1. 58

    C-level executives and board members antagonize employees and threaten unemployment, knowing full well that they’ll never miss a meal or a mortgage payment and that their children will still have health insurance and good schools: freedom.

    Workers thinking they should organize to present common concerns to management: not freedom.

    Remember, they only call it class warfare when we fight back.

    1. 13

      Workers organizing is freedom.

      Workers being coerced to join or pay an organization is not freedom.

      This is true even when the organization itself exists to protect freedom.

      1. 20

        The point of labour organizing is not ‘freedom’, especially not in the anglo sense of formal freedom on the marketplace, that everyone on the English-speaking internet seems to assume to be the only true and natural kind of freedom there is. It’s merely improving the conditions of labour, nothing more, nothing less.

        That said, unions can be terrible because they’re often loci of concessions, nationalism, taming, and other reactionary politics, rather than struggle.

        1. 10

          They can have issues. Most of the problems I see are caused by apathy and/or incentives at the top with problems they cause being externalities. Unions also seem to stop more problems than they create. They also counter the trend paid with political bribes to make people easy to fire without cause in as many states as possible. That’s on top of executive compensation always going up in companies that “can’t afford” good wages or benefits for production works. These all lead me to be pro-union in general.

          1.  

            Idk how it is in the US honestly, but that part of my comment wasn’t anti-union in general just noting that they definitely have limits in a political sense.

            However for workers they’re obviously a huge net-positive.

            1.  

              Oh ok. That makes more sense.

          2.  

            You make a good point. The immediate goal of a union is not freedom of its workers. I think workers unionize, though, because they desire more freedom. Limiting work hours means freedom to choose what to do with the rest of the day, for example.

            1.  

              Yes, that’s one of the broader conceptions of freedom I was referring to:)

          3. 19

            Workers being coerced to join or pay an organization is not freedom.

            Yes and no. My being forced to pay taxes isn’t freedom. My living in a society with roads and clean water and educated children (and my own education, which given my home life at the time wouldn’t have happened without compulsory and free education) dramatically increases my overall freedom, far more than was lost by paying taxes.

            The power imbalance between most employers and most employees is such that the vast majority of people are almost-serfs in all but name. The tech sector can sometimes forget that because of the high salaries and relatively competitive employment market…but for most people, their health and home are literally tied to the whims of someone who views them as nothing more than expendable labor. Sure they’re “free” to change jobs, but saying “you’re free to risk your children’s health!” isn’t really freedom at all.

            Correcting that power imbalance might take away some freedom, but it would add a lot more freedom on the other side of the balance sheet, IMHO.

            Universal health care and a strong social safety net is the other way to fix this, if labor unions are determined to be too problematic. That allows you the freedom to change jobs without worrying that you couldn’t pay for your child’s healthcare.

            To provide a real example: a friend of mine has a chronically ill daughter. Without health insurance he literally cannot afford to keep his daughter alive. Thanks to the repeated attempts at removal of the preexisting condition clause by the GOP recently, he runs the very real risk that he could end up with his daughter uninsured and potentially in dire straits if he were to lose his job. His employer knows this and, as the provider of his health insurance, could demand literally anything of him. If he were unemployed long enough that he could no longer pay for COBRA between employers, he’d literally be unable to keep his daughter alive. That is not freedom; that it’s not the government who holds the power is immaterial.

            (Note that his employer is awesome and doesn’t do anything bad, but that’s not true of everyone and it shouldn’t have to be…)

            1.  

              I think you made a great case for universal healthcare – which can be argued to either side of the political fence. If you lean left, universal healthcare is a right and a true good. If you lean right, universal healthcare drives competition, flexibility and allows people to create new companies and more around more quickly.

              That said, I am not sure you made a great case for unions. Unions don’t fix the fundamental problem around healthcare in any form. You still can’t leave to a non-union shop, can’t leave to start your own company, etc without giving it up. If anything it makes it more entrenched.

              1.  

                You seem to be fixating on a single example, not the thrust of his argument. You do realize other first world countries have universal healthcare and wayyy higher union participation than the US? There must be other things unions are useful for.

            2. 10

              I agree with you here. I’m all for workers being able to collectively bargain for their own interests, but not at the expense of imposing on the liberty of others.

              I don’t mind if my co-workers unionize, but I want to be able to choose my own terms of employment with my employer without having a third party interfere without my consent.

              1. 15

                I don’t mind if my co-workers unionize, but I want to be able to choose my own terms of employment with my employer without having a third party interfere without my consent.

                You can’t have your cake and eat it too: if the strength of your coworkers’ union results in your employer entering into a favorable health insurance contract with an insurer, are you really going to reject that insurance and try to negotiate your own? Even if the insurance you purchase will invariably be more expensive and will cover you less?

                1. 8

                  I don’t really care what a third party does with regards to my contractual agreement with my employer. The agreement I enter in is between myself and the company employing me.

                  In your hypothetical, I may indeed choose to cover myself. It’s hard to guess without actually having the numbers and going through a negotiation. I likely value different things at different levels than a potential union does, and would be better served negotiating based on my preferences rather than letting a group decide the terms of my contract.

                  1. 5

                    Except you would end up with a significantly less favourable contract, as you lack the negotiating leverage of the union.

                    1. 10

                      I don’t understand why you care so much about my contract. It’s up to me to decide what is favorable for me and what isn’t. I have the leverage of my own skills and experience, and that I can take a better offer from a different employer at any time.

                      1. 16

                        I don’t care about you, per se, but if everybody privileges abstract notions of freedom over concrete gains from their employment, you have a collective action problem and everybody ends up strictly worse off.

                        1. 12

                          Strictly worse off by whose definition? I’m under no moral obligation to sacrifice my own values to appease yours. If you’re worried about me not joining your union, then make your union attractive enough that I want to join it over negotiating my contract myself. Don’t force me into a contractual agreement that I never consented to.

                          1. 9

                            If you’re worried about me not joining your union, then make your union attractive enough that I want to join it over negotiating my contract myself.

                            In all likelihood, it will be attractive - but the benefits it confers will end up available to all employees, not just those in the union.

                            Now, if the choice was a strict “join the union and receive benefits which it negotiated” or “do not join the union and you are solely responsible for negotiating every part of your employment” I’d be happy, and it sounds like you would be as well.

                            Would you decline to accept any benefit - work conditions, time off, retirement, etc. - which was negotiated by your workplaces union if you planned to not join the union? If your answer is yes, I’d applaud your consistency.

                            The problem that @jfb identifies is that most people would say “no” - they’d chose to benefit from things negotiated by a union they’re not a member of.

                            1. 12

                              My wife has a saying: Good and Evil don’t exist, it’s just selflessness and selfishness.

                              Eric is talking right around the crux of the matter, but he missed something.

                              I’m under no moral obligation to sacrifice my own values to appease yours.

                              Sure you are, buddy. You aren’t under any legal obligation, nor any ethical obligation. The obligation is in fact, a moral obligation.

                              When you throw your lot in with a group, you are sacrificing some of your autonomy in exchange for the group’s strength. Due to network effects, many groups are stronger than their strongest member, but yes, sometimes a member will become weaker by joining. (I’m ignoring here the second order effects like community respect gained due to being described as selfless, etc.)

                              EDIT: reworked the bottom, sorry.

                              1. 7

                                Sure you are, buddy. You aren’t under any legal obligation, nor any ethical obligation. The obligation is in fact, a moral obligation.

                                You and I have very different moral preferences if you think it’s ok to impose your values on someone else without their consent.

                                When you throw your lot in with a group, you are sacrificing some of your autonomy in exchange for the group’s strength.

                                When I join a company I am entering an agreement with an employer in which I exchange my labor for (primarily monetary) compensation.

                                Your assumption that joining a company means joining an subset of coworkers for an unspecified goal of “group strength” seems entirely arbitrary to me.

                                1.  

                                  Look, the simple fact is that unions allow for more favorable price fixing by Labor.

                                  The benefit should be obvious.

                                  1.  

                                    You join the work force as a worker and that makes you a worker. There are social expectations from that and you can be aware of them well before deciding to join the workforce. There’s an unwritten social contract and in the same way by living in a nation-state you’re implicitly a citizen, by joining the workforce you’re implicitly a worker and then subject to all the moral obligations that come with it. Most of them are not protected by law, because in non-socialist states one of the goals of the legal system is to repress the worker, but nonetheless you’re held responsible by other workers. This, most of the times just boils down to “he’s such an asshole” but in other times it meant more than that, because your action was directly and undeniably hurting your peers.

                                    1.  

                                      You and I have very different moral preferences if you think it’s ok to impose your values on someone else without their consent.

                                      Don’t worry, I’m not in a position to compel you! That would be wrong. I may only ask.

                                      1.  

                                        But, that isn’t the case we are discussing is it? We are talking about compulsory unionization. Join the union or no job seems to be what they are referencing.

