reasonable to expect the developer-users of this API to read the documentation and if it is not clear, the source code.
                                                                                        2. mjg59’s comments are kind of overblown, and other people in the thread are worse. The API doesn’t do what mjg59 would prefer, and maybe mjg59’s core suggestion of refusing to store a value if it cannot be stored securely is better, but I think it is definitely arguable and either way the tone was very heavy handed from the beginning.

                                                                                        Personally, I think that there should be an API for testing if values can be stored securely, but it doesn’t necessarily have to live in this module for this thing to be useful. Maybe it makes more sense to group those capability-reporting functions somewhere else.

                                                                                        1. 1

                                                                                          OK, that makes more sense; I didn’t know the comments were about the API.

                                                                                      2. 21

                                                                                        It’s really funny how different your impression of that thread is from mine. I think one comment summed it up well:

                                                                                        You don’t have to keep engaging with mjg59 if you don’t want to, but belittling people who agree with them as mere hero worshipers is beyond the pale. Remember that in asking us to use your language, you’re asking us to also trust you in your stewardship of that language and how you’ll respond to our concerns and needs as the maintainer. Seeing you attack people so aggressively out of the gate is not a confidence boosting start.

                                                                                        1. 4

                                                                                          Yeah, obviously I disagree and I don’t think it’s worth talking about much further. I thought Drew was fairly courteous, and the comment he called out as hero worship certainly seems hyperbolic to me:

                                                                                          Someone who does not feel intensely motivated to learn from mjg59’s freely offered expertise has no legitimate claim on anyone’s attention.

                                                                                          Like, that’s a ridiculous claim. We can call attention to someone’s expertise without saying such silly things.

                                                                                    2. 1

                                                                                      Are there mechanisms that keep other processes like debuggers from being able to inspect the daemon’s address space?

                                                                                      I was under the impression (from when I last did some game hacking) that you need root to read another process’s memory (Linux). So it should be fine? Now that you mention debuggers, I don’t remember having to escalate to root for gdb to work - I wonder what the reason is.

                                                                                      1. 3

                                                                                        This is true only for other users’ processes. You can gcore your own process just fine, and this is part of the problem - if you’re on an effectively single-user system, like many are, there’s no protection. All your programs are running as the same user anyway.

                                                                                        1. 1

                                                                                          Is gdb setuid to root, or does it use a helper tool that is?

                                                                                          I know on MacOS you need to enter an admin password to authorize Xcode / lldb the first time you start a debugger after rebooting. And there are processes that cannot be attached to even if you run a debugger as root.

                                                                                          1. 1

                                                                                            The second constraint is imposed by processes protected by macOS System Integrity Protection. The first I believe has to do with entitlements to attach to another process, but that’s just off the top of my head and I could be wrong.

                                                                                            Regardless, Linux has neither of these protections. Debuggers run as normal user programs and do not require special authorization.

                                                                                      1. 3

                                                                                        So in order to make your site slightly more accessible to screen readers, you’ll make it completely inaccessible to browsers without JavaScript?

                                                                                        1. 6

                                                                                          i was born without javascript and life has been so hard for me

                                                                                          1. 2

                                                                                            Accessibility isn’t just about disorders.

                                                                                            1. 6

                                                                                              I think @river’s point is that it’s most important to accommodate limitations due to circumstances beyond the user’s control. And these are limitations that can prevent people from getting or keeping a job, pursuing an education, and doing other really important things. In all cases that I’m aware of, at least within the past 15 years or so, complete lack of JavaScript is a user choice, primarily made by very techy people who can easily reverse that choice when needed. The same is obviously not the case for blindness or other disabilities. Of course, excessive use of JavaScript hurts poor people, but that’s not what we’re talking about here.

                                                                                              1. 1

                                                                                                If using <details> made the site impossible to use for blind people, that would obviously be much more important, but here the complaint is that… the screen reader reads it slightly wrong? Is that even a fault of the website?

                                                                                                1. 4

                                                                                                  Fair point. Personally, I wouldn’t demand, or even request, that web developers use JavaScript to work around this issue, which is probably a browser bug, particularly since it doesn’t actually block access to the site.

                                                                                                  On the other hand, if a web developer decides to use JavaScript to improve the experience of blind people, I wouldn’t hold it against them. IMO, making things easier for a group of people who, as @river pointed out, do have it more difficult due to circumstances beyond their control, is more important than not annoying the kind of nerd who chooses to disable JS.

                                                                                                  1. 1

                                                                                                    Well, disabling JS is not always a choice. Some browsers, such as Lynx or NetSurf, don’t support it. But yeah, I generally agree.

                                                                                                    1. 3

                                                                                                      I suppose it’s possible that some people have no choice but to use Lynx or Netsurf because they’re stuck with a very old computer. But for the most part, it seems to me that these browsers are mostly used by tech-savvy people who can, and perhaps sometimes do, choose to use something else.

