1.  

      I remember a discussion you and I had here about the concept of data being nothing more than code of a different nature. For some reason, I’m unable to find that discussion. Do you remember which thread that was?

      1.  

        It came up in this one. Wait, that one was data integrity vs CFI. Prolly not it.

        Edit: Couldn’t find it with a variety of terms. Ability to limit search to specific users’ comments and stories would go so far here and in other situations.

        1.  

          Almost. Thanks for looking! I’m glad that it’s harder to find than I myself had anticipated. I’m not legally insane… yet. ;-P

          1.  

            The search engine is just really bad. Helped me enough that Im still grateful to whoever put the time into it. Just really limited.

            Also, if you add a name, it looks for mentions with @, not authorship. Just adding that in case it saves you time.

    1.  

      It might be faster to implement a program twice rather than write comprehensive tests.

      1.  

        Twice and truly diverse? Im not sure about that, esp given generative testing.

        The one counterpoint I can think of is when the diverse rewrite uses language or technique that inherently mitigates classes of problems in original. A component written in C side by side with equal in Ada with checks on wouldn’t have same kinds of failures. Alternately, the errors would be detected earlier with more precision thanks to the Ada version.

      1. 9

        Shame that Huawei is government spyware; this seems really pretty and a good option for people.

        1. 11

          A hardware teardown would be interesting. Note that many people (even security aware ones) are still using laptops from another Chinese vendor Lenovo. I would not know what would make Huawei such a different case … though that argument can be taken two ways. Should we trust Huawei more, or Lenovo less?

          1. 9

            I don’t think that any mass product thing is not spyware. World changed, everything is spying on you: hardware, software, sites or whatever else that has internet access. There is no way to escape this shit. You can just try some handmade notebooks like MNT Reform or Purism Librem 5 smartphone, use trusted Linux, TOR over VPN and of course refuse to use services from big companies like Google. But you still won’t get 100% guarantee that they didn’t track you by some suspicious fingerprint.

            1. 5

              Should we trust Huawei more, or Lenovo less?

              I’ve long since lost count of the number of times Lenovo’s been caught distributing spyware or firmware backdoors (I think I tuned out after the third instance).

              You shouldn’t trust them less only because you shouldn’t trust them at all.

              1.  

                Lenovo’s known spyware has all been at the OS level, right? Nothing that would survive a fresh reinstall?

                1. 7

                  I believe there was a BIOS level one where chkdsk.exe was replaced from a copy in ROM. Dependent on Windows but still scary as hell.

                  Edit: https://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

                  1.  

                    I believe at least one was in the BIOS vendor region that Windows automatically reinstalls (naively expecting the mechanism to be used to provide critical hardware drivers and not, yknow, spyware), and thus persisted across “clean” reinstalls.

                    Linux doesn’t voluntarily install unknown shit from ROM, but it gives me zero faith in Lenovo’s EFI to not be backdoored

                    1.  

                      I think this mechanism was intended for “anti-theft” software. Windows gets drivers from Windows Update, all critical drivers are built-in anyway.

              2. 16

                Can we just write away everything Huawei makes as spyware? Should people assume that Intel processors and the Windows OS are all full of US-gov backdoors? I know there’s a bit more evidence against Huawei, but a blanket dismissal may not be the good approach.

                1. 7

                  what is the evidence against huawei?

                  1. 8

                    Intel gets most of its direction outside the government. Huawei is basically controlled by China. If the NSA made computers, I wouldn’t trust them either. Thankfully that’s the closest our system gets to complete authoritarian control.

                    1. 9

                      where do you get the perception that huawei is controlled by the chinese government, but intel is not controlled by the u.s. government?

                      1.  

                        I don’t think that “controlled” is the right word for intel, but rather incentivised to cooperate when they want backdoors or stuff like that.

                        1.  

                          conversely, is there evidence that huawei is “controlled” rather than “incentivized”?

                          1. 5

                            I wish I had a go-to explainer for this but I suggest you google around regarding how close Chinese companies work with the Party. I find it intriguing that people think our own conceptions of private property and how corporations work can be transplanted to a Chinese context with little to no caution. Read about their economic reforms under Deng Xiaoping to decrease the inferential gap a bit

                      2.  

                        They don’t have to make computers, they have TAO which has a history of supply chain attacks

                    2. 6

                      Considering how much computer hardware is manufactured in China, maybe it’s naive to think only finished end-user products have “government spyware” embedded in them.

                      1. 5

                        is there evidence or is this an a priori assumption that also applies to american companies?

                        1.  

                          There is adequate evidence as I understand it.

                          American companies exist outside The Party. Chinese “companies” have less freedom.

                          We are spoiled in America by what’s closest to freedom the world has ever seen. We have free speech, for example, and I don’t know of other countries that don’t criminalize various speech for whatever reasons. We can’t imagine what government control looks like.

                          1.  

                            We are spoiled in America by what’s closest to freedom the world has ever seen.

                            The freedom to enter crippling debt over medical care. The freedom from equality of opportunity. The freedom from justice if you are poor or brown. The freedom to vote for one of two capital-approved candidates in most elections. The freedom to have your vote count more in some states than others.

                            I’ll take my chances elsewhere.

                            1.  

                              The freedom to enter crippling debt over medical care. The freedom from equality of opportunity. The freedom from justice if you are poor or brown. The freedom to vote for one of two capital-approved candidates in most elections. The freedom to have your vote count more in some states than others.

                              These things are Not Good. Compared with the Chinese government’s neo-Gulag though, there is no question at all that the US is indescribably more free.

                        2.  

                          I guess we should completely forget that spyware thing and accept that all governments do that. Think Snowden.

                          On the other hand we should understand China follows a completely different paradigm than western societies. Confucianism, where the whole society is integrated from family to business and government. Yes, it’s autocracy vs. democracy as we know.

                          1. 5

                            Hot take: ALL existing societies are oligarchies. Literally all of them. Representative “democracy” is not actually that democratic.

                            1. 8

                              There’s also always moisture in the air. Literally always. “Rain” is not actually that wet.

                              1. 5

                                Maybe, but at least representative democracy holds up free speech in many places. E.g. I can openly and loudle criticize the government or companies in a Western European country without repercussions. Try the same in China.

                                1.  

                                  So, they’re all the same. Your views might be controversial over there to authorities. Even your alias given they’re a surveillance state. Since all countries are the same, how did yours treat you in the re-education center? And what steps are you taking to see news media and send your files through your country’s national firewall controlling what you see and hear?

                                  1.  

                                    I did not say they’re all the same in all aspects. I said they’re all controlled by the rich and powerful, by the owner class.

                                    Of course the US is more invested in the appearance of freedom. Western governments are smart enough to allow criticism that doesn’t have much impact. They use subtler, stealthier tactics (e.g. inserting feds into organizations and entrapping members) to disrupt activism, but they still do it.

                                    1.  

                                      Now, I agree with all that. :)

                            1. 4

                              I’m going to work on myself. I plan to kick back, relax and delve deeper into astral projection. It should be a nice respite from Kubernetes.

                              1.  

                                That can be a trip if you can pull it off. PTSD blocked me from on-demand type given I couldn’t get path transition from conscious to unconscious breathing phase. Always choked and woke up to varying degrees of readiness. That said, the progressive relaxation of muscles to force body toward sleep followed by relaxation of mind to breathing to allowing a transition got right there. It worked for everyone else.

                                Even better concept, albeit maybe not healthy, came from Monroe in using subconscious habits to drive the process. His example was getting thirsty at night going for a drink of water. He’d intentionally not drink it intending to come back later. Do that a few times. He claimed to even drink salt water to increase thirst. Eventually, he goes to drink the water but his hand goes through the faucet. This he says is his unconscious following the pattern he set to project him to the sink, he follows the motion, and he becomes aware of the different result. Memory trouble keeps me from recalling whether he immediately walked to his room seeing himself lying there or was jerked by the head back to his body. Most reactions are one of the two. Once past projections, most warned to stay away from body or looking at it since it prematurely ended exploration for some reason.

                                Anyway, that’s more extreme than most stuff I read. The muscles->breathing->let-it-go hand-off is safer. I thought the concept might give you ideas, though, in that you build on your natural, unconscious drives to create habits that will kick in when you’re asleep and especially important your body is asleep. If body isn’t asleep, you might sleepwalk, wake up in middle of whatever it is, or who knows what if imagination takes off while lying next to someone. I always practiced it alone just in case.

                              1. 5

                                I usually sit back on controversial ones letting democracy work here. I like seeing what different groups do for what reasons. The group that flags low-signal content is usually 3-4 votes or something. This is a rare situation where it hit 12. That’s close to the upvoting crowd which has several times their votes on most posts.

                                So, I flagged as off-topic. That’s on top of my perception of it being gossip with lots of unknowns presented with a selective, interpretation-heavy type of reporting often associated with bullshit. Intentional or unintentional. For serious charges, too. This isn’t how reporting or due process should work.

                                1. 5

                                  Turns out his opinions on pedophilia are public and pretty clear. Just look search on stallman.org. So I think the OPs criticism is valid.

                                  1.  

                                    Your next link is a snippet of text on your own website that I might be able to do in MS Paint if not wanting to do a web page.