                                  2. 5

                                    Now, if the choice was a strict “join the union and receive benefits which have been established” or “do not join the union and you are solely responsible for negotiating every part of your employment” I’d be happy, and it sounds like you would be as well.

                                    Yep, perfectly fine with me.

                                    Would you decline to accept any benefit - work conditions, time off, retirement, etc. - which was negotiated by your workplaces union if you planned to not join the union? If your answer is yes, I’d applaud your consistency.

                                    In a contract negotiation between myself and my employer, it’s impossible for me to know what parts of their offering are influenced by the presence of the union, or to what extent they are. For example, imagine an employer that would negotiate for some sort of health insurance regardless of existence of a union. If the existence of a union changes that relationship via a change of insurer, I can’t just ignore it and keep whatever insurance plan I chose before the union came in.

                                    I don’t care to take advantage of a union. I won’t take drinks from your “union members” fridge or take breaks on your union schedule and hope nobody notices. I will, however, negotiate the best deal for myself with my employer, and not handicap myself by trying to figure out what I would or would not have access to if the union didn’t exist. The union is an outside agent that I don’t have control over, and the extent that its existence benefits extend beyond its members are for the union to figure out.

                                    1. 5

                                      Would you decline to accept any benefit - work conditions, time off, retirement, etc. - which was negotiated by your workplaces union if you planned to not join the union?

                                      I certainly wouldn’t refuse all time off because the union gets some, but I wouldn’t automatically assume to have the same. If I get three weeks, and the new union contract gives four, then I guess I’m stuck with three.

                                      But observing that the company gives four weeks off is a data point I might consider when asking for more time off. That’s not strictly a union thing, though. If I saw a non union worker getting more time off, I might want that too.

                                      Is that how it works in the non union case? If you hear a coworker got a raise, do you refuse to ask for your own?

                        2.  

                          “I don’t mind if my co-workers unionize, but I want to be able to choose my own terms of employment with my employer without having a third party interfere without my consent.”

                          In our unionized company, everyone gets the benefits and small restrictions that come with the work of the union and its members. Some people think only the union members should get benefits union negotiates. We know how badly that might end up, though. Especially fights internal to the company. We don’t push that. We do encourage people to highlight benefits union brought: ending fire-without-cause of hard workers; reducing perjury on your references; great health/dental for $25 a month; right to sleep between shifts (a bit…); paid holidays, sick leave, and vacations; fair-ish, standard pay based on position, experience, and time in company. I’m not saying it’s best terms but better than most competitors.

                          That said, I see your position. That people choose competitors to union companies for their different terms supports it a bit. :) I’ve considered letting union people get their negotiated terms while others get theirs. The first thing I ask those people is: “Do you want to work for least they can pay over minimum wage, overtime without overtime, unsafe working conditions (maybe even no bathroom), have little to no benefits, and potentially be fired without cause after years of hard work with bosses giving you no or falsified reference? And while we get the opposite?” Outside high-pay areas like highly-skilled techs, most companies are giving employees as little as they can. They get more commoditized without even being sure they’ll get a job reference for a better job. Might have to endure a lot to get it in some companies. A lot of people don’t have that opportunity.

                          Now, if you do, there’s another thing to consider. These companies that are offering you a good deal at some five to six digit wage might be pocketing multiples of that with folks in suits doing less than you getting a bigger cut or higher cut vs beneficial work ratio. They will similarly be paying lobbyists on Washington and at state levels similarly large sums to reduce what you can gain at an individual level. The unions are one of few groups lobbying for people like you. If more technical workers unionized, then there’d be more lobbying effort toward getting such individuals better deals. That sector also has the kind of money where donations and campaigns might bring some serious results in terms of expected compensation, work environment, better share of I.P. ownership or equity, paid leave (maybe maternity leave), or even better housing in high-rent areas. Again, may not interest you. I just wanted to mention people dealing with you might have been paying politicians to reduce size of those deals, your perks, or rights as a worker.

                          1.  

                            Thanks for the thoughtful response. Your company’s union sounds like it’s doing good work, and you’ve done a good job making a case for it. I would not rule out joining a union without looking at the terms of membership, but I would also be extra wary of joining a company that had compulsory union membership.

                            I don’t have a problem with people making more money than me at the same company, regardless of their beneficial work to pay ratio (which I can’t assess anyway), or what kind of clothes they wear ;)

                            As the lobbying question, there is a high chance I would make the ethical judgement not to join a company (or union, for that matter) based on their lobbying efforts.

                            As an aside, I appreciate your posts and comments on Lobsters in general; anything from nickpsecurity is must-read for me.

                          2.  

                            You are agreeing with something I did not say.

                            1.  

                              this is slightly tangential to the direction this went in, but I’m curious. Why? Bargaining as a group is always more advantageous than doing so individually.

                              1.  

                                I’ve worked in a unionized industry; it’s not the utopia you make it out to be. While the average income may be higher under collective bargaining, this is done by making some people worse off than they would be under individual bargaining.

                                There’s also a huge issue with people who really should be fired, but who aren’t because of the overhead imposed by the union. Honestly, I’d prefer to work for less remuneration than to work with under performers. Particularly when you know those under performers are getting paid the same amount as you. It’s completely demoralizing.

                                1.  

                                  I agree. Unions are not a panacea for every issue workers may have with a company, and in fact can cause many of their own.

                                  However, the issues you mention here are also universal:

                                  While the average income may be higher under collective bargaining, this is done by making some people worse off than they would be under individual bargaining.

                                  True! But considering the current state of tech salaries, I think that’s acceptable from a macro level view. I say that as one of those that would likely see a pay decrease under a union contract – I tend to negotiate quite a bit with potential employers.

                                  There’s also a huge issue with people who really should be fired, but who aren’t because of the overhead imposed by the union.

                                  There are two parts of this argument:

                                  • Unions tend to keep around poorly performing people longer

                                  and

                                  • Unions introduce extra overhead with process into the firing process

                                  I think both are false personally, and I don’t think there’s any data to prove either, I’d love to be proven wrong! For the first, I’ve personally found the opposite – the bar to entry for IBEW-NECA was much higher than that for non-unionized electricians, and the bar for firing was extremely clear. For the second, process can add more time, but it can also reduce it by clarifying for all the bar for firing. I find in most tech companies, the standard months of bad perf -> PIP -> eventual firing process can take a long time due to trepidation on the part of all parties.

                                  1.  

                                    I think both are false personally, and I don’t think there’s any data to prove either,

                                    I don’t have any hard data, only 8 years personal experience working in a (partially) unionised white collar job. I’d have thought it was rather logical though that unions would, in their capacity of protecting their members, make firing more difficult. Which can be a good thing, but can also be horrible for org culture and performance.

                                    The idea of a union as a quality filter is interesting, and not something I’ve come across. IME, unions will take anyone in their industry who’s willing to pay the fee.

                                    1.  

                                      Yeah I agree largely. If only there was a set standard for unions across the board — unfortunately their independence produces wildly disparate results at the tail. For that reason I can never begrudge someone that is against a union in good faith too much, I can only make my persuasion towards unionization more effective. Thank you!

                                      1.  

                                        Unions are typically very strict on safety, and few things are more dangerous in the workplace than an incompetent electrician.

                                        1.  

                                          But in an office job, incompetence isn’t dangerous, it’s just useless. Perhaps that accounts for our differing points of view.

                                    2.  

                                      “There’s also a huge issue with people who really should be fired, but who aren’t because of the overhead imposed by the union.”

                                      I don’t have any hard data, only 8 years personal experience working in a (partially) unionised white collar job.

                                      It might vary union by union or company by company but there’s patterns I noticed at management level. My union won’t protect people who do nothing: only people who work as instructed by management who are written up, suspended, or terminated by poor results of management’s plans. There are people at my company who we can’t seem to get rid of. Management uses union as excuse but I’ve seen no use of established procedures against those workers. It seems management in those areas either lets them talk their way out of it, ignores those that argue or intimidate the most, and gets hard on the more compliant workers (aka easy targets or outlets) that probably don’t deserve it.

                                      The performance metrics also suck so bad at this company and a lot of others (including non-union) where many workers artificially look like they’re not good workers. Some of these companies fail workers if they don’t achieve a arbitrary expectations with no proof they matter (see Office Space) or from managers without real-world experience. If they do this to everyone or many, then the bad workers just fade into the background of what looks like a problem with everyone. A made up problem. If the requirements were sensible, then most people would meet them visibly working at a steady or fast pace (context dependent) with some barely working and some getting way ahead. The bad workers become much easier to identify, discipline, and/or eliminate with a fair baseline.

