1. 1

    Hey, this link is paywalled!

    Here’s a link that actually works: https://lwn.net/SubscriberLink/810077/dbf5b46deb28b38d/

    1. 1

      Both links links work fine for me and I don’t pay for this. Weird.

    1. 14

      There are multiple passes across the tree, all in parallel. We first calculate, in parallel, essentially the min-content and max-content widths of each paragraph, flexbox or table cell. Once we have those constraints, a relatively quick pass (not in parallel for that one flex box) works out the final widths of each box.

      What they’re describing sounds really, really similar to Servo’s layout 2013. As you can imagine by the fact that I refer to it by date, Servo abandoned that approach for “layout 2020” that performs much more limited parallelism.

      The fundamental problem is that you can’t really separate line breaking from float placement. When you have a page like this Wikipedia article, you pretty much have to perform line breaking sequentially, because it’s only by line breaking all the previous lines that you can figure out if the current line intersects with that floating box or not.

      1. 7

        I remember all the semantic web hype from when I was a baby programmer new at a professional job. I rolled my eyes then, and I was mostly right. Mostly.

        Stuff like knowledge graphs, hashtags, etc. that are used a lot today did come out of that though, so it wasn’t a total loss of good people’s time.

        1. 12

          I think that the semweb stuff is the poster child for what happens when you come up with a good idea, make it too complicated, and then freak out when simpler approaches come along and in so doing doom yourself to irrelevance.

          1. 3

            come up with a good idea, make it too complicated

            I was just looking at some IndieWeb stuff, Falcon to be specific, and the learning curve is huge for what are relatively simple things in practice. That page and some others I found require a lot more effort than they should probably require. It’s a noble effort, but it’s very hard to get people onboard if they don’t have a lot of energy to apply.

            1. 2

              Agree that some users won’t want to get stuck into it - they’re likely also the users who won’t be writing raw HTML for their sites.

              So what we’re doing for them is getting Microformats2 support directly into the themes for WordPress, Jekyll, Hugo, etc, so anyone using it can benefit without necessarily doing any work!

              (originally posted at https://www.jvt.me/mf2/2020/01/an68d/ and hand syndicated)

            2. 2

              What simpler approaches came along?

              1. 3

                knowledge graphs, hashtags, etc

                1. 1

                  Oh, I thought there was some other standard I wasn’t aware of.

                  1. 2

                    http://microformats.org/ — embed structured data in normal HTML with minimal fuss.

                2. 1

                  In some way html is the simpler sgml.

                  RSS is a way simpler RDF.

                3. 1

                  As shared in a separate comment in the thread, there’s the Microformats2 specification (see https://microformats.io) which reduces duplication seen with some of the other Semantic Web formats.

                  You can see an example of a parsing result at http://php.microformats.io/?url=https%3A%2F%2Fwww.jvt.me%2Fmf2%2F2020%2F01%2F2mylg%2F which produces a standardised structure for the resulting JSON, which makes interconnectivity much simpler.

                  Us folks in the IndieWeb (https://indieweb.org) have been using it for some time with great benefit, but it’s always great to hear others reactions too!

                  (originally posted at https://www.jvt.me/mf2/2020/01/tw4ug/ and hand syndicated)

                  1. 1

                    Yeah that checks out.

                1. 4

                  Pretty good article.

                  I went in thinking Apple was being hypocritical and now think that perhaps their move was pretty smart. Can’t push too much at once.

                  Also pretty surprised at Alphabet’s different approach also pretty smart.

                  1. 1

                    I was looking for information about Android’s approach, and found the following on Google’s support:

                    If your backups are uploaded to Google, they’re encrypted using your Google Account password. For some data, your phone’s screen lock PIN, pattern, or password is also used for encryption.

                    If you back up to Google Drive, here’s what’s backed up:

                    • Contacts
                    • Google Calendar events and settings
                    • SMS text messages (not MMS)
                    • Wi-Fi networks and passwords
                    • Wallpapers
                    • Gmail settings
                    • Apps
                    • Display settings (brightness and sleep)
                    • Language and input settings
                    • Date and time
                    • Settings and data for apps not made by Google (varies by app)

                    Photos are another story, I guess.

                    As for contacts, they may be encrypted for backups, but they’re all fully available from other Google services like GMail, right? 🤔

                    1. 2

                      https://support.google.com/android/answer/2819582?hl=en

                      What gets backed up

                      If your backups are uploaded to Google, they’re encrypted using your Google Account password. For some data, your phone’s screen lock PIN, pattern, or password is also used for encryption.


                      OK, so, let’s be real here:

                      • If the data is encrypted with your Google Account password, then either they’re storing your password in cleartext on the device and/or in the cloud, both of which options would be a rather bad idea given that you’re supposed to only use the password to get the authentication session token, or that you have to enter it all the time, which would be a rather poor UX. (I presume they must be storing it on the device, encrypting it with the lock PIN/pattern?)

                      • Even if they themselves don’t have a password, I don’t see how they could possibly resist a request from a secret court to save such password the next time it is supplied by the user; this doesn’t compare favourably to what Apple was supposed to have been working on.

                      As for lock PIN or pattern, what sort of encryption are they using? These are usually just a few digits long, there aren’t that many combinations to try out all the inputs if you already have all the data for it locally.

                      1. 2

                        If the data is encrypted with your Google Account password, then either they’re storing your password in cleartext on the device and/or in the cloud

                        Is this necessarily true? I feel like there could be some ways to “effectively” do this, without storing your password in cleartext. Here’s an example: If you are asked for your pw when you encrypt, Google can sha512 your password and use that to decrypt in the same kind of way.

                        Of course, I don’t know that Google is making that ask at each encryption / decryption. Also, that would mean you would lose your data if you forgot your password, which is probably not the case. However, I just want to point out there could be some clever use of cryptography going on here.

                        1. 1

                          Well, your reply started with “let’s be real” but you’re only presuming on what Google’s doing. I’m not sure they are as bad at encryption as you credit them for, but I can’t prove that either.

                          At any rate, Google is working with US gov law enforcement, to the extent that US-based companies are obliged to. That’s not great, but that’s expected.

                            1. 1

                              I don’t know what Google does, but we know what Firefox Sync does, and it doesn’t require them to store your password in plaintext or to enter it all the time. They run your password through a key derivation algorithm, with different parameters so that the server-side hash and the encryption key wind up different in spite of starting with the same password.

                              The two derived keys are what the client retains a plain text copy of.

                        1. -3

                          This article is obviously wrong in its conclusion. To see how, first recall that while Haskell’s types don’t form a category, we can imagine a “platonic” Hask whose objects are types, whose arrows are functions, and where undefined and friends have been removed.

                          Now, consider that platonic Hask is but one object of Cat. From size issues, it is immediate that Cat cannot be a subcategory of Hask; that is, that Hask cannot describe all of Cat’s objects. It follows that Haskell typeclasses like Functor are not arrows in Cat, but endofunctors on Hask, and that Control.Category does not capture objects in Cat, but the internal category objects in Hask.

                          Finally, pick just about any 2-category, indeed say Cat, and then ask whether Hask can represent it faithfully: The answer is a clear, resounding, and obvious “no”. Going further, pick any ∞-category, say Tomb, and then ask whether Hask can even represent a portion of any object; an ∞-object is like a row of objects, one per level, but Haskell’s type system could only see one single level of types at a time. (This is not just theoretical; I have tried to embed Tomb into Haskell, Idris, and Coq, and each time I am limited by the relatively weak type system’s upper limits.)

                          I wonder why the author believes otherwise.

                          1. 16

                            This article is obviously wrong in its conclusion.

                            I think the word “obviously” is relative to the reader’s familiarity with category theory.

                            For the purposes of the misconception she is addressing, the author’s conclusion — to me — is obviously correct.

                            You appear to be refuting her argument in some different context. I’m interested to hear your argument (although it would probably be a long time before I learn the CT necessary to properly understand your argument), but switching out the context the argument was made in to refute the entire original argument makes your own argument (to me, at least) appear as an attack against a straw-man.

                            1. -1

                              My argument ought to follow readily for any ML, and we can see the scars it causes in the design of many MLs. Idris, for example, uses a hierarchy of universes to avoid universe-inconsistency paradoxes as it climbs this tower that I’m talking about. Haskell and Elm don’t bother trying to climb the tower at all. SML and OCaml have exactly one tier, adding on the module system, and strict rules governing the maps between modules and values.

                              I’m not removing the word “obviously”. Cat obviously contains Hask, Set, and many other common type systems as objects; the size issues around Cat are usually one of the first things mentioned about it. (Third paragraph in WP and nCat, for example.) And Cat is one of the first categories taught to neophytes, too; for example, in the recent series of programmer-oriented lectures on category theory, Programming with Categories, Cat is the second category defined, after Set.

                              My refutation is of the article’s title: Yes indeed, dynamic type systems are more open, simply because there are certain sorts of infinite objects that, when we represent them symbolically, still have infinite components. Haskell can represent any finite row of components with multi-parameter typeclasses but that is not sufficient for an ∞-category. By contrast, when we use dynamic type systems, especially object-based systems, our main concern is not about the representation of data, since that is pretty easy, but the representation of structures. For categories, for example, there are many different ways to give the data of a category, depending on what the category should do; we can emphasize the graph-theoretic parts, or the set-theoretic parts, or even transform the category into something like a Chu space.

                              Finally, if static type systems are so great, why isn’t your metatheory, the one you use for metaphysics and navigating the world, a static type system? Probably because you have some sort of open-world assumption built into the logic that you use for day-to-day reasoning, I imagine. This assumption is the “open” that we are talking about when we talk about how “open” a type system is! Just like how we want a metatheory in our daily lives that is open, we all too often want to represent this same sort of open reasoning in our programming languages, and in order to do that, we have to have ways to either subvert and ignore, or entirely remove, limited static types.

                              1. 5

                                My argument ought to follow readily for any ML, and we can see the scars it causes in the design of many MLs. Idris, for example, uses a hierarchy of universes to avoid universe-inconsistency paradoxes as it climbs this tower that I’m talking about.

                                Could you give examples of useful programs that are inexpressible in a typed way without a hierarchy of universes? Even when doing pure mathematics (which demands much stronger logical foundations than programming), most of the time I can fix a single universe and work with (a tiny part of) what lives in it.

                                When programming in ML, the feature that I want the most badly is the ability to “carve out” subsets of existing types (e.g., to specify that a list must contain a given element). This would be actually useful for specifying preconditions and postconditions of algorithms (which is ultimately the point to programming, i.e., implementing algorithms). But it does not require hierarchical type universes.

                                Yes indeed, dynamic type systems are more open, simply because there are certain sorts of infinite objects that, when we represent them symbolically, still have infinite components.

                                You seem to be confusing symbols with their denotation. Symbols are finite out of necessity, but you can use them to denote infinite objects just fine, whether you use a type system or not.

                                Haskell can represent any finite row of components with multi-parameter typeclasses but that is not sufficient for an ∞-category.

                                The arity of a multiparameter type class has absolutely nothing to do with n-categories. But, in any case, why is Haskell supposed to do represent ∞-categories in its type system? It is a general-purpose programming language, not a foundation of mathematics.

                                Finally, if static type systems are so great, why isn’t your metatheory, the one you use for metaphysics and navigating the world, a static type system? Probably because you have some sort of open-world assumption built into the logic that you use for day-to-day reasoning, I imagine.

                                Every nominal type definition literally brings a new type of thing into existence. What exactly is this, if not dealing with an open world?

                                And, by the way, my metatheory is ML.

                                1. 3

                                  Can any programming language usefully represent these infinite objects? Is that ever useful?

                                  Surely you can just build something with opaque objects within Haskell if the type system is too restrictive?

                              2. 9

                                I wonder why the author believes otherwise.

                                Probably because the author isn’t comparing Hask to all of category theory. They’re comparing it to the unitype, which cannot faithfully represent anything at all.

                                1. -5

                                  As long as we are using “probably” to speak for the author, I think that they probably are not familiar enough with type theory to understand that there are size issues inherent to formalizing type systems.

                                  Please reread the original article; they do not talk about “unityping” or Bob Harper’s view on type theory of languages which don’t know the types of every value.

                                  1. 26

                                    The author is Alexis King, who is a PLT researcher, an expert in both Haskell and Racket and has discussed category theory in depth on Twitter. I’d be shocked if she didn’t understand the ramifications here and was intentionally simplifying things for her target audience.

                                    1. -1

                                      Sure, and I am just a musician. Obviously, therefore, the author is right.

                                      Anyway, they didn’t talk about size issues, nor did they talk about “unitype” ideas, in the article. I am not really fond of guessing what people are talking about. I am happy to throw my entire “probably” paragraph into the trash, as I do not particularly value it.

                                2. 4

                                  I don’t know enough category theory to follow your argument precisely, but I’d argue that the category theoretic perspective isn’t relevant in this discussion. How much of category theory you can model using Haskell’s type system is totally unrelated to how much you can model with a program written in Haskell. I guess I don’t even need to make this argument, but still, whatever code you were planning to write with Javascript, can be mechanically translated by a Haskell beginner line-by-line to a Haskell program that simply uses JSON.Value everywhere.

                                  I believe the parts of category theory you can’t model in Haskell’s types corresponds to the kinds of relationships you can’t get the type checker to enforce for you. And you go into the language knowing you can’t model everything in types, so that’s no news. What’s relevant is how much you can model, and whether that stuff helps you write code that doesn’t ruin people’s lives and put bread on the table. As a full time Haskeller for a long time, my opinion is that the answer is “yes”.