                                                                                                      1. 3

                                                                                                        I suppose it’s possible that some people have no choice but to use Lynx or Netsurf because they’re stuck with a very old computer. But for the most part, it seems to me that these browsers are mostly used by tech-savvy people who can, and perhaps sometimes do, choose to use something else.

                                                                                                        And what percentage of those lynx users is tech-savvy blind people? Or blind people who are old and have no fucks left to give about chasing the latest tech? There are, for instance, blind people out there who still use NetTamer with DOS. DOS, in 2022. I’m totally on board with their choice to do that. Some of these folks aren’t particularly tech savvy either. They learned a thing and learned it well, and so that’s what they use.

                                                                                                        1. 1

                                                                                                          Many users who need a significant degree of privacy will also be excluded, as JavaScript is a major fingerprinting vector. Users of the Tor Browser are encouraged to stick to the “Safest” security level. That security level disables dangerous features such as:

                                                                                                          • Just-in-time compilation
                                                                                                          • JavaScript
                                                                                                          • SVG
                                                                                                          • MathML
                                                                                                          • Graphite font rendering
                                                                                                          • automatic media playback

                                                                                                          Even if it were purely a choice in user hands, I’d still feel inclined to respect it. Of course, accommodating needs should come before accommodation of wants; that doesn’t mean we should ignore the latter.

                                                                                                          Personally, I’d rather treat any features that disadvantage a marginalized group as a last-resort. I prefer selectively using <details> as it was intended—as a disclosure widget—and would rather come up with other creative alternatives to accordion patterns. Only when there’s no other option would I try a progressively-enhanced JS-enabled option. I’m actually a little ambivalent about <details> since I try to support alternative browser engines (beyond Blink, Gecko, and WebKit). Out of all the independent engines I’ve tried, the only one that supports <details> seems to be Servo.

                                                                                                          JavaScript, CSS, and—where sensible—images are optional enhancements to pages. For “apps”, progressive enhancement still applies: something informative (e.g. a skeleton with an error message explaining why JS is required) should be shown and overridden with JS.

                                                                                                          (POSSE from https://seirdy.one/notes/2022/06/27/user-choice-progressive-enhancement/)

                                                                                            2. 2

                                                                                              I mean not for not, but I’m fairly certain you can constrain what can be executed in your browser from the website.

                                                                                              I’m certainly okay with a little more JS if it means folks without sight or poorer sight can use the sites more easily.

                                                                                              1. 5

                                                                                                I’m certainly okay with a little more JS if it means folks without sight or poorer sight can use the sites more easily.

                                                                                                In my experience (the abuse of) JavaScript is what often leads to poor accessibility with screen readers. Like, why can I not upvote a story or comment on this site with either Firefox or Chromium? ISTR I can do it in Edge, but I don’t care enough to spin up a Windows VM and test my memory.

                                                                                                We need a bigger HTML, maybe with a richer set of elements or something. But declarative over imperative!

                                                                                                1. 2

                                                                                                  Like, why can I not upvote a story or comment on this site with either Firefox or Chromium?

                                                                                                  I use Firefox on desktop and have never had a problem voting or commenting here.

                                                                                                  We need a bigger HTML, maybe with a richer set of elements or something. But declarative over imperative!

                                                                                                  The fallback is always full-page reloads. If you want interactivity without that, you need a general-purpose programming language capable of capturing and expressing the logic you want; any attempt to make it fully declarative runs into a mess of similar-but-slightly-different one-off declaration types to handle all the variations on “send values from this element to that URL and update the page in this way based on what comes back”.

                                                                                                  1. 5

                                                                                                    I use Firefox on desktop and have never had a problem voting or commenting here.

                                                                                                    Yes, but do you use a screenreader? I do.

                                                                                                    The fallback is always full-page reloads. If you want interactivity without that, you need a general-purpose programming language capable of capturing and expressing the logic you want;

                                                                                                    Sure, but most web applications are not and do not need to be fully interactive. Like with this details tag we’re talking about here? It’s literally the R in CRUD and the kind of thing that could be dealt with by means of a “richer HTML”.

                                                                                              2. 1

                                                                                                On modern browsers, the <details> element functions builtin, without JS.

                                                                                                In fact that’s the entire point of adding the element.

                                                                                                1. 1

                                                                                                  Yes, and the article recommends against using <details>.

                                                                                              1. 1

                                                                                                A global event handler that relies on event bubbling to intercept all events so that we are not forced to eagerly register all events individually on specific DOM elements.

                                                                                                What about the old way of specifying event handlers in the HTML itself through attributes like onclick with inline JS? In theory, the browser could avoid evaluating that JS until the event actually occurs.

