1. 5

    From the linked post

    I can’t imaging anyone going through tweets from 2010 and actively reporting them, so it seems more likely that they must be using some algorithm to go back and find posts they consider offensive, throughout the history of their site.

    (my emphasis)

    This is a serious allegation to make. Why isn’t it possible that someone is searching for offensive things people said about Sarah Palin 10 years ago, found it, and flagged it?

    If Twitter is scanning old tweets and attempting to erase them, they’re also erasing a part of their history and the history of their users.

    Twitter could go out of business at any time, and people’s tweets would be gone too. It’s a free service. If you’re concerned about your tweets, back them up.

    1. 6

      Twitter’s archive is of substantial historical value. So long as Twitter actively positions itself as a platform for public debate and political communication, users will expect a greater-than-normal degree of transparency and accountability. While they are not legally required to save all this material, they do have an ethical obligation to document changes that they’ve made to the historical record. I can’t comment on this particular case but I am sure that this will continue to be a problem in the future– especially when they go out of business.

      1. 1

        This is a serious allegation to make. Why isn’t it possible that someone is searching for offensive things people said about Sarah Palin 10 years ago, found it, and flagged it?

        And how’s that any better? Applying modern rules to historical content isn’t something that should be celebrated in my book. TBH, the tweet in question is a bit on the extreme side, but this concept has also been used as a pretext to de-platform users mostly just due to their ideologies, by reporting tweets that were years old.

        I mean, an easy solution is to just remove all your old tweets. Is that really what they want?!

        1. 2

          And how’s that any better? Applying modern rules to historical content isn’t something that should be celebrated in my book.

          We’re talking about ten years, not a thousand. Things haven’t changed that much.

          1.  

            It’s a difference in degree.

            If someone flags a tweet, presumably someone at Twitter makes the call that this should be cause for locking the account. I.e. there’s a human element in the loop.

            The author thinks that Twitter without external prompting is flagging tweets and locking accounts. There’s no evidence that this is happening - I’d consider evidence of that being more than one Twitter user reporting that this is happening to them.

            this concept has also been used as a pretext to de-platform users mostly just due to their ideologies, by reporting tweets that were years old.

            I am not condoning this, but it’s different from what the author of the linked post is presuming.

        1. 12

          Tcl is pretty fancy. I think it deserves more praise. ;-)

          1. 7

            I hadn’t done much/anything with it before today, but my work today has made me like it a lot. Writing bare words instead of quoted strings improves (interactive) usability far more than it ought to. I always suspected as much, because R’s wonderful tidyverse does a similar thing; but I never dared to trust that gut feeling. Now that I’ve experienced it in the tidyverse, the shell, and Tcl I’m pretty sure that feature is just that nice (for me).

            (For an example of unquoted strings (actually column names) in the tidyverse, see this analysis of the diamonds dataset. It’s the code block that starts with library(modelr), just below the scatter plot of Old Faithful data. Fantastic for exploratory data analysis.)

            1. 0

              Writing bare words instead of quoted strings improves (interactive) usability

              Is it because you usually work in an editor that colorizes the quoted strings like tropical fruits?

              Strings as distinctive syntactical elements are more useful.

              1. 2

                That and the overhead of actually typing the quote marks.

                1. 2

                  That these tools operate without quotes make me think the editors could do the same thing, too.

            1. 6

              It is true that memory unsafety is real security threat for performance sensitive software written in C and C++, it’s partly why you see browsers like Firefox and Chrome switching to garbage collection for things that were previously managed manually, such as the DOM.

              I don’t think that languages like Rust and Swift as they stand are the answer. While it’s true that Firefox have switched to Rust for some of their internal components, if I remember correctly they have forms of tracing garbage collection tacked on where they enforce correct usage with a set of additional programming rules, which are checked with linting plugins.

              If you want complex graph-like data structures in standard Rust, you will soon find the single ownership model unsuitable. At this point, your choices are: i) try very hard to get things right with unsafe blocks, at which point you’re back in memory unsafety land or ii) make heavy use of reference counting containers, which have a significant performance overhead. In Swift the story is similar - reference counting is not cheap. In addition, to prevent leaks, care must be taken to ensure cycles are broken with weak reference placement, which in complex graphs is also non-trivial.

              It feels to me like an acceptable trade-off here would be some form of fast, opt-in tracing GC for managing complex data structures, where reasoning about liveness is hard and UAFs are more likely; and C++ style RAII for everything else. There is no silver bullet when it comes to memory, and as much as I’m sure lots of these large C / C++ projects would be relieved to reduce memory bugs, convincing them to switch to Rust or Swift as they currently stand may be impractical from a performance perspective.

              1. 16

                try very hard to get things right with unsafe blocks, at which point you’re back in memory unsafety land

                The point of Rust isn’t just about not using unsafe. The point of Rust is that if you need to use unsafe, then you should be able to button it up behind a safe API that can never be used in a way that results in memory unsafety. That is a striking improvement over languages that are “unsafe by default.”

                It feels to me like an acceptable trade-off here would be some form of fast, opt-in tracing GC for managing complex data structures, where reasoning about liveness is hard and UAFs are more likely; and C++ style RAII for everything else.

                This would be an interesting project, yes. Rust used to have garbage collected pointers (via the @ sigil), but dropped them in the move to 1.0. I wouldn’t be surprised if something like this came back in library form. I know some folks have worked on this in the past, but it’s hard.

                There is no silver bullet when it comes to memory, and as much as I’m sure lots of these large C / C++ projects would be relieved to reduce memory bugs, convincing them to switch to Rust or Swift as they currently stand may be impractical from a performance perspective.

                It’s a game of inches. Getting folks to recognize that memory safety is a problem in unsafe-by-default languages is step 1, and I don’t see any problem with that. There are still tons of folks that don’t think it is a problem.

                1. 3

                  While it’s true that Firefox have switched to Rust for some of their internal components, if I remember correctly they have forms of tracing garbage collection tacked on where they enforce correct usage with a set of additional programming rules, which are checked with linting plugins.

                  The only reason why that’s there is because, by specification fiat, they have to share the DOM with a JavaScript program.

                  1. 3

                    The only reason why that’s there is because, by specification fiat, they have to share the DOM with a JavaScript program.

                    To be fair, some Rust libraries have collection strategies. They are not traditional GC, but e.g. epoch based reclamation is sometimes used.

                    But that argument isn’t very interesting: not having a garbage collector in the language enables such techniques can be opted in or even kept local.

                1. 2

                  Another terrible PHP kludge from the people who’ve been bringing you PHP kludges for years

                  I’m being overly negative, but this whole document reads like a justification for not making a decision and ending up with something that is still attempting to mash together a hot mess with some clean ideas - placating and attempting to artificially hold together a whole community at the expense of clarity, specificity and different groups being able to specialise into their own areas.

                  If you’ve got to write something like ‘this isn’t a fork’ that many times, it’ll probably fork.

                  1. 3

                    To me it reads like they want to avoid another Python 3 drama,to me that makes a lot of sense!

                    I’m being overly negative

                    Yeah, you don’t like PHP, based on an opinion formed in 2003? :)

                    The worst parts of PHP, for me as a PHP developer, are the bindings to C libraries like libxml2 and openssl. They are truly horrible and not really fixable, but that’s the same in other language because those library APIs suck.

                    It is not so difficult to use PHP’s “good parts”. It is very easy to write PHP code that runs on PHP 5.4 (2012) and still works great on 7.3 (2018) without any changes.

                    1. 2

                      I still don’t like PHP, based on an opinion last revised two months ago.

                      It sounds like you believe that people, not languages, are to blame for when people write bad code in a language. But I think that the language, too, plays a role. Language helps us shape and anchor our thoughts. When a language has bad parts, not only must those parts be avoided, but they must be avoided at every junction throughout a language where we might consider using that part, or where that part intersects our thoughts. A language with bad error handling will make every call site into a hazard zone; a language with bad parsing will make a writer second-guess every usage of punctuation.

                      Keep in mind that a PHP environment is not just its version, but also its php.ini configuration.

                      As for the original article, I agree with the grandparent poster that it seems like an attempt to not confront the worst parts of PHP’s design. The language has so many misfeatures, and its core design principles are so compromised, that we really ought to not encourage any sort of backwards-compatibility. For example, the article says:

                      There are two big, substantial schools of thought in the PHP world. The first likes PHP roughly the way it is - dynamic, with strong BC bias and emphasis on simplicity; The other, prefers a stricter language, with reduced baggage and more advanced/complex features. There’s no ‘right’ or ‘wrong’ here. Both schools of thought are valid, and have a very substantial following.

                      To quote from my revised opinion:

                      Brent lists five tenets: active core development, performance, active ecosystem development, new features, and tooling. Eevee also lists five tenets: predictability, consistency, concision, reliability, and debuggability. Brent derives value from PHP by using PHP to solve problems for clients; PHP is a tool. However, Eevee considers PHP as an expressive medium, similar to natural languages or bytestrings, and asks how we might improve our ability to understand utterances of PHP.

                      It sounds like P++ is born almost entirely from Brent’s school of thought. Neither of the identified “schools of thought in the PHP world” value Eevee’s tenets at all, aside from P++ seeing concision by seeking to remove some “baggage”. However, rather than trying to improve linguistic clarity, the P++ author seeks only to remove unused language features in order to ease development and maintenance of the PHP core toolchain. In other words, this is actually a play for Brent’s desire for active core development, new features, and tooling.

                      A cousin comment points out that this proposal is somewhat analogous to use strict; directives in other languages. In those situations, namely Perl 5 and JS, strict dialects were an attempt to cut down on hard-to-compile, hard-to-analyze, hard-to-read, complicated, or underused language features. It’s easy to interpret P++ as seeking to reach an analogous house-cleaning.

                      I’m not yet being overly negative.

                    2. 2

                      They aren’t saying so, but it basically sounds the same as use strict from JavaScript and Perl. It specifically allows a single codebase to contain both PHP and “P++” code, unlike Python 3, and as a result allows you to incrementally migrate.