                                  I think the friction comes from the desire to view the language as some sort of deity that you can describe your most intricate thoughts and it will start telling you the meaning of life. For me, once I stopped treating GHC (Haskell’s flagship compiler) as such and started viewing it as a toolbox for writing ad-hoc support structures to strengthen my architecture here and there it all fell into place.

                                  1. 2

                                    I’m going to quote some folks anonymously from IRC, as I think that they are more eloquent than I am about this. I will say, in my own words, that your post could have “Haskell” replaced with basically any other language with a type system, and the same argument would go through. This suggests that the discussion is not at all about Haskell in particular, but about any language with a type system. I would encourage you to reconsider my argument with that framing.

                                    (All quoted are experts in both Python and Haskell. Lightly edited for readability.)

                                    Maybe another way of making the point is to say that the job of a type system is to reduce the number of programs you can write, and proponents of a type system will argue that enough of the reduction comes from losing stupid/useless/broken programs that it’s worth it.

                                    The problem with this argument and the statement [IRC user] just made is the same, I think. It depends. Specifically, it depends on whether one is trying to use the type system as a mathematical object, or as a practical programming tool. And further, on how good your particular group of programmers is with their practical programming tools on the particular day they write your particular program. With a mathematical system, you can produce something correct and prove it; with a practical programming tool, you can produce something correct and run it.

                                1. 7

                                  I find it curious that dotfiles are among the things listed by the author that don’t scale. I’ll quote Steve Losh because he says it better than I ever could:

                                  I can count on my balls how many times I’ve sat down to program at someone else’s computer in the last five years. It just never happens.

                                  1. 3

                                    I’ve done it. Either because it’s just Peer Programming, or because of a client’s Misplaced Paranoia.

                                    1. 2

                                      I’m equally surprised to see static blog generators there. Sure, some generators have slow build times for large sites… and many others don’t. If anything they scale better than CMSes because you only build the blog every so often, but it needs no maintenance and can be served to a large crowd of visitors per minute from a free or dirt cheap hosting.

                                      I generally agree with the idea that we should be solving problems for everyone whenever possible, but some things just can’t have universal “good” defaults. Highly domain specific example: MuseScore has no default shortcut for “toggle concert pitch”. For people writing for woodwinds, having one is a real time saver. Everyone else usually has no idea what on earth is “concert pitch”. People writing different kinds of music can benefit from simpler shortcuts for their common tasks a lot. I bet same goes for many other applications, if the default shortcut for a thing you do every minute is Ctrl-Alt-Meta-Escape-Super-F14, you should rather change it and add it to the dotfiles than put up with it or argue with people whose needs are different that they should cater to your needs.

                                      1. 1

                                        I’m equally surprised to see static blog generators there.

                                        This surprised me too, until I read a comment where the author explained their rationale:

                                        If the problem you’re solving is “I want to have a website to post my articles on”, then I think the solution should probably not involve git, local builds from the terminal, or CNAME configs to get a custom domain.

                                      2. 1

                                        Agreed. I mean it’s also not that I’m a clueless fool when I work with other people’s computers. It may take a bit longer, but I don’t see the problem.

                                        This is not really like handing your hammer to another person on a construction site. This is more like having to put on their shoes and trousers, because the hammer is not the problem.

                                        1. 1

                                          Ya that seemed odd to me. I have have a dotfiles directory where I store configurations for the software I use most often. There has never been a time during machine setup or server configuration where running setup-dotfiles.sh has not given me the exact environment I like, customizations and all. It’s not like Vim is software that introduces a lot of breaking changes.

                                          1. 1

                                            I’ve had to jump on a cow-orker’s workstation to help diagnose a problem and man, is it painful as nothing works like I expect it to. And the customizations I have aren’t that many (in fact, I tend to remove default settings in bash), but I’ve been using said settings for over 20 years now.

                                            The problem I see with the author’s approach is either fighting for change (what if they reject it?) or just living with the ever changing set of defaults (which in my experience destroy any hope for a good long term work flow to develop).

                                          1. 2

                                            This is business analysis, not technical analysis.

                                            1. 1

                                              Fair. Should I remove the AI label? I thought ‘practices’ was appropriate.

                                              1. 2

                                                It means you should post it on barnacles instead.

                                                1. 1

                                                  TIL!

                                              2. 1

                                                Speak the language of the business world so the right solutions can win.

                                              1. 68

                                                Windows 10 has ads in the start menu, ads masquerading as security alerts, ads masquerading as software updates, uninstallable bloatware, a bizarre distinction between Metro and everything else (exemplified by the bifurcation of Settings and the Control Panel)….

                                                So, I’m all for you doing you, but I can’t bring myself to run it.

                                                1. 31

                                                  The amount of Windows apologia in this thread is astonishing.

                                                  Usage patterns, convenience or “brains”, I don’t care. Windows is a non-free operating system, and as such inherently user-unfriendly. The developments of the last few years are just an example of what you get when you’re OS is a service, you’re permitted to use.

                                                  1. 22

                                                    inherently user-unfriendly

                                                    One of the main “Windows apologists” in this thread (@feoh) has stated that they have to run Windows to get a usable computing environment considering their eyesight. So in this case Windows is more “friendly” than a FLOSS alternative.

                                                    Most Linux user interfaces I’ve seen just ape GUI conventions (many based on research) from closed systems (Windows and Mac).

                                                    1. 4

                                                      One of the main “Windows apologists” in this thread (@feoh) has stated that they have to run Windows to get a usable computing environment considering their eyesight. So in this case Windows is more “friendly” than a FLOSS alternative.

                                                      As someone with terrible vision that’s only getting worse (including complete blindness in one eye), this is the kind of argument I can absolutely understand. Windows is, from what I understand, the most accessible of all the major operating systems.

                                                      But defending ads in the Start Menu, well….them’s fightin’ words. :)

                                                      1. 10

                                                        My communications skills are clearly lacking because I cannot comprehend a set of perceived statements from me that are farther from the truth.

                                                        As a matter of fact, I also run desktop Linux and as of Ubuntu 16/17 they’ve added key chorded full screen zoom which is an accessibility feature I need to make a computing environment usable.

                                                        What I actually said is that at the time I bought my laptop, I need a 17” screen and there were no AMD chipset laptops in that size available that I could see. Operating system didn’t even come into that aspect of the discussion.

                                                        And I’m not a Windows apologist. Honestly I think this typifies the kind of all or nothing thinking that hamstrings progress in the wider computing community. Either you’re with us or you’re against us. Some of us are willing to adopt a more nuanced view.

                                                        Windows is a tool. It serves some people’s needs admirably, others not so much. That is the alpha and omega of this situation, and all the meaningless bluster and back and forth is utterly pointless.

                                                    2. 12

                                                      The amount of Windows apologia in this thread is astonishing.

                                                      Not really. The lobste.rs community is designed with a lot of goals in mind, but if the About page is anything to go by, it was never explicitly designed to be a site for the promotion of Free Software. And, as they say in the TDD tribe, if you don’t explicitly test for it, it doesn’t happen.

                                                      (for context’s sake, I have a Windows VM and a few machines that I explicitly run it on, but I recently switched my main laptop back to Linux because I just couldn’t get used to how SLOW the filesystem operations were; I still have a Windows 10 VM that I occasionally boot up to test Windows software on and make sure it’s properly up-to-date)

                                                      1. 13

                                                        The lobste.rs community is designed with a lot of goals in mind, but if the About page is anything to go by, it was never explicitly designed to be a site for the promotion of Free Software.

                                                        If it were I would never have joined. I value a diversity of opinions.

                                                        1. 13

                                                          I can’t speak to the original intent since I wasn’t there, but it is certainly my personal opinion that it’s important to have a variety of perspectives on this topic. I would bring that opinion to my moderation if it ever became relevant.

                                                        2. 4

                                                          Of course, I know there are different opinions and I know that there are windows users, all I am saying is that after being a member for over two years and visiting the page for much longer, I was surprised to see how many people use windows, let’s say “willingly” (as opposed to the usual “I have to because of Software X/Job Y/Requirement Z/…”), as I rarely encountered this opinion until now. It’s kind of like if suddenly a lot of corporate COBOL enthusiasts would pop up.

                                                          1. 9

                                                            I was surprised to see how many people use windows, let’s say “willingly”

                                                            Why is that surprising? It provides drivers for most hardware. You can run Microsoft Office (which a lot of people have to, to deal with paperwork at their day job), arguably the user interface is more usable/stable than GNOME/KDE, and you can run Linux programs via WSL [1].

                                                            There are a lot of technical people who just optimize their environment for whatever they work on and want boring/predictable/mainstream/least-friction for the rest.

                                                            I don’t see why people would have to apologize or defend themselves for using Windows, writing articles about Windows, or discussing Windows on lobste.rs.

                                                            Disclaimer: I haven’t used Windows since Windows 3.1, outside for installing Windows every 2-3 years in a VM to observer what the state of that ecosystem is.

                                                            [1] I work for a university, a lot of paperwork, collaboration on research project proposals, etc. requires Microsoft Office. Or to give a practical anecdote: when one of my students had problems using the university’s VPN, they literally said “oh, you try to use the VPN with Linux, you probably shouldn’t do that”.

                                                            1. 7

                                                              Why is that surprising? It provides drivers for most hardware. You can run Microsoft Office (which a lot of people have to, to deal with paperwork at their day job), arguably the user interface is more usable/stable than GNOME/KDE, and you can run Linux programs via WSL [1].

                                                              I think this is a window into a very common personality attribute for technologists. We tend to hold our opinions so strongly that they come to be seen as concrete facts. I’ve fallen into this pattern innumerable times myself.

                                                              1. 2

                                                                Or to give a practical anecdote: when one of my students had problems using the university’s VPN, they literally said “oh, you try to use the VPN with Linux, you probably shouldn’t do that”.

                                                                You used to be able to VPN into my university from Linux. Then they added 2FA and broke everything.

                                                                1. 1

                                                                  You used to be able to VPN into my university from Linux. Then they added 2FA and broke everything.

                                                                  :(

                                                                  Our university actually supports three different VPNs. The easiest solution from Linux is the AnyConnect VPN, which works with openconnect. However, the VPN server returns incorrect incorrect routes, which breaks things by default with openconnect. I worked around this by using a custom openconnect script that sets the routes correctly.

                                                                  I have been using this without issues since I have started working remotely > 1 year ago. But now they are going to remove the AnyConnect support on April 1. Guess I have to figure out one of the two other VPN options, last time I tried, they didn’t work out of the box.

                                                                  Of course, using OpenVPN or Wireguard would be to easy ;).

                                                              2. 7

                                                                If you’re so surprised that people have this opinion, then it’s probably worth looking into why people have this opinion. Like for me, I’ve made it clear: I love Windows because it has AutoHotKey. I can easily tweak the computer to work exactly how I want. Below, I asked “how do I write a keyboard shortcut for ∃ in Linux?” the two answers I got were 1) use emacs, 2) install a library that doesn’t work on Wayland. Whereas with AutoHotKey I just write

                                                                >^e:: Send, ∃
                                                                

                                                                Now right ctrl + e gives me ∃. This works anywhere and doesn’t require me to change the fundamentals of my OS.

                                                                1. 2

                                                                  I love Windows because it has AutoHotKey.

                                                                  I don’t quite see what about AutoHotKey is intrinsically limited to windows. I have until yesterday never heard of it, but I don’t see why this couldn’t be ported to other operating systems. That aside, it’s not an OS feature, but in our world would rather be a counted as a window manager feature, and as such it’s not surprising that there is an X tool and a Wayland tool.

                                                                  Below, I asked “how do I write a keyboard shortcut for ∃ in Linux?”

                                                                  I gave the first answer, since you’re basically just doing a paler version of Emacs for the windows UI. But more importantly, you’re example really looks like a gimmick, or at least something very specific to a particular workflow. I could just as well ask you

                                                                  • how do you run shell scripts using at(1)
                                                                  • how do you pin a window to stay above others
                                                                  • how do you create dynamic workspaces
                                                                  • how do I install my own tool bar
                                                                  • how do I add a debian repository
                                                                  • how do I manage all updates centrally*
                                                                  • etc.

                                                                  I don’t think that most of these things are intrinsically possible or impossible because of the operating system – certainly don’t require the fundamentals of an operating system to change. Most of these questions work in favour of my argument, because the software has already been written for or by the system/users. But this is mostly a contingent fact. Whereas the principal values of the two systems, one being open to inspection and change the other being hidden from the public and it’s users, seems like a much more decisive factor if you ask me.


                                                                  Necessary rant: * without having each tool permanently prompting me to go download some updater from some wierd website I have to trust and run permanently, hoping it doesn’t install a toolbar I will not be able to get rid of, and conflicting with my permanently running anti virus program that wastes 80% of my CPU.

                                                                  1. 8

                                                                    I don’t quite see what about AutoHotKey is intrinsically limited to windows. I have until yesterday never heard of it, but I don’t see why this couldn’t be ported to other operating systems. That aside, it’s not an OS feature, but in our world would rather be a counted as a window manager feature, and as such it’s not surprising that there is an X tool and a Wayland tool.

                                                                    The difference is it hasn’t been. If you look for an equivalent on linux you find a mess of abandoned projects that only partially work. For Mac, there’s hammerspoon, which is significantly more complex.

                                                                    I’m also unsurprised you haven’t heard of AHK. You said earlier you’re astonished that people are defending Windows, which means you probably don’t know very much about how people actually use Windows.

                                                                    I gave the first answer, since you’re basically just doing a paler version of Emacs for the windows UI.

                                                                    The difference is that I now have to use Emacs, when AHK works for all windows. AHK acts as an overlay on top of everything else, so I can use it to hack in the behavior I want to any app.

                                                                    And I can still keep using Vim.

                                                                    But more importantly, you’re example really looks like a gimmick, or at least something very specific to a particular workflow.