                                    Look, this is your activist piece. If you want results, you need to have the link to proof that’s credible ready to go. It should’ve been the first link I saw. You put plenty of effort into two that would get tossed out of court. Get a stronger case together with references available up front, package it up nicely, and target the groups that can actually do something about Stallman if they believe the evidence.

                                    That’s how you do it. Don’t forget that he says she says, anonymous snippings on 3rd party sites, etc could be used against you in a smear campaign. Keep it up if you’d personally accept total ruin on a person’s hearsay and an image on a stranger’s web site. Otherwise, due process with credible evidence, esp first hand.

                                      1.  

                                        Something real to work with. Ok, reading the linked article, the first thing I want to know is whether he was responding to the 14-16 idea or the rest cuz he said voluntary.

                                        The first is whether young people, esp teens in high school, should be able to have sex with older people at the age when they’re biologically-programmed to try to have sex, usually are having sex for purely non-rational reasons (esp fun), are doing it with each other, and sometimes detrimentally due to immaturity. “Underage sex” is so normal it’s in so many books and shows yet specifics in real life must be taboo or evil.

                                        On other hand, almost all real-life victims (I’ve met a few) and realistic depictions in movies involving rape show it does much more damage than folks consentually enjoying each others time in ways deemed illegal. (Sidenote: Gay folks should relate to this in many areas.) The damage difference makes it false to equate the two, even diminishing what rape is. “Statutory rape” belittles it.

                                        If we have laws on this, I never thought they should be as serious as they are if both parties consent (focusing on teens here). If anything, it should have its own label (eg unlawful sex), its own lower set of consequences (eg misdemeanor or infraction), and not put people on lists that make people think they were actual rapists devastating other people with the folks on lists screwed for life. That the allowances of three years and such from 18 shows even lawmakers get what I’m saying to a degree. The label and damage to the accused should be closer to the actual damage or no-damage done to the victim or “victim.” If no damage and just illegal, those punished should have chance for recovery vs what existing situation is.

                                        (Side note: There was a quote in OP that said it was rape because the law, statutory rape, says it’s rape. Some of the consent laws over here say it’s not rape if the kid is married off to someone they abhor with parent’s consent. Steel yourself up and look up “forced child marriage,” “child brides,” etc. Also get young as 12-14. The law said it’s consensual marriage, though, so it is consentual sex or something like that. Whereas, Nick P. said it was some forced, prolonged, sick, child rapist shit. Just noting these laws giving parents consent have issues above on damage-to-crime ratio and ensure in current form years of actual child rape.)

                                        The second option is he’s for any child to have sex with any adult. I’m 100% against that for obvious reasons. I’d have to know he’s about that given it’s rare view. Your link already justifies at least pressing him on the issue. Also, you could use this to push him out of an event or project that was focused on children. Past that, I don’t know if it’s relevant unless you’re a group that ditches people and opportunities 100% on principle if they have any association with evil. Thing is, most of the morally-outraged folks on Lobsters work for, use products from, and so on high evils. I’d usually say the line is being drawn where it allows beneficial-to-them evils and blocks evils good for their outgroup. In this case, this one is really serious and universally hated. I’ll pass on that analysis vs excessive damage in the laws in teen situations.

                                        I just don’t know which group he falls in based on that broad set of demands they were making. Someone should ask him to be really specific about the various claims in the linked article. Give him a chance to put them down, endorse something, or ignore it. Then, we learn more. Meanwhile, you can present it to conference organizers, colleges, etc trying to achieve something with them.

                                        1.  

                                          It’s pretty simple here, RMS thinks children can consent to sex, and that it should be ok if it’s consensual. My argument is also simple. I don’t want to live in a world where we have to constantly debate “but can children consent to sex with an adult?”. Anyone entertaining the idea should automatically be disqualified as an idiot. RMS here is an idiot and I can’t take him seriously anymore. There is nothing wrong with being dogmatic here. Makes the world a much nicer and saner place. We have much more important issues to deal with than some bullshit about consent and children. No, children cannot consent to sex with an adult, end of story.

                                1. 3

                                  My first CS class was AP Computer Science in high school. It teaches Java with an orthodox OOP. It took my a decade to get out of using implementation-by-inheritance, deep class hierarchies, and all that stuff. Now I try to use a mix of composition and functional concepts. I’m sure in 10 years I’ll have a different opinion.

                                  1. 7

                                    I’m not sure you will. :) I’ve been using mainly composition and functions, with classes of depth ~1 as ADTs when that’s how the language does it, for >30 years, and it’s always worked just fine. (Most of my serious work has been in C, 1990s C++, C#, Ruby, and lately some Go.)

                                    Even Java doesn’t require freakish levels of OO — it just became particularly fashionable there for some reason.

                                    1. 3

                                      That’s basically how I did it, too. OOP just for data structures and information hiding. Functions/procedures were always good enough for me. State machines, too.

                                      1. 1

                                        aww, you guys are missing async-message-passing :)

                                        1. 1

                                          I did it for distributed in some project. I held off on learning it until I could make it safe-ish. I’ll be looking deep into Erlang and/or Pony some time in the future. Just not ready yet.

                                  1. 1

                                    The author quotes other people so much that if he left all of them out there might still be 300 pages left …

                                    1. 2

                                      Looks like an annotated bibliography more than its own book. That has value. Probably better if their title reflected it, though. ;)

                                    1. 7

                                      I can only assume the figures cited are in USD, but the article is on a .ca domain (Canada), so there’s some ambiguity there.

                                      1. 4

                                        Yes, apologies if that wasn’t clear - these are California-centric offers (and can probably be extended to include Seattle and New York). They are not across the US, or across all software jobs.

                                        1. 2

                                          Startup-centric offers, too, it looks like.

                                          1. 2

                                            google and facebook aren’t startups.

                                            1. 1

                                              Startup- and FAANG-centric offers then? Or is nearly every IT job in the state of California, including big non-tech firms, something giving ownership of the company? Genuine question as I assumed there were lots of boring ones out there with just salary and benefits.

                                              1. 2

                                                Tech industry offers.

                                                1. 1

                                                  So, it is California-wide in tech industry that you get equity and stuff? And not just Silicon Valley?

                                                  That’s nice cuz it’s nearly non-existent down here. You just get wages and basic benefits.

                                                  1. 1

                                                    Oh! Where do you live/work?

                                                    1. 1

                                                      I’ve mainly been in “Tri-State Area” of East Arkansas, West Tennessee, and Northern Mississippi. Generally close to Memphis, TN.

                                                      See, I noticed a bubble effect on tech forums where people think most IT jobs are like theirs. Not limited to startup or FAANG folks. So, Im pressing this out of curiosity if California, throughout the state, is really that different or localized to specific areas/companies. I doubted bank, insurance companies, warehouses, etc were making these offers.

                                                      Another person said just tech companies. So, my next question would be whether it’s all or most consulting firms, SaaS suppliers without VC-funding, etc outside Silicon Valley. It would be very advantageous if they were all doing good pay, benefits, and equity in areas with lower cost of living and less churn (job security). I’m doubting it by default but would happy to be wrong.

                                                      EDIT: Btw, good to see you again. I was thinking about messaging you this week asking where you been.

                                                      1. 2

                                                        Consulting firms aren’t generally considered tech companies. See https://stratechery.com/2019/what-is-a-tech-company/

                                                        1. 1

                                                          I’m talking specifically about the ones that build, deploy, and maintain software/systems for clients. That linked definition looks like a high-scale-at-no-cost, tech company. A subset of them.

                                                          Perhaps there’s a different definition of “tech company” in your area or even most areas. Here and in many places I read, a tech company is a company that primarily makes money on tech as a product or service, esp IT. These massively-scaling, tech companies are rare. Silicon Valley is itself rare in nature. I wouldn’t favor using them as the general definition of “tech companies.” I’m also not sure there was a nation-wide consensus on them being tech companies vs broader definition that includes IT-focused businesses.

                                                          I’m thinking most business people and developers outside Silicon Valley would call a software shop a tech company even if it didn’t meet Stratechery’s definition. I’m not sure, though. Worth a survey. Meanwhile, I’m guessing you’re saying the jobs that have the extra benefits are just the “tech companies” that meet that site’s definition in California. That does narrow it down from “tech in California (statewide)” to that type of tech company that’s mostly in one area.

                                                          1. 1

                                                            The fancy tech companies do also exist outside the Bay Area, in NYC, Seattle, Boston, etc.

                                                            1. 1

                                                              There’s a few more places sure. The point is that limiting the term to one type of company doesn’t make a lot of sense given other kinds specialize in building and delivering tech. The deliverables are one-off custom, semi-custom, and mass market. The finance models range from venture to built up from loans or personal investments.

                                                              On the label itself, Inc quotes people using my definition, including Gartner Research. Broader investigation with the Alex Payne quote looking the most solid (and supporting my definition). If going by that definition, virtually no tech companies offer some of the benefits in the linked article outside specific kinds in big cities that are themselves not representative of most places. A good argument for moving to them, maybe, but not going to a “tech company” in general for those benefits.

                                      1. 31

                                        Nice ad. :|

                                          1. 3

                                            Also at the moment according to the pricing page, payment is optional.