                      My biggest annoyance at PHP, unfortunately, is the way arrays work. And since arrays end up being part of library APIs, it’s impossible to maintain backwards compatibility while fixing it.

                      1. 1

                        as a result allows you to incrementally migrate.

                        An incremental migration that will never be complete, so you have to drag along all that previous behaviour as well which might over time bit-rot as its usage drops to a low but non-negligible amount.

                    1. 3

                      Isn’t the culture tag exactly for articles like this one?

                      1. 3

                        This looks pretty great! Moving to CMake seems like the smart move, and I’m super psyched at their continued level of investment in Python.

                        Kinda sad about their intent to move away from OpenGL and to Vulcan, Metal and Direct3D though. I guess the idea of one 3D graphics API to rule them all is dead?

                        1. 4

                          Apple claims that they’re going to remove opengl support from MacOS at some unknown point in the future, Qt is just preparing for that I guess.

                          1. 4

                            Apple is super annoying these days :) (I mean, I know they always have been, but lately I feel like they’ve turned it to 11, or maybe just in areas I care about!)

                            I wonder if Vulcan is a possibility on OSX. Betcha it will be once all the game studios start writing for Google Stadia (Ungh.)

                            1. 10

                              There is moltenvk, which implements (a subset of) vulkan on top of metal.

                              1. 8

                                And gfx-portability too.

                          2. 2

                            My understanding is that OpenGL is a pain to use in general, not just cuz of driver stuff but that the API itself is not something that (notably) game developers enjoy using.

                            So there aren’t too many people going to bat for OpenGL

                            1. 1

                              I thought that Vulcan is supposed to be the new “one 3D graphics API to rule them all”?

                              1. 3

                                Not without Apple’s buy-in it won’t be.

                              2. 1

                                Moving to CMake seems like the smart move

                                I’m a little disappointed that they’re dumping QBS development on the “community”. My impression is they went straight from “Technology preview” to “We’re not going to continue developing QBS because noone’s using it” without any sort of “QBS is ready now, please try it” announcement.

                                1. 1

                                  Aren’t you supposed to be able to throw away prototypes?

                                  1. 1

                                    Absolutely, but not with the justification that customers weren’t using them.

                                    Edit: “details” can be found in this mailing list thread if you’re interested: https://lists.qt-project.org/pipermail/development/2018-October/thread.html#34023

                              1. 14

                                I’m not sure what it is about the field (Regulatory capture? Excessive conservatism? Pathologically outdated hardware?), but I’ve literally been praised by doctors for providing SaaS stuff that is “super-fast” when IMO it’s merely acceptable. We use MySQL Workbench to ensure that we never perform full-table scans and we provision hardware (on-site / off-site, at the customer’s option) that doesn’t suck. And we avoid doing anything that will crush the browser under too many DOM nodes or force server round-trips just to open a menu (which are two like explanations for the problem with the ePCRs, the other is that they might be using an eInk display).

                                  1. 2

                                    Likewise Webkit: https://github.com/WebKit/webkit/blob/master/Source/WebCore/css/CSSToStyleMap.cpp

                                    WebKit has an extensive specification and design docs outside the code itself. For most of what you would use comments for, they just do it with other things.

                                    1. 1

                                      OpenSSL has few comments: https://github.com/openssl/openssl/blob/master/ssl/ssl_cert.c

                                      I’m not sure OpenSSL is a great example (e.g. code involved in CVE-2014-0160 was reviewed/accepted and existed for 2 years before it ‘officially’ was discovered). They also use 1 character variable names pretty heavily, which I wouldn’t consider ‘self documenting’ code to use much. The function names are descriptive though, so I’ll give them that! Maybe this is just a weak example of ‘poorly documented code’?

                                    1. 25

                                      Boy, this might not be a popular opinion, but here it goes…

                                      Suppose someone posted a manifesto to Lobsters, and then went on a mass shooting spree. Should Lobsters be shut down for it?

                                      If 8chan uses Let’s Encrypt (I don’t know if they do), should their TLS certs be revoked?

                                      It’s no secret that 8ch is extreme compared to the rest of the internet. But on the gunman’s thread, apparently 8chan mocked the shooter. I don’t know. I haven’t seen the thread; that info comes from hearsay around the internet. The point is, we’re getting our news about this incident from sources other than 8chan, because it seems like most of us don’t participate on 8chan.

                                      Note that Cloudflare has terminated support for a social network for sex workers: https://twitter.com/SarahJamieLewis/status/1158203593071067136

                                      It’s very easy to jump on the bandwagon of targeting 8chan for this. It’s not so easy to carefully consider the long-term implications of shutting down years-long websites with active communities.

                                      8chan’s cloudflare protection terminates in just over three hours. We’ll see if a gigantic DDoS is about to follow.

                                      I think this is one step closer to the web becoming a series of centralized institutions. And personally, I don’t like the implications of that. The New Zealand shooter livestreamed his attack on Facebook, yet faced no repercussions. When I tried to google for 8chan, the site is completely absent in the search results. I had to use ddg just to get to it.

                                      This is simply my own point of view though. I understand and respect that others have different feelings on the matter.

                                      EDIT: I found a copy of the 8chan thread: https://web.archive.org/web/20190803162950/https:/8ch.net/pol/res/13561044.html

                                      I encourage all of you to read the community response and form your own conclusions.

                                      EDIT2: 8chan is now offline. I assume they’ll be back up within 48 hours, but for better or for worse, cloudflare basically took down this site on short notice in the middle of the night on a Sunday.

                                      1. 35

                                        Suppose someone posted a manifesto to Lobsters, and then went on a mass shooting spree. Should Lobsters be shut down for it?

                                        I assume the post would be removed for violating site policy and wouldn’t harbour it - no need for the state to force the site.

                                        1. 14

                                          Certainly. Calls for violence are against 8chan’s ToS too.

                                          It could be true that 8chan doesn’t enforce their ToS. But we don’t have the data, and it seems plausible that 8chan deleted the thread when the moderators became aware of it.

                                          EDIT: It’s impossible to know for sure, but people are claiming that 8chan took down the manifesto within minutes, and reacted faster than Facebook did. https://www.reddit.com/r/technology/comments/cm4on1/cloudflare_to_terminate_service_for_8chan/ew075j6/

                                          1. 18

                                            I think the ToS and how fast the manifesto was removed is irrelevant.

                                            The events leading up to the shooting rampage are what matter. There is every indication that over the last six months multiple terrorist attacks were committed by people radicalized on 8chan. The whole extremist community is the problem, not how fast they respond to obvious signs of extremism once an atrocity has been committed.

                                            There is one method we know that works for extremist communities like this: cutting off their platform restricts the extent they can recruit and pushes them underground, where they can be better contained.

                                            Are there some non-extremist parts of 8chan? Possibly, but it’s also irrelevant. Having a community engage in extremism or being taken over by extremists should have consequences and that applies to people willingly associating with that kind of community.

                                            1. 4

                                              radicalized on 8chan

                                              I would assert most people aren’t radicalised on 8chan. It’s where you end up once you’re radical, because only a radical can find that kind of environment sufferable. In a sense, 8chan works as refuge for radicals.

                                              1. 17

                                                There is probably a progression, however the evidence seems to bear out that 8chan’s environment heavily contributes (but probably isn’t the only factor) in making extremists out of these people.

                                                1. 9

                                                  Radicalization isn’t a binary. I’m sure there are plenty of people posting on 8chan and similar corners of the web who are quasi-racist trolls posting “for the lulz” and wouldn’t escalate to violence. But how much does the insular environment push them further to violence? How much does an environment filled with people saying “kill (((them)))” further push people who are already willing to become violent?

                                                  Some research on this topic paints a picture of the impact of sites like 8chan:

                                                  For lone wolf terrorists of the post-9/11 period, traditional loci of radicalization have been replaced by informal online social networks, the civilian workplace, and mass media

                                                  Lone wolves are enabled through either direct means in the form of people who unwittingly assist in planning attacks, or indirectly by people who provide inspiration for terrorism.

                                                  During the pre-9/11 era, 57% of the lone wolf terrorists were enabled by others. In the post-9/11 era, the figure rose to 67%. Nearly all of the enabling was indirect.

                                                  1. 3

                                                    Out of a morbid curiosity, are they including lone wolves that were groomed by overzealous feds?

                                                    1. 4

                                                      In their longer book on the subject, Hamm and Spaajj pull no punches there:

                                                      The strongest and most provocative work exists in the book’s final two chapters which provide a thorough indictment of the FBI’s Sting Program on its ethical grounding and “for diverting resources away from the real problem”

                                                      [they] accuse the FBI of “mythmaking”: exaggerating the threat of these suspects to appease a “results driven culture”, to give the impression that America is winning the war on terrorism and to justify additional funding.

                                                      (doi:10.1080/17539153.2017.1384154)

                                              2. 4

                                                8chan’s moderation is often laser-focused when it comes to rulebreaking, on the popular boards at least.

                                              3. 3

                                                8chan /pol/’s moderators did and were trying to remove it for violating site policy.

                                              4. 23

                                                I can see how you might get to this position, starting from zero or close to it. I don’t even think such a position is bad in the abstract, i.e., if we were to apply a veil of ignorance, I would generally agree that Cloudflare shouldn’t do this. But 8chan and lobste.rs are very different sites, as you allude to. Your hypothetical positions them as equivalents, but 8ch is not the same kind of site. Consider the work done by Bellingcat contributor Robert Evans, that links to his most recent (and relevant) work on the subject. He lays out clearly how the 8ch board members aren’t mocking the terrorist here, but rather encouraging and radicalizing others.

                                                A more apt analogy would be if someone posted a manifesto to Daily Stormer, or the InfoWars message boards, or another site which actively works to radicalize it’s members, in those situations, is it ethical for someone to continue working with them if those sites show a longstanding tolerance for speech which leads to terrorist acts?