                                                                    That’s because I gave one example of how I use AHK, where the answer to that by itself requires me to understand Linux and window managers pretty well. It’s specific to a particular workflow, but that’s the point: I can immediately customize the OS to my particular workflow without a deep understanding of how the OS works. I can give you a bunch other things I do with AHK:

                                                                    • Start and stop recording videos from my presentation clicker.
                                                                    • Make GUI for saving notes from clipboards into multiple seconds without it disrupting my current workspace view or losing my attention.
                                                                    • Switch between specific windows without alt-tabbing
                                                                    • Copy a url and title as a markdown link for easy transfer to another window
                                                                    • Firefox doesn’t have a keyboard shortcut for “start a screenshot”. Add one.
                                                                    • Add a bunch of unavailable shortcuts to the TLA+ IDE
                                                                    • Fave or unfave a song in spotify without having to switch to the spotify app
                                                                    • Clone a file (foo.md to foo.md.1) without having to stop editing the file, or remember how many copies I made
                                                                    • Toggle youtube playback from 1x and 1.25x tempo
                                                                    • Quickly drop hashtags into a twitter thread while trying to livetweet a conference, without messing up my clipboard

                                                                    I set up hotkeys for all of these. I’m sure I could do the same in Mac or Linux, but it wouldn’t be easy. I’d have to get a much deeper understanding of these systems than I already had, as opposed to using AutoHotKey, where the most complex of those features took me an hour. Are they gimmicks? Maybe! But they’re gimmicks that make my life much, much better.

                                                                    Sure, Windows might be “hidden from the public and it’s users”, but AHK made it easy to get work done. Reading XDG specifications did not.

                                                                    EDIT: Also, just to be clear about my background, I’ve used Linux as my only OS for several years, and yes I tried to do some of these things in Linux, too.

                                                                    1. 1

                                                                      The difference is it hasn’t been. If you look for an equivalent on linux you find a mess of abandoned projects that only partially work. For Mac, there’s hammerspoon, which is significantly more complex.

                                                                      Again, this is a particular problem, not something you can use to sustain your general claim. The fact that it hasn’t been until now means nothing to me, since this could just as well change tomorrow, but from your argument up to now, I don’t think that would instantly make you switch.

                                                                      Also, the fact that these projects aren’t being maintain, is somewhat of a sign to me that there isn’t a big need for them either? Or is it mere luck that AHK is being properly maintained on Windows?

                                                                      I’m also unsurprised you haven’t heard of AHK. You said earlier you’re astonished that people are defending Windows, which means you probably don’t know very much about how people actually use Windows.

                                                                      I know plenty of people who use windows, and I always hear the same issues, the same problems. When I watch them I mostly see them struggle, having issues or obvious inefficiencies. If they were not held hostage by propitiatory software developed exclusively for Windows, I am absolutely certain they would have a better user experience on other platforms.

                                                                      The difference is that I now have to use Emacs, when AHK works for all windows.

                                                                      Well that’s your problem: You leave Emacs ;^)

                                                                      (It’s kind of off-topic, but my point was that Emacs-like environments should allow users to configure keybidnings to whatever function one wishes, all of them inspectable by the user, and mostly redefinable during the run-time. This is the essence of a user-programmable system I argue is superior and neither hides nor distorts the users relation to the device)

                                                                      It’s specific to a particular workflow, but that’s the point: I can immediately customize the OS to my particular workflow without a deep understanding of how the OS works. […]

                                                                      Again, this is an entirely contingent argument for Windows, as you don’t explain why Linux cannot have this. I guess it’s cool, but I don’t see what makes it technically unique/exclusive.

                                                                      1. 4

                                                                        Also, the fact that these projects aren’t being maintain, is somewhat of a sign to me that there isn’t a big need for them either? Or is it mere luck that AHK is being properly maintained on Windows?

                                                                        From what I understand from my research the challenge is making something that works for everyone. Like the Wayland/X11 split by itself makes things tough. Sure, it’s technically feasible, but it’s going to be so much effort that people give up.

                                                                        Again, this is an entirely contingent argument for Windows, as you don’t explain why Linux cannot have this.

                                                                        Linux could have this. Windows already has this. I’m not going to switch back to Linux because it could eventually have a tool that I already use every day.

                                                                        1. 1

                                                                          I responded to the first point in a sibling response to @feoh, but just to reiterate it here: AHK is a DE/WM feature, not a OS feature. A cross-DE implementation of a AHK-like would be like requiring a cross-Version implementation of AHK on windows. If the format is standardized, there’s no reason why each DE/WM couldn’t have something like this for itself, if it’s users want it.

                                                                          Regarding the second point, I’m not asking anyone to switch because of a potential ability (in our case I don’t have to care), I only want to make the point that this isn’t a real argument for Windows as such.

                                                                          1. 3

                                                                            If the format is standardized, there’s no reason why each DE/WM couldn’t have something like this for itself, if it’s users want it.

                                                                            The point is it doesn’t exist, and (if how much you dismiss the value is any indication) probably won’t exist. At best there will be “you get this subset of features with DE/WM A, this subset with DE/WM B”, etc. Which doesn’t help me.

                                                                            “Windows has this feature that could exist for some Linux distro but doesn’t yet” is, in fact, a good argument for me continuing to use Windows. To make the argument problem a bit more clear:

                                                                            “I like London better than Los Angeles.”

                                                                            “Why? There’s nothing intrinsically better than London, and Los Angeles has better weather.”

                                                                            “The public transit in London is better.”

                                                                            “But Los Angeles could build better public transit, so your argument is invalid.”

                                                                      1. 1

                                                                        Thanks for the pointer. I’d heard hints about this on podcasts and other reading but concrete citations are always super helpful.

                                                                        From where I sit being able to say “Windows Defender is all you need, and it’s free and comes bundled with Windows 10” is a substantial quality of life boost from the bad old days when you had to trepidatiously choose and pay for some incredibly heavyweight antivirus package that would bog your system and throw up all kinds of annoying dialogs in the name of protecting you :)

                                                                        It’s just another example of aspects of “living” in Windows that used to be horrible and just aren’t anymore.

                                                                        That doesn’t mean Windows is superior or that everyone should run Windows as opposed to Linux or anything else, it’s just a data point which you can use to pick the tool set that works best for you.

                                                                      2. 3

                                                                        I don’t quite see what about AutoHotKey is intrinsically limited to windows. I have until yesterday never heard of it, but I don’t see why this couldn’t be ported to other operating systems. That aside, it’s not an OS feature, but in our world would rather be a counted as a window manager feature, and as such it’s not surprising that there is an X tool and a Wayland tool.

                                                                        Respectfully, you’re rules lawyering his personal preference. Think about whether that actually makes sense.

                                                                        1. 3

                                                                          I actually don’t understand what you’re trying to say in response to that paragraph. I would appreciate if you could reword it.

                                                                          1. 2

                                                                            OK thanks. I won’t re-edit the original so anyone who cares to see the context can. Basically, the OP was saying “I love Windows because AutoHotKey gives me the flexibility I need to be able to configure all the important aspects of my system’s human interface.”

                                                                            The reason Windows different from, say Linux is exactly as the OP said, Windows represents a single point of configurability for any given thing. There is ONE Windows desktop and ONE Windows API.

                                                                            On Linux there are innumerable desktop environments, window managers, and even low level graphics toolkits or whatever X and Wayland actually are :)

                                                                            It’s not that it’s impossible in LInux, but the diversity inherent in the platform makes it difficult and very inconvenient.

                                                                            For them, and their preferences, that ease and convenience of the interface and implementation available to them today with zero work is what they in particular love about Windows.

                                                                            By saying “There’s nothing special about Windows. You could do this all in Linux” it reads to me like you’re invalidating his preference with the existence of a theoretical possibility.

                                                                            1. 0

                                                                              I think the issue here is that you’re comparing Windows to all the various ways Linux can be used, which are basically all different systems. Just because by virtue of being a Kernel it can be used to run an OS, that in turn has multiple desktop environments, doesn’t mean that when you discuss something like AHK, a GUI extension, you get to argue via the kernel that this is a general issue of Linux. It might be seen as a deficiency of each DE, on it’s own, but this has no essential implication on the superiority of Windows in itself.

                                                                              By saying “There’s nothing special about Windows. You could do this all in Linux” it reads to me like you’re invalidating his preference with the existence of a theoretical possibility.

                                                                              The only think I am “invalidating” (a weird phrase) is the argument that the specific, contingent feature of AHK is a universal, essential argument for Windows/against “Linux”. You might call this theoretical, I call it clean.

                                                                              1. 4

                                                                                Your reply typifies a kind of closed mindedness I see as very unfortunate.

                                                                                NOBODY is saying that Windows is superior and LInux is inferior! The OP simply said “These are reasons I find Windows meets my needs best.”

                                                                                This is a community of crazy bright people, why can’t we seem to wrap our heads around the idea that not everything is a fight to the death, only one of us comes out alive, good versus evil argument?

                                                                                The world is painted in shades of gray, and tool choices are the grayest !

                                                                                1. 1

                                                                                  I would like to emphasise that I am not arguing as a linux fanboy. I have in the past made multiple critiques of Unix and Unix-like systems that makes it harder for me to defend the position you are pushing me into.

                                                                                  I will reiterate my point once more: Convenience and gimmicks are not worth trading in software freedom and user control in for. (“Necessity”, as in “I need windows because software X because of job”, is another debate).

                                                                                2. 2

                                                                                  The only think I am “invalidating” (a weird phrase) is the argument that the specific, contingent feature of AHK is a universal, essential argument for Windows/against “Linux”. You might call this theoretical, I call it clean.

                                                                                  Re-reading his statements, I don’t see anything anywhere about it being a ‘universal, esssential’ argument for Windows and against LInux. The OP was stating a preference based on how easily they could customize *their” system in ways that tailored to their exact needs.

                                                                          2. 0

                                                                            I gave the first answer, since you’re basically just doing a paler version of Emacs for the windows UI.

                                                                            I missed this in all the chop yesterday. This is a prime example of how you are perhaps unintentionally shoehorning someone else’s tool choice preferences into your rather constrained version of reality.

                                                                            In my opinion there is exactly zero correlation between customizing a Windows system with AutoHotkey (Or an OSX system with Alfred, for example) and emacs.

                                                                            In one case, we’re adding layers of nuanced refinement into a very rich and diverse existing ecosystem (AutoHotKey/Alfred) and in the other (emacs) we’re supplanting the entire operating system and its accompanying ecosystem and replacing ith with another paradigm entirely (which is incredibly powerful in its own right.)

                                                                            1. 1

                                                                              In one case, we’re adding layers of nuanced refinement into a very rich and diverse existing ecosystem (AutoHotKey/Alfred) and in the other (emacs) we’re supplanting the entire operating system and its accompanying ecosystem and replacing ith with another paradigm entirely (which is incredibly powerful in its own right.)

                                                                              Correct my if I am wrong, but doesn’t AHK provide the ability to programmatically extend your system-interaction? If yes, then the results seem to go in the same direction as Emacs does, if not then the entire discussion was pointless.

                                                                          3. 1

                                                                            how do I write a keyboard shortcut for ∃ in Linux?

                                                                            Maybe I’m just completely missing the point … but … what’s exactly the problem with “you add it to the keymap” that you encountered?

                                                                          4. 5

                                                                            Open your mind. Different people have different needs.

                                                                            Also, just because I say that Windows is fitting my needs in a particular context doesn’t mean that I’m a Windows ‘apologist’ (Honestly I find that whole idea rather insulting. I’m an open source advocate and have been since before FLOSS was a thing.)

                                                                            1. 4

                                                                              I consider Windows harmful, not only to it’s users but to the user’s friends, colleagues and their work environments. It promotes a usage-paradigm and human-computer relation that I do not think should exist. I am dogmatic about this, and I know some people don’t like it, but until convinced otherwise, I will do everything I can to fight this problem, and at best grudgingly tolerate it.

                                                                              1. 2

                                                                                Respectfully this is exactly the kind of dogmatism that in my opinion slows the forward progress of our community and our field.

                                                                                There are very few opinions in life one should be dogmatic about in my view. On the order of “Every human will die.” and maybe a handful of others.

                                                                                1. 2

                                                                                  Well if we’re going to discuss dogmatism and it’s necessity, i think we’ve gone off-topic. Either way, I don’t think there’s much of a point in it.

                                                                                  1. 2

                                                                                    I don’t think it does. Linux and the ecosystem necessary to use it effectively wouldn’t have existed without the dogmatism of people who weren’t prepared to compromise with closed source software.

                                                                                    1. 3

                                                                                      Oh I couldn’t disagree more. Linux is rife with pragmatic decisions!

                                                                                      There is a vast difference between dogmatism and fervent dedication to a cause.

                                                                            2. 5

                                                                              I’m not sure what’s your point here. The OP argues that software centric person (such as visitor of this website) should clearly identify the faults of a closed operating system when this thread indicates otherwise.

                                                                              It has nothing to do with the “purpose of lobste.rs”.

                                                                            3. 7

                                                                              OS is a service, you’re permitted to use.

                                                                              Especially when they do stuff like prevent local account creation. I’m firmly convinced this is a step towards putting all users on a monthly Windows subscription.

                                                                              The amount of Windows apologia in this thread is astonishing.

                                                                              I use Windows for work, because I’m required to use Windows. I don’t hate it, but when I have a choice, I choose Linux (or a Mac). Windows just has a lot of enterprise business-like stuff tacked on and in my way, and bizarre and overcomplicated APIs written for it. It feels like the C++ of operating systems–folks starting bringing things into it without a clear vision and now it feels incoherent and overcomplicated with a lot of implicit behavior.