                                      I’ve talked with people in a few other industries that are unionized. They usually have examples of the above two points happening that mostly come from top-down, ignore-workers management and office politics. I still can’t be sure how much “the union” was responsible for workers being hard to get rid of if management was that inept. It’s all the more believable by how much non-union workers and books on management talk about the same failures. My theory is most managers and corporate offices suck in a lot of ways with unions countering them usually in pretty generic ways focusing on what members value most. Outside the focus areas, the rest of the dynamic becomes back and forth battles with plenty of potential inefficiencies. Companies with competent, take-care-of-workers management usually has less of these problems and workers don’t ask for unions. Hmm… ;)

                                    3.  

                                      Bargaining as a group is always more advantageous than doing so individually.

                                      Not it isn’t. I can’t be more clear than that. There are lots of cases where negotiating as an individual is a far more advantageous position. If your values differ than the group. If your skills differ from the group. If you needs are in direct conflict with the group (for example, you want a 20% raise and don’t care if it is taken from $personX because they are bad at their job). This idea that the group think is magically always what is best for you is fundamentally untrue.

                                      1.  

                                        since neither of us have given data yet, I guess I left myself open to be rebutted in this way. There is data showing that on average union workers make more and have better insurance and benefits in general than non-union workers, but since we haven’t applied that to the tech fields yet, I won’t bring that up as proof. Do keep in mind that for non-tech fields, all of the above is already established as true. in addition:

                                        for example, you want a 20% raise and don’t care if it is taken from $personX because they are bad at their job

                                        is not really how raises are ever allocated, and if they were, I think that company needs a union.

                                        Instead I’ll provide three opinions:

                                        • Letting yourself be lulled into believing that you have more leverage than you do is pretty common amongst workers in highly competitive fields in bull markets. In a bear market where tech isn’t as desirable, you might change your mind.
                                        • The only metric you care about in this instance is salary, however collective bargaining would provide benefits far beyond that. It’s (relatively) easy for an individual to argue for more money, not so easy to argue for better healthcare packages or other benefits. In particular, I’d note that a lot of the benefits I have in mind probably wouldn’t apply to single dudes, but would to fathers, women/mothers, or non-binary folks (not even to mention race and religion).
                                        • To attack the salary question specifically, IMO the huge disparity within and between bands because of negotiation is bad. Responsible companies should tie pretty tight salary ranges to level bands and stick to it. Anything else widens disparities in worker pay. I know that a lot of tech folks will rebut this by saying that their work deserves 300k more than their coworkers, but I think that’s probably not true in 99.99% of cases.
                                        1.  

                                          There is data showing that on average union workers make more and have better insurance and benefits in general than non-union workers

                                          “average” and “always” are very different – but since this wasn’t the thrust of your argument, we can move on past it.

                                          is not really how raises are ever allocated

                                          This is also simply not true – I have sat in exactly such hard decision making meetings. People fired, positions collapsed to give raises to other people, whole teams let go to give budgets to other higher performing teams. You put forth this idea “this isn’t how raises are ever allocated” when it simply isn’t true. It makes it very hard to have a fair and rational discussion with you. Budgets are well – budgets and in bad times hard decisions have to be made.

                                          Letting yourself being lulled … your mind.

                                          Absolutely agree. Tech workers commonly think they are worth more than they are. I suspect the Worth despair poster is commonly applicable: https://i.imgur.com/G7yMiXu.jpg (“Just because your necessary doesn’t mean your important.”)

                                          The only metric you care about in this instance is salary

                                          No, what I care about is individual interests. Some individuals value salary very highly, others a company car, others vacation, others healthcare, others still childcare and others more disparate and interesting things. I don’t find find fathers, women/mothers or non-binary folks to be any less individual than “single dudes”.

                                          Anything else widens disparities in worker pay.

                                          The silent implication here is the disparity in worker pay is a bad thing, which I don’t agree with.

                                          I know that a lot of tech folks will rebut this by saying that their work deserves 300k more than their coworkers, but I think that’s probably not true in 99.99% of cases.

                                          Sure, you say 300k to make your strawman seem obviously true – knock an order of magnitude off that number and ask if a reasonable person at the same tier believes they are worth 30k more… hell, even define how you makes these “bands” – arbitrary experience in terms of years?

                                          1.  
                                            1. You’re right that average and always are different. To be more explicit, I only care about the average. Individuals can get pay raises and better benefits for any reason at all, deserved or undeserved, union or no union.
                                            2. You’re right — what I should’ve said is this: a company that makes the decision to fire one individual purely to justify giving a raise to another is not a place I would want to work. There are a number of factors that go into hiring, firing, and salary decisions, and I believe your original example was a little too simplistic.
                                            3. In normal working conditions, these groups you described will be looking individually for the benefits they want and need. However, their bosses often don’t or won’t share in desire for or see the value in those benefits for a variety of factors. Some of those are economic — workers and their bosses have completely different world views, especially at tech companies. Unions are a way for workers who are by and large powerless individually to fight for those shared benefits collectively.
                                            4. Disparity in worker pay is a bad thing from a social standpoint, especially in the same level. If two engineers are both seen as being at staff level, why would they make more than a difference of 50-100k in total comp? It contributes to gender and racial wage gaps for the benefit of a small set of engineers.
                                            5. I said 300k because I’ve seen it in real life. Two engineers, one male, one female, both evaluated as being senior. One got a sizable equity grant, large sign on and a 15% bonus. The other got a pittance in equity, no sign on, and a 10% bonus. In reality, the gap was much larger because of the appreciation after the initial grant. And standardized levels and bands based on data are pretty standard at most modern startups and FAANG. For an example of what I’m referring to here, Camille Fournier open sourced hers while she was at Rent the Runway as CTO: http://dresscode.renttherunway.com/blog/ladder. Those should be tied to pay bands. Bands and levels should never be tied strictly to YOE.
                                            1.  

                                              To be more explicit, I only care about the average.

                                              Worth clarifying which average you mean while you’re at it (mean vs median yield quite different answers)

                                      2.  

                                        Assuming your interests are the same as the group’s. Even when they are, priorities differ. Everybody wants more pay and more vacation, but which do you care more about? If I want to work 30 hours for 75% pay, will the union negotiated contract offer that flexibility?

                                        1.  

                                          It’s more likely to if you are a voting member.

                                          But your employer will be more than happy to reward you for defecting, until the union is gone and they again have leverage.

                                          1.  

                                            If you are a part of the union, you get to help decide that. :)

                                            A democratic union would take its workers wants and needs into mind when crafting the contract with the employer. Right now, you can probably only get those benefits by either being very lucky to find a company that supports it, by altering your lifestyle by working on contract, or by earning it after some time proving yourself. Hypothetically, a tech industry with a standardized contract for workers could extend those benefits to all companies, saving you the time of doing one of the above or opening your own business.

                                        2.  

                                          I don’t mind if my co-workers unionize, but I want to be able to choose my own terms of employment with my employer without having a third party interfere without my consent.

                                          I’m assuming a lot by your avatar, but my guess is that you serve a lot less to gain from unionization than, for example, a woman of color. In other words, you still want to benefit from a system that rewards white males even if that mean weakenings an institution that would bargain for people lesser off than you.

                                          1.  

                                            You’re assuming a lot more than you think you are.

                                            you serve a lot less to gain from unionization than, for example, a woman of color

                                            A woman of color? Which one? All of them? What color? In what way?

                                            you still want to benefit from a system that rewards white males

                                            What system? Where does it reward white males?

                                            I’m assuming a lot by your avatar

                                            I’m a minority. The company I work for is less than 5% white.

                                            1.  

                                              I have no desire to engage with semantic games with you, especially if it’s just going to be screenshotted to Twitter with ad hominem attacks.

                                              Have a good day.

                                              1.  

                                                Since I don’t expect you to respond to this message, I’m just posting this to clear my record.

                                                I have not played any semantic games. All I asked you to do was concretely define your statements and back them with something other than conjecture. I can’t argue with someone who doesn’t clarify their own argument.

                                                Ad hominem is an argumentative strategy, of which I have not engaged in. I think what you want to say is that I insulted you, which is also false, unless you count “white, male Bay Area resident” as an insult.

                                        3. 5

                                          “Freedom” is not a useful word, here.

                                          1.  

                                            And if the existence/non-existence of a union depends on whether the company can hire non-union workers, you have to decide between one kind of freedom and another.

                                            1.  

                                              Yes, exactly. But how can we choose? Both have merits and consequences.

                                        1.  

                                          Facebook, Twitter, and Google are using it to push us toward a more dystopian, but convenient, future. Their number of users and developers indicates that’s the most popular path right now.

                                          The other side is mainly nonprofits, small businesses, coops, and startups. If you’re interested, I’ve found lots of opportunities looking at batches of startups in general or search for them using AI. A subset of them will be analyzing data in ways that can do social benefit. In this example and this, a few of their companies arguably could have social benefit using machine learning or just number crunching:

                                          1. Vinsight. More mouths to feed all the time, food production needs to keep up, it has to stay cheap, and farmers been hit hard by weather, too. Anything that helps them helps everyone, esp poor people.