                                          2. 20

                                            You’re right, and how virtuous Sourcehut may or may not be doesn’t change that. The line between ad and article is a spectrum, but this seems to be pretty well into the ad side of things. I apologise, I’ll be more discerning in the future.

                                            1. 4

                                              If you crack some other good places to get the word out, I’d be interested in hearing. My online circle is pretty small (lobste.rs and HN), but I’m working on something I want to ‘advertise’ the hell out of quite soon…

                                              1. 5

                                                I’ve been trying to engage more with Reddit for this reason. I don’t really like it as a platform or see it as doing a social good, but there are users there and I’d like to be there to answer their questions. I was going to make a Twitter account, too, but they wanted my phone number and a pic of my ID and a blood sample to verify my account so I abandoned that. Finding good ways to ethically grow Sourcehut’s audience is not an entirely solved problem.

                                                1. 1

                                                  Huh…I have a twitter account and all I needed for it was an email. Maybe things have changed.

                                              2. 3

                                                While I also see it as an ad, I’m interested in what it being announced as a Sourcehut user. But it seems you don’t have a RSS/Atom feed for the official blog… Or is there a mailing list I missed?

                                                1. 2

                                                  https://sourcehut.org/blog/index.xml

                                                  I’ve been meaning to make this more visible… hold please done.

                                              3. 12

                                                It’s advertising an open source project, Source Hut, but also Janet, Zig, Nim, Samurai, Sway and other open source projects I like. Projects that get very little payment or gratitude for the work they do.

                                                Yes sr.ht is a service too, a useful one at that. They support BSD well, unlike other companies, how else are they supposed to let people know this fact? Should they be paying largely unethical companies like google for ad space? Or should they just be more subversive so people don’t complain.

                                                Let me put it this way, if every open source project was also a business, should we hate on every single one for advertising? sr.ht didn’t game the upvotes to get on the front page, people upvoted it by themselves.

                                                I suppose there could be a tag ‘sponsored’ so people can ignore them. Not suggesting allowing lower quality from sponsored content either, probably the inverse.

                                                1. 21

                                                  The issue is that I see a Sourcehut “ad” every few days: “Sourcehut supports OpenBSD”, “Sourcehut supports migrations from Bitbucket”, “Sourcehut supports ASCII”. Yeah … we got it … A lot of these posts don’t have a lot of meat to them and at this point, it’s just getting spammy.

                                                  1. 16

                                                    Yeah … we got it … A lot of these posts don’t have a lot of meat to them and at this point, it’s just getting spammy.

                                                    They don’t always have a lot of “meat,” but posts about SourceHut represent a capitalist ideology I can actually get behind. A single proprietor, working their ass off to try to change the software world, which has gotten extremely out of hand with regards to complexity, and the marketing of products that fix the complex systems we don’t need, at all, to begin with.

                                                    What’s the difference between a SourceHut post, and an post ad that complains that as an open source author I am not compensated fairly? Hint: one should be inspiration, for the other is actually possible.

                                                    1. 0

                                                      SourceHut represent a capitalist ideology

                                                      payment for the service is optional, so no it doesn’t. All the things that make Sourcehut great in my opinion are the ways in which it denies capitalist ideology. Open Source Software, optional payments, etc.

                                                      1. 3

                                                        optional payments

                                                        It’s optional, right now, while in Alpha. It doesn’t seem the plan is that forever. Also, if it wasn’t clear, I’m extremely in favor of this model of charging people for a service, but releasing your software under a permissive license.

                                                    2. 10

                                                      Just let me other another data point here. It was thanks to the “migration from Bitbucket” post that I found out Sourcehut had a nifty script to help migrations from Bitbucket and that saved hours of work as I migrated 20+ repos effortlessly. This current post made me realize that maybe I should be paying more attention to their CI system as it looks much simpler than others I’ve used. So, in the end, I’m appreciating these blog posts a lot. Yes they are related to a commercial venture but so what? You can self-host it if you’re not into SaaS outside your control. If we set a hard line like this, then it becomes impossible to post about any commercial project at all. It is already hard to monetize FOSS projects to make them sustainable, now imagine if they are not even allowed blog posts…

                                                      1. 4

                                                        Same here. This string of posts made me aware of sourcehut and when I had to migrate from bitbucket, I then gave them a hard eval. I like their human, non-shitty business model of “I give them money and they give me services”, and that their products are professionally executed and no-frills.

                                                        I don’t know how to reconcile it. These articles were very useful to me, when most product ads weren’t and I’d be disappointed if this site became a product advert platform. I think people are right for flagging it is almost-an-ad, but in this one vendor’s case I’m glad I saw them and am now a happy sourcehut customer.

                                                      2. 2

                                                        every few days

                                                        A lot of these posts don’t have a lot of meat to them and at this point, it’s just getting spammy.

                                                        That is fair I guess. I’ll have to check the guidelines on things like that.

                                                      3. 6

                                                        if every open source project was also a business, should we hate on every single one for advertising?

                                                        Yes. I flag those too. Advertising is a mind killer.

                                                        1. 6

                                                          But there is no other way to get large numbers of people to know about something, following your advice would be suicide.

                                                          I also hate advertising, I just don’t see a way around it. I won’t argue further against banishing advertising from lobste.rs at least.

                                                          1. 7

                                                            But there is no other way to get large numbers of people to know about something, following your advice would be suicide.

                                                            All these conversations are done like it’s all or nothing. We allow politics/marketing/etc on Lobsters or… it never happens anywhere with massive damage to individuals and society. Realistically, this is a small site with few monetary opportunities for a SaaS charging as little as he does. If the goal is spreading the word, it’s best done on sites and platforms with large numbers of potential users and (especially) paying customers. Each act of spreading the word should maximize the number of people they reach for both societal impact and profit for sustainability.

                                                            Multiple rounds on Lobsters means, aside from the first announcement with much fan fare, the author sacrificed each time opportunities to reach new, larger audiences to show the same message again to the same small crowd. Repeating it here is the opposite of spreading the word. Especially since most here that like Sourcehut are probably already following it. Maybe even buying it. He’s preaching to the choir here more than most places.

                                                            Mind-killer or not, anyone talking about large-scale adoption of software, ideology, etc should be using proven tactics in the kinds of places that get those results. That’s what you were talking about, though. I figured he was just trying to show latest BSD-related progress on one of his favorite tech forums. More noise than signal simply because he was sharing excitement more than doing technical posts or focused marketing.

                                                          2. 5

                                                            Every blog post is an ad for something. It may not be a product, directly, but it’s advertising an idea, the person, or persons the idea was thought by, the writing (which, btw can be a product) of the author, etc.

                                                            If you want to sincerely flag advertising, you might as well get offline—it’s pervasive.

                                                            1. 3

                                                              It may not be a product, directly, but it’s advertising an idea

                                                              Not a native english speaker here. I may be wrong, but after looking at the dictionnary definition

                                                              advertisement

                                                              noun

                                                              A paid notice that tells people about a product or service.

                                                              it seems that an advertisement has a precise definition: an ad is directly related to a paid product, not an idea.

                                                              1. 1

                                                                it seems that an advertisement has a precise definition: an ad is directly related to a paid product, not an idea.

                                                                This is a fairly pedantic interpretation. A person promotes an idea to sell something, if even themselves. That “sale” might only come later in the form of a job offer, or support through Patreon, etc, etc.. But, to say that you can’t advertise an idea is wrong. The cigarette industry’s ad campaigns have always been about selling an image, an idea that if you smoke you become part of something bigger. Oh, and btw, you’ll probably remember the brand name, and buy that kind instead of something else.

                                                                iPods were sold on the very basis of white headphones, TO THE POINT, that people without iPods started wearing white headphones to be part of the “club.” Advertisements sell you the idea of a better life, and hopefully you’ll buy my product to get it.

                                                        2.  

                                                          Somewhat amusing that this post with an interesting fully FOSS service, is marked -29 spam, whereas an actual advertisement about Huawei making macbook clones that run Linux has only -3 spam (one of which is mine).

                                                          1.  

                                                            Said FOSS service has been on the Lobsters front page multiple times recently. I suspect the reaction is: “We get it, sr.ht exists and SirCmpwn is apparently desperate to attract a paying customerbase, but a clickbaity title for a blogspam ad on the usual suspect’s software is probably crossing the line.”

                                                        1. 5

                                                          My experience with my own data is that almost all of it already has its own compressed file format optimised for the kind of data it is. E.g. JPEG for photos, MP4 for video, etc. Adding another layer of compression to that is not only a waste if time but often makes the dataset slightly bigger. Text, program binaries, and VM images could be compressed for archival storage but consider the fact that storage has gotten ridiculously cheap while your time has not. But if you really want to archive something just pick a format that’s been around for decades (gz, bzip2, xz) and call it a day.

                                                          1. 4

                                                            “consider the fact that storage has gotten ridiculously cheap while your time has not. “

                                                            This is true for middle class folks and up. Maybe working class folks without lots of bills. Anyone below them might be unable to afford extra storage or need to spend that money on necessities. The poverty rate in 2017 put that at 39.7 million Americans. Tricks like in the article might benefit them if they’re stretching out their existing storage assets.