                                                                              1. 3

                                                                                See my comments elsewhere in this thread. I personally feel that the era of the commercial desktop computing operating system as we know it is slowly drawing to a close. Both Microsoft and Apple are transitioning towards models that map more cleanly to the tablet space where the computer is a black box appliance that allows for very little user configurability, but on the other hand provides very little surface area for people who WANT an appliance to confidently use the device without fear of going someplace they don’t understand how to get back from.

                                                                                This is why, despite my personal choice to use Windows 10 as my “get work done” environment, I am staunchly committed to the advancement of LInux on the desktop, because once the commercial OSen become utterly hostile to tinkerers like us, it and other FLOSS environments like it will literally be the only show in town.

                                                                              2. 4

                                                                                It is however an incredibly accessible operating system, compared to whatever hodge-podge linux atrocity you’d prefer to torture someone with. Besides maybe Elementary OS, there is essentially no comparison in the usability of open source alternatives, which are designated “alternatives” correctly, because nobody that’s really honest with themselves would ever name them as a primary choice for a normal person’s graphical system.

                                                                                1. 2

                                                                                  Windows issues aide, I’ve never understood the Elementary craze. I’ve tried it ( probably an early version) and half the things were unfinished, the other half wrong for me. Yet people adore it and compare it with the macos. I’ll have to try again, I guess.

                                                                                  1. 4

                                                                                    It’s probably just not the OS for you, and I’d really only compare the UX language to Windows because at the end of the day it’s still a Linux hodge-podge nightmare

                                                                                    1. 4

                                                                                      Yep, I’m a veteran user, past most of the distro hopping affinities and stuff. I still change things up now and then, but my primary interestis to have a stable environment. Don’t wanna fiddle with details as much.

                                                                                    2. 3

                                                                                      Funny thing - this is one of the points where I actually remember when starting with Linux.

                                                                                      If it wasn’t in the start menu, it didn’t exist. This was at a time when internet access wasn’t readily available and pre-Google. elementary does remind me of the first KDE/Gnome desktops of RedHat/SuSE 5/6 - everything kinda worked and it came with a good amount of stuff preinstalled that a person completely new to the system could just do stuff.

                                                                                      Looking at it from my current point of view (has it been 21 years of using Linux? damn) I think - compared to Windows - it has kept a bit of simplicity and is less in-your-face flashy and weird. But maybe it’s just me getting really familiar with computers at the time of Windows 95, where everything looked kinda spartan. I didn’t use it long enough to notice things being broken, though, just a few hours at a time.

                                                                                2. 4

                                                                                  I installed Win 10 on my machine over a year ago and have not done anything special to it. It does not have any ads and there are no bloatware I have noticed, Metro is practically speaking non-existent for my user experience, and let’s not kid ourselves and say any Linux distro actually has a serviceable settings/control panel.

                                                                                  I’m all for using Linux and I use it practically every day, but from a usability standpoint, Linux doesn’t hold a candle to Windows. I wish it did, but you have to be delusional if you believe any Linux distros provide a comparable desktop experience.

                                                                                  2020 is still not the year of the Linux desktop.

                                                                                  1. 1

                                                                                    I agree, Desktops are a losing game anyway, butt Linux holds the mobile market. But all trolling aside, Windows is the unusable system for me, slow, clunky and gets in the way.

                                                                                  2. 13

                                                                                    Windows 10 has ads in the start menu, ass masquerading as security alerts, ads masquerading as software updates

                                                                                    All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                    uninstallable bloatware

                                                                                    I’m going to pick on you for a moment here in the hopes that you have broad shoulders and can take it in the name of raising the level of discussion here. What do you mean by this? I’ve begun treating any use at all of the word “bloat” as tantamount to pointless trolling.

                                                                                    Does it use too much memory? Is it inefficient in terms of CPU usage? Does it take up too much storage?

                                                                                    Let’s at least all consider being a bit more specific in our complaints that we might be able to learn something from them.

                                                                                    a bizarre distinction between Metro and everything else (exemplified by the bifurcation of Settings and the Control Panel)….

                                                                                    Windows has always suffered from the lengths it goes to in the name of retaining compatibility. How much do you feel this actually impacts end users? (Honest question.)

                                                                                    1. 39

                                                                                      All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                      Be that as it may, I shouldn’t have to disable ads in my operating system. I definitely don’t appreciate getting a “ding!” every so often (which sounds like a real notification) to remind me to sign up for OneDrive…

                                                                                      I’m going to pick on you for a moment here in the hopes that you have broad shoulders and can take it in the name of raising the level of discussion here. What do you mean by this? I’ve begun treating any use at all of the word “bloat” as tantamount to pointless trolling.

                                                                                      Does it use too much memory? Is it inefficient in terms of CPU usage? Does it take up too much storage?

                                                                                      Things like Xbox Games (or whatever it’s called), Paint, etc. They don’t take up too much space, or too much CPU…they just exist. They take up too much attention for something that I’m never going to use…and I should be able to install or uninstall any software I want on my computer, without resorting to unapproved hacks.

                                                                                      Windows has always suffered from the lengths it goes to in the name of retaining compatibility. How much do you feel this actually impacts end users? (Honest question.)

                                                                                      There’s a difference between backwards compatibility and “I want to do this, but the setting isn’t in Settings, it’s in Control Panel, and I don’t know when to use one or the other.” At least last time I used Windows 10 (within the last year or so), they would sometimes direct you from one to the other, but not always. So it definitely impacted me at least once.

                                                                                      1. 5

                                                                                        Just like I think an OS should ship with a text-editor that won’t be what most programmers use, I think it should ship with an image app with roughly the complexity of Paint. On both my work Macs, I found myself needing to make a trivial graphic, and not knowing what to use. GIMP was vastly over complicated for me, other apps were too paid for irregular use (and I didn’t know if I’d understand them).

                                                                                        1. 2

                                                                                          Things like Xbox Games (or whatever it’s called), Paint, etc. They don’t take up too much space, or too much CPU…they just exist. They take up too much attention for something that I’m never going to use…and I should be able to install or uninstall any software I want on my computer, without resorting to unapproved hacks.

                                                                                          I don’t mean to invalidate your perceptions here but.. Remove them from the start menu? At that point they’re invisible to you other than bits on the disk.

                                                                                          There’s a difference between backwards compatibility and “I want to do this, but the setting isn’t in Settings, it’s in Control Panel, and I don’t know when to use one or the other.” At least last time I used Windows 10 (within the last year or so), they would sometimes direct you from one to the other, but not always. So it definitely impacted me at least once.

                                                                                          That’s interesting. Whenever I want to change something, I type an approximation of that thing into the start menu and get the setting I need. I don’t try to guess where it is, I let the mechanism the OS provides guide me. YMMV of course.

                                                                                          1. 11

                                                                                            I don’t mean to invalidate your perceptions here but.. Remove them from the start menu? At that point they’re invisible to you other than bits on the disk.

                                                                                            They tended to return after an update for me.

                                                                                            In hope that this topic will amount to something more interesting than a Windows/Linux flame war, I would like to refer anyone who have not read this piece yet to do so now: Practical Ethics: Why It’s OK to Block Ads

                                                                                            It’s important to note that the essential question here is not whether we as users are being manipulated by design. That is precisely what design is. The question is whether or not the design is on our side.

                                                                                            I tend to prefer user agents that I can reasonably believe will not betray me.

                                                                                            1. 10

                                                                                              I don’t mean to invalidate your perceptions here but.. Remove them from the start menu? At that point they’re invisible to you other than bits on the disk.

                                                                                              Bits on my disk. If I want them off of there, I should be able to do so trivially…especially when it’s code that I don’t know if it’s phoning home, monitoring my browsing, contains an RCE vuln, or doing whatever. Even if it’s just sitting there, if I want it gone, well…it’s my computer.

                                                                                              1. 7

                                                                                                Bits on the disk matter. Windows takes forever to update. Part of that surely is it updating the crapware it comes with.

                                                                                                I’m going to pick on you for a moment here in the hopes that you have broad shoulders and can take it in the name of raising the level of discussion here. What do you mean by this? I’ve begun treating any use at all of the word “bloat” as tantamount to pointless trolling.

                                                                                                Windows search is the worst search interface I think I’ve ever used. It almost never gives me what I want to search for, but web searches for it instead…

                                                                                                1. 4

                                                                                                  That’s interesting, I haven’t noticed since Windows moved the update process to only happen when I login/logout or restart.

                                                                                                  It’s a different world from my wife’s old Windows 7 laptop which could sit for HOURS updating if you’d not turned it on in a bit.

                                                                                            2. 22

                                                                                              I shouldn’t have to disable it. It shouldn’t exist in the first place. It shouldn’t even be able to be enabled.

                                                                                              1. 7

                                                                                                I’m sure plenty of engineers at MS would love for you to tell this to the executives and shareholders.

                                                                                                1. 9

                                                                                                  That’s exactly the problem, isn’t it?

                                                                                                  This tension between what the business wants and what the users want is precisely what leaves a nasty taste in my mouth (and many other people too, judging from the comments). Even if I wasn’t already completely brain-washed into the UNIX way of working (and preferring the command line in general, since I got started with Commodore BASIC and DOS), I’d still happily use a less shiny, less polished UI just to get rid of all that bullshit.

                                                                                                  The computer exists purely to serve me, not some corporate agenda. And with all the global spying that’s going on I feel even less inclined to use an OS that has unknown other goals aside from being the most efficient platform to run applications (because that’s the only thing an OS should do).

                                                                                                  1. 2

                                                                                                    The computer exists purely to serve me, not some corporate agenda

                                                                                                    The free software movement exists because of affordable hardware created by corporate activity.

                                                                                                    Edit I should expand -

                                                                                                    • Linux was created because Linus T + friends had access to cheap x86 hardware. This was because of the IBM PC era dominated by MSFT/Intel
                                                                                                    • Before Linux, most free software was created in universities, many of who relied on corporate largesse/donations/taxes to function and buy the hardware to develop on.
                                                                                                    1. 4

                                                                                                      Pure hardware companies arguably have much less opportunity to make the computer do things that are opposed to the user’s desires. In a sense, we got very lucky that the IBM PC was designed as an open system and got so incredibly popular. Otherwise we’d be stuck in a situation like the Apple or game console ecosystems, where the software companies control the entire stack down to the hardware and running alternative software isn’t really supported (or even possible).

                                                                                                    2. 1

                                                                                                      How did you acquire your computer?

                                                                                                2. 21

                                                                                                  All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                                  I’m not a heavy Windows user. But I have tried to disable the advertised apps in the start menu, and I have not found any lasting success. Every time I think I’ve effectively removed them, a few days/weeks later, Candy Crush Saga or its ilk reappears in my start menu.

                                                                                                  I don’t doubt your statement that there’s a way to disable them long-term or even permanently. And I’d not be surprised if you’re correct that such disablement is easily executed.

                                                                                                  But that process is certainly not trivially discoverable, for me, anyway. And judging from the number of start menus I see those tiles in, I don’t think it is for most people.

                                                                                                  1. 8

                                                                                                    Hate to be that person, but my start menu has only had the tiles I’ve put on it for over a year now, and I haven’t once had those things “return”.

                                                                                                    1. 3

                                                                                                      OK. My Win 10 install dates from before they brought back the start menu. As soon as they did, it had tiles for candy crush saga and a few other similar things on it. I right-clicked those tiles and removed them. They went away. Then they came back after an update or two. I removed them again. Since then, more games have come back despite that Win 10 Pro install never having been used to sign into the store, let alone play a game.

                                                                                                      I’ve tried every trick google shows to stop that from happening. Games keep coming back. Different games each time, I think, but games being advertised from the store all the same.

                                                                                                      Maybe the problem is that I’m using Win10 Pro and I need a different SKU to be able to tell it “this is an install for compiling software. keep all games away.”

                                                                                                      1. 3

                                                                                                        Strange, I’m only on W10 Home. Maybe in your attempts to make these things go away you’ve accidentally flipped a registry variable that says please make me suffer with more game promotions 😅

                                                                                                        1. 1

                                                                                                          I have the vague impression that a clean installation might help. i.e. some setting that used to be more persistent in early versions of W10 got locked in for me and wouldn’t if I started fresh. But getting my scripted builds of OpenSSL and Boost back to where they should be is just enough of a headache that I’d rather give the games a dirty look and then move on (for now).

                                                                                                          I do really want to get my head around what people consider good practices for a (mostly non-interactive) Windows build box these days. I find it hard to believe Win 10 Pro with Visual Studio is the current state of the art, but figuring out what is just hasn’t bubbled up to the top of my to-do list yet.

                                                                                                          1. 4

                                                                                                            At a previous $job we had to deal with these things since a lot of our infra (including things that honestly shouldn’t have been, such as in the embedded space) was windows, but for the sake of lending advice I was sadly never put to task working on the powershell script used to initialize windows images. I can tell you just that, though; if it’s professional Windows management there’s always powershell involved.

                                                                                                    2. 1

                                                                                                      Thank you that’s a very good point. I’ll admit I Googled and found an article which signposted them all :)

                                                                                                      1. 1

                                                                                                        I did that too. If the first one you found has continued to keep them out of that menu through a few “feature updates” you found a better one than I did.

                                                                                                    3. 9

                                                                                                      All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                                      That’s nice they can be disabled now, but

                                                                                                      1. they might not be in the future

                                                                                                      2. do you really want to trust a company that implements this as opt-in by default

                                                                                                      3. since it’s proprietary, you don’t really know if they are honoring your settings completely (especially around ‘telemetry’)

                                                                                                      1. 1

                                                                                                        As I’ve said ad infinitum in this thread - I am making the pragmatic choice to use Windows today, but I’m convinced that the era of the commercial desktop operating system is coming to a close, so I’m committed to ensuring that desktop Linux improves over time, because ultimately I think that and other FLOSS environments like it will be the ONLY choice for tinkerers like us.