                                                We don’t live in a perfect world, and I am happy to stand at the front of the line in criticizing Cloudflare for lots of things, but I find it difficult to defend a site which so happily supports terrorists and who’s participants work to create more of them. I don’t think it’s ethical to work with terrorists, I don’t think it’d be unethical for Cloudflare, LetsEncrypt, or anyone else to refuse them service.

                                                I think it’s reasonable to worry about the web being centralized, but I don’t think that this is any more or less a step in that direction than the existence of cloudflare as a service in-and-of-itself. I’m also someone who generally dislikes any corporation because I’m a weirdo lefty. But that’s another topic.

                                                1. 12

                                                  If 8chan is anything like 4chan

                                                  Certainly. Calls for violence are against 8chan’s ToS too.

                                                  Anon imageboards have a simply unsustainable community model. It’s impossible to hold anyone accountable for anything they do on there. Facebook and Twitter has serious problems, but at least if they kick someone off the site, it has some teeth to it (you lose all your followers). The closest thing 8chan has is an IP block, and that can be instantly routed around with a proxy and you lose nothing when you do so. There’s a reason why, despite nominally having a rule against it in their ToS, these sites are known for activities like the Anonymous group, /pol/, and cyberbullying. They might talk a good game about moderating their site in their ToS, but they deprive themselves of the tools to really pull it off.

                                                  But on the gunman’s thread, apparently 8chan mocked the shooter. I don’t know. I haven’t seen the thread; that info comes from hearsay around the internet.

                                                  These sites are a lot less conflict-averse than most online communities. I’m not surprised that somebody on there would mock the shooter. There’s probably someone else saying that the shooter did nothing wrong, someone else saying that the shooter was driven to it by our “degenerate” society, and someone else saying that the shooter should’ve just committed suicide and left everyone else out of it. A sufficiently long thread will always have a dissenter in it, pretty much no matter what.

                                                  I have reservations about this incident, because I don’t like the fact that it’s CloudFlare doing it. I’d rather just have the site shut down by the government for negligent publication of text that incites violence, but that’s never going to happen as long as the big websites lobby against it…

                                                  1. 4

                                                    Polite request - could you add a NSFW disclaimer to those top links? Those advertisements are not something I’d want popping up in the office :)

                                                    1. 3

                                                      activities like the Anonymous group, /pol/, and cyberbullying

                                                      These are not against the rules, and so are not bannable offenses.

                                                      1. 7

                                                        You know that hacking, hate speech, and harassment are illegal, right?

                                                        1. -1

                                                          Anonymous are not inherently hackers, hate speech is free speech, and cyberbullying could be depending on the context: I doubt posting about someone online without posting directly to them would be deemed harassment in court.

                                                          1. 8

                                                            I’ve seen calls to directly harass someone not be removed, (and was moderating the other end), so my view of their mods are not as positive as yours.

                                                            Hate speech is only free speech in a very fundamental interpretation of it and definitely illegal in many jurisdictions.

                                                            1. 3

                                                              Anonymous are not inherently hackers

                                                              Sure, they also did zero-hacking DDoS, spear phishing, and intentionally flooding phone lines, all of which would at least be grounds of a restraining order if it weren’t such a pain to figure out who the order should even be served to.

                                                              hate speech is free speech

                                                              As was already brought up elsewhere in the conversation tree, “free speech zones” suck like a Hoover. That’s probably one of the reasons you’re on Lobsters instead of /g/.

                                                              cyberbullying could be depending on the context

                                                              I’m talking about planned raids when I refer to cyberbullying. Not just calling people names in public, but rather calling people names in places where they will be notified about it (like if I posted @WilhelmVonWeiner is a poopy-head on here, so that you would be automatically notified and thus making it probable, rather than merely possible, that you will read it).

                                                              Obviously, there’s always an element of context to something like that, but considering how beyond-the-pale the instances have been known to get, I’m curious what definition of cyberbullying you’d use that doesn’t include 4chan raids on other sites.

                                                              1. 1

                                                                No, I’m not on /g/ because 8chan’s equivalent is /tech/, and nobody on /g/ or /tech/ actually knows anything about technology

                                                                1. 4

                                                                  I agree, but I’m curious: have you ever thought about why so much more interesting discussions happen on here compared to there?

                                                                  1. 1

                                                                    …nobody on /g/ or /tech/ actually knows anything about technology.

                                                                    1. 5

                                                                      Why? Why don’t people who know anything about technology hang out on anon boards?

                                                                      1. 1

                                                                        Probably for the same reason. More people who know nothing past consumer technology post there than people who do, so it drowns out anything interesting. This was the case long before the extreme politicisation of imageboards.

                                                        2. 1

                                                          I’m not sure entirely how it works, but I’ve flipped though 4 and 8chan enough to notice that 8chan must have some sort of moderation.

                                                          4chan pol is all over the place. Extremists and conspiracy theorists of all stripes constantly arguing with each other and trying to out-troll each other. It’s hard to tell what’s even serious, and I’ve never noticed any consistent position to it all.

                                                          8chan pol appears to be full-on Nazis. No serious opposition noticeable. But there also appears to be a leftypol that is full-on Communists, calling for violent communist revolution. Apparently they raid each other periodically, though the righty pol seems to be much bigger.

                                                        3. 10

                                                          Suppose someone posted a manifesto to Lobsters, and then went on a mass shooting spree. Should Lobsters be shut down for it? […] It’s not so easy to carefully consider the long-term implications of shutting down years-long websites with active communities.

                                                          I would shut down Lobsters rather than run a site where mass murders regularly propagandize their atrocities, yes. This is, in fact, a very easy question.

                                                          1. -1

                                                            There are less easy, more realistic scenarios. Suppose someone posted a manifesto, and then took down an electric grid due to an unpatched security issue, resulting in some deaths. (This may seem contrived, but public infrastructure has historically been the most vulnerable.)

                                                            Lobsters has become my home. It’s unfortunate that the community would be shut down due to the actions of one malicious person.

                                                            On the other hand, even if you wanted to keep Lobsters running afterwards, you might not be able to, because the wider internet might deplatform your CDN: https://twitter.com/CodeMonkeyZ/status/1158422046176530432

                                                            1. 8

                                                              Why do you keep imagining scenarios of one lone wolf when 8chan has been home to three mass murderers this year?

                                                              1. 1

                                                                Personally, Im looking at the potential of and actual good Ive seen on Lobsters vs some asshole who might do their evil deed anywhere. Destroying all the good Lobsters did and might do over one murderer is a poor trade in my book. I’d rather fight the specific behavior or commenters promoting violence against innocent people to eliminate the problem while keeping whatever good the site brings.

                                                                8chan couldve adopted this philosophy. They and that channel didnt care. Damage followed. It wasn’t because 8chan as a whole existed, though. They just didn’t cut out those with the worst intentions consistently working toward delivering on them. The haters weren’t even hiding what they were doing per articles Lobsters shared. Bad administration over there is all.

                                                                1. 1

                                                                  Because I am trying to persuade you to think about the implications of what you’re saying. Calls for violence are against the site’s ToS, just like Lobsters, and they actively moderate and ban offenders, just like Lobsters. Yet 8chan is being forced offline for not doing a good enough job in the eyes of the wider internet.

                                                                  We don’t know how much those people used 8chan. Before the internet, crazies sent mail to news stations to get attention. Why is this any different?

                                                                2. 6

                                                                  You seem to be trying your best to treat both sites as equal and come up with a “this could happen anywhere!” argument. But it wouldn’t. Because most sites are not the first port of call for white nationalist terrorists looking to chat with other white nationalists in advance of a terror attack; that honor falls to 8chan and friends.

                                                                  If your hypothetical came true, most likely the manifesto would be downvoted from the beginning. I can’t speak for mods but would be shocked if it wasn’t removed immediately and the poster banned. The community certainly would not repost it multiple times after that; if you’re looking for that experience, try 8chan.

                                                                  And the site wouldn’t face any harm afterwards because the community does not have a history of supporting terrorism and terrorists - 8chan does.

                                                                  These things don’t just happen in a vacuum. Context matters.

                                                                  1. 0

                                                                    I can’t speak for mods but would be shocked if it wasn’t removed immediately and the poster banned.

                                                                    That is literally what happened on 8chan. They reacted within minutes.

                                                                    1. 3

                                                                      Cool. Now try the other two.

                                                                      Context matters.

                                                                  2. 2

                                                                    Don’t use weasel words such as “deplatforming” - it’s not what’s happened here. The CDN in question (BitMitigate) was renting hardware and broke the acceptable use policy of their host.

                                                                    “Deplatforming” refers to the practice of “meta service providers” such as Youtube, Twitter and Facebook of removing content from popular listings, search results, and/or ad revenue for reasons that are unclear to the content producer, or that can change over time. It’s also a dog-whistle used by right-wing commentators who believe that content they approve of is being suppressed by these large social media companies.

                                                                    1. 2

                                                                      Then why isn’t 8chan up and running again? The site’s still down.

                                                                      This is a legit use of the term deplatforming. The entire world is coming together to make sure 8chan stays offline.

                                                                      The host wasn’t the one demanding that BitMitigate be taken offline. The internet was. Reporters even showed up on the Twitter thread – if they had said no, what do you think would have happened? You’re literally not allowed to say “Yes, this content can stay” in that context, because you’d lose business.

                                                                      Framing it as an AUP violation isn’t really true in that context.

                                                                      1. 3

                                                                        Then why isn’t 8chan up and running again? The site’s still down.

                                                                        Presumably because they didn’t have a contingency plan in place, other than contracting with BitMitigate, who seem to have built their free-speech mansion on shaky ground.

                                                                        No doubt they will be up on the internet in a couple of days. Non olet as the Romans used to say - money doesn’t smell.

                                                                        This is a legit use of the term deplatforming.