                                                            1. 4

                                                              Consider that a 1TB hard drive costs $40 - $50. That’s $0.04 per gigabyte. Now say you value your time at $10 an hour. Even one minute spent archiving costs more than than a 1GB of extra space, and the space saved is unlikely to be that much. If you don’t have $40 - $50, then of course, you can’t buy more space. That doesn’t mean space isn’t cheaper than time. It’s just another example of how it’s expensive to be poor.

                                                              1. 1

                                                                One other thing to add to the analysis is that one can burn DVD’s while doing other things. Each one only accounts for the time to put one in, click some buttons, take one out, label it, and store it. That’s under a minute. Just noting this in case anyone is guessing about how much work it is.

                                                                The time vs space cost still supports your point, though. Anyone that can easily drop $40-100 on something is way better off.

                                                            2. 3

                                                              Adding another layer of compression, especially if it’s the same algorithm, often won’t shrink the file size that much. However, it does make it very convenient to zip up hundreds of files for old projects, freelance work, and have it as a single file to reason about.

                                                              I would not be so cavalier with the archive file format. For me, it is far more important to ensure reliability and surviveability of my data. Zipping up the files is just for convenience.

                                                              1. 4

                                                                That’s why there is tar, which, by itself, doesn’t do any compression.

                                                                1. 1

                                                                  I was thinking that tar suffers from the same file concatenation issue that affects other SOLID container formats. But it looks like cpio can be used to extract a tarball skipping any damaged sections.

                                                                2. 1

                                                                  A benefit of zipping together files is that it makes transferring the zipped archive between machines/disks much easier and faster. Your computer will crawl at writing out a hundred small files, and one equally-sized file will be much faster.

                                                              1. 11

                                                                Great article. A few minor points:

                                                                “How did the Capital One + AWS hack happen”

                                                                They didn’t care enough to make it a policy to spend money on mitigations and practices that consistently work across known classes of attacks. Aka they didn’t care about it. They figured they’d litigate it, it wouldn’t cost much, it would happen to the next CEO/CIO, etc.

                                                                “It shouldn’t, in short, be on the Internet. On the other hand, properly authorized users, who are on the Internet, would like to be able to reach it from anywhere. Because requiring all the employees to come to an office location to do their jobs (“physical security”) seems kinda obsolete. That leaves us with a conundrum, doesn’t it? Wouldn’t it be nice though? “

                                                                High-assurance guards w/ VPN’s, link encryptors, and/or leased lines running separation architectures using older nodes and designs for untrusted interface to beat the hardware vulnerabilities. DiamondTek LAN built them into PCI cards w/ Ethernet ports. Today, it could be an on-board chip connecting the external interface. Such architectures been doing great in NSA and DOD pentesting for decades. It’s what they use internally for TS/SCI at many sensitive sites.

                                                                Alternatively, simple hardware running OpenBSD on embedded box in front of (device/service here) mediating it according to (policy here) with mediation done memory-safe w/ input validation and fuzzing. That’s the cheapest solution that should stop most attackers. Also, throw them a donation if you do it.

                                                                EDIT: “ the horrors of IPv6, “

                                                                On Twitter, apenwarr also said:

                                                                “I had a connectivity problem, so I enabled IPv6. Now I have two connectivity problems.”

                                                                Haha.

                                                                1. 4

                                                                  The most intriguing thing to me with Ada is ranges on numeric types.

                                                                  1. 4

                                                                    You might find the existential types interesting. It means they’re all unique and incompatible by default. So, Miles with Integer representation and Kilometers with integer representation won’t mix since the types don’t match.

                                                                    1. 2

                                                                      Those are neat too.

                                                                      The range check sticks out to me though because I’ve had to debug a few things where range checks would have helped.

                                                                      1. 6

                                                                        As nickpsecurity says, the even nicer, more general concept is contracts, i. e. boolean conditions that can be attached to various things, including types. With type invariants specified you can have arbitrary conditions automatically checked on the values of your types, including ranges.

                                                                        Preconditions, postconditions, loop invariants and type invariants are the things I miss most from Ada in other languages.

                                                                        1. 4

                                                                          Well, it makes sense given our variables operate on ranges of memory and values but the languages weren’t enforcing them. Ada lets you do that. It’s actually an instance of contracts or formal specs. Design-by-Contract gives you ranges and more.

                                                                      2. 1

                                                                        If you enjoy ranges on numeric types you might also enjoy XML Schema.

                                                                        1. 1

                                                                          I didn’t say “enjoy”, I used “intriguing” since it would make the language/tooling automate checks for me.

                                                                          I’ve never been asked to use XML for anything, so I don’t know enough to know you’re genuinely serious about recommending XML Schema.

                                                                      1. 1

                                                                        Good write-up. Somewhat corroborating bityard, that storage is cheaper and designs building on that should be considered. For instance, one could have a few HD’s from different manufacturers that store the same data. The software periodically loads, hashes, and compares them. Auto-corrects based on 2 out of 3. Alternatively, doesn’t auto-correct with the users manually checking the others in rare event a file on main disk is corrupt. I’d say diversify their interfaces, too, based on past experience with USB drivers corrupting my stuff.

                                                                        Also, optical media will likely fail differently from the disks. DVD’s are cheap. So, I backup most critical stuff to HD’s and DVD’s. The DVD’s are also good for off-loading non-critical, less-used stuff that takes up lots of your HD space.

                                                                        1. 2

                                                                          When I have a chance to build a new backup server I’m morbidly considering an LTO drive, as bulk older LTO cartridges show up regularly in recycle-PC stores around here.

                                                                          1. 2

                                                                            Are we to the point of writable DVDs being suitable for archival use? I have a handful of old burnt DVDs that have been kept in jewel cases in a dark, low humidity area and some of them have observable pitting.

                                                                            Maybe it was a bad batch, but it made me nervous.

                                                                            1. 2

                                                                              Good point. Mine tend to last a few years. If regular backups, you’ll make new ones long before old ones go out. If long-term archiving, you’ll need to periodically move them to new media. That’s also a good time to compare hashes of HD’s against DVD’s, too.

                                                                          1. 1

                                                                            Flagged as off-topic, a bare Wikipedia article does not merit a submission in my opinion.

                                                                            1. 2

                                                                              Please downvote, but it isn’t offtopic. You don’t get two votes.

                                                                              1. 2

                                                                                I’m not going to flag it. I will note we normally submit the deeper stuff with this barely cutting it. Within it is the thing you should’ve actually submitted which was very fit for Lobsters. If this falls off, I’ll message the better one to you to re-submit later as its own submission. If it stays, I’ll put it in-thread in another comment.

                                                                                1. 2

                                                                                  Two?

                                                                                  1. 1

                                                                                    I’m trying to be more transparent in my flagging of submission, to increase the signal to noise ratio.

                                                                                1. 10

                                                                                  As David Roberts of vox.com notes over and over, the most important thing you can do in the US is Vote Democrat. The only thing that will make a significant difference on a global scale is federal policy change and the Republicans have shown they have no interest.

                                                                                  1. 5

                                                                                    I’m certainly not gonna say you should not vote Democrats. But their track record on climate isn’t good. Major democrats like Nancy Pelosi and Dianne Feinstein have acted in an astonishingly arrogant way towards climate campaigners lately.

                                                                                    If you want Democrats to act on climate, of course you have to vote Repulicans out, but you also have to make sure the people within the democratic party that are silent climate deniers (they won’t say so, but they’ll oppose any meaningful action) don’t get the upper hand.

                                                                                    1. 2

                                                                                      Who believes that a politician will do what he says ? Even more when it implies going against the autonomous development of the Capital. Talk is cheap for all who seek power

                                                                                      1. 1

                                                                                        Both parties are corrupt. They’re corrupt in different ways on some issues. Republicans usually vote against anything that helps in this. So, you’re right. Their party also votes against consumer protections, workers’ rights, etc at State and Federal levels. If you vote for them and don’t own a business, you’re voting against yourself. You’re also still voting against yourself if you’re not rich and interact with any other business that might screw you over.

                                                                                        Another key difference is that Democrat policies mostly waste tons of money, often on welfare, where Republicans like to waste tons of money on locking up Americans for victimless crimes and mass-murdering people overseas for often hard to justify reasons. That Republicans are more pro-mass-murder… as a party, not necessarily individuals… made me firmly draw a line on not voting Republican. I’d be voting for six digits worth of innocent people to die in a way that benefits rich people (esp defense contractors), leaves our lower-paid soldiers with PTSD or physical disabilities, and puts us in debt that I’ll owe back. I’d rather the debt or financial bullshit be something like getting people education, health insurance, jobs, or good infrastructure. The stuff Democrats like to overspend on.

                                                                                      1. 3

                                                                                        Looking for a new job.

                                                                                        Yes, this is what I’ll probably do this and next week, and I didn’t even planned it at Sunday evening. The company which I work for just closed the whole location yesterday instantly and wiped all the teams out without any prior notice or preparation. They’re of course moving developers and admins to the HQ one by one and plugging them into other teams, but overall situation doesn’t look good and making it so immediate and unexpected isn’t promising as well.