                                                                                                        I run both. I use Windows 10 and Ubuntu 19.10 and love them both in different ways for different tasks.

                                                                                                        I love the fact that people are building so many amazing creative wonderful things in the Linux space, but I can’t reliably use that as my bedrock ‘production’ environment because, depending on which package I install and what it does, I might easily render my Linux partition unbootable.

                                                                                                        So I treat my Linux install like a mad scientist’s lab that might explode at any moment but might also product the next wonder of the world, and my Windows install as the rock solid place where my cushy hyper configured environment lives along with my productivity tools, IDE, etc.

                                                                                                        That works very well for me right now.

                                                                                                      2. 8

                                                                                                        The problem is that starting with Windows 8, Microsoft tried to shoehorn their entire userbase into a mobile operating system. Thats fine if your device is a phone.

                                                                                                        But some users device is a desktop computer, and a mobile operating system isnt, never was, and never will be appropriate for that use case.

                                                                                                        Until that is understood, and two different flavors of Operating System are allowed to exist and flourish, Windows wont be as good as it once was.

                                                                                                        Windows is my primary Operating System. But until this Metro stuff is over and dead I am afraid that Windows 7 might be my last Windows OS.

                                                                                                        1. 6

                                                                                                          Have you tried a modern windows 10 os? If you remove the tiles from the start menu, you get a classic start experience exactly like what you are used to. Beyond that touch oriented features have been integrated in such a way that they don’t ever get in your way. I don’t think the argument that Windows 10 is a “touch oriented os” holds any water anymore.

                                                                                                          1. 3

                                                                                                            ok and what about Cortana?

                                                                                                            1. 4

                                                                                                              What about it? It takes two clicks to hide the search bar and I’ve never seen Cortana since.

                                                                                                                1. 2

                                                                                                                  That’s only if you want to rip it out of the system completely, not sure why you’d even do that other than on principle. You can just not open it.

                                                                                                              1. 1

                                                                                                                Again. Try a modern version of win 10. The Cortana crap can be easily hidden and you get a start menu just like the good old days.

                                                                                                            2. 4

                                                                                                              How does this materially impact you? I’m interested in things you need to do that it scuppers, or blocks completely.

                                                                                                              1. 12

                                                                                                                I know you didn’t mean it this way, but it sounds like victim blaming. “Microsoft changed how they do things you are paying money for, but are you sure you’re inconvenienced enough to complain?”

                                                                                                                1. 3

                                                                                                                  I’m sorry it came off that way, especially with the use of “materially.” The original post threw around a number of fairly abstract reasons for not liking it and I was looking for more concrete examples of how this causes a breakdown. There is also an argument to made that the terminology used isn’t accurate for Windows 10, but soliciting more detail is probably the best response.

                                                                                                                2. 2

                                                                                                                  An example that bit me (though a couple years ago, so may have changed since I last set up a new machine):

                                                                                                                  The Onenote UWP app from the windows store is preinstalled and difficult to remove. However it isn’t completely compatible with the win32 app included with office – if you’re sharing notebooks with office users and setting permissions w/ AD you can’t use the windows store version. You can install the office version, and it sort of takes over, but not quite 100%. So you end up with some onenote links working correctly in your win32 app, but others sometimes opening the store app instead. And when that happens it then tries to take over as the default onenote app again, screwing everything up in the process, and you need to clean up a bunch of prefs that get changed out from under you.

                                                                                                                  I finally found some combination of settings in both apps, the system default apps settings, and a manual registry hack that seems to have permanently fixed it. But, until I found that, using Onenote was a daily struggle due to the preinstalled nonsense that I didn’t want to use.

                                                                                                                  1. 1

                                                                                                                    Its not just what I listed. Its other problems, like making people resort to registry hack to remove unwanted features:

                                                                                                                    https://www.howtogeek.com/265027/how-to-disable-cortana-in-windows-10

                                                                                                                    or blocking local account creation (LOL?):

                                                                                                                    https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation

                                                                                                                    its these comically bad, user hostile decisions that keep me from upgrading.

                                                                                                                  2. 3

                                                                                                                    A lot of people have said that this bifurcation has been all but healed in Windows 10. Clearly remnants remain, but they certainly haven’t gotten in my way so your mileage clearly varies.

                                                                                                                  3. 8

                                                                                                                    All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                                                    This is not an excuse for user-hostile behaviour.

                                                                                                                    1. 1

                                                                                                                      All of which are trivially disable-able in Settings. This took me 10 minutes.

                                                                                                                      …. and the next time they come back it takes 20 minutes. And after that it involves kernel pacthes. And then firmware hacks.

                                                                                                                      At least for me, this is a matter of self-respect, not a matter of time. But I guess some people strongly prefer being pushovers to drawing a line in the sand and accepting whatever slight inconvenience comes with it.

                                                                                                                    2. 3

                                                                                                                      For anyone looking for a power user’s alternative to control panel I recommend creating an empty folder, naming it LobsterMode.{ED7BA470-8E54-465E-825C-99712043E01C}, and then clicking it to see what happens.

                                                                                                                    1. 7

                                                                                                                      I think this will be my first year of using exclusively Windows after like 15 years. All started when I got a small Debian netbook from my father. Used Windows pretty much exclusively for gaming after that. Now I run it both on my laptop and on my PC. Well I do all my work through Msys2, I have bash and basic Linux utilities and a package manager which is basically all I ever needed.

                                                                                                                      I got burnt out from fixing things. I got burned out from being tempted to break them. Took me a while to realize I actively don’t want to know how to fix anything pacman related, or WM related, or anything like that.

                                                                                                                      Linux is a bad fit for me because I’m a perfectionist. Even when I’d fix something I had this unshakeable feeling that I’ve ‘muddied’ my system, that it still might tacitly be in an invalid state. Yet I never put in enough energy to become truly proficient with stuff, only fragments.

                                                                                                                      Here’s a snarky twitter thread in this vein: https://twitter.com/garybernhardt/status/1078389370741186560

                                                                                                                      1. 7

                                                                                                                        Actually I feel the other way round about Linux vs other systems. I can only achieve simple and fully reproducible setups using Linux.

                                                                                                                        The key is cherrypicking appropriate hardware and simple standard components. In my case, I find all-Intel machines plus a simple userland (StumpWM, Emacs, Firefox and XTerm) are incredibly nice to use. For this I employ both NixOS and Archlinux.

                                                                                                                        1. 6

                                                                                                                          Yup. Brains are different. For you, the shortcomings that are unclimbable mountains for some are barely noticeable.

                                                                                                                          I do think that with things like WSL and Powershell, Windows is beginning to approach the same level of customizability, but its interfaces for accomplishing what you want are probably not to your liking.

                                                                                                                          That’s the whole point, it’s about finding the interface that feels good to you while appreciating that it isn’t the same way for everyone.

                                                                                                                          1. 3

                                                                                                                            Thanks, I am interested in learning what makes Windows superior to Linux for your usecase aside from hardware compatibility.

                                                                                                                            In my case, I love Linux due to minimal distros (few moving parts) and declarative configurations plus rollbacks (Nix and dotfiles).

                                                                                                                            1. 2

                                                                                                                              I had switched from Linux to macOS in 2007, because it was so much more polished (it still is) and had so much better applications (still does). But NixOS is what brought me back to the Linux on the desktop fold. Being able to define your machines and development environments declaratively is an enormous win. I can check out a project repository on a new machine and I have exactly the same CUDA, PyTorch, etc. versions.

                                                                                                                              (Yes I know that Nix works on Darwin and I use it on my MacBook, but NixOS is more encompassing + Linux is better supported by Nix.)

                                                                                                                          2. 1

                                                                                                                            I hate simplicity and the best way to achieve reproducibility is to not ever have to reproduce anything:)

                                                                                                                          3. 5

                                                                                                                            Msys2 is a good solution, WSL is excellent in my experience.

                                                                                                                            And it’s only getting better, there’s a HUGE amount of effort being invested in making it a first class development environment from Ubuntu and Microsoft. I’m psyched to see what evolves in that space.

                                                                                                                            And I totally agree, I have both installed on my laptop and very much enjoy having Linux around to play with the amazing toys the mad scientists come up with and do crazy experiments on, but when I Need to Get Work Done (and this is gonna make the diehard *NIX folks bristle, sorry folks :) I boot into Windows and stop worrying about it.

                                                                                                                            1. 1

                                                                                                                              WSL1 has extremely poor IO performance, to the point where it is almost unusable in certain situations. I’ve since switched to using an ‘always-on’ Linux VM using hyper-v that I just SSH into. Much better performance and support for all Linux programs that way. I’m looking forward to WSL2 though, which is just actual Linux running in a VM.

                                                                                                                              1. 1

                                                                                                                                Yes I’m very much looking forward to WSL2 as well. I now wish I’d bought the Pro version so I could run the preview, but unfortunately their marketing doesn’t mention anything about Pro having expanded Hyper-V container hosting capabilities.

                                                                                                                            2. 4

                                                                                                                              I got burnt out from fixing things. I got burned out from being tempted to break them. Took me a while to realize I actively don’t want to know how to fix anything pacman related, or WM related, or anything like that.

                                                                                                                              Don’t break things then? Linux systems don’t randomly break like Windows systems do. They just work, reliably, the same way, until you change them. People that complain about their Linux systems breaking inevitably are doing stuff like installing dozens of AUR packages. Installing loads of crappy third party software is going to have negative effects on any operating system.

                                                                                                                              Here’s a snarky twitter thread in this vein: https://twitter.com/garybernhardt/status/1078389370741186560

                                                                                                                              This is the problem with Twitter. We don’t see any of the replies to his tweets, we just see him unfairly and inaccurately paraphrasing what people say and arguing against that. And it’s impossible to argue against his claims anyway.

                                                                                                                              His original tweet is about the Linux desktop, and as soon as people point out that the Linux experience on desktop is completely fine today, he pivots to talking about laptops, which aren’t desktops. Someone points out that other platforms also don’t work reliably (no shit! none of them work reliably) and says “Buy a new Mac. Open the lid. The trackpad works. The sound works. The WiFi works. Emoji works. 3D acceleration works. Close the lid. It sleeps. Open the lid again. It wakes from sleep.” Like mate, you can get Linux laptops where all those things work too…

                                                                                                                              Every time anyone responds to his point, he shifts the goalposts.

                                                                                                                              1. 5

                                                                                                                                Linux systems don’t randomly break like Windows systems do.

                                                                                                                                In my experience this is very incorrect. I’ve been using Windows 10 for the last couple years with no real issues. Prior to that I was using Ubuntu and had random things break almost once a week. You could say it was my fault for using third party package sources to install current versions of software that was unavailable in the official sources despite having been released for six months, but things like that simply don’t happen on Windows in my experience.

                                                                                                                                1. 1

                                                                                                                                  In my experience Windows 10 breaks constantly in weird ways and Linux is very reliable. And that’s certainly not my fault!

                                                                                                                                  Random things literally cannot break ‘once a week’ on Linux unless you’re changing things once a week. You complain about needing to use third party packages then also complain about stability. Like, the whole point of the official repositories not being the most recent version of packages is stability!

                                                                                                                                2. 3

                                                                                                                                  Like mate, you can get Linux laptops where all those things work too…

                                                                                                                                  I think that’s the thing; he’s comparing Apples to oranges^Wrandom hardware and throwing Linux on it. I am constantly disappointed by stuff not working in Debian on some Thinkpads (my current work machine has a weird issue with the display driver on multi monitor and my home laptop’s microphone doesn’t seem to work at all), but then those weren’t actually designed to run Linux. Try running MacOS on a random janky piece of shit PC hardware “designed for Windows” and see how well you fare. Then complain on Twitter and watch the number of people claiming their Hackintosh works just fine, thankyouverymuch.

                                                                                                                                  By the way, what “designed for Linux” laptops can you recommend? I’m slowly starting to think about replacing my x230 and I don’t intend on buying another Lenovo. Ever.

                                                                                                                                  1. 2

                                                                                                                                    Don’t break things then?

                                                                                                                                    They break by themselves. Constantly. Even if accomplishing basic things didn’t require a level of involvement from the user much higher than that in Windows, even Ubuntu tended to break just from basic updating.

                                                                                                                                    Linux systems don’t randomly break like Windows systems do.

                                                                                                                                    I genuinely can’t recall Windows ever breaking, except once when I had a hardware issue that was causing BSODs.

                                                                                                                                    People that complain about their Linux systems breaking inevitably are doing stuff like installing dozens of AUR packages.

                                                                                                                                    Oh man you use Arch and actually have no trouble stating that it doesn’t break literally randomly?? This is a meme even in hardcore Linux enthusiast communities because of how often that happens.

                                                                                                                                    1. 3

                                                                                                                                      They break by themselves. Constantly.

                                                                                                                                      They literally do not. This is not up for debate. Software does not spontaneously break. You change things and it breaks. Its developers change things and it breaks. But it does not spontaneously break.

                                                                                                                                      Even if accomplishing basic things didn’t require a level of involvement from the user much higher than that in Windows

                                                                                                                                      Like what? Beyond installing it in the first place. That computers almost all still come with Windows is a perfect example of the failure of anti-monopoly laws, not a point against Linux.

                                                                                                                                      I genuinely can’t recall Windows ever breaking, except once when I had a hardware issue that was causing BSODs.

                                                                                                                                      Windows is notoriously unreliable. I can’t understand how someone could even type the words ‘I genuinely can’t recall Windows ever breaking’. It’s an operating system that’s so unreliable that people have to regularly reinstall it to avoid it becoming slowed down by its own decay!