                                                                        I don’t agree. It’s more restrictive than deplatforming. The content is, as you say, inaccessible. Deplatformed content is accessible, as long as you have the direct URL to it. But you are using “deplatforming” in the wider, politicized context. This is just confusing, because people might think that it’s just a question of 8chan not being indexed by Google, or them not being able to use AdWords for ads.

                                                                        The entire world is coming together to make sure 8chan stays offline.

                                                                        This does not seem to be the case to me. It might look that way on Twitter though.

                                                                        Framing it as an AUP violation isn’t really true in that context.

                                                                        I’m obviously not privy to the specific terms of that AUP that Epik/BitMitigate signed with Voxility, so I’m quoting from the Verge article I’m using as source for this (it was submitted to HN yesterday):

                                                                        “As soon as we were notified of the content that Epik was hosting, we made the decision to totally ban them,” Voxility business development VP Maria Sirbu told The Verge. Sirbu said it was unlikely that Voxility would work with Epik again. “This is the second situation we’ve had with the reseller and this is not tolerable,” she said.

                                                                        It seems pretty cut and dried to me. This is a business decision by Voxility, regarding the kind of customers they want to work with.

                                                                        (Edit added a quote and a response)

                                                                        1. 1

                                                                          It’s probably productive to agree to disagree then.

                                                                          A website was cut off from ~all services within 24 hours on short notice. If AWS, Digital Ocean, and every other host refused to do business with you, would you say you didn’t have a contingency plan?

                                                                          No doubt they will be up on the internet in a couple of days.

                                                                          This is looking increasingly unlikely. I think we may very well be looking at the first large-scale deplatforming of a relatively popular website. I keep using that word because that is the definition:

                                                                          Deplatforming, also known as no-platforming, is a form of political activism or prior restraint by an individual, group, or organization with the goal of shutting down controversial speakers or speech, or denying them access to a venue in which to express their opinion.

                                                                          No business in the world can host 8chan and face no backlash from their customers. There is no business incentive to do business with 8chan, so all of them will say no. Therefore the world is cooperating to see that 8chan is removed from a venue to speak: the internet.

                                                                          By the way, I was blacklisted from HN nearly a year ago after asking about their moderation policies publicly. This is partly why these issues are rather important to me.

                                                                          1. 2

                                                                            I agree, I think it’s best we end our discussion.

                                                                            Thanks for clarifying what you mean by “deplatforming”. What’s the source of that quote, by the way? I’ll update my vocabulary accordingly.

                                                                            No business in the world can host 8chan and face no backlash from their customers.

                                                                            You have a higher opinion of the morality of global capitalism than I do.

                                                                            Therefore the world is cooperating to see that 8chan is removed from a venue to speak: the internet.

                                                                            Let’s get real here - the world is depriving a website the ability to monetize speech that is explicitly anonymous. I have very little sympathy for people espousing the sort of ideology apparent on /pol/, but I have even less for cowards who won’t stand behind their words.

                                                                            1. 1

                                                                              At least I was able to persuade you from “It’s not happening” to “It’s happening, but our cause is righteous.”

                                                                              The main point isn’t really about 8chan. It’s about leading indicators. Once it’s in vogue to start banning social networks and working together to keep them off the internet, it seems like a matter of time before various communities are targeted by news agencies.

                                                                              By the way, you could make the same argument about Twitter: It’s allowed white supremacist content for years. It’s a platform where people go to reinforce their own views. And it served as the largest hub for 8chan followers to figure out where to go next. Ban twitter? Why or why not? What’s the difference?

                                                                              (re: the definition, honestly I just typed define: deplatforming into google.)

                                                                              1. 2

                                                                                At least I was able to persuade you from “It’s not happening” to “It’s happening, but our cause is righteous.”

                                                                                You have done no such thing. I have never denied that 8chan is offline, or the processes that caused it.

                                                                                I am not advocating online for the banning of 8chan - I’m not naive enough to believe that this will stop the radicalization of lone wolves. I’m interested in the mechanics of modern web publishing at scale, and how it interacts with free speech. I’ve learned a lot about the roles of CDNs through this story.

                                                                                As to my distaste of people anonymously or not advocating mass murder - that’s hardly a fringe position.

                                                                                Finally, the definition of “deplatforming”. This is the link I get from searching like you did:

                                                                                https://en.wikipedia.org/wiki/Deplatforming

                                                                                A quick glance through the reference list shows that this is most likely a partisan article that’s worked hard to satisfy Wikipedia’s standards for notability. Like many other hot-button issues and terms, I do not believe a Wikipedia definition to be a good basis for discussion.

                                                                                This is my final comment in this matter. Thanks for the discussion.

                                                                3. 8

                                                                  When I tried to google for 8chan, the site is completely absent in the search results. I had to use ddg just to get to it.

                                                                  Yep. And this censorship feeds directly into the narratives peddled by the hate groups.

                                                                  1. 32

                                                                    And this censorship feeds directly into the narratives peddled by the hate groups.

                                                                    Any circumstance would be bent to fit their narrative, so this isn’t particularly relevant to informing policy.

                                                                    1. 4

                                                                      Sort of, but there’s a little more to it than just that.

                                                                      As an outsider, it is hard to sell me on “look at the (((people))) that run everything, fluoridate our water, and steal our precious bodily fluids!”. Like, that’s clearly some neonazi nutjob.

                                                                      But, a smaller complaint–“hey, some metagroup of people don’t like us (nevermind why) and they keep banding together to kick us off of public platforms…you could be next!”–is, critically, able to be backed up with evidence and sold to a rube really easily.

                                                                      We aren’t weakening their positions by engaging in the exact tactics they accuse us of, and, what’s more, we are setting precedent that probably is going to be abused.

                                                                      1. 14

                                                                        We aren’t weakening their positions by engaging in the exact tactics they accuse us of, and, what’s more, we are setting precedent that probably is going to be abused.

                                                                        The point of the parent is that they will accuse others of any tactic (and exactly that can be found in relevant playbooks). Opposition is an important democratic property and refusal of support is a the most basic and important form of opposition. And that’s precisely what that strategy aims for.

                                                                        Following that demand is just as good as dropping dead.

                                                                        1. 16

                                                                          We aren’t weakening their positions by engaging in the exact tactics they accuse us of

                                                                          You absolutely weaken their positions! No platforming is a patently effective way to deny people the ability to spread a fascist message with ease.

                                                                          Nobody is saying you are forbidden to print your neonazi newspaper, just that the printing press in town will politely decline your business and the community won’t let you set up your table in the farmers market. Go try to pass it out on the street if you want. If you want to spread your message, we won’t make it easy, you’re going to have to add your own effort & money to the mix.

                                                                          More concretely, 8chan didn’t get null routed: a business decided that it was within their best business interests to decline to take money from a web site linked to multiple fascist terrorist attacks. Another business, one willing to attract a similar clientele will likely extend their service. I find it strange that so many capitalists all over the internet are wringing their hands over this… it’s what the system demands, right?

                                                                          we are setting precedent that probably is going to be abused

                                                                          Oh mate, the next time you see coverage of BLM protesting police brutality, people marching against ICE, or a counter protest against the KKK, take a look at the pictures the media puts out: see who is holding riot shields and tear gas guns and which group they’re pointed at.

                                                                          The state - not just private enterprise - has favored certain categories of speech over others for over a century. In some cases it has been direct, by passing laws that criminalize membership in certain named organizations, and in other cases indirectly through the use of “investigative committees”, surveillance and support of oppositional groups.

                                                                          1. 10

                                                                            We aren’t weakening their positions by engaging in the exact tactics they accuse us of

                                                                            Deplatforming hate groups literally weakens their position. It’s not only acceptable but ethically responsible to do so. Or even ethically necessary: sunlight is not always the best disinfectant.

                                                                          2. 2

                                                                            Yes! Also, these arguments ignore that there’s also a tangible effect: labor that needs to be invested to build the features yourselves.

                                                                          3. 4

                                                                            Google delisted 8chan a long time ago because people kept (keep?) posting child exploitation images in there.

                                                                          4. -1

                                                                            Wow, be careful on that slippery slope! They should really put up a caution sign or something…

                                                                            1. 5

                                                                              …slippery slope? A quote from a later comment on this post…

                                                                              MasonJar avatar MasonJar 1 hour ago | link |

                                                                              Uhhh guys, seems to be a bit of an update on this, but it seems that the free-speech-absolutist CDN BitMitigate, which took over 8chan’s service and was also serving DailyStormer, was just taken down by its upstream provider, Voxility. Is this getting disturbing to anybody yet? If you’re okay with a website that doesn’t censor opinions you don’t like being dropped by companies providing services to it, are you also okay with an internet service provider being dropped by its upstream provider because it refuses to terminate services to that website?

                                                                              1. 3

                                                                                I don’t see how this outcome has anything to do with the alarmism of the parent post.

                                                                                And, although you didn’t ask:

                                                                                Are you also okay with an internet service provider being dropped by its upstream provider because it refuses to terminate services to that website?

                                                                                Yes, absolutely: this was a good and correct maneuver by the upstream provider.

                                                                                1. 2

                                                                                  I replied to the comment in question here:

                                                                                  https://lobste.rs/s/j72cp9/terminating_service_for_8chan#c_pgcwks

                                                                            1. 2

                                                                              One issue with PostgreSQL style quoting is that it can’t be parsed by a context-free grammar, which means you can’t use off-the-shelf parsing libraries to work with your language. That’s not necessarily a deal-breaker, but if you want a language that a lot of tools will want to work with, it may be a consideration.

                                                                              An alternative dynamic quoting style that is context free (so far as I can tell) is Rust’s, which looks like r"foo" or r#"foo"bar"# or r##"foo"#bar"##, etc. That is, an r, zero or more hashes, a quote, the text, another quote, then the same number of hashes. It’s not quite as pretty as the PostgreSQL one, but easier to implement.