                                                                                        I’m mostly looking for a system administration job, maybe Golang dev, preferably involved more in baremetal, more “classical” UNIX ecosystem instead of “cloud” technobabble (but I know it, too).

                                                                                        I’m located in Kraków, Poland. Remote is possible too, if you can justify the needed paperwork for cross-border work.

                                                                                        My resume and contact info is at my home page

                                                                                        1. 1

                                                                                          Sorry you got hit with that kind of BS. Wish you best of luck on getting into better place.

                                                                                        1. 6

                                                                                          Looking for work, which is annoying and I’m glad I’ve only had to do it every couple of years.

                                                                                          In other news, my life is beset with minor-to-large annoyances:

                                                                                          • Truck A/C blower is busted, probably due to a burned-out wiring harness. Because no job, will be looking to replace that myself–involves replacing a resistor pack, clipping and grafting a new harness, soldering said harness (probably), heatshrinking the soldering, and then putting it all back together. Not fun.
                                                                                          • I nuked my blog server Because Reasons earlier this summer, need to stand it back up. Am torn between just getting it done vs. setting up responsible playbooks or something for it.
                                                                                          • My NAS kicked out some of its drives, and I’m pretty sure I just lost a bunch of stuff. I am very unhappy about this, but will need to do a whole bunch of remediation efforts to figure out what the fuck–and I’m probably still going to lose all that data. And yes, the NAS was my backup solution, thanks for pointing that out.
                                                                                          • My stove light is burned out.
                                                                                          • A backchannel I host needs some updates, including some email work, so I’ve gotta sort that out.
                                                                                          • My happy little music box a friend helped me set up no longer works (due to NAS autoimmolating), and I need to handle that bit of sysadminning as well. Folks, seriously, the more computers in your life the less happy you’ll be.

                                                                                          I’m really just tired and depressed from getting back from summer adventures, but these things pass–hopefully.

                                                                                          1. 1

                                                                                            What kind of work?

                                                                                            1. 1

                                                                                              Remote work, preferably full time. I do full stack web development, minor preference for Elixir on the backend, strong preference for simple stacks. If it’s interesting (especially if it’s graphics/VR!) I’m happy to do non-web stuff, though I think the iteration times and cost concerns are better with web tech.

                                                                                            2. 1

                                                                                              Hate that a bunch of stuff dropped on you at once. That seems to be going around at least in my locale and network. Good luck on it. Especially job and data loss. I can relate.

                                                                                              1. 2

                                                                                                Oh noes, recently quit a job, looking for a new one atm and now I need to check my backups and SMART values, it seems….

                                                                                                1. 1

                                                                                                  What kind of work are you looking for?

                                                                                                  1. 1

                                                                                                    “now I need to check my backups “

                                                                                                    I’ll be doing that later tonight or my next big window of time. Used some of this one to hit the gym hard with a new workout. Upgraded some numbers. Pretty exhausted. I’m gonna try a berry smoothie and some black tea to see if I get any energy back for doing the maintenance tonight.

                                                                                              1. 5

                                                                                                Things I’d like to accomplish this week:

                                                                                                1. Perform maintenance of the following servers: amd64 package build server; binary update build server.
                                                                                                2. Attempt to determine why our ThunderX2 is not booting HardenedBSD 13-CURRENT/arm64.
                                                                                                3. Surprise my wife with a few strategically-placed love notes.
                                                                                                4. Build out more infrastructure for the BSD security working group the HardenedBSD Foundation is spearheading. Get a gitea server online.
                                                                                                5. My wife and I started taking a free course offered through our congregation on becoming self-reliant through personal and familial financial planning and preparation. We started week two on Sunday and I’m hoping to work through some of the material.
                                                                                                6. Deploy more HardenedBSD VMs at NIST.
                                                                                                7. More that I’m forgetting due to a migraine I’m currently experiencing.

                                                                                                Putting on the “HardenedBSD Cofounder” hat due to mixing official HardenedBSD stuff with personal stuff in the list above.

                                                                                                edit[0]: grammar

                                                                                                1. 7

                                                                                                  Surprise my wife with a few strategically-placed love notes.

                                                                                                  That’s what I’m talking about! One guy I knew had the love notes hanging off strings where they would bump into her face at key moments of her leaving the bedroom to start her morning routine. Hallway, kitchen, living room… randomly. She’d be like “Wtf!?,” grab the thing, focus to read it, and it make her day. Became a routine part of their lives, but a good routine.

                                                                                                1. 0

                                                                                                  I am disappointed in the Python Software Foundation for once again leaving PyPy out in the cold. It has been a pattern for over a decade that CPython’s developers shortsightedly ignore alternative Python implementations, and now they have taken the extraordinary step of forcefully deprecating the dialect of Python used by the PyPy team.

                                                                                                  I’ve reached out to the Python Software Foundation repeatedly through official and semi-official channels, but never gotten a good clarification on the matter. PSF’s continued endorsement of a pile of C over a pile of Python is hypocritical, and now their attempt to control an ecosystem that is beyond them is ignorant; this ridiculous situation should not ever have happened, but continues to happen because of poor communication.

                                                                                                  1. 24

                                                                                                    From the linked post

                                                                                                    […] in 2008, we announced that we would sunset Python 2 in 2015, and asked people to upgrade before then. Some did, but many did not. So, in 2014, we extended that sunset till 2020

                                                                                                    (my emphasis)

                                                                                                    So the PyPy team has had between 12 and 5 years to move to Python 3, depending on how seriously they took the deprecation message. Or am I missing some internal Python wrangling here?

                                                                                                    1. 2

                                                                                                      Yeah, there’s two things you’re missing. First, PyPy’s toolchain, RPython, requires a Python 2.7 interpreter in order to bootstrap. These days, PyPy is capable of providing that bootstrap interpreter itself. Rewriting RPython would require a massive engineering effort, and there is not funding for such a venture. The latest position of the PyPy/RPython team is in a 2016 blog post:

                                                                                                      PyPy’s own position is that PyPy will support Python 2.7 forever—the RPython language in which PyPy is written is a subset of 2.7, and we have no plan to upgrade that.

                                                                                                      Second, it is well-known community folklore that GvR doesn’t really like PyPy or Jython or any other alternative to the reference interpreter. He would like for Python to be unified under a single holistic banner, and alternative interpreters present a threat. I was able to recently get him to clarify his position on the GitHub issue for the linked post:

                                                                                                      An endorsement of PyPy as an alternative to porting to Python 3 will not be coming from the PSF – we wish PyPy the best of luck with their own Python 3 transition, but we don’t think they are a good alternative to dropping Python 2 support.

                                                                                                      They would like to exterminate Python 2, and by extension, snuff out any ecosystems which aren’t porting forward to the latest and greatest PEPs offered by the CPython 3.x branches.

                                                                                                      1. 10

                                                                                                        Sounds like you want a hard fork. Why not do that?

                                                                                                        1. 0

                                                                                                          Python 3 already was a hard fork of Python 2. The two languages are clearly distinct; they are mutually incompatible in syntax and semantics. Why must the Python 3 folks now destroy the last of Python 2?

                                                                                                          1. 5

                                                                                                            They do not “destroy the last of Python 2”, they are just saying that they have no will in maintaining it any longer. Would you blame them?

                                                                                                            1. 0

                                                                                                              That’s quite the opposite of what’s actually happening; they are saying that they want alternative Python 2 implementations, which are still going strong and aren’t dying anytime soon, to also go away. I do blame them, yes.

                                                                                                              1. 9

                                                                                                                Speaking as someone who maintains Python packages, I understand their position.

                                                                                                                If the message were “one of many Python 2 interpreters is going to be unmaintained, but that’s no big deal and you can still get a maintained one to keep running all your Python 2 code”, well, that would mean people coming to me, and other package maintainers, and asking to have third-party packages maintained with Python 2 compatibility for as long as there’s a supported interpreter.

                                                                                                                And I have no interest in that. Some aspects of 2/3 compatibility are not that hard, sure, but others can be a bit complex. And I’d be permanently held back from using most new features of modern Python, because those features aren’t going to be backported into a supported Python 2 interpreter (as I understand it, PyPy would never have interest in this; their desire is for Python 2.7 to remain supported but feature-frozen).

                                                                                                                If PyPy wants to internally maintain the interpreter they use to bootstrap, I don’t care one way or another. But if PyPy wants that to also turn into broad advertisement of a supported Python 2 interpreter for general use, I hope they’d consider the effect it will have on other people.

                                                                                                                1. 1

                                                                                                                  Sure. As somebody who maintains Python 2 codebases, I have felt the constricting effects of more and more packages no longer offering Python 2 versions, forcing folks to commit to increasingly-outdated vendored code.

                                                                                                                  PyPy has broadly advertised a general-purpose Python interpreter for sixteen years. An example release announcement from last year advertises “almost a drop-in replacement for CPython”. It’s fun to watch the effect that this already existing system has on folks; this entire thread has been folks having effects because of PyPy. PyPy exists, and that disrupts the picture of the ecosystem painted by PSF.

                                                                                                                  1. 3

                                                                                                                    I’m aware of PyPy’s existence.

                                                                                                                    There are a few things here that your comments have equivocated, and that equivocation leads to difficulty.