                                                                                                                                      Oh man you use Arch and actually have no trouble stating that it doesn’t break literally randomly?? This is a meme even in hardcore Linux enthusiast communities because of how often that happens.

                                                                                                                                      It’s a meme specifically because of the ease with which you can install third party packages. If you don’t do that then it doesn’t break basically ever unless you completely ignore the announcements every year or so that you need do so something beyond updating all your packages for some reason.

                                                                                                                                      If Arch did break more than other distros then that would just confirm that the issue is the software breaking and not the operating system, because the only difference between Arch and other distros is that it’s rolling release and doesn’t patch its packages.

                                                                                                                                      1. 3

                                                                                                                                        They literally do not. This is not up for debate. Software does not spontaneously break. You change things and it breaks. Its developers change things and it breaks. But it does not spontaneously break.

                                                                                                                                        Yeah, it can, assuming it’s stateful and you actually use it. I’ve had stock installs of Debian run out of disk space because of too many log files.

                                                                                                                                    2. 1

                                                                                                                                      Like mate, you can get Linux laptops where all those things work too…

                                                                                                                                      I bought a HP laptop this year and stripped off Windows and put on OpenSUSE. It’s a niche distro, and neraly everything just worked (except codecs, but just add Packman). I haven’t had to configure much since set up either. I know people have gotten themselves into trouble with pacman, and I’ve gotten myself in a world of hurt in both apt and yum before, but zypper seems to do the right thing most of the time. I spent many college nights tinkering to get things to work, but things are 1000x better today.

                                                                                                                                    3. 2

                                                                                                                                      I’m sometimes tempted to go Windows only but I always have to dual boot to Windows on a number of machines and the consistent micro lags (30 - 150 ms) on brand new top-of-the-line hardware drives me crazy :-/

                                                                                                                                    1. 9

                                                                                                                                      I don’t why he expects everyone who codes to have coding as a passion. That’s beyond unrealistic. This is a profession that you can make good money at. I am totally understanding that a lot of my colleagues aren’t passionate about it.

                                                                                                                                      1. 8

                                                                                                                                        I think passion is the wrong word, but you need to care. If you don’t care, or if you care more about something else (money, promotions, not causing a fuss, etc.) then you have no tools for making good, long-term strategic decisions. Anything short of actually caring about what you are doing results in myopic decision-making. Or as someone else put it, “driving on the highway by looking at the centre line in your rear-view mirror.”

                                                                                                                                        Passion is not a requirement for caring, IMO. I wouldn’t call myself passionate – I have a full life of other things outside of my engineering job. But when I’m in the office, you would probably put me in the passionate pile because when I’m on the job, boy do I care a lot.

                                                                                                                                        1. 5

                                                                                                                                          I don’t why he expects everyone who codes to have coding as a passion.

                                                                                                                                          I don’t think the author really does, though.

                                                                                                                                          Most of the HNOP is about incentives, specifically, how the Windows team* doesn’t reward incremental performance improvements, and also doesn’t reward unscheduled work or outside contributions. The fact that people are not being rewarded, either by the organization or by themselves, is why the work doesn’t get done.

                                                                                                                                          * Let’s contrast this with Joe Duffy’s performance culture, and how the C# compiler team literally gates new patches on their performance tests.

                                                                                                                                          1. 5

                                                                                                                                            Agreed. I was passionate about programming before I started to be a programmer, in the same way I was passionate about reading before high school (where we had mandatory ‘read lists’). After 8 hours of sitting behind a screen and 3 hours of commute I have better things to do than programming. Cooking, eating, working out, chores, playing an instrument, and reading, for example.

                                                                                                                                          1. 6

                                                                                                                                            I find it curious that the Blink team at Google takes this action in order to prevent various other teams at Google from doing harmful user-agent sniffing to block browsers they don’t like. Google certainly isn’t the only ones, but they’re some of the biggest user-agent sniffing abusers.

                                                                                                                                            FWIW, I think it’s a good step, nobody needs to know I’m on Ubuntu Linux using X11 on an x86_64 CPU running Firefox 74 with Gecko 20100101. At most, the Firefox/74 part is relevant, but even that has limited value.

                                                                                                                                            1. 14

                                                                                                                                              They still want to know that. The mail contains a link to the proposed “user agent client hints” RFC, which splits the user agent into multiple more standardized headers the server has to request, making “user-agent sniffing” more effective.

                                                                                                                                              1. 4

                                                                                                                                                Oh. That’s sad. I read through a bit of the RFC now, and yeah, I don’t see why corporations wouldn’t just ask for everything and have slightly more reliable fingerprinting while still blocking browsers they don’t like. I don’t see how the proposed replacement isn’t also “an abundant source of compatibility issues … resulting in browsers lying about themselves … and sites (including Google properties) being broken in some browsers for no good reason”.

                                                                                                                                                What possible use case could a website have for knowing whether I’m on ARM or Risc-V or x86 or x86_64 other than fingerprinting? How is it responsible to let the server ask for the exact model of device you’re using?

                                                                                                                                                The spec even contains wording like “To set the Sec-CH-Platform header for a request, given a request (r), user agents MUST: […] Let value be a Structured Header object whose value is the user agent’s platform brand and version”, so there’s not even any space for a browser to offer an anti-fingerprinting setting and still claim to be compliant.

                                                                                                                                                1. 4

                                                                                                                                                  What possible use case could a website have for knowing whether I’m on ARM or Risc-V or x86 or x86_64 other than fingerprinting?

                                                                                                                                                  Software download links.

                                                                                                                                                  How is it responsible to let the server ask for the exact model of device you’re using?

                                                                                                                                                  … Okay, I’ve got nothing. At least the W3C has the presence of mind to ask the same question. This is literally “Issue 1” in the spec.

                                                                                                                                                  1. 3

                                                                                                                                                    Okay, I’ve got nothing.

                                                                                                                                                    I have a use case for it. I’ve a server which users run on a intranet (typically either just an access point, or a mobile phone hotspot), with web browsers running on random personal tablets/mobile devices. Given that the users are generally not technical, they’d probably be able to identify a connected device as “iPad” versus “Samsung S10” if I can show that in the web app (or at least ask around to figure out whose device it is), but will not be able to do much with e.g an IP address.

                                                                                                                                                    Obviously pretty niche. I have more secure solutions planned for this, however I’d like to keep the low barrier to entry that knowing the hardware type from user agent provides in addition to those.

                                                                                                                                                  2. 2

                                                                                                                                                    What possible use case could a website have for knowing whether I’m on ARM or Risc-V or x86 or x86_64 other than fingerprinting?

                                                                                                                                                    Benchmarking and profiling. If your site performance starts tanking on one kind of processor on phones in the Philippines, you probably want to know that to see what you can do about it.

                                                                                                                                                    Additionally, you can build a website with a certain performance budget when you know what your market minimally has. See the Steam Hardware and Software Survey for an example of this in the desktop videogame world.

                                                                                                                                                    Finally, if you generally know what kinds of devices your customers are using, you can buy a bunch of those for your QA lab to make sure users are getting good real-world performance.

                                                                                                                                                2. 7

                                                                                                                                                  Gecko 20100101

                                                                                                                                                  Amusingly, this date is a static string — it is already frozen for compatibility reasons.

                                                                                                                                                  1. 2

                                                                                                                                                    Any site that offers you/administrators a “login history” view benefits from somewhat accurate information. Knowing the CPU type or window system probably doesn’t help much, but knowing it’s Firefox on Ubuntu combined with a location lookup from your IP is certainly a reasonable description to identify if it’s you or someone else using the account.

                                                                                                                                                    1. 2

                                                                                                                                                      There are terms I’d certainly like sites to know if I’m using a minority browser or a minority platform, though. Yes, there are downsides because of the risk of fingerprinting, but it’s good to remind sites that people like me exist.

                                                                                                                                                      1. 1

                                                                                                                                                        Though the audience here will play the world’s tiniest violin regarding for those affected the technical impact aspect may be of interest.

                                                                                                                                                        The version numbering is useful low-hanging-fruit method in the ad-tech industry to catch fraud. A lot of bad actors use either just old browsers[1] or skew browser usage ratios; though of course most ‘fraud’ detection methods are native and just assume anything older than two major releases is fraud and ignore details such as LTS releases.

                                                                                                                                                        [1] persuade the user to install a ‘useful’ tool and it sits as a background task burning ads or as a replacement for the users regular browser (never updated)

                                                                                                                                                      1. 25

                                                                                                                                                        To be fair, I find it hilarious that every browser includes the “Mozilla” string in its user agent, dating from the late 90’s. As much as it pains me to say it, Google may be right here: the header is at best vestigial.

                                                                                                                                                        1. 2

                                                                                                                                                          I think it is weird that they still do; does anyone bother checking that part when sniffing anymore? I’d be surprised if anyone has for the last fifteen years.

                                                                                                                                                          1. 2

                                                                                                                                                            I know there are webmasters that use its presence to distinguish between bots (which typically don’t have it) and browsers (which usually do). It’s a heuristic, but it’s actually really good.

                                                                                                                                                            1. 4

                                                                                                                                                              I had to change my feed reader’s user-agent to lie because of this. It’s nonsensical, of course — RSS and Atom feeds are made for bots!

                                                                                                                                                              1. 2

                                                                                                                                                                Looks like a configuration error from the Web server or app. Maybe they just tell Nginx or their app to deny anything which is not a browser, forgetting to handle special cases like RSS.

                                                                                                                                                                1. 1

                                                                                                                                                                  Looking at the code it was actually a request to SquareSpace, and the poison seemed to be mention of “Twisted”. Best guess they are trying to ban Scrapy which uses Twisted internally.

                                                                                                                                                                  I’ve also seen CDNs reject requests when the User-Agent string contains “python” or lacks “Mozilla”. I guess lying is just part of HTTP these days.

                                                                                                                                                              2. 6

                                                                                                                                                                between polite bots and (browsers and evil bots) <3

                                                                                                                                                                1. 3

                                                                                                                                                                  Perfect is the enemy of the good. Anyone might come into my house and rob me, but if someone knocks on my door and tells me they’re going to rob me, I’m still not going to let them in just because they asked permission.

                                                                                                                                                                  1. 1

                                                                                                                                                                    If they’ll say it in a certain way, and they will act in a certain way, you will be thankful for them for the opportunity for them to rob you.

                                                                                                                                                                    Well, not you in particular, but people in general.

                                                                                                                                                                2. 1

                                                                                                                                                                  indeed, but you don’t check for the Mozilla thing there!

                                                                                                                                                                3. 1

                                                                                                                                                                  GitHub uses User Agent sniffing. I set my User Agent to “Firefox” (general.useragent.override) and some features on the site no longer work and GitHub complains that it doesn’t support old browsers.

                                                                                                                                                              1. 2

                                                                                                                                                                It’s funny that the OP uses a car analogy, when even clear-cut drop-in replacements like hybrid cars that would enable massive efficiency gains see sluggish adoption (according to JP Morgan, hybrid + pure electric vehicles are expected to reach 30% of sales by 2025: no, not usage share, sales). After all, it doesn’t really matter much how close to the theoretical max efficiency under load you get when your car spends a significant fraction of the time idle at a stop sign or in traffic.

                                                                                                                                                                1. 1

                                                                                                                                                                  I mean, USB is a tire fire, that’s not news. But this is not a useful addition to the indictment, really.

                                                                                                                                                                  1. 4

                                                                                                                                                                    Would you prefer to choose over a million custom implementations of a serial port, all proprietary of course, instead?

                                                                                                                                                                    1. 1

                                                                                                                                                                      I mean, USB is a tire fire, that’s not news.

                                                                                                                                                                      Yes across the board. My Pixel 3’s USB C port only works right when the cable is inserted “upside down” and there is no such thing for USB C as the intent is for it to be bidirectional.

                                                                                                                                                                      1. 7

                                                                                                                                                                        I own a Pixel 3 and it works fine both ways. Either your phone is a dud, or your cable is.

                                                                                                                                                                    1. 11

                                                                                                                                                                      Why would any developer volunteer so much of their time to support a proprietary, commercial, operating system?

                                                                                                                                                                      Put another way: if you’re going to give away your time to help solve a chicken and egg problem for a platform, wouldn’t you expect to get paid for it if it’s a commercial product?

                                                                                                                                                                      Better to donate your time to a Free Software project.

                                                                                                                                                                      1. 3

                                                                                                                                                                        Because that “proprietary, commercial operating system” represents nearly 80% of desktop and laptop computers. Put another way: why would any developer volunteer so much of their time to support an operating system that is used by less than 20% of people?

                                                                                                                                                                        1. 11

                                                                                                                                                                          Work on an 80% market-share OS for a salary? Sure. Sell software for it? Sure. Sell hardware for it? Yep. I was a professional .NET developer, working on Windows, for around a decade.

                                                                                                                                                                          But why, why would you volunteer your precious time to a commercial product? This is what I don’t get.

                                                                                                                                                                          Bluntly: if Microsoft wants developers to solve their chicken-and-egg problem with better tooling and support, they can and should damn well hire them, and pay them for their time.

                                                                                                                                                                          1. 3

                                                                                                                                                                            Bluntly: if Microsoft wants developers to solve their chicken-and-egg problem with better tooling and support, they can and should damn well hire them, and pay them for their time.

                                                                                                                                                                            that’s one of my recommendations at the end of the post that microsoft should be funding this through grants, sponsorships and free machines (both virtual and real).

                                                                                                                                                                        2. 2

                                                                                                                                                                          Why would any developer volunteer so much of their time to support a proprietary, commercial, operating system?