                                                                              1. 5

                                                                                Predating Rust, there are the long strings that were introduced in Lua 5.1 (released in early 2006). The equivalents to your examples would be something like [[foo]], [=[foo]]bar]=], and [==[foo]=]bar]==].

                                                                                It’s a neat idea in either language because you effectively have an infinite number of delimiter pairs to choose from, so you can always find one that doesn’t exists in your string literal.

                                                                                1. 2

                                                                                  in perl you can also pick your own quote char if you use q or qw:

                                                                                  perl -e ‘print “hello?”, q[hello!], q!hello?!, qphellop, q.hello.’

                                                                                1. 5

                                                                                  I dislike how Github is being used as a blog by so many; I dislike Github entirely, however, so that’s just one of many points I could make.

                                                                                  Use Tor. It’s telling the author never mentions Tor; I’m inclined to believe the author isn’t qualified to write about this topic.

                                                                                  1. 3

                                                                                    Use Tor. It’s telling the author never mentions Tor; I’m inclined to believe the author isn’t qualified to write about this topic.

                                                                                    Tor requires more discipline to get what you want out of it, and many exit nodes are on block lists, making day to day browsing kind of troublesome.

                                                                                    VPN companies, on the other hand, often sponsor popular YouTube channels, and make other large ad buys, giving them reach far beyond tech audiences who might understand better how to work around some of the Tor problems. In other words, targeting VPN providers provides far greater bang for your, proverbial and literal, buck.

                                                                                    1. 7

                                                                                      The amount of discipline required to “get what you want” out of Tor is all the same as the discipline required to get the same thing from any other VPN provider: anonymity in the face of a determined adversary. It’s just that Tor’s documentation and default configuration are designed for such an adversary, while most VPN’s are designed for an apathetic adversary that’s willing to store your IP, but not willing to deal with the hassle and potential false positives of fingerprinting.

                                                                                      1. 3

                                                                                        Tor requires more discipline to get what you want out of it

                                                                                        If “what you want” == “just hide the dang home IP address”, it doesn’t require much. Just start it and set it as the proxy in Firefox. And, yes, it requires a bit more patience for the captchas and crap, but it’s really not that bad.

                                                                                        1. 2

                                                                                          I don’t believe “hide my IP address” is what most people are told they want out of a VPN.

                                                                                          1. 3

                                                                                            Well, people are told very vague “privacy” and “encrypt your internet” stuff but realistically, as a normal person (i.e. “Not Snowden”) you want two things

                                                                                            • prevent your ISP from logging which websites you visit
                                                                                            • prevent the websites from getting your IP address (and looking it up on GeoIP, etc.)
                                                                                    1. 2

                                                                                      I hate to be the one to break up the circlejerk, but how is “a web with fewer features” even remotely possible without, you know, breaking all the pages? (I am, now that I know about it, kind of ticked off by the removal of <isindex>, because that seems to violate backwards compatibility).

                                                                                      1. 4

                                                                                        How can we possibly disable the flash plugin???

                                                                                        1. 2

                                                                                          We didn’t. We just forced everyone who had business value tied up in it to stick with IE11, potentially forever.

                                                                                          1. 1

                                                                                            “Forever” is a heck of a long time.

                                                                                      1. 2

                                                                                        This seems like content marketing.

                                                                                        1. 5

                                                                                          Is the syntax (as seen in the signature of generic functions) unique to Go? I can’t say I’ve seen it anywhere else. As with the method syntax, it seems strange and difficult to read, but maybe that’s just because I haven’t used Go enough. To an experienced Gopher, does this look logical and in keeping with the syntactic design of the rest of the language?

                                                                                          1. 6

                                                                                            I think it looks like D templates.

                                                                                            1. 2

                                                                                              it seems strange and difficult to read, but maybe that’s just because I haven’t used Go enough

                                                                                              As someone who has written a bit of Go over the years, I also find it strange and not exactly straightforward to read. It is new though, so maybe I’ll get used to it?
                                                                                              To me, it seems/feels/looks like some strange form of partial application. Perhaps that is what is happening under the hood with the compiler, and this is just a bit of a leaky abstraction? I’ll probably think of partial application in the back of my head every time I see this anyway, and wish Go had it as a core feature.

                                                                                              1. 9

                                                                                                To me, it seems/feels/looks like some strange form of partial application.

                                                                                                It is! You can think of the Reverse function as desugaring to something like this:

                                                                                                const Reverse tfunc (Element type) func(s Element[]) = 
                                                                                                    tfunc (Element) {
                                                                                                        return func(s Element[]) {
                                                                                                            ...
                                                                                                        }
                                                                                                    }
                                                                                                

                                                                                                Where tfunc is either:

                                                                                                • a type that is parameterised by another type
                                                                                                • a term that takes a type as an argument and returns a term specialized to that type argument

                                                                                                …depending on whether we are in the type syntax or the value syntax.

                                                                                                You can call Reverse like so:

                                                                                                elements := {1, 2, 3}
                                                                                                Reverse(elements)
                                                                                                

                                                                                                For sanity’s say, the type checker will infer the type that needs to be supplied to Reverse, but we can invent a syntax for ‘explicit type application’ like so (inspired by D’s template application syntax):

                                                                                                elements := {1, 2, 3}
                                                                                                Reverse!(Int)(elements)
                                                                                                
                                                                                                // this shows how we might be able to partially apply the
                                                                                                // type function to get specialised function:
                                                                                                const IntReverse func(Int[]) = Reverse!(Int)
                                                                                                

                                                                                                Perhaps that is what is happening under the hood with the compiler, and this is just a bit of a leaky abstraction?

                                                                                                I don’t think this is ‘leaky’ - it very clearly maps to something called called System F, with the added semantics that type arguments can be inferred. We can elaborate our invented Go syntax quite straightforwardly into System F:

                                                                                                • For types:
                                                                                                  tfunc(A type) B   ⟹   ∀ A : Type. B
                                                                                                  func (A) B        ⟹   A → B
                                                                                                  
                                                                                                • For values:
                                                                                                  tfunc(a A) { b }  ⟹   Λ a : A. b
                                                                                                  func (a A) { b }  ⟹   λ a : A. b
                                                                                                  f!(A)             ⟹   fᴬ
                                                                                                  f(a)              ⟹   f a
                                                                                                  

                                                                                                Please note that I am not suggesting that Go actually does this, I’m just making it clear that the intuition behind it being partial application is not a bad one!

                                                                                                1. 1

                                                                                                  Super interesting. Thanks for commenting!

                                                                                                  1. 4

                                                                                                    No worries! There’s lots of really great theory that’s been developed around this stuff, which is why I really encourage language designers to learn it. It can make designing new features like this much easier, especially when it comes to figuring out the semantics that makes sense.

                                                                                                    Sadly it can be a little intimidating to break into - it took me a long time to learn that ‘forall’ was not a type level lambda - it was more akin to a more general function type, where the type of the body depends on the applied argument. I think this was because the only time I’d ever seen things that bound other things was in lambdas. If this stuff interests you, I’d highly recommend finding a copy of Types and Programming Languages by Benjamin Pierce.

                                                                                              2. 1

                                                                                                I imagine this will be the first of many attempts at the syntax for generics but it seemed pretty tough to grok by just reading it. I have been writing Go for four years and I couldn’t grasp it at first glance. There isn’t enough logical separation to see a generic type declaration in a complex example like this:

                                                                                                type Graph (type Node, Edge G) struct { ... }
                                                                                                

                                                                                                It took me a while to read that as a new struct definition with two generic types Node and Edge. For all I know, I am still wrong. Why not use <T> or [T] to denote a generic type like many other languages have? The type keyword is overloaded here.

                                                                                                I also did not care for the contract use case here:

                                                                                                contract Sequence(T) {
                                                                                                    T string, []byte
                                                                                                }
                                                                                                

                                                                                                This seems like it will be reinvented many times over. I imagine many users will create a contract that defines a type that can be iterated over like this example given in the post. Maybe that’s too judgmental for a first cut though.

                                                                                                I am confident that things will shape up with time and the Go team will settle on something productive.

                                                                                                1. 8

                                                                                                  In their Draft Design they mentioned:

                                                                                                  Why not use F<T> like C++ and Java?

                                                                                                  When parsing code within a function, such as v := F<T>, at the point of seeing the < it’s ambiguous whether we are seeing a type instantiation or an expression using the < operator. Resolving that requires effectively unbounded lookahead. In general we strive to keep the Go parser simple.

                                                                                                  This reason personally doesn’t convince me

                                                                                                  1. 7

                                                                                                    It does make sense. This is a serious problem in C++ to the point that you sometimes have to type template X<..> instead of X<...> just to give a hint to the parser.

                                                                                                    1. 4

                                                                                                      It does indeed get surprisingly problematic, it’s why you have the adorable turbofish syntax in Rust for disambiguating generic types in function calls. Being able to have a function call that goes foo<bar, baz>(bop) is just too ambiguous to live with.

                                                                                                      Fortunately, nobody seems to have considered solving this by using non-standard symbols for the greater-than and less-than operators.

                                                                                                      1. 2
                                                                                                    2. 5

                                                                                                      C# bit that bullet (and it worked rather well), but that language is closer to C++ in complexity than anything else already.

                                                                                                      Sane languages use [T], but that isn’t an option in Go either, for the same parsing reasons (clashes with arrays).

                                                                                                      1. 5

                                                                                                        Or we could just use s-expressions and call it a day.

                                                                                                        1. 11

                                                                                                          It seems unlikely go will switch to s expressions for go 2.

                                                                                                        2. 2

                                                                                                          D adds an exclamation mark for templates:

                                                                                                          Foo(bar) // function call
                                                                                                          Foo!(bar) // template instantiation
                                                                                                          
                                                                                                          1. 2

                                                                                                            Pretty ugly – but I think that’s a property shared by all languages which bolted these things on without wanting to question their existing design.

                                                                                                            Design by “what-already-used-symbol-can-be-made-to-carry-even-more-syntax”.