                                          2. Sterblue. Uses drones with automated analysis to inspect power lines, wind turbines, etc. I could see this used both to maintain critical infrastructure but also expanding to disaster response. Reducing maintenance costs of wind or solar might also increase renewable use.

                                          3. AskMyClass. Anything that helps teachers, esp in underfunded schools, is a social benefit in my book. Most of them don’t use machine learning so much just better software, materials, organization, etc. This did use AI.

                                          4. Qurasense and Higia. These are neat, early-detection and analysis products for women. If they aren’t using AI, they’ll likely benefit from it.

                                          There’s more on the list. I’m sure you get the idea by now, though. Even more when you don’t need AI since just better apps/interfaces without price-gouging can do tons of public good. You can crank them out faster and cheaper, too. I always keep an eye on these startup batches looking for ideas for public benefit. Given the VC-funded incentives, these startups will probably turn bad at IPO or acquisition time. However, every one of those pitches are also ideas other people can turn into non-profits or bootstrap into public-benefit companies. I say assess which ones you might have resources (esp time/money) to do, pick one that is either easiest or matters most, decide if you can go for it, and if so go for it. :)

                                          Btw, I’ll save the best for last even though it wasn’t AI: AnnieCannons. I wish them luck!

                                          1.  

                                            Vinsight. More mouths to feed all the time, food production needs to keep up, it has to stay cheap, and farmers been hit hard by weather, too. Anything that helps them helps everyone, esp poor people.

                                            The problem hasn’t been whether or not the world produces enough food for decades if not longer. The world is more than capable of feeding people technologically. It annoys me a lot when people act like you can fix poverty with technology. You can’t. We had the technology to solve poverty a hundred years ago.

                                            1.  

                                              Ive advocated here in threads, some you were in, for solving our problems through voter action, unions, charitable giving, personal sacrifices to boost worthy people, incentive structures, media attention, and occasionally technology. OP wanted to see technological solutions. So i gave them.

                                              Your comment severely misrepresents what I advocate on this site while delivering no examples of your own to the OP. Got any good examples on tech side with AI/ML?

                                              1.  

                                                More mouths to feed all the time, food production needs to keep up,

                                                You said this. That you sometimes say other things as well doesn’t change that this is what you said and it’s misleading.

                                                Your comment severely misrepresents what I advocate on this site while delivering no examples of your own to the OP. Got any good examples on tech side with AI/ML?

                                                No, I don’t, because I don’t think they exist. I think ‘AI/ML’ is just at the stage in the hype cycle where people think it fixes all of society’s problems even though it’s probably done more harm than good (allowing people to shift the blame for bias from humans onto unreviewable, unknowable, ununderstandable ‘algorithms’ so that they can ‘scale up’ and/or cut costs without having to employ people to do things like youtube video content review, copyright infringement review, parole reviews, etc. is both harmful to employment and harmful to the people being reviewed).

                                                Also “voter action” is pointless and will always be completely pointless in a world where so many people are all but mind-controlled by the mass media, “unions” have been impotent for decades because they’ve been rendered impotent by changes to labour laws across the world and “charitable giving” is a tax on conscience. I don’t relaly know what you mean by “personal sacrifices to boost worthy people”, but if you mean what a lot of people seem to mean with that kind of statement which is basically “all bow down to [Elon Musk or some other billionaire with a good marketing department] for he is our savior” then I disagree (although I doubt that’s what you mean), because the world cannot be changed and will not be changed for the better by billionaires, who are literally the people causing the problems in the first place. The media is controlled by people that benefit greatly from the public political consciousness being practically nonexistent, so I don’t know why media attention could solve that.

                                                The internet was supposed to bring people together and become an educational resource for billions. Which it is, but it’s also given the powers that be greater control over peoples’ lives than they’ve ever had before. Not worth the tradeoff, if you ask me. Unlike (it seems) most people in the tech industry, I do not see technology has ultimately a positive thing unless I actually see some evidence of it having a positive impact on the world that outweighs its enormous negative impact (mental health, corporate control of society, etc. etc.).

                                          1.  

                                            @hwayne maybe consider adding her to the women in computing lists. Formal methodists make steady gains trying to bridge abstract states to concrete instructions. She bridged classical and quantum despite considerable challenges. That’s friggin awesome. Even Scott Aaranson is like “WTH that’s astounding” (paraphrased…).

                                            1. 6

                                              This is extremely cool and amazing of her. I’m trying to keep the list restricted to historical figures who’s work has stood the test of time: not that I expect this won’t, but it’s intentionally a conservative list to prove a point.

                                              (We’re talking about this list if anybody is curious)

                                              1.  

                                                Makes sense. She could go on a list highlighting recent women in Physics and CompSci.

                                            1. 6

                                              One of my power distribution units (PDUs) has a web-based interface. Not strictly because of this announcement, but I’m no longer able to use Firefox to access it–the SSL/TLS supported by the PDU and the SSL/TLS supported by Firefox no longer overlap.

                                              By and large all of our network equipment is configured over serial, rather than https, but this one exception is now twice noteworthy to me–both in being web-based rather than serial and in speaking a no longer supported dialect of https.

                                              1. 8

                                                I think anything “legacy” (like your case) or “retro” (trying to browse the modern web on Windows 98) in the TLS world will soon require (MitM) proxying.

                                                1.  

                                                  This seems like the sensible solution to me to scary unpatchable crap kit. If the vendor can’t or won’t patch a given box any more, put another box in between it and the rest of the scary scary world which you can patch whose purpose is to lets absolutely minimum traffic touch the insecure bit.

                                                  1. 2

                                                    Good prediction. The RTOS vendors are already doing offerings for stuff like that for embedded and IoT markets. Gateway-style products.

                                                1. 1

                                                  Sure it looks like it on the surface, but if you look closer it’s pretty obvious He hacked most of the Universe together with Perl.

                                                  1. 1

                                                    Exactly haha. Then Richard Gabriel discovered and wrote essays about what development style He and His creations would reward the most.

                                                  1. 2

                                                    What messengers does everyone else use? I’ve got actually a good amount of my contacts using Signal, and I hesitate to make the attempt at migrating yet again, but if the benefits are significant enough I might be able to be convinced.

                                                    1. 9

                                                      You should consider submitting that as an Ask Lobsters. It probably deserves its own thread. Ask’s on Lobsters are usually pretty interesting with lots of good ideas and setups.

                                                      1. 2

                                                        Fully agree (unless we can politely ask moderators to split this into its own thread, if that’s actually a thing)

                                                          1. 1

                                                            Sweet!

                                                        1. 8

                                                          IRC is still one of my main messengers. weechat makes it so nice.

                                                          Other than that, I have quite a few friends and family using telegram, which is a great client with questionable crypto.

                                                          1. 1

                                                            weechat is a bit annoying to use on mobile. I got a proper weechat relay setup and use the official weechat Android app. However, it really likes using a ton of battery. Do you experience the same problem?

                                                            1. 2

                                                              Are you referring to weechat-android? If so, I use the same setup.

                                                              I leave it on all the time and haven’t noticed any significant battery drain. According to the battery stats, it’s about 1% of today’s usage. Compare that to syncthing, which counts for 9%.

                                                              1. 1

                                                                Ironically I found XMPP to be the best way (for me) to use mobile IRC. Thanks to biboumi, a very reasonable bridge. And you can also connect biboumi to your Irssi or WeeChat IRC relay

                                                            2. 5

                                                              We shouldn’t dismiss XMPP yet. It comes pretty good off in that matrix above there, and with Conversations and ChatSecure has good mobile support. Some criticise it’s distributed nature, which I believe to be a strength. And the chaos in the implemented features often cited from Matrix side can be seen in another matrix wr.t the publicly operated servers thanks to the “XMPP Compliance Tester”

                                                              • Another plus is that you do not need to share your phone numbers or upload your phone book
                                                              1. 3

                                                                I’ve been looking into XMPP in response to both this post and Librem’s desire to support it in their phone. I was quite disappointed that XEP-0313 isn’t supported well on Desktop.

                                                                Mobile is doing fantastic, but it’s hard for me to get excited when I don’t feel like there’s a large range of clients. Even for Windows to chat with my SO.

                                                                1. 2

                                                                  You may be interested in movim.eu https://github.com/movim/moxl#xmpp-support

                                                                  or Dino https://dino.im/

                                                                  Gajim is also ok.

                                                                  Edit: may also be interesting: https://conversejs.org/#features

                                                                  Personally I have not enabled MAM on my server at all, Carbon copies seems enough (I rarely need a coherent history on all devices). Another thing you can do is open a “group chat”, which has it’s own way to record the most recent history.

                                                                  If you are using terminal based clients, you may find they are running on a server 24/7 anyway and thus do not need explicit MAM either

                                                                  1.  