                                                                                                While a global event handler with its own routing is an effective optimization, it eliminates a technique that some screen readers have used for guessing what was meant to be clickable (or otherwise interactive), in the absence of proper accessibility information (e.g. ARIA role). Yes, it’s better to have the proper accessibility implementation, but dirty workarounds can nonetheless unblock disabled users from getting things done, and IMO frameworks shouldn’t unnecessarily prevent those workarounds.

                                                                                                I guess the big blocker now for those old HTML event handler attributes is the rise of strict content security policies.

                                                                                                1. 2

                                                                                                  The biggest problem of those is they mix behaviour/code into the declarative structure of the HTML

                                                                                                  1. 2

                                                                                                    Real-world web development has always been about doing what’s most practical. The rise of HTML5 over XHTML was an endorsement, at least an implicit one, of this pragmatism.

                                                                                                    1. 1

                                                                                                      HTML5 contains many of the same improvements as XHTML1.1 (and itself contains XHTML5 of course), including the deprecation of framesets, new form features, and proper section/heading structuring. It doesn’t promote using inline JavaScript any more than other HTML specs as far as I can tell?

                                                                                                      1. 1

                                                                                                        IIUC, though, HTML5 dropped the distinction between strict and transitional. That signals to me that the old attempts to purify HTML, going back to HTML 4.0, are no longer relevant.

                                                                                                        1. 2

                                                                                                          strict and transitional was an upgrade path. HTML5 rips the band-aid off and says “only the new parser is correct, everything else is wrong”

                                                                                                1. 5

                                                                                                  I think the title might not accurately reflect the true content of the article. When I first encountered the title, I was ready to fire off a reply about how personal computers are, in fact, liberating for some people, e.g. blind people who previously couldn’t independently read anything that hadn’t been translated into braille. I think the article has a valid point about computers making decisions affecting people who have no control over those computers. But a personal computer under the control of its user is simply a tool in that person’s hands.

                                                                                                  1. 5

                                                                                                    I don’t agree with the content of the article either. A computer that isn’t under your control can still be influenced. If the subway doors close on you in New York, you can open them by force with your hands and step inside. With enough effort, Juicero machines can be modded to accept general purpose juice bags. And Bitcoin, above everything else, is a political movement. If Bitcoin didn’t have users, it would not have any power.

                                                                                                    I think OP’s frustration lies with the ruthlessness of the society we find ourselves in. Where we have poorly designed subways that are not only slow and dirty, but can’t understand that someone is running towards the doors. We live in a society where there are incentives in place that made Juicero a seemingly legitimate business opportunity. We live in a society with an monetary system that is so incredibly decrepit and corrupt, that it necessitated the creation of a trustless currency like Bitcoin by an anonymous author, since if Satoshi wasn’t anonymous he surely would be in prison.

                                                                                                    1. 2

                                                                                                      If the subway doors close on you in New York, you can open them by force with your hands and step inside

                                                                                                      I once rode the Washington DC metro with my bookbag on the outside of the train. Not all metros are as forgiving as New York’s.

                                                                                                      Funnily enough that helps make your point. Just because it’s a machine doesn’t mean it has to be ruthless.

                                                                                                      1. 1

                                                                                                        Author here. Since I have a hobby of watching train doors, I tend to end up profiling their behaviour. There’s quite a bit of variation.

                                                                                                        Subway trains usually have very “dumb” doors which will only reopen if the driver manually does so (which they’re only likely to do if the interlock doesn’t close promptly and they get tired of waiting.) If obstructed they will generally just knaw on whatever’s in their way until the obstruction clears, in some cases with quite significant force. This may be changing on newer trains.

                                                                                                        Non-subway trains usually are smarter and will cycle if blocked. They’re still more menacing than elevator doors, there are no sensors, you do have to actually resist them. However I’ve noticed on newer models (in the UK) some kind of “partial reopen” feature: if you obstruct the door, it will reopen halfway, wide enough for you to get your arm or a bag strap out, but not to get through. As far as I can tell this appears to be a deliberately designed feature on newer trains to make them more ruthless in this regard.

                                                                                                        1. 3

                                                                                                          Every design must be deliberate, but how is this more ruthless? You get your arm or bag.

                                                                                                          It’s been a while since I took the Helsinki metro, but you could grab the edges of closing doors and yank to make them open. I’ve done it :/

                                                                                                          The central railway station was particularly bad at times when half the city seemed to do that, delaying departures, overcrowding the interior and causing announcements not to do that.

                                                                                                          There aren’t/weren’t turnstiles or such, so many people risked a fine, not even paying for the grief.

                                                                                                          Opening the door completely is oppressive to anyone wanting to get moving, half-way is less.

                                                                                                    1. 8

                                                                                                      I assume this is real, and not satire.