                                                                                                  1. 2

                                                                                                    As I keep saying, “Constructor” was a very bad choice of name.

                                                                                                    They are “Name Binders”.

                                                                                                    They bind their parameters to instance variable names.

                                                                                                    With that view unit testing and dependency injection suddenly becomes easy.

                                                                                                    1. 1

                                                                                                      If all they ever do is bind names, then they don’t need access to the entire language. Taking Rust as the obvious example of an (arguable) OO language with no constructors.

                                                                                                      // Declares a "tuple struct" with two items in it.
                                                                                                      // There are two differences between tuple structs and regular structs with named fields.
                                                                                                      // One of these differences is that the fields in tuple structs are nameless.
                                                                                                      struct MyTupleStruct(u32, &'static str);
                                                                                                      // The other difference is that tuple structs have "constructors" which are, literally, functions.
                                                                                                      // Here, I take a function pointer to the `MyTupleStruct` constructor.
                                                                                                      let my_constructor: fn(u32, &'static str) -> MyTupleStruct = MyTupleStruct;
                                                                                                      // And I call the function through the function pointer.
                                                                                                      let my_object = my_constructor(5, "test");
                                                                                                      // And here's the example.
                                                                                                      println!("{}", my_object.1);
                                                                                                      

                                                                                                      Try it https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=e40f1f332a8f0d6bc8e7b7085ef90029

                                                                                                    1. 11

                                                                                                      Turns out having a monopoly is super problematic; who knew?

                                                                                                      1. 15

                                                                                                        This is unrelated to being a “monopoly” (not that GitHub is one, IMHO); every US-based company – and probably EU as well – will have to deal with these kind of restrictions. As people point out in that issue, the same problems exist with GitLab. You will encounter the same issue with SourceHut as well, as Drew confirmed.

                                                                                                        Perhaps you’ll remember similar problems when there were US crypto export restrictions back in the 90s, which was similar.

                                                                                                        In other words, the problem is a political one. Complaints about an alleged “GitHub monopoly” – whatever merit they may or may not have – are entirely misplaced and deeply uninformed. It looks like you just read the title, and knee-jerked to “GitHub bad!” Well, okay, but this isn’t reddit and I would expect a higher standard here

                                                                                                        1. 19

                                                                                                          It’s a monopoly problem because if you are blocked from GitHub, you are essentially blocked from working in the entire software industry. Git was designed to be a distributed system that should be resilient to authoritarian censorship like this, but we as an industry managed to snatch defeat from the jaws of victory. A decentralized network of git servers wouldn’t have this problem.

                                                                                                          You will encounter the same issue with SourceHut as well, as Drew confirmed.

                                                                                                          If you have this problem with SourceHut, you spin up your own instance or pay someone in another jurisdiction to run one for you; no problem. But realistically it’s very unlikely that these laws would be enforced in a healthy ecosystem anyway even for servers hosted within US jurisdiction.

                                                                                                          1. 5

                                                                                                            It’s a monopoly problem because if you are blocked from GitHub, you are essentially blocked from working in the entire software industry.

                                                                                                            Apart for that being a massive exaggeration, it’s also doesn’t make Github a monopoly.

                                                                                                            1. 7

                                                                                                              if you are blocked from GitHub, you are essentially blocked from working in the entire software industry.

                                                                                                              This is massive hyperbole.

                                                                                                              1. 8

                                                                                                                I mean… it’s the intent of the sanctions, isn’t it? That’s the reason to put sanctions in place, to block economic cooperation. A Crimean resident working for a US-based company is economic cooperation. A Crimean resident working for a non-US-based company which relies on infrastructure provided by a US-based company is economic cooperation. If there are alternatives to the existing arrangements but companies have to spend time and money switching to them, that’s an intended effect. If the cost of switching causes some companies to fire people rather than switch, that’s an intended effect.

                                                                                                                Generally, economic sanctions are imposed thoughtfully and narrowly, because their effects are so great and because the people most affected by them are almost always private citizens with no power to change the situation the sanctions are intended to protest. There have been many books and PhD theses written on the ethics of this. When the decision to impose sanctions is taken, broadly speaking, the more arduous it is for people to comply, the more likely it is the sanctions will achieve their policy objective.

                                                                                                                You can certainly argue that there are alternatives to GitHub, and that in that sense the statement is exaggerated, but the political objective of the sanctions is precisely to block people from working in the software industry, to the extent that the US “owns” the software industry - and I can assure you that many policymakers do feel that sense of ownership. I do not think it’s hyperbole.

                                                                                                                1. 5

                                                                                                                  “This is massive hyperbole” “I mean… it’s the intent of the sanctions, isn’t it?”

                                                                                                                  There’s all kinds of software engineering positions which don’t require you to be on Github. Massive hyperbole indeed. Now, you might be locked out of Silicon Valley or any other area that puts too much weight into Github activity along with other buzzword tech. Not coding projects you show them but Github specifically. I’m not even sure S.V. requires that in general.

                                                                                                                  Certainly useful if one wants to pull tech in from Github projects. There’s bypasses to do that, though.

                                                                                                                  1. 3

                                                                                                                    Thanks for this thoughtful expansion. I agree that sanctions can hit some parts of the targeted population harder than others. They are weapons after all. They’re also predicated by the notion that economic hardship can lead to a change of attitude for the targeted regime, which is problematic to say the least when regimes are authoritarian and control public opinion.

                                                                                                                    However, I was not discussing sanctions in general, nor even the specific sanctions against the Russian Federation in regards to its annexation of Crimea from Ukraine.

                                                                                                                    I was reacting to the perceived notion that software development is impossible without access to GitHub. Git was developed in 2005, GitHub launched in 2008, and presumably took a few years to reach its current dominant position. Yet people managed to develop software just fine before they existed.

                                                                                                                    1. 2

                                                                                                                      That is certainly a fair position.

                                                                                                                  2. 3

                                                                                                                    Its not hyperbole for people that use Golang.

                                                                                                                    How are they supposed to install dependencies using go get while most of the packages are stored on GitHub?

                                                                                                                    1. 4

                                                                                                                      That does seem to be an issue, yes. But Go and its ecosystem is not “the entire software industry”.

                                                                                                                  3. 6

                                                                                                                    You can still do all of that. No one – certainly not GitHub – is stopping you from self-hosting your git service using one of many publicly available tools, and many do exactly this. You’re certainly not “blocked from working in the entire software industry”, although you might run in to trouble if you’re working for a company that uses GitHub. But then again, that’ll most likely be a Western company, and they probably wouldn’t be able to hire you in the first place, so the point is rather moot.

                                                                                                                    authoritarian censorship

                                                                                                                    This is neither censorship nor authoritarian. It’s a sanction imposed due to the highly dubious annexation of Crimea by Russia. Whether it’s a good measure is debatable, but it’s not “authoritarian censorship”.

                                                                                                                    1. 3

                                                                                                                      You can still do all of that.

                                                                                                                      I can do that, but unless it’s being done by organizations who can employ Crimean residents, it does no good for them.

                                                                                                                      This is neither censorship nor authoritarian

                                                                                                                      You’re right that it’s not censorship, but I would say that forcing US citizens to punish the residents of a particular region for the crime of having their home invaded is authoritarian.

                                                                                                                      1. 6

                                                                                                                        All people are victims of circumstances, and it’s sad that some people have to suffer for decisions of other people. That said, staying in Crimea is career limiting, and it wasn’t the US who got that ball rolling.

                                                                                                                    2. 2

                                                                                                                      But realistically it’s very unlikely that these laws would be enforced in a healthy ecosystem anyway even for servers hosted within US jurisdiction.

                                                                                                                      I guess it would be impractical to enforce laws against whatever server @technomancy or @notriddle spins up, but that’s mostly a matter of the gov’t never noticing that we exist enough to check in. But for commercially hosted servers (which is always going to dominate the mainstream, because most people don’t want to mess with running a server themselves), it seems perfectly feasible for the US government to enforce trade sanctions against any realistic number of companies. Arguing otherwise would require you to either argue that the government doesn’t have enough resources to enforce trade laws in any of the many industries that are subject to regulation, or arguing that there don’t exist “healthy ecosystems” in any industry (both of those positions actually have merit, but they’re huge, general, political problems that aren’t going to be solved with improved tech).

                                                                                                                      1. 3

                                                                                                                        arguing that there don’t exist “healthy ecosystems” in any industry

                                                                                                                        I think the closest thing to a healthy ecosystem we have to compare against is the Fediverse.

                                                                                                                        It is in fact a great example of using a distributed ecosystem to work around problems with authoritarian crackdowns; in this case against sex workers in the wake of FOSTA: https://www.usatoday.com/story/news/world/2018/06/29/fosta-sex-workers-leave-twitter-switter-after-us-law/744989002/

                                                                                                                        1. 8

                                                                                                                          I think the closest thing to a healthy ecosystem we have to compare against is the Fediverse.

                                                                                                                          That’s not an industry. I mean, the sex work is commercial, but Switter itself is not. Switter does not have employees, does not pay taxes, does not sign SLAs, and if a lawsuit was brought against them, they’d either fold or have to beg on Kickstarter for help. That’s just someone, who doesn’t count as “most people”, being willing to take on the complex nastiness of running a server. Stuff like Switter can never be mainstream, because individual hobbyists can’t run the world’s mainstream social network. There simply aren’t enough of us. (which is not actually meant as a knock on Switter specifically; sex work was on the fringes of society long before they decided to host a Mastodon instance, and I’m sure it’ll work fine; the point is that it can’t replace GitHub)

                                                                                                                          More importantly, I think the Fediverse as it exists is fundamentally unsustainable, because the spam problems (you’ll notice that Switter currently has registrations closed because of spam) are only going to get worse the more popular it gets. What happened to SMTP is just going to happen to ActivityPub.