                                                                    movim is interesting, but looked like it was a social network rather than an IM software? Maybe I’ve misunderstood though. Dino looks great, except that it hasn’t had a release yet. Gajim doesn’t have a UI that I think my partner would like, saying that, I don’t want it to change, because I quite like it.

                                                                    Converse.js is rather neat, especially inverse. That would probably provide a good experience for desktop use for my partner.

                                                                    I personally could get by with the carbon copy stuff, but my partner could not. I have to convince her that XMPP is superior to other things. Being able to randomly open/close the desktop application is part of her workflow, even where it may not be part of mine.

                                                                2.  

                                                                  Check out the note on XMPP towards the end of this post https://blog.torproject.org/sunsetting-tor-messenger

                                                                3. 3

                                                                  I went from irc in the old days (never a heavy user) to msn (around 2006), Skype (from 2004 until they were bought by Microsoft), Hangouts (my mind is a bit fuzzy), WhatsApp (early adopter and huge fan until Facebook bought it and made it “free”), Telegram (again, huge fan until I realized there are actual problems with the crypto, still use it).

                                                                  Considering transitioning to Signal or Matrix but I’ll think twice about it before I migrate my family to a new messenger service. They are really stubborn, like more stubborn than I am :-P

                                                                1. 6

                                                                  Over the weekend I did a failover of lobste.rs from a physical host with an L5520 CPU to a physical host with an E5-2660. I didn’t have a lobste.rs-specific reason for doing this: it happened as a side-effect of patching L1TF, which I’ll continue working on this week.

                                                                  All the same, I’ll be curious to spot-check lobste.rs and see whether it changes how the site performs.

                                                                  1. 3

                                                                    Shows 45nm servers are still practical. The Rocket core for RISC-V was deployed to 45nm ROI. The newest ones are 28nm but 45nm is cheaper for development. I think L5520 performance shows there’s plenty of mileage to be gained for open hardware on older nodes if anyone can harvest the free/cheap labor advantage combined with discounted tools at universities.

                                                                  1. 2

                                                                    Nice survey. Am I missing Off the Reccord Messaging on this list? It had quite a bit of use.

                                                                    1. 3

                                                                      It probably could, but it’s not an independent messaging system. Rather, it’s way of using other messaging systems as transport for encrypted content. Adding it would render the E2E Private and E2E Audit fields true, and arguably the TLS field based on OTR’s message structure (it wouldn’t be true TLS but signed encryption of OTR messages would likely be sufficient to mitigate the absence of TLS). The rest of the fields would be unchanged, by my quick assessment.

                                                                      1. 2

                                                                        I think of it as its own messenger in a way. It’s basically like FOSS version of a commercial bundle or value-added reseller. IIRC, E2E Default might be true, too, since my setup automatically attempted OTR with friends.

                                                                    1. 20

                                                                      “(For the record, I’m pretty close to just biting the bullet and dropping $1800 on a Purism laptop, which meets all my requirements except the fact that I’m a frugal guy…)”

                                                                      One more thing to consider: vote with your wallet for ethical companies. One of the reasons all the laptop manufacturers are scheming companies pulling all kinds of bloatware, quality, and security crap is that most people buy their stuff. I try where possible to buy from suppliers that act ethically to customers and/or employees even if it costs a reasonable premium. An recent example was getting a good printer at Costco instead of Amazon where price was similar. I only know of two suppliers of laptops that try to ensure user freedom and/or security: MiniFree and Purism. For desktops, there’s Raptor but that’s not x86.

                                                                      Just tossing the philosophy angle out there in case anyone forgets we as consumers contribute a bit to what kind of hardware and practices we’ll see in the future every time we buy things. The user-controllable and privacy-focused suppliers often disappear without enough buyers.

                                                                      1. 10

                                                                        One more thing to consider: vote with your wallet for ethical companies

                                                                        Don’t forget the ethics of the manufacturing and supply chain of the hardware itself. I would imagine that the less well-known a Chinese-manufactured brand is the more likely it is to be a complete black box/hole in terms of the working conditions of the people who put the thing together, who made the parts that got assembled, back to the people who dug the original minerals out of the ground.

                                                                        I honestly don’t know who (if anyone) is doing well here - or even if there’s enough information to make a judgement or comparison. I think a while back there was some attention to Apple’s supply chain, I think mostly in the context of the iPhone and suicides at Foxconn, but I don’t know where that stands now - no idea if it got better, or worse.

                                                                        1. 6

                                                                          Apple has been doing a lot of work lately on supplier transparency and working conditions, including this year publishing a complete list of their suppliers, which is pretty unusual. https://www.apple.com/supplier-responsibility/

                                                                          1. 1

                                                                            Technically their list of suppliers covers the top 98% of their suppliers, so not a complete list, but still a very good thing to have.

                                                                            1. 1

                                                                              Most other large public companies do that too, just not getting the pat on the back as much as Apple.

                                                                              http://h20195.www2.hp.com/v2/getpdf.aspx/c03728062.pdf

                                                                            2. 2

                                                                              You both brought up a good concern and followed up with reason I didn’t include it. I have no idea who would be doing good on those metrics. I think cheap, non-CPU components, boards, assembly and so on are typically done in factories of low-wage workers in China, Malaysia, Singapore, etc. When looking at this, the advice I gave was to just move more stuff to Singapore or Malaysia to counter the Chinese threat. Then, just make the wages and working conditions a bit better than they are. If both are already minimal, the workers would probably appreciate their job if they got a little more money, air conditioning, some ergonomic stuff, breaks, vacations, etc. At their wages and high volume, I doubt it would add a lot of cost to the parts.

                                                                            3. 9

                                                                              Funnily enough

                                                                              The Libreboot project recommends avoiding all hardware sold by Purism.

                                                                              1. 5

                                                                                Yeah, that is funny. I cant knock them for not supporting backdoored hardware, though. Of the many principles, standing by that one make more sense than most.

                                                                                1.  

                                                                                  Correct me if I’m wrong, but I thought purism figured out how to shut down ME with an exploit? Is that not in their production machines?

                                                                                2. 3

                                                                                  I agree, which is why I bought a Purism laptop about a year ago. Unfortunately, it fell and the screen shattered about 5 months after I got it, in January of this year. Despite support (which was very friendly and responded quickly) saying they would look into it and have an answer soon several times, Purism was unable to tell me if it was possible for them to replace my laptop screen, even for a price, in 6 months. (This while all the time they were posting about progress on their phone project.) Eventually I simply gave up and bought from System76, which I’ve been very satisfied with. I know they’re not perfect, but at least I didn’t pay for a Windows license. In addition my System76 laptop just feels higher quality - my Librem 15 always felt like it wasn’t held together SUPER well, though I can’t place why, and in particular the keyboard was highly affected by how tight the bottom panel screws were (to the point where I carried screwdrivers with me so I could adjust them if need be).

                                                                                  If you want to buy from Purism, I really do wish you the best. I truly hope they succeed. I’m not saying “don’t buy from Purism”; depending on your use case you may not find these issues to be a big deal. But I want to make sure you know what you’re getting into when buying from a very new company like Purism.

                                                                                  1. 1

                                                                                    Great points! That support sounds like it sucks to not even give you a definitive answer. Also, thanks for telling me about System76. With what Wikipedia said, that looks like another good choice for vote with your wallet.

                                                                                  2. 2

                                                                                    Raptor but that’s not x86

                                                                                    Looks like it uses POWER, which surprised me because I thought that people generally agreed that x86 was better. (Consoles don’t use it anymore, Apple doesn’t use it, etc)

                                                                                    Are the CPUs that Raptor is shipping even viable? They seem to not have any information than “2x 14nm 4 core processors” listed on their site.

                                                                                    1. 4

                                                                                      The FAQ will answer your questions. The POWER9 CPU’s they use are badass compared to what’s in consoles, the PPC’s Apple had, and so on. They go head to head with top stuff from Intel in the enterprise market mainly sold for outrageous prices. Raptor is the first time they’re available in $5000 or below desktops. Main goal is hardware that reduces risk of attack while still performing well.

                                                                                  1. 4

                                                                                    It’s unfortunate that even in the internet realm, the paradigm that russians and chinese are ‘the others’ is still being perpetuated. The great thing about the internet is that it brings people together across vast distances. Still, language and cultural barriers (and political too) are harder to overcome.

                                                                                    1. 6

                                                                                      The paradigm is true in the physical and digital realms. So, it should be perpetuated. Here’s a simplistic overview:

                                                                                      1. Several big countries, esp America, are imperialists that want to dominate, police, and especially financially exploit the rest of the world. They used military might a lot in the past. Then they used coercive, trade negotiations where each side was using spies or rich companies to get leverage. Later, America and its partners added a big-ass SIGINT network spying on everyone for self-defense but also advantage in contract and legal negotiations. They protect a lot of their advantages, earned and ill-gotten, via corrupt, I.P. laws.