                                                                                                      I worked at Google for a while, and the one thing that really struck me, aside from the terrible way[1] they treat their non-tech service-work employees, is the way so many engineers lived in this bubble of distorted reality. This post is redolent with that Silicon Valley mindset. If this class of thinkers had their way, one wouldn’t be able to wipe one’s butt without a high-speed connection to the Internet uploading an analysis of the fecal matter to some cloud service operated by Valleyites.

                                                                                                      [1] As these things go, there are very many far worse places to do service work than Google. But if you’re a Google employee, you should get to know some of the non-tech staff and get an idea of how they live and work. There is a bifurcated working class there, engineers and everyone else.

                                                                                                      1. 10

                                                                                                        Some years ago I was working at a health-care company which did a lot of things “old fashioned”, meaning by phone, fax, or even physical mail, and a recurring question the tech staff asked of upper management was why we didn’t have a mobile app. I remember in particular one meeting where that was asked, and a C-level explained — not scornfully, but patiently and getting the point across — that a lot of the people we were trying to help were in situations where they would have to choose which utility bill to pay off each month and which one to leave unpaid and risk a shutoff, and as a result smartphone apps would be unlikely to be of much use to them.

                                                                                                        1. 2

                                                                                                          On the other hand, an app (be it native or web) would provide one interface that could be used by blind people, deaf people, mobility-impaired people, etc., as well as everyone else who can afford some kind of computer or access one temporarily.

                                                                                                      1. 4

                                                                                                        Influenced by the above post, what are some good formally-specified minimal imperative languages that folks here know? Constraining an execution model for formal reasoning seems like it would scratch both the constrained programming itch and give you the safety to reason about your program in ways that just the human brain can’t. Are there examples of these?

                                                                                                        1. 5

                                                                                                          How about Scheme?

                                                                                                          1. 2

                                                                                                            I know that Scheme can be written idiomatically quite imperatively and there are a lot of minimal scheme implementations. This wasn’t quite what I meant by “imperative language”, but still, are there formally verified subsets of Scheme? That would be quite cool.

                                                                                                            1. 2

                                                                                                              I’m curious in which ways scheme doesn’t fit your idea of “imperitive language”?

                                                                                                              1. 3

                                                                                                                It fits in every way that matters, just wasn’t what I “expected” when I wrote the question. The reason being that I was envisioning a bit of mechanical sympathy with the code I wrote and the processor, but of course by doing that I fell into the same trap as so many others with these minimal languages. Mechanical sympathy is not the same as minimal.

                                                                                                                I’d be happy with a formal, minimal Scheme to play with. Bonus points if it tends to reduce to performant instructions, but a formal, minimal Scheme is plenty.

                                                                                                              2. 1

                                                                                                                Verified in what sense?

                                                                                                                1. 1

                                                                                                                  Formally verifiable, meaning either:

                                                                                                                  1. We can translate this minimal Scheme code into something an automated theorem-prover can work with, and let it rip.

                                                                                                                  2. If 1 isn’t possible, then a Scheme that renders minimally to theorem prover clauses that an author has to prove on their own in the prover.

                                                                                                                  I’m guessing we’re at a state where 2 is doable but 1 is not yet, but I haven’t payed as much attention here as I should, so I’m curious.

                                                                                                                    1. 1

                                                                                                                      This is awesome, thanks!

                                                                                                            2. 2

                                                                                                              Depending how “simple” you want there is wasm

                                                                                                            1. 1

                                                                                                              @jart What do you think about using 32-bit x86 as your universal ISA as opposed to x86-64? I suppose that would rule out modern Mac? It would halve pointer sizes, though.

                                                                                                              I’m thinking about this in light of this recently published critique of the uxn virtual machine. It seems to me that the best way to achieve uxn’s stated goal of salvage computing, as opposed to implementing a retro-style VM (though that’s certainly a fun project), is to target x86, since there are so many unused x86 boxes out there. And many of those are 32-bit.

                                                                                                              1. 3

                                                                                                                I think older computers deserve a home where they can be happy healthy and useful. My focus is less towards salvage and more towards working my way up to being able to host things like AVX scientific computing workloads. That’s one of the reasons why we have Python. It’s about solving the toil problem.

                                                                                                              1. 16

                                                                                                                In some ways, high-level languages with package systems are to blame for this. I normally code in C++ but recently needed to port some code to JS, so I used Node for development. It was breathtaking how quickly my little project piled up hundreds of dependent packages, just because I needed to do something simple like compute SHA digests or generate UUIDs. Then Node started warning me about security problems in some of those libraries. I ended up taking some time finding alternative packages with fewer dependencies.