                                                                                                                    1. The CPython interpreters, for various versions of the Python programming language
                                                                                                                    2. The end-user deliverable interpreters of the PyPy project, for various versions of the Python programming language
                                                                                                                    3. The interpreter used by the PyPy project to bootstrap RPython
                                                                                                                    4. The abstract concept of the Python programming language, as embodied in a prose specification

                                                                                                                    Items 1 and 4 are copyrighted by the Python Software Foundation, which also owns the trademark for the Python programming language. Items 2 and 3 are under the control of the holders of PyPy’s copyright (a long list of individuals and other entities).

                                                                                                                    PyPy could, if the project chose, sunset its end-user-deliverable Python 2 interpreter on 2020-01-01, refuse to accept bugs from end users who wish to continue running software that is compatible only with Python 2, and maintain a Python 2 interpreter solely for the purpose of bootstrapping RPython.

                                                                                                                    Or, PyPy can publicly maintain an interpreter for Python 2 past 2020-01-01, including accepting bug reports from end users who wish to continue running software that is compatible only with Python 2.

                                                                                                                    You seem to strongly prefer the latter option. The only way in which your stated list of enemies (Guido, the CPython core team, the PSF) could interfere with that is by asking that the interpreter not be named “Python” (since the PSF owns the trademark). But the interpreter is already not named “Python”, so that’s moot.

                                                                                                                    But by doing so, PyPy would introduce a maintenance burden, or at least pressure to take on a maintenance burden, for other projects which wish to drop Python 2 and make use of new features only available in Python 3, since PyPy’s continued offering and support of an end-user-deliverable Python 2 interpreter would extend the life of software that is only compatible with Python 2.

                                                                                                                    This is the point I was making above, as a way of reminding you that while you’re complaining about the impact of the CPython/PSF messaging on you, you’re neglecting the impact of your messaging on others.

                                                                                                                    Also, I do wonder whether PyPy is really prepared to take on the burden of maintaining a high-profile Python 2 interpreter over potentially very long time scales, given the resource constraints which already have prevented being able to move it to bootstrap from Python 3.

                                                                                                                    Finally:

                                                                                                                    I have felt the constricting effects of more and more packages no longer offering Python 2 versions, forcing folks to commit to increasingly-outdated vendored code.

                                                                                                                    The alternative is to force the maintainers to continue supporting software they don’t want to support. For my own projects, I’m supporting Python 2 until 2020-01-01, and then I’m done and will enjoy getting to finally start using features of Python 3. While I have some sympathy for people who are still immovably on Python 2, I don’t feel any obligation, nearly 12 years after Python 3 was released, to continue maintaining things for them for free.

                                                                                                                2. -5

                                                                                                                  They will wave their totalitarian hand over the open source and free software they have released with the right for anyone to do with as they please and say “magically, we will destroy your ability to yourself do as you please with this software we don’t want anymore” and then we will all weep our crocodile tears as open source python has been cancelled.

                                                                                                                  Rest in peace, Python

                                                                                                                  Idk when - 2019


                                                                                                                  We will never forget, we will never forgive

                                                                                                              2. 3

                                                                                                                Because they no longer wish to volunteer their time and effort keeping your software running for you.

                                                                                                                Want to keep python 2 alive? Step up and do it.

                                                                                                                1. 1

                                                                                                                  I already contribute to PyPy and am hoping to switch nixpkgs to PyPy instead of CPython as the default Python 2 interpreter.

                                                                                                                  Why must PSF “sunset” our community?

                                                                                                                  1. 5

                                                                                                                    Because they don’t want to release updates for you. You just have to do it yourself now, as you had before.

                                                                                                            2. 16

                                                                                                              What do you propose they do then? Extend Python 2 support forever and let Python 2 slow down Python 3 development for all time?

                                                                                                              What do you suggest they do about the real problem that it’s confusing for new programmers and users, and annoying for experienced programmers and users, that there are two Python dialects? Should Python programmers just forever have to decide between limiting themselves to writing code compatible with both Python 2 and Python 3, or writing code which a lot of users can’t run?

                                                                                                              I get the feeling that you think they should’ve just made backwards-compatible improvements to Python 2 rather than breaking it with a major release of the language, and maybe that would’ve been better, but that’s not what they did. Therefore, I’m curious about what you would want them to do given the current situation, not what they should have done a decade ago.

                                                                                                              1. 1

                                                                                                                What they should do now, given the current situation, is admit that PyPy is a reasonable implementation of Python 2, and admit that CPython’s demise does not doom the rest of the Python 2 ecosystem.

                                                                                                                New Python programmers already must contend with the fact that the PSF publishes two manuals, one for Python 2 and one for Python 3, which look extremely similar, overlap greatly, and come up simultaneously in search results.

                                                                                                              2. 7

                                                                                                                “First, PyPy’s toolchain, RPython, requires a Python 2.7 interpreter in order to bootstrap.”

                                                                                                                That’s them choosing and forever staying on a specific dependency. We generally don’t force suppliers to support anyone doing that unless they’re customers paying for backward compatibility. Even then suppliers might not find it worth their time and effort.

                                                                                                                Let’s say we address the dependency. Is it really that difficult for Python programmers to rewrite one Python program in the newer version of Python? That versus the effort to maintain and polish Python itself for just that dependency?

                                                                                                                Seems more fair for the project that wants the dependency to be the one reworking it. Also fairer division of labor given other option is an externality.

                                                                                                                1. 1

                                                                                                                  “Supplier” is a bad term. The PyPy team is the RPython team, and they supply their own Python 2 implementation.

                                                                                                                  Is it really that difficult for Python programmers to rewrite one Python program in the newer version of Python?

                                                                                                                  Yes. Additionally, you clearly don’t know either dialect of Python, and you clearly have not done such a port. I encourage you to do so! You will learn a lot. You will mostly learn that Python 2 to Python 3 is not automatic, not trivial, and can take months at a minimum. For RPython, I would say that it is infeasible and not worth attempting unless somebody is paying.

                                                                                                                  1. 5

                                                                                                                    ““Supplier” is a bad term. The PyPy team is the RPython team, and they supply their own Python 2 implementation.”

                                                                                                                    Your original claim was about the Python Foundation, which you said backed CPython, was sunsetting support for Python 2 after telling everyone they’d do it for a long time. They were putting all their effort into Python 3. You then said this was a problem since another team, PyPy team, had a dependency on Python 2, had no intention to change that due to one component, did their own implementation of Python 2, and would stay on it.

                                                                                                                    That means this is an externality for PyPy, costing Python Foundation, where some other group is expected to support a language and its associated ecosystem just because of their dependency choices and porting preferences. I don’t see anything wrong with the other group saying, “No, we and our foundation have moved on in what we think are better directions. Anyone wanting to support the legacy tech can feel free. It’s on them since it’s not benefiting us.” Just going by what facts you’ve given here.

                                                                                                                    “you clearly don’t know either dialect of Python”

                                                                                                                    I used one here and there a long time ago. Don’t know either currently. I’ve been reading about Python 2 maybe getting ditched for Python 3 in these forums for a long time. So, I started asking some questions.

                                                                                                                    “You will mostly learn that Python 2 to Python 3 is not automatic, not trivial, and can take months at a minimum. “

                                                                                                                    Likewise, supporting an entire language, its libraries, security fixes, etc so some other people don’t have to port code is probably manual, less trivial than one component, and will drag on for years to decades. I’ve seen lots of companies port Python to Go. A Python to different kind of Python port of one component by Python experts is probably easier than maintaining a whole implementation of Python and its libraries. Just a guess.

                                                                                                                    If PSF is doing it for PSF, then by all means maybe they should maintain a whole platform. It’s different if it’s a lot of work, an externality for someone else, and they refuse to do a smaller set of work on their end. Again, just going by what you’ve described. If the facts are different, then this analysis would be wrong.

                                                                                                                    1. 0

                                                                                                                      You are equating the support from PSF of Python 2 with the existence of any Python 2 interpreter. If, tomorrow, all CPython 2.x installations stopped working, PyPy users would nonetheless still be able to execute pip or another pure-Python package manager and download Python 2 packages from PSF-operated infrastructure. This is an example of the sort of non-CPython-specific support for the entire Python community under PSF’s control.

                                                                                                                      The PyPy team can, and will, and must, support their entire toolchain, including RPython, PyPy, and a copy of the Python parts of CPython’s standard library.

                                                                                                                      Please ensure that your facts include the corporate employers of various CPython core developers, as well as GvR’s unyielding shadowy influence. Many folks simply wanted Python 2 to become Python 3, a fantasy paid for with developer-hours.

                                                                                                                      1. 4

                                                                                                                        “The PyPy team can, and will, and must, support their entire toolchain, including RPython, PyPy, and a copy of the Python parts of CPython’s standard library.”

                                                                                                                        That’s on them is my point. If they want PSF support, they need to give them a reason that works to their liking. If not, ignore them with a marketing strategy and/or foundation of their own that supports their goals. That’s how these things work.

                                                                                                                        “Please ensure that your facts include the corporate employers of various CPython core developers, as well as GvR’s unyielding shadowy influence.”