                                                                                                                                                                          The only reasonable answer to this is “because they want to”. If any developer doesn’t want to do it that is completely ok. I personally like those machines and am up to working with them but it was my choice.

                                                                                                                                                                          Put another way: if you’re going to give away your time to help solve a chicken and egg problem for a platform, wouldn’t you expect to get paid for it if it’s a commercial product?

                                                                                                                                                                          In my recommendations at the end of the article I say exactly that that Microsoft should be giving away machines and sponsorships or grants towards making these projects viable on WoA.

                                                                                                                                                                          Better to donate your time to a Free Software project.

                                                                                                                                                                          Be aware that there is free software running on windows and it is even a more thankless job than free software on unix-like systems. I’m not going to tell people how should they spend their time, it is their choice. Personally, I like that machine and am willing to use my time to make some FOSS projects work with it, but thats my own personal choice.

                                                                                                                                                                          1. 1

                                                                                                                                                                            Sure - of course it’s a matter of personal choice. And I’m well aware of the existence of free software on Windows; back in the day, I was an avid Cygwin user.

                                                                                                                                                                            The thing I don’t get is … what do you, personally, get out of helping Microsoft solve their chicken and egg problem?

                                                                                                                                                                            1. 1

                                                                                                                                                                              “Because I want to” is a reward. People feel inspired to do things, and succeeding at them is a reward. See also: Climbing a tall mountain solely because it is difficult.

                                                                                                                                                                          2. 1

                                                                                                                                                                            One reason would be to help the world move past the x86 architecture. We know Linux can work on anything. We know Apple could pull off switching macOS to ARM. Windows is the last anchor. If Windows could credibly leave x86, so could everyone else.

                                                                                                                                                                            1. 1

                                                                                                                                                                              I develop software that runs on x86_64 Windows because I use it.

                                                                                                                                                                              As for ARM Windows? If I could get a free copy that runs in an emulator, I might try it. It probably wouldn’t take long to test my stuff in it and fix any random bugs. Just future-proofing.

                                                                                                                                                                            1. 3

                                                                                                                                                                              The most obvious explanation is that the open source model does not work well for producing software with good usability. Everything in Raymond’s article hints at this truth.

                                                                                                                                                                              The problem is much more general than that: If you want to target a particular market, you need to have feedback from members of that market.

                                                                                                                                                                              That means either running full-blown usability studies where you get a bunch of Aunt Tillies and Uncle Vernons in the room, ask them to do it, and record why they fail; or, alternatively, you are Aunt Tillie. Since every developer-oriented project has at least one developer on it, this solves it for OSS projects*.

                                                                                                                                                                              * Of course, other factors can result in usability problems in OSS build tools. Just ask Isabella Muerte about C++’s build systems. But that’s not lack of developers to ask; that’s just complete failure to have the kind of centralized design decisions that a well-run OSS project would have.

                                                                                                                                                                              1. 3

                                                                                                                                                                                In my opinion, open source excels at “plumbing” - libraries, infrastructure code; and for “itch scratching”.

                                                                                                                                                                                The further up the user interface ladder you move, the more a well-funded centralized organization can pull ahead by paying for usability testing, market research, etc.

                                                                                                                                                                              1. 1

                                                                                                                                                                                Previous discussion on this same series: https://lobste.rs/s/66ozv7/learn_rust_dangerous_way

                                                                                                                                                                                1. 3

                                                                                                                                                                                  I remember this. It never had a chance. Very few people were technically inclined enough to participate.

                                                                                                                                                                                  1. 3

                                                                                                                                                                                    Not only that. I remember looking at it and throwing the towel because the effort didn’t seem worth the result. It was even widely ignored by bloggers, that should tell you enough. There was no traction, there were no good libraries for it - and this was even before anyone had ever heard of Facebook or Twitter.

                                                                                                                                                                                    1. 3

                                                                                                                                                                                      I remember it too, and agree.

                                                                                                                                                                                      If someone wonders why JSON won, take a look at the RDF spec.

                                                                                                                                                                                      1. 4

                                                                                                                                                                                        Now we have JSON-LD, which is basically an invasive RDF graft onto JSON…

                                                                                                                                                                                        1. 1

                                                                                                                                                                                          And — like with RSS before it — lots of applications don’t follow the JSON-LD spec as written, either. See Litepub, for example.

                                                                                                                                                                                        2. 2

                                                                                                                                                                                          RDF does something complicated, which is what the specs describe. That it happens to use XML is arbitrary; it’s just a data format.

                                                                                                                                                                                          1. 1

                                                                                                                                                                                            Intellectually I’m aware of this, but I’ve never seen RDF expressed in anything other than XML - I guess it was because of the Semantic Web connection.

                                                                                                                                                                                            Out of curiosity, is there any other plain-text serialisations of RDF? (Apart from JSON-LD, mentioned in this thread)

                                                                                                                                                                                            1. 2

                                                                                                                                                                                              Turtle? - https://www.w3.org/TR/turtle/

                                                                                                                                                                                              I’ve seen it in use at work (BBC Sport website).

                                                                                                                                                                                              1. 3

                                                                                                                                                                                                Yep, Turtle. Or N3. Apparently there’s also N-Triples and N-Quads, though I don’t remember those being available when FOAF was a going concern.

                                                                                                                                                                                      1. 13

                                                                                                                                                                                        An interesting metric if you want to make a short-living utility with low latency to output.

                                                                                                                                                                                        Pretty useless if you are interested in throughput or latency of a long living process.

                                                                                                                                                                                        1. 3

                                                                                                                                                                                          If you’re interested in latency, the relationship between syscalls and latency is so scattered that you’re better off just measuring the latency. Otherwise, you might conclude that JIT compiled Java is as good for quick command line programs as go.

                                                                                                                                                                                          1. 6

                                                                                                                                                                                            It also provides a datapoint on unnecessary complexity and bloat.

                                                                                                                                                                                            Pity Nim is not in the article (yet).

                                                                                                                                                                                            1. 8

                                                                                                                                                                                              “Unnecessary complexity and bloat.” in the context of a useless program.

                                                                                                                                                                                              1. 3

                                                                                                                                                                                                Isn’t it roughly equivalent to the quite non-useless true program?

                                                                                                                                                                                                1. 2

                                                                                                                                                                                                  Oh god, people will be “beating” GNU true in all manners of programming languages next…

                                                                                                                                                                                                2. 1

                                                                                                                                                                                                  Well, the more unnecessary syscalls, the more of a runtime there is. Those additional syscalls never go away.

                                                                                                                                                                                                  1. 7

                                                                                                                                                                                                    And?

                                                                                                                                                                                                    If the runtime is long enough this syscalls at start get negligible.

                                                                                                                                                                                                    Once again - this metrics are useful in one context and totally useless in others. The important stuff is to know if they are relevant to your situation.

                                                                                                                                                                                                    1. 3

                                                                                                                                                                                                      Not all of these syscalls are strictly startup-related, though.

                                                                                                                                                                                                      Part of Rust’s overhead is from stdout locking, and that means additional syscalls every time you print, not just at startup.

                                                                                                                                                                                                      1. 3

                                                                                                                                                                                                        If Rust generates syscalls for an uncontested lock, that’s bananas. Every decent lock implementation uses an atomic instruction in userspace, and only falls back to the kernel when it finds the lock held by another thread. For example, pthread_mutex_lock in musl libc tries an atomic compare and swap before resorting to the syscall implementation.

                                                                                                                                                                                                      2. 1

                                                                                                                                                                                                        I meant the language runtime. As we can see, the “slower” and more abstracted languages make more syscalls. The more control you have, the less syscalls are called.

                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                          This may be true but it can’t be tested the way the linked blogpost does.

                                                                                                                                                                                                3. 2

                                                                                                                                                                                                  A commenter on HackerNews made a test with Nim: https://news.ycombinator.com/item?id=21957476

                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                    A lot of people in this thread seems to be focusing on startup time and ignoring the point of the article hinted more by the amount of disk space used and, secondarily, the number of syscalls:

                                                                                                                                                                                                    These numbers are real. This is more complexity that someone has to debug, more time your users are sitting there waiting for your program, less disk space available for files which actually matter to the user.”

                                                                                                                                                                                                    This was not an objective test, this is just an approximation that I hope will encourage readers to be more aware of the consequences of their abstractions, and their exponential growth as more layers are added.

                                                                                                                                                                                                    Unnecessary complexity translates into cognitive load for those who want to understand what happens under the hood.

                                                                                                                                                                                                    Especially when contributing to the compiler or porting it to a different architecture.

                                                                                                                                                                                                    1. 17

                                                                                                                                                                                                      I read the entire article and understood the point.

                                                                                                                                                                                                      I don’t think the point is valid, that’s all - at least not when it comes to “real-world” software development.

                                                                                                                                                                                                      For example, you can’t throw a pebble on this site without hitting a comment decrying C’s lack of memory safety. “But my users will thank me when they count the low number of syscalls my code is using!” isn’t much use when your program is crashing or their box is getting rooted because you messed up memory management.

                                                                                                                                                                                                      Likewise, if your code is spending most of its time waiting for data to come down the wire, or for something to be fetched from a database, why optimize for syscall count?

                                                                                                                                                                                                      1. -1

                                                                                                                                                                                                        Umm, you do realize the database fetching the data is a program using syscalls, and the routers transmitting the data also use syscalls. If everything in the chain is slower, you will be waiting longer…

                                                                                                                                                                                                        1. 5

                                                                                                                                                                                                          Any database system can be coded as lean and mean as possible, and still be brought down by someone mistyping a query and performing a full-table scan.

                                                                                                                                                                                                          A power outage can knock out a datacenter, forcing traffic to go via slower pipes. So users will be waiting longer, despite routers being lean and mean.

                                                                                                                                                                                                          More syscalls contribute to slower performance, but they’re generally dwarfed by other factors.

                                                                                                                                                                                                    2. 1

                                                                                                                                                                                                      I would not be surprised if the ‘useless’ results carry through proportionally to real programs.

                                                                                                                                                                                                      1. 8

                                                                                                                                                                                                        A month or two ago there was a spate of posts where people “beat” GNU wc using a plethora of languages. It would be interesting to see the results of a program that read a 1MB Unicode text file and reported number of lines, bytes, characters etc, and compare using this metric.

                                                                                                                                                                                                    1. 15

                                                                                                                                                                                                      Maybe some folk don’t understand what’s going on here, but this is in direction violation of Postel’s law:

                                                                                                                                                                                                      They’re blocking access from old devices for absolutely no technical reason; they’re blocking read-only access from folks that might not have any other devices at their disposal.

                                                                                                                                                                                                      If you have an old iPod lying around, why on earth should you not be able to read Wikipedia on it? Absolutely no valid technical reason to deny access. Zilch. None. Nada.

                                                                                                                                                                                                      There’s no reason it shouldn’t be possible to read Wikipedia over straight HTTP, for that matter.

                                                                                                                                                                                                      1. 9

                                                                                                                                                                                                        I know next to nothing about security so correct me if I’m wrong, but doesn’t leaving old protocols enabled make users vulnerable to downgrade attacks?

                                                                                                                                                                                                        1. 14

                                                                                                                                                                                                          You’re applying bank-level security to something that’s public information and should be accessible to everyone without a licence or access control in the first place. I don’t even know what sort of comparison to make here best, because in my view requiring HTTPS in the first place here was a misguided decision that’s based on politics, corporate interests and fear, not on rational facts. Postel’s law is also a well-known course of action in telecommunication, even Google still follows it — www.google.com still works just fine over straight HTTP, as does Bing, no TLS mandated from those who don’t want it.

                                                                                                                                                                                                          1. 5

                                                                                                                                                                                                            I agree with you, I’d like to be able to access Wikipedia with HTTP, but this is in my opinion a different issue from disabling old encryption protocols.

                                                                                                                                                                                                            Accessing Wikipedia with secure and up to date protocols might not be necessary to you but it might be for people who live under totalitarian regimes. One could argue that said regimes have better ways to snoop on their victims (DNS tracking, replacing all certificates with one they own…) but I still believe that if enforcing the use of recent TLS versions can save even a single life, this is a measure worth taking. It would be interesting to know if Wikipedia has data on how much it is used by people living in dictatorships and how much dropping old TLS versions would help these people.

                                                                                                                                                                                                            1. 4

                                                                                                                                                                                                              totalitarian regimes

                                                                                                                                                                                                              It’s funny you mention it, because this actually would not be a problem under a totalitarian regime with a masquerading proxy and a block return policy for the https port and/or their own certificates and a certificate authority. See https://www.xkcd.com/538/.

                                                                                                                                                                                                              Also, are you suggesting that Wikipedia is basically blocking my access for my own good, even though it’s highly disruptive to me, and goes against my own self-interests? Yet they tell me it is in my own interest that my access is blocked? Isn’t that exactly what a totalitarian regime would do? Do you not find any sort of an irony in this situation?

                                                                                                                                                                                                              1. 3

                                                                                                                                                                                                                “Isn’t that exactly what a totalitarian regime would do?”

                                                                                                                                                                                                                I think you may have overstated your case here.

                                                                                                                                                                                                                1. 2

                                                                                                                                                                                                                  this actually would not be a problem under a totalitarian regime with a masquerading proxy and a block return policy for the https port and/or their own certificates and a certificate authority.

                                                                                                                                                                                                                  Yes, this is what I meant when I wrote “One could argue that said regimes have better ways to snoop on their victims”.

                                                                                                                                                                                                                  Also, are you suggesting that Wikipedia is basically blocking my access for my own good

                                                                                                                                                                                                                  No, here’s what I’m suggesting: there are Wikipedia users who live in countries where they could be thrown in jail/executed because of pages they read on Wikipedia. These users are not necessarily technical, do not know what a downgrade attack is and this could cost them their lives. Wikipedia admins feel they have a moral obligation to do everything they can to protect their lives, including preventing them from accessing Wikipedia if necessary. This is a price they are willing to pay even if it means making Wikipedia less convenient/impossible to use for other users.