                                                                                                                On the other hand, I’m fairly sympathetic to the way modern software is “wasteful”. We’re trading CPU time and memory, which are ridiculously abundant, for programmer time, which isn’t. It’s cool to look at how tiny and efficient code can be — a Scheme interpreter in 4KB! The original Mac OS was 64KB! — but yowza, is it ever difficult to code that way.

                                                                                                                There was an early Mac word processor — can’t remember the name — that got a lot of love because it was super fast. That’s because they wrote it in 68000 assembly. It was successful for some years, but failed by the early 90s because it couldn’t keep up with the feature set of Word or WordPerfect. (I know Word has long been a symbol of bloat, but trust me, Word 4 and 5 on Mac were awesome.) Adding features like style sheets or wrapping text around images took too long to implement in assembly compared to C.

                                                                                                                The speed and efficiency of how we’re creating stuff now is crazy. People are creating fancy OSs with GUIs in their bedrooms with a couple of collaborators, presumably in their spare time. If you’re up to speed with current Web tech you can bring up a pretty complex web app in a matter of days.

                                                                                                                1. 24

                                                                                                                  I don’t know, I think there’s more to it than just “these darn new languages with their package managers made dependencies too easy, in my day we had to manually download Boost uphill both ways” or whatever. The dependencies in the occasional Swift or Rust app aren’t even a tenth of the bloat on my disk.

                                                                                                                  It’s the whole engineering culture of “why learn a new language or new API when you can just jam an entire web browser the size of an operating system into the application, and then implement your glorified scp GUI application inside that, so that you never have to learn anything other than the one and only tool you know”. Everything’s turned into 500megs worth of nail because we’ve got an entire generation of Hammer Engineers who won’t even consider that it might be more efficient to pick up a screwdriver sometimes.

                                                                                                                  We’re trading CPU time and memory, which are ridiculously abundant, for programmer time, which isn’t

                                                                                                                  That’s the argument, but it’s not clear to me that we haven’t severely over-corrected at this point. I’ve watched teams spend weeks poking at the mile-high tower of leaky abstractions any react-native mobile app teeters atop, just to try to get the UI to do what they could have done in ten minutes if they’d bothered to learn the underlying platform API. At some point “make all the world a browser tab” became the goal in-and-of-itself, whether or not that was inefficient in every possible dimension (memory, CPU, power consumption, or developer time). It’s heretical to even question whether or not this is truly more developer-time-efficient anymore, in the majority of cases – the goal isn’t so much to be efficient with our time as it is to just avoid having to learn any new skills.

                                                                                                                  The industry didn’t feel this sclerotic and incurious twenty years ago.

                                                                                                                  1. 7

                                                                                                                    It’s heretical to even question whether or not this is truly more developer-time-efficient anymore

                                                                                                                    And even if we set that question aside and assume that it is, it’s still just shoving the costs onto others. Automakers could probably crank out new cars faster by giving up on fuel-efficiency and emissions optimizations, but should they? (Okay, left to their own devices they probably would, but thankfully we have regulations they have to meet.)

                                                                                                                    1. 1

                                                                                                                      left to their own devices they probably would, but thankfully we have regulations they have to meet.

                                                                                                                      Regulations. This is it.

                                                                                                                      I’ve long believed that this is very important in our industry. As earlier comments say, you can make a complex web app after work in a weekend. But then there are people, in the mentioned above autoindustry, that take three sprints to set up a single screen with a table, a popup, and two forms. That’s after they pulled in the internet worth of dependencies.

                                                                                                                      On the one hand, we don’t want to be gatekeeping. We want everyone to contribute. When dhh said we should stop celebrating incompetence, majority of people around him called this gatekeeping. Yet when we see or say something like this - don’t build bloat or something along the line - everyone agrees.

                                                                                                                      I think the middle line should be in between. Let individuals do whatever the hell they want. But regulate “selling” stuff for money or advertisement eyeballs or anything similar. If an app is more then x MB (some reasonable target), it has to get certified before you can publish it. Or maybe, if a popular app does. Or, if a library is included in more then X, then that lib either gets “certified”, or further apps using it are banned.

                                                                                                                      I am sure that is huge, immensely big, can of worms. There will be many problems there. But if we don’t start cleaning up shit, it’s going to pile up.

                                                                                                                      A simple example - if controversial - is Google. When they start punishing a webapp for not rendering within 1 second, everybody on internet (that wants to be on top of google) starts optimizing for performance. So, it can be done. We just have to setup - and maintain - a system that deals with the problem ….well, systematically.

                                                                                                                    2. 1

                                                                                                                      why learn a new language or new API when you can just jam an entire web browser the size of an operating system into the application

                                                                                                                      Yeah. One of the things that confuses me is why apps bundle a browser when platforms already come with browsers that can easily be embedded in apps. You can use Apple’s WKWebView class to embed a Safari-equivalent browser in an app that weighs in at under a megabyte. I know Windows has similar APIs, and I imagine Linux does too (modulo the combinatorial expansion of number-of-browsers times number-of-GUI-frameworks.)