                                                                                                                        Sure. If corporations and GvR are in control, then CPython development needs to continue to reflect what they want out of pragmatism or expect lots of failure. Anyone not liking the decisions of those corporations and GvR should fork Python totally to support their vision with their own resources with no hate or aggravation toward the others acting in their own self interests. Maybe even out-compete them with their own language extensions and/or higher-performance implementations [1] on top of better marketing strategy and funding outreach. The kinds of things developers and organizers did for older versions of Python to get them where they were.

                                                                                                                        Edit: [1] Adding that Nim and Julia are sort of doing that already even though I meant an improved version of Python. Nim has Python-like syntax with extra features and higher-performance during runtime. Its getting some Python users. Python is entrenched in scientific computing. Julia is grabbing some of those people with alternative design, focus on higher performance, and focus on easier integration with C libraries while still keeping Python ones. They’re both getting users with Julia getting a lot of them.

                                                                                                                        1. 1

                                                                                                                          This isn’t about PSF support, although if we’re going to talk about PSF support, it’s notable that the total sum investment of the PSF in PyPy is $10,000. I can guess at the salaries of the typical CPython core developer, and they’re a little better than five figures. It was only a year or two ago that PSF even opened up their grant program to allowing PyPy, Jython, or other non-CPython-based projects to apply for grant money.

                                                                                                                          This is about the words at the top of the original post. To remind:

                                                                                                                          We are volunteers who make and take care of the Python programming language. We have decided that January 1, 2020, will be the day that we sunset Python 2.

                                                                                                                          These words purport to speak for PyPy’s team and any other Python 2 team. These words claim that Python 2 will be removed from our hands next year. Can you grok this? Do you understand why it might be a bit of a problem that the group that sits on the pile of money and trademarks has unilaterally decided that entire branches of the family tree must be pruned?

                                                                                                                          Not Nim, but indeed Julia, as well as my own Monte, Hy, Quill, Lever, and likely others, all came from the realization over half a decade ago that the PSF was disowning Python 2 and would only acknowledge Python 3 as the one true Python. If we’re not going to keep the name, why keep the semantics? We could improve.

                                                                                                                          1. 2

                                                                                                                            These words purport to speak for PyPy’s team and any other Python 2 team

                                                                                                                            The original post was published on python.org, which has an SSL cert published by the Python Software Foundation. It’s published by the PSF and speaks for them.

                                                                                                                            You are making weird semantic shifts between “Python the language”, “Python the implementation”, and “Python the trademark” all over the place.

                                                                                                                            It’s clear you (and maybe the rest of PyPy) have no love for Guido van Rossum, and maybe not the PSF. But the fact is that they own the trademark to Python. Trademarks exist in part to prevent customers from confusing one product for another. That way, no-one will be confused when the code they get from the PSF (Python 3) won’t run on PyPy (Python 2).

                                                                                                                            That said, I’m sure no-one would object to say a product called “PyPy - a version of the Python language and runtime based on Python version 2.7”.

                                                                                                                            From what I’ve read in this thread, it seems that PyPy wants to have their cake and eat it - they want full and continued support from the PSF for Python 2, while at the same time being entirely separate from them and not have to follow the PSF in any other matter. I really don’t see why the PSF has to go along with this arrangement.

                                                                                                                2. 5

                                                                                                                  Second, it is well-known community folklore that GvR doesn’t really like PyPy or Jython or any other alternative to the reference interpreter. He would like for Python to be unified under a single holistic banner, and alternative interpreters present a threat. I was able to recently get him to clarify his position on the GitHub issue for the linked post:

                                                                                                                  This is a sticky wicket, and it’s by no means unique to Python. Witness the difficulty non standard Ruby, Perl etc. implementations have had keeping up with the reference implementation.

                                                                                                                  In the end, a most language communities end up, as Guido/Python did, deciding to focus on one implementation and say “This is THE reference implementation of the language”.

                                                                                                                  Doing anything else requires a massive outlay of man hours that just don’t exist in communities like Python - you’d need something like the Jave TCK.

                                                                                                                  1. 7

                                                                                                                    He would like for Python to be unified under a single holistic banner, and alternative interpreters present a threat. I was able to recently get him to clarify his position on the GitHub issue for the linked post:

                                                                                                                    This is not a fair reading of what Guido actually said in that issue. He is talking about PyPy being an alternative to Python 2, and being disappointed they’re not implementing Python 3. He didn’t mention anything about Python being “unified under a single holistic banner” or PyPy being a “threat”

                                                                                                                    1. 1

                                                                                                                      It’s totally understandable that you dislike my opinion. This is a synthetic opinion of GvR’s desires that comes not just from this post, but from years of interactions with him, including a particularly memorable dinner from a PyCon in Montreal a few years ago.

                                                                                                                      PyPy is not just an alternative to Python 2; there is a Python 3 branch. Indeed, the main PyPy page offers 2.7.13, 3.5.3, and 3.6.x versions of PyPy. I can’t imagine that his disappointment is that PyPy doesn’t have Python 3 support, but more likely that PyPy exists at all and mars the otherwise-singular transition between languages.

                                                                                                                      PyPy has never, to my knowledge, cracked 5% of all Python usage. The only measurements I’ve seen have come up at 1-2%. It has always been marginalized due to the desires of CPython core developers. We sometimes like to imagine a world where Python interpreters were fast, but this is apparently not that world.

                                                                                                                      1. 6

                                                                                                                        Can you cite conversations online where CPython core developers are displaying this sentiment?

                                                                                                                        For me, peak-PyPy and excitement around alternative implementations happened in the 2008-2012 window. What I mean by this, is that everyone was excited about alternative implementations driving performance forward at a time when folks weren’t so worried about Python 3 compatibility, and Python itself was just getting into a growth curve. I’d cite Dave Beazley’s PyCon Keynote at PyCon 2012 as an example of how PyPy wasn’t sidelined to the degree you argue it is.

                                                                                                                        Fast forward a few years and folks are in the trough of disillusionment, to steal a phrase from tech analysts. There were lots of (invalid, but) broken expectations in the community. Unladen Swallow, Jython, IronPython, and PyPy (to name just a few) hadn’t taken the world by storm and we were still trying to remove the GIL without breaking C extension compatibility. There were a lot of good intentions about getting and staying compatible with the Python mainstream - but this didn’t happen, and the alternative implementations got behind. PyPy’s history of Python 3 funding has some relevant detail.

                                                                                                                        It’s great that PyPy has caught up, but there is some way to go as far as being a strategic choice for folks. Even with CPython’s pretty obvious deficiencies it’s been able to carry a community forward to a place that’s very different from 2008. PyPy can make the argument that it’s a viable and supported Python 2 that could even get better, but very few people want this, even if they have to support Python 2. Python developers for the most part want to move to Python 3 because it’s finally a compelling option. In my mind, it’d be better if PyPy adapted to the current environment and attempted to overtake CPython as the platform of choice for Python 3 instead of fighting old battles for a diminishing platform.

                                                                                                                        1. 1

                                                                                                                          Sure, you’re part of one arm of the massive galaxy of Python. However, you should know that there is another arm, where:

                                                                                                                          • C extensions are shunned; speed comes from PyPy
                                                                                                                          • Conda? Ha, no, we use real package managers, like Nix
                                                                                                                          • asyncore? asyncio? No, we use Twisted

                                                                                                                          There is a clear difference between Unladen, Pyjion, Pyston, etc. vs PyPy: PyPy is a true community project, not a corporate timewaster. If that makes it less strategic, so be it; the clear difference is that PyPy ships, and has been shipping for years. In 2008, it was already shipping, already fast, and the PyPy position was that CPython folks should keep CPython as the reference interpreter, but encourage PyPy and Jython experimentation, deprecate the C API, and encourage platform-neutral portable Python. This position of ours is over a decade old.

                                                                                                                        2. 3

                                                                                                                          “Indeed, the main PyPy page offers 2.7.13, 3.5.3, and 3.6.x versions of PyPy.”

                                                                                                                          They’ve done a lot of work. They deserve more visibility. I’ve always mentioned them to people interested in Python implementations.

                                                                                                                          “PyPy has never, to my knowledge, cracked 5% of all Python usage. The only measurements I’ve seen have come up at 1-2%. It has always been marginalized due to the desires of CPython core developers.”

                                                                                                                          The desires of a project’s developers rarely determine what massive amounts of people in the real world do. Especially across many disciplines that we see Python in. That’s marketing, what default binaries are available in package managers, what people in charge prefer, what gets the most press, word of mouth pushing each person’s favored version, etc. These things drive language adoption on large scales.

                                                                                                                          The core Python team has a good brand and product they got bundled in most Linux distro’s by default with almost anything people read about Python pointing them in that direction. That’s why most use something like that vs PyPy. The PyPy team would have to step up big time on all the non-technical things that help achieve market success. Especially working with major distro’s to bundle them instead of reference Python. I don’t know what they’ve done on any of that since I just occasionally looked at the project being impressed at the technical work they put in.

                                                                                                                          1. 2

                                                                                                                            I need to quote a PyPy developer. They contribute quite a bit of code, but crucially rely on funding, either from community awards or from paid consulting, to make their living. Their reaction upon reading GvR’s words earlier:

                                                                                                                            it seems like they’re trying to actively hide the fact that there is and will be a supported python 2 version

                                                                                                                            As for distro involvement, all of the big distros (Debian, Fedora, Gentoo, OpenSUSE) have a PyPy package of some sort. It’s second-class in many distros, because the core packages of the system are written specifically for CPython.