                                                                                      2. Russia and China were building their own empires. They’ve each been to war with America, who wants their governments changed and them to bow down. Instead, they grew their own countries finding their own allies to rest Western imperialism and do their own where they could. Although some cooperation happens, they definitely want to move as much money, markets, and tech from us to them so their own companies and governments can win with it. They found it cheaper to steal I.P. and classified secrets than to build the stuff in the first place. So, they invest to this day massively in spies and hackers to do that. They’ve increased their own capabilities a ton with many huge companies forming that now compete with America. On the low end, the poorer people in those countries with lax enforcement of hacking or fraud charges against American targets found that lucrative way to come up.

                                                                                      And the article has a U.S. vs Russian and Chinese hackers with a government angle for both. Makes a ton of sense in light of No 1 and No 2. Hell, right now, Russia is protecting an American that did their biggest expose and U.S. is doing some trade war or something with China. I’m not sure where you get Americans, Russians, and Chinese all being brought together as a cooperative, peaceful group thanks to the Internet. Some people and companies might fit that but the overall story is non-violent form of war and pillaging.

                                                                                      1. 1

                                                                                        In what sense is it theft?

                                                                                        I mean, it’s illegal theft to copy that tech according to the US government, but presumably not according to the Russian/Chinese ones.

                                                                                        1. 2

                                                                                          f it’s not theft, illegal, or bad, it’s weird that they hid and denied that they did it so much. ;) Well, that’s just intuition. Their IP agreements are more official. They were only paying lip service. I kind of like that after watching the Wired documentary on Shenzhen. I’m anti-lock-in via patents and copyrights.

                                                                                          1. 1

                                                                                            They’ve signed onto an agreement that made it possible for them to get their goods to US (and allied) markets. And made it illegal, you’re right.

                                                                                            Choosing not to spend much on enforcement isn’t exactly the same as not having it on the books…

                                                                                            1. 4

                                                                                              Their military and hackers work together to steal massive amounts of Western I.P. in every sector they can get. That’s the total opposite of not spending much on enforcement. That’s like hugging a person talking about cooperation with mutual benefit while fleecing everything you can off the person.

                                                                                      2. 1

                                                                                        Russians and Chinese aren’t being treated as “the others” in the internet realm. They’re being treated as the others in the English-speaking internet realm. This would be a nonsensical thing to say in Russian or Chinese on a Russian or Chinese forum. But that’s not where we’re communicating now.

                                                                                      1. 1

                                                                                        I’m curious how something can be both anti-abuse and anti-censorship. Against whom doing the abusing/censoring?

                                                                                        1. 7

                                                                                          It’s a good question, and no system can be perfect. Here are the boundaries that I am interested in:

                                                                                          • I don’t consider it censorship if someone is filtering out themselves from seeing your content, that’s their own freedom to filter. Communities and individuals can, and should, decide when they would rather not see certain content.
                                                                                          • However, the inability to find any venue for expression of ideas I do think is censorship.
                                                                                          • One current assumption I think is wrong in contemporary social networks is the assumption that everyone should be able to message you by default, or at least at no or equal cost to all parties (I go about this more in the post, and I shall go into it more later as well). Instead I think it makes sense to have multiple paths to one’s doorstep, which one may hand out judiciously. So that’s one filtering layer, the ability for people to reach you in the first place.
                                                                                          • As said in the post, I think the assumption that moderation should happen at the instance level is leading to a lot of current problems on the fediverse… especially when we want as many people to run instances. It’s not sustainable, and it leads to big fights. Instead I think mailing lists are a better example of moderation: you might join many different lists with different expectations of what is and isn’t acceptable behavior for the different facets of you life.
                                                                                          1. 3

                                                                                            I think censoring things by default, but indicating that something is censored (with an opt-in to view it) is a good balance. It could also work the other way, but censorship is generally expected for adoption.

                                                                                            1. 4

                                                                                              I think censoring things by default, but indicating that something is censored (with an opt-in to view it) is a good balance.

                                                                                              We do visible, expandable censorship that collapses subthreads here on Lobsters. It’s a nice compromise. For me, I can ignore that stuff to focus on high-priority content when I have little time. Later, I might expand and skim it to see whether kicking it off the thread was something every group would be behind or one group dropping another. I at least can see what everyone said if there’s no deleted comments. There’s also sometimes good info in there that was just unpopular to those viewing at the time.

                                                                                          1. 3

                                                                                            Any ideas how we could solve this?

                                                                                            Off the top of my head I’m thinking about some kind of fine applied if you have a data breach while neglecting proper security practices similar to how you get a fine for disregarding health and safety practices and someone is hurt. That way doing constant maintenance and monitoring of your website becomes a necessary cost and not just a luxury.

                                                                                            1. 5

                                                                                              Court case. Need examples showing how low effort and cost it is to do it better. Gotta prove with many examples of average admins that it must be negligence vs inherently hard to do better. Work with one judge or jury after another getting big-ass awards from them until their management adjust the cost/benefit and risk/reward ratios in favor of better security to prevent those losses. Then, keep working from there for stronger and stronger security. Lots of FOSS examples, too, where even free stuff maybe made by volunteers was more secure. Double effective if it was an easy thing to Google that they could’ve used.

                                                                                              Just hypothesizing about solutions I was thinking about seeing all these breaches and esp court ruling that username/password was all they needed for “reasonable security.” Fuck that.

                                                                                            1. 2

                                                                                              What’s a COLA in this context?

                                                                                              1. 6

                                                                                                Cache-oblivious lookahead array, a type of cache-oblivious data structure. Cache-obliviousness is a property whereby an algorithm performs well even without knowing the size or depth of its cache hierarchy a priori. A fractal tree is a type of cache-oblivious data structure. Here’s a pretty good overview paper for COLA to get you started if you want to learn more.

                                                                                                1. 2

                                                                                                  Thanks for the explanation! Although I didn’t know COLA, I did recently submit Fractal Tree Indexes since someone told me Tokutek put them to good use. Thanks to your comment, I just found some stuff that was previously submitted or soon to be submitted that people will like on this topic. :)

                                                                                                2. 1

                                                                                                  I looked it up last night and just now with quite a few search terms. Im getting nothing. Hopefully not that important…

                                                                                                1. 8

                                                                                                  I see a business opportunity for anyone that can:

                                                                                                  (a) do security fixes on the legacy codebase as the bug reports come in. Maybe bub bounty. Charge for the support and security fixes as minimal offering.

                                                                                                  (b) use combo of tools and inspection to quickly find the application-layer flaws common in those PHP programs. This low-cost, quick-and-dirty pentesting is the next tier offer.

                                                                                                  (c) get that PHP version compiled with stuff like Softbound+CETS, Dataflow Integrity, and so on. Tell them it will block almost all software-based vulnerabilities with a performance hit that may or may not matter. If it’s significant, they can just use extra, cheap servers. They can do 90-day, free evaluation on their workload to assess that. This is highest-tier offering.

                                                                                                  1. 3

                                                                                                    If the web hosting providers that are still running ancient versions of PHP actually cared about fixing security issues, they would just upgrade to the latest version. I know of plenty of popular providers in my country that are still running PHP versions as old as 5.2.13 , and they simply don’t care about fixing this. It’ll probably take a high profile vulnerability to get them to move.

                                                                                                    1. 2

                                                                                                      I remember when heartbleed hit and I was tasked with getting hold of our managed hosting in order to see how long it would take to get sorted only to be faced with “oh, don’t worry the version you’re on is so old it’s not affected.” Managed hosting, that we were paying a couple grand a month for wasn’t actually managing anything!

                                                                                                      It turned out that a dozen things were wildly out of date and I eventually managed to push for migration to our own environment that was kept up to date and locked down.

                                                                                                  1. 7

                                                                                                    I still owe folks a blog post about total vs partial math in Pony and how that relates to division by 0. Sadly I’ve had zero time for that as I’ve been spending all my time on Wallaroo Labs work.

                                                                                                    Part of that post was going to be “and as a pre-1.0 language all this is going to change as we will be introducing partial integer math operators in the future”. Well, those operators are here. All the division by zero kerfuffle got someone inspired to implement the RFC that has been open and waiting to be.

                                                                                                    Still, I owe folks a post on partial vs total integer math and eventually that will come. Maybe when I’m on vacation in November, although honestly, that sounds like an awful vacation.

                                                                                                    1. 4

                                                                                                      Incidentally, have you watched Evan Czaplicki’s recent talk, ‘The Hard Parts of Open Source’? It sounds like you’re in the same situation (and I’ve probably contributed to that, sorry!).

                                                                                                      1. 1

                                                                                                        I haven’t watched it. Evan was incredibly thoughtful and nice when I met him a few years ago at ICFP and hung out. From that interaction and the title, I imagine its something I would enjoy.

                                                                                                        Care to summarize it?