                                                                                                                      I can only imagine that whoever built Electron felt that devs didn’t want to deal with having to make their code compatible with more than one browser engine, and that it was worth it to shove an entire copy of Chromium into the app to provide that convenience.

                                                                                                                      1. 1

                                                                                                                        Here’s an explanation from the Slack developer who moved Slack for Mac from WebKit to Electron. And on Windows, the only OS-provided browser engine until quite recently was either the IE engine or the abandoned EdgeHTML.

                                                                                                                    3. 10

                                                                                                                      On the other hand, I’m fairly sympathetic to the way modern software is “wasteful”. We’re trading CPU time and memory, which are ridiculously abundant, for programmer time, which isn’t.

                                                                                                                      The problem is that your dependencies can behave strangely, and you need to debug them.

                                                                                                                      Code bloat makes programs hard to debug. It costs programmer time.

                                                                                                                      1. 3

                                                                                                                        The problem is that your dependencies can behave strangely, and you need to debug them.

                                                                                                                        To make matters worse, developers don’t think carefully about which dependencies they’re bothering to include. For instance, if image loading is needed, many applications could get by with image read support for one format (e.g. with libpng). Too often I’ll see an application depend on something like ImageMagick which is complete overkill for that situation, and includes a ton of additional complex functionality that bloats the binary, introduces subtle bugs, and wasn’t even needed to begin with.

                                                                                                                      2. 10

                                                                                                                        On the other hand, I’m fairly sympathetic to the way modern software is “wasteful”. We’re trading CPU time and memory, which are ridiculously abundant, for programmer time, which isn’t.

                                                                                                                        The problem is that computational resources vs. programmer time is just one axis along which this tradeoff is made: some others include security vs. programmer time, correctness vs. programmer time, and others I’m just not thinking of right now I’m sure. It sounds like a really pragmatic argument when you’re considering your costs because we have been so thoroughly conditioned into ignoring our externalities. I don’t believe the state of contemporary software would look like it does if the industry were really in the habit of pricing in the costs incurred by others in addition to their own, although of course it would take a radically different incentive landscape to make that happen. It wouldn’t look like a code golfer’s paradise, either, because optimizing for code size and efficiency at all costs is also not a holistic accounting! It would just look like a place with some fewer amount of data breaches, some fewer amount of corrupted saves, some fewer amount of Watt-hours turned into waste heat, and, yes, some fewer amount of features in the case where their value didn’t exceed their cost.

                                                                                                                        1. 7

                                                                                                                          We’re trading CPU time and memory, which are ridiculously abundant, for programmer time, which isn’t

                                                                                                                          But we aren’t. Because modern resource-wastfull software isn’t really realeased quicker. Quite the contrary, there is so much development overhead that we don’t see those exciting big releases anymore with a dozen of features every ones loves at first sight. They release new features in microscopic increments so slowly that hardly any project survives 3-5 years without becoming obsolete or out of fashion.

                                                                                                                          What we are trading is quality, by quantity. We lower the skill and knowledge barrier so much to acompdate for millions of developers that “learned how tonprogra in one week” and the results are predictably what this post talks about.

                                                                                                                          1. 6

                                                                                                                            I’m as much against bloat as everyone else (except those who make bloated software, of course—those clearly aren’t against it). However, it’s easy to forget that small software from past eras often couldn’t do much. The original Mac OS could be 64KB, but no one would want to use such a limited OS today!

                                                                                                                            1. 5

                                                                                                                              The original Mac OS could be 64KB, but no one would want to use such a limited OS today!

                                                                                                                              Seems some people (@neauoire) do want exactly that: https://merveilles.town/@neauoire/108419973390059006

                                                                                                                              1. 6

                                                                                                                                I have yet to see modern software that is saving the programmer’s time.

                                                                                                                                I’m here for it, I’ll be cheering when it happens.

                                                                                                                                This whole thread reminds me of a little .txt file that came packaged into DawnOS.

                                                                                                                                It read:

                                                                                                                                Imagine that software development becomes so complex and expensive that no software is being written anymore, only apps designed in devtools. Imagine a computer, which requires 1 billion transistors to flicker the cursor on the screen. Imagine a world, where computers are driven by software written from 400 million lines of source code. Imagine a world, where the biggest 20 technology corporation totaling 2 million employees and 100 billion USD revenue groups up to introduce a new standard. And they are unable to write even a compiler within 15 years.

                                                                                                                                “This is our current world.”

                                                                                                                                1. 11

                                                                                                                                  I have yet to see modern software that is saving the programmer’s time.