                                                                                                                          1. 2

                                                                                                                            We’re not going to make the same mistakes as SMTP

                                                                                                                            1. 7

                                                                                                                              You already did make the same mistakes as SMTP:

                                                                                                                              • ActivityPub routes based on domain name, depriving users of the ability to transparently migrate from one instance to another. The best you can do is forward between two addresses, and that still means that if the node goes away, then so does your old identity. This incentivizes people to seek out instances that they expect to be around in ten years, since once you pick an instance, you’re committed. Contrast this with the humble phone number: if my current provider announces that they’re going to close up shop, I can port by existing number to a new provider, and even when they go out of business it continues to work.

                                                                                                                              • ActivityPub allows anyone with an IP address to inject content into public view (through follow-bots). You can layer on requirements, just like email does, but anyone who’s able to meet those requirements basically has a license to spam until you get around to blacklisting them. This is fundamentally true for all public-access push-based systems, including not only email, but blog comments, the phone network, and NNTP. It is importantly absent in systems with pull-based or immutable semantics like RSS, Freenet, and BitTorrent, and in closed systems like Lobsters and RetroShare.

                                                                                                                              • ActivityPub doesn’t really nail down what you can and can’t include in a message. Different clients will have different policies when they sanitize HTML, which can result in messages getting garbled.

                                                                                                                              1. 2

                                                                                                                                We are fixing much of this in LitePub.

                                                                                                                  4. -1

                                                                                                                    Every company has to comply.

                                                                                                                    1. 3

                                                                                                                      Every company has to comply, but there is no such requirement for a private person even in the US. Non-US companies and people alike don’t need to comply either.

                                                                                                                      1. 11

                                                                                                                        Are you sure that is correct? Because that’s not how I read it:

                                                                                                                        Section 1. (a) The following are prohibited:

                                                                                                                        [..]

                                                                                                                        (iii) the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of any goods, services, or technology to the Crimea region of Ukraine; and

                                                                                                                        (iv) any approval, financing, facilitation, or guarantee by a United States person, wherever located, of a transaction by a foreign person where the transaction by that foreign person would be prohibited by this section if performed by a United States person or within the United States.

                                                                                                                        [..]

                                                                                                                        Sec. 8. For the purposes of this order:

                                                                                                                        (a) the term ‘‘person’’ means an individual or entity;

                                                                                                                        (b) the term ‘‘entity’’ means a partnership, association, trust, joint venture, corporation, group, subgroup, or other organization;

                                                                                                                        (c) the term ‘‘United States person’’ means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States

                                                                                                                        Seems not just implied but pretty darn explicit that it applies to pretty much everyone and everything in the US, including private persons?

                                                                                                                        1. 2

                                                                                                                          Ah, thanks for the correction. The latter part still applies though.

                                                                                                                          I wonder why github still allows access to public repos though, it’s against the letter of that law as well.

                                                                                                                          1. 5

                                                                                                                            The latter part still applies though.

                                                                                                                            I think it also applies for the EU and some non-EU European countries like Norway, Australia, New Zealand, based on a quick reading of https://en.wikipedia.org/wiki/International_sanctions_during_the_Ukrainian_crisis – I didn’t check the details though, so perhaps GitHub-like services may still be allowed from those countries.

                                                                                                                            I wonder why github still allows access to public repos though, it’s against the letter of that law as well.

                                                                                                                            My guess would be that GitHub doesn’t really want to deny service to the Crimean people, but is trying to “cover their ass” at least to some degree, and that this is considered a “reasonable compromise”. But that’s really just a guess.

                                                                                                                            1. 3

                                                                                                                              EU/EEC countries have separate sanctions regime and enforcement on the issue AFAIK.

                                                                                                                  1. 10

                                                                                                                    I switched off of Google products about 6 months ago.

                                                                                                                    What I did was I bought a Fastmail subscription, went through all my online accounts (I use a password manager so this was relatively easy) and either deleted the ones I didn’t need or switched them to the new e-mail address. Next, I made the @gmail address forward and then delete all mail to my new address. Finally, I deleted all my mail using a filter. I had been using mbsync for a while prior to this so all of my historical e-mail was already synced to my machine (and backed up).

                                                                                                                    Re. GitHub, for the same reasons you mentioned, I turned my @gmail address into a secondary e-mail address so that my commit history would be preserved.

                                                                                                                    I still get the occasional newsletter on the old address, but that’s about it. Other than having had to take a few hours to update all my online accounts back when I decided to make the switch, I haven’t been inconvenienced by the switch at all.

                                                                                                                    1. 4

                                                                                                                      It’s really exciting to see people migrating away from Gmail, but the frequency with which these posts seem to co-ocur with Fastmail is somehow disappointing. Before Gmail we had Hotmail and Yahoo Mail, and after Gmail, perhaps it would be nicer to avoid more centralization.

                                                                                                                      One of the many problems with Gmail is their position of privilege with respect to everyone’s communication. There is a high chance that if you send anyone e-mail, Google will know about it. Swapping Google out for Fastmail doesn’t solve that.

                                                                                                                      Not offering any solution, just a comment :) It’s damned hard to self-host a reputable mail server in recent times, and although I host one myself, it’s not really a general solution

                                                                                                                      1. 5

                                                                                                                        Swapping Google out for Fastmail solves having Google know everything about my email. I’m not nearly as concerned about Fastmail abusing their access to my email, because I’m their customer rather than their product. And with my own domain, I can move to one of their competitors seamlessly if ever that were to change. I have no interest in running my own email server; there are far more interesting frustrations for my spare time.

                                                                                                                        1. 2

                                                                                                                          I can agree that a feasible way to avoid centralization would be nicer. However, when people talk about FastMail / ProtonMail, they still mean using their own domain name but paying a monthly fee (to a company supposedly more aligned with the customer’s interests) for being spared from having to set up their own infrastructure that: (A) keeps spam away and (B) makes sure your own communication doesn’t end up in people’s Junk folder.

                                                                                                                          To this end, I think it’s a big leap forward towards future-proofing your online presence, and not necessarily something comparable to moving from Yahoo! to Google.

                                                                                                                          1. 3

                                                                                                                            for being spared from having to set up their own infrastructure that: (A) keeps spam away and (B) makes sure your own communication doesn’t end up in people’s Junk folder.

                                                                                                                            I’m by no means against Fastmail or Proton, and I don’t think everyone should setup their own server if they don’t want to, but it’s a bit more nuanced.

                                                                                                                            Spamassassin with defaults settings is very effective at detecting obvious spam. Beyond obvious spam it gets more interesting. Basically, if you never see any spam, it means that either you haven’t told anyone your address, or the filter has false positives.

                                                                                                                            This is where the “makes sure your own communication doesn’t end up in people’s Junk folder” part comes into play. Sure, you will run into issues if you setup your server incorrectly (e.g. open relay) or aren’t using best current practices that are meant to help other servers see if email that uses your domain for From: is legitimate and report suspicious activity to the domain owner (SPF, DKIM, DMARC). A correctly configured server SHOULD reject messages that are not legitimate according to the sender’s domain stated policy.

                                                                                                                            Otherwise, a correctly configured server SHOULD accept messages that a human would never consider spam. The problem is that certain servers are doing it all the time, and are not always sending DMARC reports back.

                                                                                                                            And GMail is the single biggest offender there. If I have a false positive problem with someone, it’s almost invariably GMail, with few if any exceptions.

                                                                                                                            Whether it’s a cockup or a conspiracy is debatable, but the point remains.

                                                                                                                          2. 2

                                                                                                                            We’re not going to kill GMail. Let’s be realistic, here. Hotmail is still alive and healthy, after all.

                                                                                                                            Anyone who switches to Fastmail or ProtonMail helps establish one more player in addition to GMail, not instead of it. That, of course, can only be a good thing.

                                                                                                                            1. 1

                                                                                                                              Just to bring in one alternative service (since you are right, most people here seem to advice Fastmail, Protonmail): I found mailbox.org one day. No experience with them though.

                                                                                                                            2. 1

                                                                                                                              I still get the occasional newsletter on the old address, but that’s about it.

                                                                                                                              Once you moved most things over, consider adding a filter on your new account to move the forwarded mails to a separate folder. that way it becomes immediately clear what fell through the cracks.

                                                                                                                              1. 1

                                                                                                                                Sorry, I wasn’t clear. E-mails sent to the old address are forwarded to the new one and then deleted from the GMail account. When that happens I just unsubscribe, delete the e-mail and move on. It really does tend to only be newsletters.

                                                                                                                                I suppose one caveat to my approach and the reason this worked so well for me is that I had already been using my non-gmail address for a few years prior to making the change so everyone I need to interact with already knows to contact me using the right address.

                                                                                                                            1. 3

                                                                                                                              It’s unfortunate that most of these posts clump C with C++. Yes, it does reference Modern C++ Won’t Save Us. The question I would love answered is, does modern C++ solve 80% of the problems? Because 80% is probably good enough IMO if solving for 99% distracts us from other important problems.

                                                                                                                              1. 11

                                                                                                                                The question I would love answered is, does modern C++ solve 80% of the problems?

                                                                                                                                The reason this isn’t really answered is because the answer is a very unsatisfying, “yes, kinda, sometimes, with caveats.”

                                                                                                                                The issues highlighted Modern C++ Won’t Save Us are not straw men; they are real. The std::span issue is one I’ve actually hit, and the issues highlighted with std::optional are likewise very believable. They can and will bite you.

                                                                                                                                On the other hand, there is nothing keeping you from defining a drop-in replacement for e.g. std::optional that simply doesn’t define operator* and operator->, which would suddenly and magically not be prone to those issues. As Modern C++ Won’t Save Us itself notes, Mozilla has done something along these lines with std::span, too, preventing it from the use-after-free issue that the official standard allows. These structures behave the way they do because they’re trying to be drop-in replacements for bare pointers in the 90% case, but they’re doing it at the cost of safety. If you’re doing a greenfield C++ project, you can instead opt for safe variants that aren’t drop-in replacements, but that avoid use-after-free, buffer overruns, and the like. But those are, again, not the versions specified to live in std::.