                                                                                                        1. 4

                                                                                                          I think you would enjoy it. He examines patterns of behaviour in open source communities that seem hurtful, like ‘Why don’t you just do it like this?’, ‘What gives you the right to do this?’, and so on, and traces them back to the birth of hacker culture and other very interesting historical context that directly influence today’s online communities.

                                                                                                          1. 18

                                                                                                            That does sound interesting. It certainly expands past open source communities. Programmers in general are quite happy to critique the product of a series of tradeoffs without context.

                                                                                                            We do this when we look at other people’s systems and pick out one thing to critique outside of the other feature. The Pony divide by zero kerfuffle was an example of that. Many people who knew nothing about Pony critiqued that single “feature” on the basis of the impact within system they know rather than as a “feature” within Pony as a whole (which in the end is what my blog post needs to be about). In that Pony case, a series of decisions that were made to make Pony safer moved it towards being part programming language and part theorem prover. It’s in an interesting place right now where we have downsides from both that lead to “interesting” things like divide by zero being zero because of a series of other choices. All in all, Pony is safer than many languages but, we can to find that there were a number of features needed to address issues like divide by zero. For example, dependent types, partial integer math as an option.

                                                                                                            I think this happens in every system. You make a number of well intentioned decisions where they are the right decision but inevitabily, they are going to lead to “wat” and “ugh” moments as they come together. I’ve never seen a language that doesn’t have those and if you spend the time to understand the language and its choices, you can see how when favoring certain values, you would end up there. No tool will ever be perfect.

                                                                                                            There’s a Bryan Cantrill talk on this that is really good: “Platform as a refection of value”.

                                                                                                            Often times, we also see the results of constraints on the code. For example, perhaps there was an artificial but reasonable time limit. “This needs to be fixed but we only have a couple weeks to do it, what is the best we can make this in two weeks because other things are more pressing”.

                                                                                                            I had real problems with this earlier in my career. I was incredibly judgemental. Sean in his 20s would have been all over Pony for the “stupid divide by zero”, Why? Well, I wouldn’t have taken time to understand the problem. Everything I knew had divide by zero as an error so that would “obviously be the right thing to do”. And in general, I lacked empathy. I had no ability to try and understand why someone would do something that I could see a reason to do. Worse, I didn’t care to understand. I just loved to go “wat” and laugh at things. I was awful towards PHP for example. Now, I recognize that PHP is an awesome tool for some tasks. I don’t really ever take on those tasks but that doesn’t make PHP any less valuable for those tasks.

                                                                                                            I had to work incredibly hard on empathy. Its not something we do in my family. My mother, to this day, is still incredibly selfish and as one of her children, I picked that up. My stepfather hurt his back a couple years ago. My mother was somewhat concerned with his injury but mostly was annoyed with how it impacted on her life and the extra work she had to do because he wasn’t capable.

                                                                                                            It wasn’t until I worked for an asshole CEO and was a team leader and had to try and hold my team together that I really started to get good at empathy. I realized that in order to deal with said asshole, I needed to try and understand why they did what they did. Without that understanding, there was no way I could get what my team needed from said CEO. There was no way, I could put together an argument that would speak to his needs, desires, and concerns. I developed this empathy skill for purely selfish purposes but, its turned out to be incredibly helpful in general. I have a much better appreciation and understanding of other people’s software. Where before I would judgementally dismissing things as crap, I have now often taken the time to understand why the software was the way it is, and, I’ve learned a ton in the process.

                                                                                                            Anyway, I could write 5,000 more words on this topic and things tangential to it. Given the context, that seems like rambling to the extreme, so I’m going to stop now. Thanks for the talk recommendation. I’ll definitely check it out.

                                                                                                            I’d really advise anyone who read this and found that it reasonated at all the check out that Cantrill talk. It’s really really good. And also, if you don’t think empathy and understanding can be valuable as an engineer, I’d pass along the advice to give it a serious try for a couple years. If you are like me, you will be amazed and delighted with the results.

                                                                                                            1. 3

                                                                                                              Thanks a lot for your very open and honest text, it was really moving and I’m glad you’ve made empathy a priority, and that it has worked out for you.

                                                                                                              1. 2

                                                                                                                Thanks for the context. I too struggle with being empathetic. We’re all such a deep well of emotions and desires, that sometimes I feel like if I try to open that door of trying to understand people on a deeper level, I’ll spend all my emotional budget on it. But even on a superficial level–what I try to do nowadays (not always successfully!) is realize that people probably do things that make sense to them and it’s OK for it not to make sense to me, because it doesn’t affect my life.

                                                                                                                1. 2

                                                                                                                  Empathy and doing stuff with other humans is about being at the point where it does affect your life and still being able to deal with other people as fully formed, totally broken but in a different way to you, feeling, incomprehensible beings.

                                                                                                                  1. 1

                                                                                                                    That sounds about right. I’m still learning, I guess!

                                                                                                                2. 2

                                                                                                                  “All in all, Pony is safer than many languages but, we can to find that there were a number of features needed to address issues like divide by zero. For example, dependent types, partial integer math as an option.”

                                                                                                                  I suggest a translation to WhyML in Why3 platform that feeds verification conditions to automated provers. Why3 is the middle-end that Frama-C, SPARK, and the Java one all use. They prove absence of things like you describe. The automation in SPARK is often over 90%. The backends keep improving.

                                                                                                                  So, my default recommendation for any type/verification of things like number ranges is either static analyzer that’s extensible or a langusge-specific front-end for Why3. A side benefit is SPARK-style annotations are easy for programmers to learn. And you can do property-based, test generation if proof is too hard.

                                                                                                                  1.  

                                                                                                                    We do this when we look at other people’s systems and pick out one thing to critique outside of the other feature. The Pony divide by zero kerfuffle was an example of that. Many people who knew nothing about Pony critiqued that single “feature” on the basis of the impact within system they know rather than as a “feature” within Pony as a whole (which in the end is what my blog post needs to be about). In that Pony case, a series of decisions that were made to make Pony safer moved it towards being part programming language and part theorem prover. It’s in an interesting place right now where we have downsides from both that lead to “interesting” things like divide by zero being zero because of a series of other choices.

                                                                                                                    The main criticism I saw was criticism of it being presented as somehow more ‘mathematically pure’, at least around here, not criticism of Pony. The blog post claiming that it 1/0 = 0 was actually consistent with mathematics was nonsense.

                                                                                                                    1.  

                                                                                                                      We never presented it as more mathematically pure. The langauge we used was that it was an unfortunate compromise. If you want to argue with @hwayne about his blog post, go for it.

                                                                                                                      1.  

                                                                                                                        I never said you did

                                                                                                          1. 4

                                                                                                            When I buy laptops, I go to a second-hand laptop shop with a Debian Live USB and ask to try it on the laptop before buying it, just being open about why, and just quickly checking wifi, backlight.

                                                                                                            I use an Acer now. It did have a weird graphics card issue, but up-to-date Arch Linux is apparently ok on it.

                                                                                                            1. 2

                                                                                                              I’ve did same thing with LiveCD’s for hardware, compatibility testing. A bit of time invested upfront can save a lot of time and money later. I like the idea of doing it at second-hand shops. Haven’t done it since only two, rip-off shops in my area when I last looked. I’ll try to keep it in mind in case I move.

                                                                                                              1. 2

                                                                                                                A bit of time invested upfront can save a lot of time and money later.

                                                                                                                Exactly, < £100 is not that expensive. Second hand shops may also be more accepting at letting you try out already-used laptops. I’ve found Middle Eastern owned shops to be particularly relaxed with this.

                                                                                                                Using somewhat lower end hardware may also be better by reducing electronic waste, and may push you to be a better programmer as you’ll notice bloat easier.

                                                                                                            1. 9

                                                                                                              Build systems that will last, where multiple services can coexist effectively, and where users will want to return to work, communicate, and setup up their .project files.

                                                                                                              I am not sure that this is realistic outside some subcultures that do it for nostalgical reasons or because they want to be part of a niche subculture (all completely valid!). Unix systems used to be multi-user, because they were fast, large, and expensive machines compared. So, it was more price-effective to let people log onto a UNIX machine from dumb terminals, than to put a VAX on every desk. Now machines have become so powerful that everyone can just have their personal single-user machine. For social stuff, we have Facebook, Twitter, Mastodon, WhatsApp, Signal, or whatever.

                                                                                                              Rebooting used to be a mark of failure as a sysadmin: you couldn’t figure out what was going wrong and had to resort to the nuclear option. Today, we don’t even bother to reboot the system. Instead, just destroy the whole thing and start over. What went wrong? Who cares!

                                                                                                              Or just switch to the previous NixOS generation. No need to destroy the system ;).