                                                                                                                                  People love to hate Docker, but having had the “pleasure” of doing everything from full-blown install-the-whole-world-on-your-laptop dev environments to various VM applications that were supposed to “just work”… holy crap does Docker save time not only for me but for people I’m going to collaborate with.

                                                                                                                                  Meanwhile, programmers of 20+ years prior to your time are equally as horrified by how wasteful and disgusting all your favorite things are. This is a never-ending cycle where a lot of programmers conclude that the way things were around the time they first started (either programming, or tinkering with computers in general) was a golden age of wise programmers who respected the resources of their computers and used them efficiently, while the kids these days have no respect and will do things like use languages with garbage collectors (!) because they can’t be bothered to learn proper memory-management discipline like their elders.

                                                                                                                                  1. 4

                                                                                                                                    I’m of the generation that started programming at the tail end of ruby, and Objective-C, and I would definitely not call this the golden age, if anything, looking back at this period now it looks like mid-slump.

                                                                                                                                  2. 4

                                                                                                                                    I have yet to see modern software that is saving the programmer’s time.

                                                                                                                                    What’s “modern”? Because I would pick a different profession if I had to write code the way people did prior to maybe the late 90s (at minimum).

                                                                                                                                    Edit: You can pry my modern IDEs and toolchains from my cold, dead hands :-)

                                                                                                                              2. 6

                                                                                                                                Node is an especially good villain here because JavaScript has long specifically encouraged lots of small dependencies and has little to no stdlib so you need a package for near everything.

                                                                                                                                1. 5

                                                                                                                                  It’s kind of a turf war as well. A handful of early adopters created tiny libraries that should be single functions or part of a standard library. Since their notoriety depends on these libraries, they fight to keep them around. Some are even on the boards of the downstream projects and fight to keep their own library in the list of dependencies.

                                                                                                                                2. 6

                                                                                                                                  We’re trading CPU time and memory, which are ridiculously abundant

                                                                                                                                  CPU time is essentially equivalent to energy, which I’d argue is not abundant, whether at the large scale of the global problem of sustainable energy production, or at the small scale of mobile device battery life.

                                                                                                                                  for programmer time, which isn’t.

                                                                                                                                  In terms of programmer-hours available per year (which of course unit-reduces to active programmers), I’m pretty sure that resource is more abundant than it’s ever been any point in history, and only getting more so.

                                                                                                                                  1. 2

                                                                                                                                    CPU time is essentially equivalent to energy

                                                                                                                                    When you divide it by the CPU’s efficiency, yes. But CPU efficiency has gone through the roof over time. You can get embedded devices with the performance of some fire-breathing tower PC of the 90s, that now run on watch batteries. And the focus of Apple’s whole line of CPUs over the past decade has been power efficiency.

                                                                                                                                    There are a lot of programmers, yes, but most of them aren’t the very high-skilled ones required for building highly optimal code. The skills for doing web dev are not the same as for C++ or Rust, especially if you also constrain yourself to not reaching for big pre-existing libraries like Boost, or whatever towering pile of crates a Rust dev might use.

                                                                                                                                    (I’m an architect for a mobile database engine, and my team has always found it very difficult to find good developers to hire. It’s nothing like web dev, and even mobile app developers are mostly skilled more at putting together GUIs and calling REST APIs than they are at building lower-level model-layer abstractions.)

                                                                                                                                  2. 2

                                                                                                                                    Hey, I don’t mean to be a smart ass here, but I find it ironic that you start your comment blaming the “high-level languages with package systems” and immediately admit that you blindly picked a library for the job and that you could solve the problem just by “taking some time finding alternative packages with fewer dependencies”. Does not sound like a problem with neither the language nor the package manager honestly.

                                                                                                                                    What would you expect the package manager to do here?

                                                                                                                                    1. 8

                                                                                                                                      I think the problem in this case actually lies with the language in this case. Javascript has such a piss-poor standard library and dangerous semantics (that the standard library doesn’t try to remedy, either) that sooner, rather than later, you will have a transient dependency on isOdd, isEven and isNull because even those simple operations aren’t exactly simple in JS.

                                                                                                                                      Despite being made to live in a web browser, the JS standard library has very few affordances to working with things like URLs, and despite being targeted toward user interfaces, it has very few affordances for working with dates, numbers, lists, or localisations. This makes dependency graphs both deep and filled with duplicated efforts since two dependencies in your program may depend on different third-party implementations of what should already be in the standard library, themselves duplicating what you already have in your operating system.

                                                                                                                                      1. 2

                                                                                                                                        It’s really difficult for me to counter an argument that it’s basically “I don’t like JS”. The question was never about that language, it was about “high-level languages with package systems” but your answer hyper focuses on JS and does not address languages like python for example, that is a “high-level language with a package system”, which also has an “is-odd” package (which honestly I don’t get what that has to do with anything).