                                                                                                                            Many many PyCon hallway discussions have been expended over this. I know that, as an outsider, it seems like this is a matter of marketing or some other intangible/bullshit matter of business, but inside the Python ecosystem, there has grown to be a vast divide between those of us focused on speed in Python and speed beside Python. We former have always been willing to accept being second-class to some extent, but here we are asked to abide a terrible distortion of reality where Python 2 and Python 3 are equivocated in order to fulfill the prophecy and consolidate power over both languages.

                                                                                                                            1. 1

                                                                                                                              I am enjoying your explanations, and lament your suffering, and if I had a clue, I might also have an opinion. But I just want to point out that I think when you grabbed the word “equivocated,” you were really reaching for “equated.” The way you have it reads as tho both the languages are being “made into mistakes.”

                                                                                                                              1. 1

                                                                                                                                If you meant it in the sense of “hide the truth,” then that should be something being done by people. “To equivocate” cannot take a direct object. CPython partisans may equivocate about Python versions, but the versions may not be equivocated by somebody (only truth in general can “be equivocated,” and to so state is tautological to the point of ungrammaticality) nor may they themselves equivocate (unless it’s anthropomorphism, which makes sense, e.g. Python 2 equivocates about strings being Unicode or bytes).

                                                                                                                      2. 2

                                                                                                                        Thanks for taking the time to reply. I can see from the language you’re using is that this is not just a technical matter, there are deep personal disagreements at play on both sides which makes this transition so hard.

                                                                                                                        I just have two followup questions related to the future of PyPy

                                                                                                                        1. would not the the new features of Python 3 make it easier to implement an alternative Python runtime to compete with CPython?
                                                                                                                        2. if not, it sounds as if the PyPy project is the perfect team to take over maintenance of Python 2, effectively forking the language and leaving a path forward for those to do not want to update to Python 3. The lack of funding would be alleviated by the support of those people or organizations who wish to continue to use Python 2.
                                                                                                                        1. 2

                                                                                                                          To your first question: No; see for yourself. Some features are neutral, some features are harmful. When it comes to RPython, the language is already restricted compared to Python 2, because the whole program is subject to type inference. Python 3 doesn’t offer any features which support type inference. (Annotations don’t help type inference more than actual code!) Some features, like ordered dictionaries by default, were first developed in PyPy and then copied by CPython later.

                                                                                                                          There is exactly one feature worth borrowing from Python 3, f-strings, but don’t bother. Python 3 gained them around the same time that ECMAScript gained template literals. Of course, in the original languages Scheme and E where the technique was pioneered, these templating strings can be used not just as builders of values, but also as patterns which destruct values. And in E, it is possible to customize how the value is built, by writing a custom builder. However, in Python 3, f-strings cannot be used as patterns, nor can custom builders be used. I asked somebody involved in drafting that PEP why the feature wasn’t lifted in toto, and they replied that nobody else in the room of CPython core developers had understood why it would be useful.

                                                                                                                          To your second bullet point, yes, there is a possible world where PyPy jumps from less than 5% usage this year to over 50% next year for Python 2. I don’t know whether that world is going to happen, because I believe that the PSF will put in effort to prevent Python 2 ecosystems from flourishing without their permission.

                                                                                                                    2. 3

                                                                                                                      But funnily enough I expect that we’re likely to see tools to analyze codebases for safety to port to PyPy for this reason; and one-and-done solutions for adapting c-based packages to work with PyPy.

                                                                                                                      That or blog posts from the interested parties explaining why that’s so infeasible that they’re finding CPython 2.7 security.

                                                                                                                      1. 1

                                                                                                                        PyPy is a compliant implementation of Python. There are documented differences from CPython, but in general, you should be able to write pure Python and have it work with PyPy.

                                                                                                                        The main barrier to PyPy adoption is the continued existence of CPython’s C API.

                                                                                                                        1. 3

                                                                                                                          More or less all scientific and data science users of python use libraries that depend on the CPython C API.

                                                                                                                          For them, PyPy is not a useful alternative.

                                                                                                                          Besides that, as they say in the announcement, many open source projects will stop supporting python 2. They’ll do that because it is work to support python 2 and they prefer to use or be compatible with 3.

                                                                                                                          PyPy has reasonable support for python 3 and the py2.7 required for bootstrapping can be maintained or replaced - it’s not like it needs any bug or security fixes for this purpose.

                                                                                                                          1. 1

                                                                                                                            Right. Which is why you’d want to analyse your codebase for both use of c-based libraries and the weird dumb things you would do hit those documented differences.

                                                                                                                      1. 9

                                                                                                                        Does anyone else think this announcement is written using unusually simple English prose? It has a sort of Simple English Wikipedia vibe to it.

                                                                                                                        1. 41

                                                                                                                          Python has a massive user base, many for whom English is not their first language. Making this as clear and unambiguous as possible is good.

                                                                                                                          1. 9

                                                                                                                            That’s one reason I advocate for plain English in business (esp support/docs/training) and government (esp anything mandatory). It also helps the illiterate and people with bad memory that forget uncommon words.

                                                                                                                            1. 11

                                                                                                                              Applicable: Native English speakers are the world’s worst communicators

                                                                                                                              often talk too fast for others to follow, and use jokes, slang and references specific to their own culture

                                                                                                                              This can even be a problem among English speaker. I was meeting this fella from NYC a few weeks ago via couchsurfing, and told him via WhatsApp that I’d join him for the craic after getting back from the chipper. He had no idea what I was on about. English is tricky because there are so many variants, and once you get in to the habit of using a regional variant of it, it’s hard to get rid of that.

                                                                                                                              1. 10

                                                                                                                                Applicable: Native English speakers are the world’s worst communicators

                                                                                                                                More accurate title: “Native English speakers are worse at communicating with ESL folk than ESL folk are at communicating with other ESL folk, in English.”

                                                                                                                                Like c’mon it’s not like English is the only language with slang

                                                                                                                                1. 1

                                                                                                                                  Did he ask if there was chance for a shift? (… in your diction?)

                                                                                                                            2. 14

                                                                                                                              What language would you expect? It’s specifically meant for all users, including those that “just use” Python 2.

                                                                                                                              I think it is very clear (except the word “sunsetting”, which is worst of US marketing speak and is not understandable to many second language speakers).

                                                                                                                              1. 3

                                                                                                                                I believe you meant to write “sunsetting”. I do agree that “subsetting” is hard to understand 😉

                                                                                                                                1. 8

                                                                                                                                  Correct. lobste.rs is pretty usable on mobile, but that also makes it vulnerable to autocorrect :D.

                                                                                                                              2. 11

                                                                                                                                They’re trying to communicate with people who are still using Python 2 in 2019.

                                                                                                                                1. 2

                                                                                                                                  I bet there are a lot. The “tech industry” is lead by people following closely the upstream projects, but a long long tail of activities just getting stuff done imitating the others follow, and changing that will be long.

                                                                                                                                  There are also many code bases in production to convert. There is a tendency to not daring to touch to anything in production if it works, even though maintenance is required.

                                                                                                                                2. 5

                                                                                                                                  A lot of people don’t have the necessary attention span time to be able to read long blog posts, announcements or messages. They refer to such messages as “it doesn’t tell about anything”, “meaningless” and “they don’t want to waste time”. I think by using simplest language possible, they’re trying to embrace the short-attention-span people so that they’ll be able to actually read and “digest” the message.

                                                                                                                                  I’ve used “they”, but I know I’m not separated from this issue myself. Many times when I’m stumbling over some article in English, I’m discouraged by the overly flowery language, which I often can’t easily understand (as I’m not a native speaker). So I perfectly understand why the Python note uses Simple English mode :)

                                                                                                                                  1. 4

                                                                                                                                    It’s not you, I had the same reaction. From the tone of the article my impression was that their target audience is four years old. I get that shrouding a simple message in complicated verbiage is a great way to alienate readers but going to far in the opposite direction makes it sound condescending which is possibly worse. But in this case I’m sure that was not the intent of the author, my assumption is that English is not the writer’s first language and they were trying to be very sure they didn’t make anything unclear or misleading. Sometimes my own writing turns into this after I’ve rewritten it 20 times.

                                                                                                                                    1. 6

                                                                                                                                      To quote my mentor at Amazon: “Communication is impossible”.

                                                                                                                                      Have you ever watched a really painful exchange between a non native English speaker and well meaning but frustrated people on a chat channel trying to help?

                                                                                                                                      The non native English speaker asks a question in the best way they can, using imprecise wording and breaking every rule in the English language because, to non speakers, they make no sense :)

                                                                                                                                      So yeah, this announcement is written in a way that optimizes for minimizing mis-understanding, and in this context I see that as the right choice, and if I’m reading you right, so do you :)

                                                                                                                                    2. 1

                                                                                                                                      I’m guessing it’s because they wrote sentences starting with And and But a fair bit, which is potentially easy to read but makes all of the sentences seem really short. It’s a little strange, but much better than paragraph-length sentences.