                                                                                                              1. 7

                                                                                                                “I am not sure that this is realistic outside some subcultures that do it for nostalgical reasons or because they want to be part of a niche subculture (all completely valid!). “

                                                                                                                Exactly. We have a finite amount of time to live, a subset of that to be productive at our goals, and lots of potential goals. The non-console-UNIX systems showed us a lot of stuff can be automatic and have little to no learning curve if its developers invest some effort into that. Maybe an optional, escape hatch where a support team or command line lets of do more than the GUI’s defaults. That frees up more time to achieve our goals that we’re not spending on incidental complexity in our systems.

                                                                                                                So, I’m opposed to the old model of learning all kinds of complicated crap to keep a system going. I’d rather they be designed to handle that for you with admins using just enough effort to steer the automated system in the right direction. Where possible, simple enough for non-admins to administer it from system defaults to pre-packaged help.

                                                                                                                “Or just switch to the previous NixOS generation. No need to destroy the system ;)”

                                                                                                                Or switch to Minix 3, QNX, etc that let you keep going despite many failures. Alternatively, verified components that prevent them. Or a mix. We have lots of options today.

                                                                                                              1. 2

                                                                                                                Must-read, related work:

                                                                                                                Why Computers Stop and What Can Be Done About It? by Jim Gray

                                                                                                                Paranoid Programming: Techniques for Constructing Robust Software by Stratus

                                                                                                                Note: Stratus is a Tandem/HP competitor. The document references many techniques, though, including Tandem’s in NonStop. Warning: it’s a PostScript file you’ll have to rotate for easy viewing.

                                                                                                                Tandem Computers on Wikipedia

                                                                                                                Note: Most probably would look up NonStop on Wikipedia. That article sucks. The best one is Tandem Computers which has lots of details on each product Tandem released over time. Some still maybe worth copying if patents expired. ;)

                                                                                                                1. 23

                                                                                                                  This may sound defensive. I apologize for my poor writing. Instead, I want to suggest that the entirety of the OP is written from the wrong mindset and that the below points are specific inflections of that wrong mindset.

                                                                                                                  The article ignores the number one reason that Go was written: SPEED OF COMPILE TIMES! The article also ignores another very important reason that Go was written: It is for programmers, “not capable of understanding a brilliant language but we want to use them to build good software”. The quote is by Rob Pike.

                                                                                                                  The article places some importance on immutable types, would the average programmer know how to leverage an immutable type to any benefit from it?

                                                                                                                  “The standard library of Rust is just as rich as that of go” - REALLY? Where is net/http? That absence alone makes this statement an outright lie. Looking for json, xml? Again not in the stdlib. Compression and archiving like tar, zip, bz2, lzw, gzip? Again in the Go stdlib, not in the Rust std. Cryptography including symmetric, asymmetric, and hashes? In the Go stdlib and absent from Rust std. I could go on, but I’d have to refer below the fold of the Go standard lib. Compare https://golang.org/pkg/ to https://doc.rust-lang.org/stable/std/ for yourself.

                                                                                                                  “The package ecosystem of Rust outmatches…” Maybe, but not in some important aspects, consider https://github.com/search?q=language%3ARust+stars%3A%3E1000&type=Repositories vs. https://github.com/search?l=&p=1&q=language%3AGo+stars%3A%3E1000&ref=advsearch&type=Repositories&utf8=✓

                                                                                                                  “I think we could call Rust a superior language to Go in, quite literally, every single way possible.” Not in speed of compile time. Not in ease of use for the average and below average developer. When these two points are your most important values, Rust does not look superior at all.

                                                                                                                  Regarding passing the critical point and being a mainstay, I absolutely agree. Rust is here to stay and I’m glad that it is. Regarding it being a better language than any other for most tasks, I absolutely disagree. Rust’s place is to replace C++. It is a simpler, more sane, language than C++ to be used in the same places, when that level of control is needed. For anything else, a more simple language with less mental load required and faster compile times is better suited to the task.

                                                                                                                  Finally, on the mindset and point of view, if “superior” does not take the human aspect into consideration at all, this post may have a lot of truth to it, however, code is written by humans. Humans have different needs than a bullet lists of supported features. Keeping in mind the goals of the Go programming language when it was written (from Rob Pikes 2009 Google Tech Talks presentation): type safety, memory safety, good support for concurrency, GC, and speed to compile.

                                                                                                                  It is easy to forget that as projects grow, compile speeds become non-trivial. Many languages had tackled all of those things, except the last. Go continues to put emphasis on this. When compile speed was greatly slowed with the 1.4 release, it was increased greatly in the next few releases until it was faster than it had been before. This is an important principle in developer productivity. If we stop valuing this, then one of the most important parts of Go isn’t valued. If you aren’t going to value that, then you must say so. It is, after all, one of the most important parts of the language.

                                                                                                                  Continuing on the mindset and point of view: the article places little value on the simplicity of Go. This is another one of Go’s greatest strengths. There is no doubt that generics, and memory management in Rust make it more complex than Go. Go’s simplicity is such a huge strength that many developers do not want generics in the language. They don’t want that added complexity. To ignore this simplicity as a value is to ignore one of the most important part of the language.

                                                                                                                  Given these additional things which we must value when comparing things, the conclusions made in the article simply are not that simple. Yes, there is a place for Rust. There is also a place for Go. Should anything being written in Go be written in Rust instead as the article suggest? Absolutely not.

                                                                                                                  1. 7

                                                                                                                    “The standard library of Rust is just as rich as that of go” - REALLY?

                                                                                                                    Yeah, that’s a silly statement to make, given that Rust specifically tries to have a small stdlib and pushes non-essential things to the Crates ecosystem. I think this is a trade-off that works for Rust’s favor in the long run, but I understand people who prefer the Go/Python philosophy.

                                                                                                                    1. 9

                                                                                                                      “The standard library of Rust is just as rich as that of go” - REALLY? Where is net/http? That absence alone makes this statement an outright lie. Looking for json, xml? Again not in the stdlib. Compression and archiving like tar, zip, bz2, lzw, gzip? Again in the Go stdlib, not in the Rust std. Cryptography including symmetric, asymmetric, and hashes? In the Go stdlib and absent from Rust std. I could go on, but I’d have to refer below the fold of the Go standard lib. Compare https://golang.org/pkg/ to https://doc.rust-lang.org/stable/std/ for yourself.

                                                                                                                      That was my reaction too. The amount of stuff one can do with Go without having to choose between multiple similar but different libraries and without having to write basic stuff oneself is amazing and easy.

                                                                                                                      1. 4

                                                                                                                        “The article ignores the number one reason that Go was written: SPEED OF COMPILE TIMES! The article also ignores another very important reason that Go was written: It is for programmers, “not capable of understanding a brilliant language but we want to use them to build good software”. The quote is by Rob Pike.”

                                                                                                                        You nailed it right here. Two, supporting points. First, Pike actually developed on Oberon-2 at one point loving its fast flow and lack of segfaults in common uses. He wanted that experience in Go. Second, Google has to hire, train, and make productive a humongous number of people from many backgrounds in shortest time possible. That’s at least their common case which the second point optimizes for. If these arent necessary or are frowned upon, people evaluating languages in such situations might want something other than Go.

                                                                                                                        Also, Ill add that we dont inherently need Go or rapid compiles to achieve that. A language with long compiles might have quick-good-enough mode for fast iterations with final result sent through optimizing compiler. The second problem can be solved with a distinction between a simpler core with advanced stuff optional and layered on top. Coding guidelines with tools that enforce it can keep the simple core the default. Advanced stuff is allowed where it makes sense (ie macros eliminating boilerplate). I also thought might be helpful to have tool that converts those features into human-readable, core form preserving comments so less skilled can still maintain it.

                                                                                                                        1. 2

                                                                                                                          One thing I find interesting is that the original “blub” language was Java. Go shares the same goal of being accessible to a wide variety of programmers, yet takes an incredibly different tack from Java (embracing generics in 2.0 closes some of the gap. At a meta-level, I suppose you could say they took the same tack: release generics a decade after the language was released).

                                                                                                                        1. 1

                                                                                                                          Got this from HN. One commenter, espeed, had some nice links for anyone interested in this topic. I’ll repost them here for convenience:

                                                                                                                          Erik Demaine [1] gave two good lectures on succinct data structures [2] in the 2012 MIT 6.851 Advanced Data Structures course, and Rajeev Raman [3] just gave a tutorial on succinct data structures [4] at SIGMOD 2018.

                                                                                                                          NB: SDSL Cheatsheet http://simongog.github.io/assets/data/sdsl-cheatsheet.pdf

                                                                                                                          [1] http://erikdemaine.org/

                                                                                                                          [2] MIT 6.851 Succinct Structures I https://www.youtube.com/watch?v=3Y2weLDiUWw II https://www.youtube.com/watch?v=ABX-Hvn8ymE

                                                                                                                          [3] https://www.cs.le.ac.uk/people/rraman/

                                                                                                                          [4] SIGMOD 2018 Tutorial: In-memory Representations of Databases via Succinct Data Structures https://www.youtube.com/watch?v=_3q7T_5JaTI