                                                                                                                                        1. 1

                                                                                                                                          The response you were replying to was very much about JS:

                                                                                                                                          In some ways, high-level languages with package systems are to blame for this. I normally code in C++ but recently needed to port some code to JS, so I used Node for development. It was breathtaking how quickly my little project piled up hundreds of dependent packages, just because I needed to do something simple like compute SHA digests or generate UUIDs.

                                                                                                                                          For what it’s worth, whilst Python may have an isOdd package, how often do you end up inadvertently importing it in Python as opposed to “batteries-definitely-not-included” Javascript? Fewer batteries included means more imports by default, which themselves depend on other imports, and a few steps down, you will find leftPad.

                                                                                                                                          As for isOdd, npmjs.com lists 25 versions thereof, and probably as many isEven.

                                                                                                                                          1. 1

                                                                                                                                            and a few steps down, you will find leftPad

                                                                                                                                            What? What kind of data do you have to back up a statement like this?

                                                                                                                                            You don’t like JS, I get it, I don’t like it either. But the unfair criticism is what really rubs me the wrong way. We are technical people, we are supposed to make decisions based on data. But this kind of comments that just generates division without the slightest resemblance of a solid argument do no good to a healthy discussion.

                                                                                                                                            Again, none of the arguments are true for js exclusively. Python is batteries included, sure, but it’s one of the few. And you conveniently leave out of your quote the part when OP admits that with a little effort the “problem” became a non issue. And that little effort is what we get paid for, that’s our job.

                                                                                                                                      2. 3

                                                                                                                                        I’m not blaming package managers. Code reuse is a good idea, and it’s nice to have such a wealth of libraries available.

                                                                                                                                        But it’s a double edged sword. Especially when you use a highly dynamic language like JS that doesn’t support dead-code stripping or build-time inlining, so you end up having to copy an entire library instead of just the bits you’re using.

                                                                                                                                      3. 1

                                                                                                                                        On the other hand, I’m fairly sympathetic to the way modern software is “wasteful”. We’re trading CPU time and memory, which are ridiculously abundant, for programmer time, which isn’t.

                                                                                                                                        We’re trading CPU and memory for the time of some programmers, but we’re also adding the time of other programmers onto the other side of the balance.

                                                                                                                                        1. 1

                                                                                                                                          I definitely agree with your bolded point - I think that’s the main driver for this kind of thing.

                                                                                                                                          Things change if there’s a reason for them to be changed. The incentives don’t really line up currently to the point where it’s worth it for programmers/companies to devote the time to optimize things that far.

                                                                                                                                          That is changing a bit already, though. For example, performance and bundle size are getting seriously considered for web dev these days. Part of the reason for that is that Google penalizes slow sites in their rankings - a very direct incentive to make things faster and more optimized!

                                                                                                                                        1. 6

                                                                                                                                          These sorts of articles always rub me the wrong way. Assuming that so many people are just blinkered idiots that don’t know what they’re doing is pretty uncharitable. A couple other hypotheses that might explain so-called “bloat” that don’t require all modern developers to be incompetent babies:

                                                                                                                                          • the professionalization and commodification of what was once fun hobby works means that devs need to make a hard-to-justify financial case for spending time on optimizing, instead of releasing as soon as it’s just barely viable
                                                                                                                                          • the expectations for features are much higher and world-wide, cross-platform releases instantly get all sorts of people demanding all sorts of features off the bat, instead of a gradual, word-of-mouth, floppy-disc-sneakernet distribution that gives you time to iterate
                                                                                                                                          • there’s much more competition in the space and consumers care much more about features than file size or number of dependencies (I’ve yet to meet a non-developer than even knows what Electron is, much less is angry that some app they use is written using it)
                                                                                                                                          1. 5

                                                                                                                                            (I’ve yet to meet a non-developer than even knows what Electron is, much less is angry that some app they use is written using it)

                                                                                                                                            I suspect many people who are stuck with old computers would be angry about Electron if we explained to them why so much software runs slowly on their computers. Of course, that would require us to get out of our bubbles and talk to such people in the first place. Myself included.

                                                                                                                                            1. 5

                                                                                                                                              Perhaps! But also, how many people would be glad to learn Electron is why they have an app at all, instead of the company only having the resources to release, say, a native Windows app?

                                                                                                                                              1. 2

                                                                                                                                                My guess is that, among non-developers, there are many more people stuck with crappy Windows machines than people with Macs, let alone Linux machines. So the native Windows app would have been the correct tradeoff for the majority of users that are poorly served by Electron apps.

                                                                                                                                                1. 2

                                                                                                                                                  Perhaps! Even then though, that might not be the correct trade-off for the company, if now there’s no app for the “long-tail” of Mac & Linux users, not to mention having to hire for a whole new skill-set of native Windows developers.