                                                                                                                                                                                                            2. 1

                                                                                                                                                                                                              If they left http, yeah, sure. But I don’t think any attack that downgrades ssl encryption method exists, both parties always connect using the best they have. If there exists one, please let me know.

                                                                                                                                                                                                              There is no technical reason I’m aware of. Why does wikipedia do this? It’s not like I need strong encryption to begin with, I just want to read something on the internet.

                                                                                                                                                                                                              I still have usable, working smartphone with android Gingerbread, it’s the first smartphone I ever used. It’s still working flawlessly and I’m using it sometimes when I want to quickly find something when my current phone has no battery and I don’t want to turn on my computer.

                                                                                                                                                                                                              This move will for no reason kill my perfectly working smartphone.

                                                                                                                                                                                                              1. 9

                                                                                                                                                                                                                But I don’t think any attack that downgrades ssl encryption method exists,

                                                                                                                                                                                                                Downgrade attacks are possible with older versions of SSL e.g. https://www.ssl.com/article/deprecating-early-tls/

                                                                                                                                                                                                                It’s not like I need strong encryption to begin with, I just want to read something on the internet.

                                                                                                                                                                                                                Which exact page you’re looking at may be of interest, e.g. if you’re reading up on medical stuff.

                                                                                                                                                                                                                1. 1

                                                                                                                                                                                                                  Which exact page you’re looking at may be of interest, e.g. if you’re reading up on medical stuff.

                                                                                                                                                                                                                  Are you suggesting that we implement access control in public libraries, so that noone can browse or checkout any books without strict supervision, approvals and logging by some central authority? (Kinda like 1984?)

                                                                                                                                                                                                                  Actually, are you suggesting that people do medical research and trust information from Wikipedia, literally edited by anonymous people on the internet?! HowDareYou.gif. Arguably, this is the most misguided security initiative in existence if thought of in this way; per my records, my original accounts on Wikipedia were created before they even had support for any TLS at all; which is not to say it’s not needed at all, just that it shouldn’t be a mandatory requirement, especially for read-only access.

                                                                                                                                                                                                                  P.S. BTW, Jimmy_Wales just responded to my concerns — https://twitter.com/jimmy_wales/status/1211961181260394496.

                                                                                                                                                                                                                  1. 10

                                                                                                                                                                                                                    Are you suggesting that we implement access control in public libraries, so that noone can browse or checkout any books without strict supervision, approvals and logging by some central authority? (Kinda like 1984?)

                                                                                                                                                                                                                    I’m saying that you may not wish other people to infer what medical conditions you may have based on your Wikipedia usage. So TLS as the default is desirable here, but whether it should be mandatory is another question.

                                                                                                                                                                                                                    1. 2

                                                                                                                                                                                                                      Are you suggesting that we implement access control in public libraries, so that noone can browse or checkout any books without strict supervision, approvals and logging by some central authority? (Kinda like 1984?)

                                                                                                                                                                                                                      PSST, public libraries in the western world already do this to some extent. Some countries are more central than others thanks to the US PATRIOT Act.

                                                                                                                                                                                                                      1. 1

                                                                                                                                                                                                                        public libraries in the western world

                                                                                                                                                                                                                        Not my experience at all; some private-university-run libraries do require ID for entry; but most city-, county- and state-run libraries still allow free entry without having to identify yourself in any way. This sometimes even extends to making study-room reservations (can often be made under any name) and anonymous computer use, too.

                                                                                                                                                                                                                  2. 8

                                                                                                                                                                                                                    I still have usable, working smartphone with android Gingerbread, it’s the first smartphone I ever used. It’s still working flawlessly and I’m using it sometimes when I want to quickly find something when my current phone has no battery and I don’t want to turn on my computer.

                                                                                                                                                                                                                    This move will for no reason kill my perfectly working smartphone.

                                                                                                                                                                                                                    It’s not working flawlessly, the old crypto protocols and algorithms it uses have been recalled like a Takata airbag, and you’re holding on because it hasn’t blown up in your face yet.

                                                                                                                                                                                                                    1. 2

                                                                                                                                                                                                                      This move will for no reason kill my perfectly working smartphone.

                                                                                                                                                                                                                      (my emphasis)

                                                                                                                                                                                                                      So you just use this phone to access Wikipedia, and use it for nothing else?

                                                                                                                                                                                                                      If so, that’s unfortunate, but your ire should be directed to the smartphone OS vendor for not providing needed updates to encryption protocols.

                                                                                                                                                                                                                      1. 2

                                                                                                                                                                                                                        our ire should be directed to the smartphone OS vendor for not providing needed updates to encryption protocols

                                                                                                                                                                                                                        I think it’s pretty clear that the user does not need encryption in this use-case, so, I don’t see any reason to complain to the OS vendor about encryption when you don’t want to be using any encryption in the first place. Like, seriously, what sort of arguments are these? Maybe it’s time to let go of the politics in tech, and provide technical solutions to technical problems?

                                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                                          As per my comment, I do believe that the authentication provisions of TLS are applicable to Wikipedia.

                                                                                                                                                                                                                          Besides, the absolute outrage if WP had not offered HTTPS would be way bigger than now.

                                                                                                                                                                                                                  3. 15

                                                                                                                                                                                                                    I find the connection to Postel’s law only weak here, but in any case: This is the worst argument you could make.

                                                                                                                                                                                                                    It’s pretty much consensus among security professionals these days that Postel’s law is a really bad idea: https://tools.ietf.org/html/draft-iab-protocol-maintenance-04

                                                                                                                                                                                                                    1. 3

                                                                                                                                                                                                                      I don’t think what passes for “postel’s law” is what Postel meant, anyway.

                                                                                                                                                                                                                      AFAICT, Postel wasn’t thinking about violations at all, he was thinking about border conditions etc. He was the RFC editor, he didn’t want anyone to ignore the RFCs, he wanted them to be simple and easy to read. So he wrote “where the maximum line length is 65” and meant 65. He omitted “plus CRLF” or “including CRLF” because too many dotted i’s makes the prose heavy, so you ought to be liberal in what you accept and conservative in what you generate. But when he wrote 65, he didn’t intend the readers to inter “accept lines as long as RAM will allow”.

                                                                                                                                                                                                                      https://rant.gulbrandsen.priv.no/postel-principle is the same argument, perhaps better put.

                                                                                                                                                                                                                      IMO this is another case of someone wise saying something wise, being misunderstood, and the misunderstanding being a great deal less wise.

                                                                                                                                                                                                                      1. 2

                                                                                                                                                                                                                        I can’t really understand advocating laws around protocols except for “the protocol is the law”. Maybe you had to be there at the time.

                                                                                                                                                                                                                      2. 6

                                                                                                                                                                                                                        As I understand it, they’re protecting one set of users from a class of attack by disabling support for some crypto methods. That seems very far from “absolutely no technical reason”.

                                                                                                                                                                                                                        As for HTTP, if that were available, countries like Turkey would be able to block Wikipedia on a per-particle basis, and/or surveil its citizens on a per-article basis. With HTTPS-only, such countries have to open/close Wikipedia in toto, and cannot surveil page-level details. Is that “no reason”?

                                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                                          As for HTTP, if that were available, countries like Turkey would be able to block Wikipedia on a per-particle basis, and/or surveil its citizens on a per-article basis. With HTTPS-only, such countries have to open/close Wikipedia in toto, and cannot surveil page-level details. Is that “no reason”?

                                                                                                                                                                                                                          I don’t understand why people think this is an acceptable argument for blocking HTTP. It reminds me of that jealous spouse scenario where someone promises to inflict harm, either to themselves or to their partner, should the partner decide to leave the relationship. “I’ll do harm if you censor me!”

                                                                                                                                                                                                                          So, Turkey wants to block Wikipedia on a per-article business? That’s their decision, and they’ll go about it one way or another, I’m sure the politicians they don’t particularly care about the tech involved anyways (and again, it’s trivial for any determined entity to block port 443, and do a masquerade proxy on port 80, and if this is done on all internet connections within the country, it’ll work rather flawlessly, and noone would know any better). So, it’s basically hardly a deterrent for Turkey anyways. Why are you waging your regime-change wars on my behalf?

                                                                                                                                                                                                                          1. 1

                                                                                                                                                                                                                            Well, Wikipedia is a political project, in much the same way that Stack Overflow is. The people who write have opinions on whether their writings should be available to people who want to read.

                                                                                                                                                                                                                            You may not care particularly whether all of or just some of the information on either Wikipedia or SO are available to all Turks, but the people who wrote that care more, of course. They wouldn’t spend time writing if they didn’t care, right? To these people, wanting to suppress information about the Turkish genocide of 1915 is an affront.

                                                                                                                                                                                                                            So moving to HTTPS makes sense to them. That way, the Turkish government has to choose between

                                                                                                                                                                                                                            • allowing Turks to read about the genocide
                                                                                                                                                                                                                            • not allowing Turks any use of Wikipedia

                                                                                                                                                                                                                            The Wikipedians are betting that the second option is unpopular with the Turks.

                                                                                                                                                                                                                            It’s inconvenient for old ipad users, but if you ask the people who spend time writing, I’m sure they’ll say that being able to read about your country’s genocide at all is vastly more important than being able to read using old ipads.

                                                                                                                                                                                                                        2. 4

                                                                                                                                                                                                                          I can think of several reasons:

                                                                                                                                                                                                                          • not letting people know what you are reading
                                                                                                                                                                                                                          • not letting people censor some articles
                                                                                                                                                                                                                          • not letting people modify some articles (for example putting an incorrect download link for a popular software without being detected)
                                                                                                                                                                                                                          • making an habit that everything should be HTTPS (for example for people to not be fooled by phishing sites with the lockpad in the URL bar)
                                                                                                                                                                                                                          1. 2

                                                                                                                                                                                                                            So what’s to stop a totalitarian regime from doing the following?

                                                                                                                                                                                                                            • Redirect all DNS queries to their own DNS servers? The root DNS servers use fixed IP addresses, so it would be easy enough to reroute those addresses to return any address they want.
                                                                                                                                                                                                                            • Redirect all DoH to 1.1.1.1 (or other well known DoH addresses) to again, their own server? Is the CloudFlare public key installed on all browsers? How would you know you are hitting CloudFlare, and not TotallyCloudFlare served by TotallyLegitCA?
                                                                                                                                                                                                                            • Given control over DNS, redirect users to TotallyWikipedia? Again, do you know what CA Wikipedia uses? They can then decode (doesn’t matter if it’s SSL/1.0 or TLS/1.3) the request and proxy it or send out security to question the loyalty of the citizen. Or you know, download the entirety of Wikipedia (which anyone can do), and serve up a cleaned up version to their citizens.
                                                                                                                                                                                                                            1. 1

                                                                                                                                                                                                                              The difficulty is to setup/enrole TotallyLegitCA. How do you do that? If TotallyLegitCA is public, the transparency log will quickly reveal what they are doing. The only way to pull that seems to force people to have your CA installed, like Kazakhstan is doing.

                                                                                                                                                                                                                              1. 2

                                                                                                                                                                                                                                We’re talking about a totalitarian regime (or you know, your standard corporation who install their own CA in the browser).

                                                                                                                                                                                                                          2. 3

                                                                                                                                                                                                                            That’s actually incorrect. There are various technical reasons. But also remember that they need to operate on a vast scale as a non-profit. This is hard.

                                                                                                                                                                                                                            Here are some technical reasons. I’m sure others will chime in as there are likely many more.

                                                                                                                                                                                                                            • some attacks on TLSv1.0 can compromise key material which is used for the newer, secure versions of TLS
                                                                                                                                                                                                                            • attacks only get better
                                                                                                                                                                                                                            • removing old code reduces complexity
                                                                                                                                                                                                                            1. 0

                                                                                                                                                                                                                              providing a read-only version without login over HTTP shouldn’t really add any new code except they’d be on a HTTP-2-only webserver if I’m not mistaken.

                                                                                                                                                                                                                            2. 2

                                                                                                                                                                                                                              There are arguments for an inverse-postel’s law given in https://m.youtube.com/watch?v=_mE_JmwFi1Y

                                                                                                                                                                                                                              1. 0

                                                                                                                                                                                                                                But I hear all the time that I must ensure my personal site uses HTTPS and that soon browsers will refuse to connect to “insecure” sites. Isn’t this a good thing Wikipedia is doing? /s

                                                                                                                                                                                                                                Edit also see this discussion: https://lobste.rs/s/xltmol/this_page_is_designed_last#c_keojc6

                                                                                                                                                                                                                                1. 7

                                                                                                                                                                                                                                  I have HTTPS on my completely static website mostly so that no one asks why I don’t have HTTPS, but on the other hand, the “completely static” part is only relevant as long as there are only Eves in the middle and no Mallories.

                                                                                                                                                                                                                                  If serving everything over HTTPS will make the life of ISPs injecting ads and similar entities harder, it’s a good thing, until there’s a legal rather than technical solution to that.

                                                                                                                                                                                                                                  1. 2

                                                                                                                                                                                                                                    I actually think that HTTPS is reasonable for Wikipedia, if for nothing else to hinder 3rd parties for capture your embarrassing edits to “MLP: FIM erotica” and tracing it to back to you. For a static, read-only site it just adds cost and/or a potential point of failure.

                                                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                                                      For a static, read-only site it just adds cost and/or a potential point of failure.

                                                                                                                                                                                                                                      dmbaturin just said what the value add is. HTTPS prevents third parties from modifying the content of your static site.