                                                                                                                                And that’s why the answer is so unsatisfying: with std::move, rvalue references, unique_ptr, and so on give you the foundation for C++ to be…well, certainly not Rust, but a lot closer to Rust than to C. But the standard library, due to a mixture of politics and a strong desire for backwards compatibility with existing codebases, tends to opt for ergonomics over security.

                                                                                                                                1. -1

                                                                                                                                  I think you hit the nail on the head, C++ is ergonomic. I guess I don’t like the idea that Rust would get in the way of me expressing my ideas (even if they are bad). Something about that is offensive to me. But of course, that isn’t a rational argument.

                                                                                                                                  Golang, on one hand, is like speaking like a 3-year-old, and Rust is peaking the language in 1984. C++, on the other hand, is kind of poetic. I think that people forget software can be art and self-expression, just as much as it can be functional.

                                                                                                                                  1. 10

                                                                                                                                    I guess I don’t like the idea that Rust would get in the way of me expressing my ideas (even if they are bad). Something about that is offensive to me.

                                                                                                                                    Isn’t it more offensive to tell users that you are putting them at greater risk of security vulnerabilities because you don’t like to be prevented from expressing yourself?

                                                                                                                                    1. 3

                                                                                                                                      That’s an original take on it.

                                                                                                                                    2. 6

                                                                                                                                      It doesn’t get in the way of expressing your ideas. It gets in the way of you expressing them in a way where it can’t prove they’re safe. A way where the ideas might not actually work in production. That’s a distinction I think is worthwhile.

                                                                                                                                      1. 5

                                                                                                                                        I think we agree strongly that Rust constrains what you can say. Where we have different tastes is that I like that. To me, it’s the kind of constraint that sparks artistic creativity, and by reasoning about my system so that I can essentially prove that its memory access patterns are safe, I think I get a better result.

                                                                                                                                        But I understand how a different programmer, or in different circumstances, would value the freedom to write pretty much any code they like.

                                                                                                                                        1. 3

                                                                                                                                          I don’t like the idea that Rust would get in the way of me expressing my ideas

                                                                                                                                          Every language allows you to express yourself in a different way; a Javascript programmer might say the same of C++. There is poetry in the breadth of concepts expressible (and inexpressible!) in every language.

                                                                                                                                          I started out with Rust by adding .clone() to everything that made it complain about borrowing, artfully(?) skirting around the parts that seem to annoy everyone else until I was ready. Sure, it might have made it run a bit slower, but I knew my first few (er, several) programs would be trash anyway while I got to grips with the language. I recommend it if you’re curious but reticent about trying it out.

                                                                                                                                          – The Rust Evangelion Strike Force

                                                                                                                                          1. 3

                                                                                                                                            That is true, you have to do things “Rust way” rather than your way. People do react with offense to “no, you can’t just modify that!”

                                                                                                                                            However, I found Rust gave me a vocabulary and building blocks for common patterns, which in C I’d “freestyle” instead. Overall this seems more robust and readable, because other Rust users instantly recognize what I’m trying to do, instead of second-guessing ownership of pointers, thread-safety, and meaning of magic booleans I’d use to fudge edge cases.

                                                                                                                                        2. 5

                                                                                                                                          Tarsnap is written in C. I think it’s ultra unfortunate that C has gotten a bad rap due to the undisciplined people who use it.

                                                                                                                                          C and C++ are tools to create abstractions. They leave many ways to burn yourself. But they also represent closely how machines actually work. (This is more true of C than C++, but C is a subset of C++, so the power is still there.)

                                                                                                                                          This is an important quality often lost in “better” programming languages. It’s why most software is so slow, even when we have more computing power than our ancestors could ever dream of.

                                                                                                                                          I fucking love C and C++, and I’m saddened to see it become a target for hatred. People have even started saying that if you actively choose C or C++, you are an irresponsible programmer. Try writing a native node module in a language other than C++ and see how far you get.

                                                                                                                                          1. 25

                                                                                                                                            Tarsnap is written in C. I think it’s ultra unfortunate that C has gotten a bad rap due to the undisciplined people who use it.

                                                                                                                                            I think the hate for C and C++ is misplaced; I agree. But I also really dislike phrasing the issue the way you have, because it strongly implies that bugs in C code are purely due to undisciplined programmers.

                                                                                                                                            The thing is, C hasn’t gotten a bad rap because undisciplined people use it. It’s gotten a bad rap because disciplined people who use it still fuck up—a lot!

                                                                                                                                            Is it possible to write safe C? Sure! The techniques involved are a bit arcane, and probably not applicable to general programming, but sure. For example, dsvpn never calls malloc. That’s definitely a lot safer than normal C.

                                                                                                                                            But that’s not the default, and not doing it that way doesn’t make you undisciplined. A normal C program is gonna have to call malloc or mmap at some point. A normal C program is gonna have to pass around pointers with at least some generic/needs-casting members at some point. And as soon as you get into those areas, C, both the language and the ecosystem, make you one misplaced thought away from a vulnerability.

                                                                                                                                            This is an important quality often lost in “better” programming languages. It’s why most software is so slow, even when we have more computing power than our ancestors could ever dream of.

                                                                                                                                            You’re flirting around a legitimate issue here, which is that some languages that are safer (e.g. Python, Java, Go) are arguably intrinsically slower because they have garbage collection/force a higher level of abstraction away from the hardware. But languages like Zig, Rust, and (to be honest) bygones like Turbo Pascal and Ada prove that you don’t need to be slower to be safer, either in compilation or runtime. You need stricter guarantees than C offers, but you don’t need to slow down the developer in any other capacity.

                                                                                                                                            No, people shouldn’t hate on C and C++. But I also don’t think they’re wrong to try very hard to avoid C and C++ if they can. I think you are correct that a problem until comparatively recently has been that giving up C and C++, in practice, meant going to C#, Java, or something else that was much higher on the abstraction scale than you needed if your goal were merely to be a safer C. But I also think that there are enough new technologies either already here or around the corner that it’s worth admitting where C genuinely is weak, and looking to those technologies for help.

                                                                                                                                            1. 2

                                                                                                                                              You need stricter guarantees than C offers, but you don’t need to slow down the developer in any other capacity.

                                                                                                                                              Proven in a couple of studies with this one (pdf) being the best. I’d love to see a new one using Rust or D.

                                                                                                                                              1. 1

                                                                                                                                                I also really dislike phrasing the issue the way you have, because it strongly implies that bugs in C code are purely due to undisciplined programmers.

                                                                                                                                                You dislike the truth, then. If you don’t know how to free memory when you’re done with it and then not touch that freed memory, you should not be shipping C++ to production.

                                                                                                                                                You namedrop Rust. Note that you can’t borrow subsets of arrays. Will you admit that safety comes at a cost? That bounds checking is a cost, and you won’t ever achieve the performance you otherwise could have, if you have these checks?

                                                                                                                                                Note that Rust’s compiler is so slow that it’s become a trope. Any mention of this will piss off the Rust Task Force into coming out of the woodwork with how they’ve been doing work on their compiler and “Just wait, you’ll see!” Yet it’s slow. And if you’re disciplined with your C++, then instead of spending a year learning Rust, you may as well just write your program in C++. It worked for Bitcoin.

                                                                                                                                                It worked for Tarsnap, Emacs, Chrome, Windows, and a litany of software programs that have come before us.

                                                                                                                                                I also call to your attention the fact that real world hacks rarely occur thanks to corrupted memory. The most common vector (by far!) to breach your corporation is via spearphishing your email. If you analyze the amount of times that a memory corruption actually matters and actually causes real-world disasters, you’ll be forced to conclude that a crash just isn’t that significant.

                                                                                                                                                Most people shy away from these ideas because it offends them. It offended you, by me saying “Most programmers suck.” But you know what? It’s true.

                                                                                                                                                I’ll leave off with an essay on the benefits of fast software.

                                                                                                                                                1. 12

                                                                                                                                                  It worked for […] Chrome

                                                                                                                                                  It’s difficult for me to reconcile this with the perspective of a senior member of the Chrome security team: https://twitter.com/fugueish/status/1154447963051028481

                                                                                                                                                  Chrome, Chrome OS, Linux, Android — same problem, same scale.

                                                                                                                                                  Here’s some of the Fish in a Barrel analysis of Chrome security advisories:

                                                                                                                                                  1. 1

                                                                                                                                                    This implies an alternative could have been used successfully.

                                                                                                                                                    Even today, would anyone dare write a browser in anything but C++? Even Rust is a gamble, because it implies you can recruit a team sufficiently proficient in Rust.

                                                                                                                                                    Admittedly, Rust is a solid alternative now. But most companies won’t make the switch for a long time.

                                                                                                                                                    Fun exercise: Criticize Swift for being written in C++. Also V8.

                                                                                                                                                    C++ is still the de facto for interoperability, too. If you want to write a library most software can use, you write it in C or C++.

                                                                                                                                                    1. 13

                                                                                                                                                      C++ is still the de facto for interoperability, too.

                                                                                                                                                      C is the de facto for interoperability. C++ is about as bad as Rust, and for the same reason: you can’t use generic types without compiling a specialized version of the template-d code.

                                                                                                                                                      1. 8

                                                                                                                                                        You’re shifting the goalposts here. “No practical alternative to C++” is altogether unrelated to “C and C++ are perfectly safe in disciplined programmers’ hands” which you claimed above.

                                                                                                                                                        And no, empirically they are not safe, a few outlier examples notwithstanding (and other examples like Chrome and Windows don’t really support your claim). It’s also illogical to suggest that just because there are a handful of developers in the world who managed to avoid all the safety issues in their code (maybe), C and C++ are perfectly fine for wide industry use by all programmers, who, in your own view, aren’t disciplined enough. Can’t you see that it doesn’t follow? I can never understand why people keep making this claim.

                                                                                                                                                        1. -1

                                                                                                                                                          Also known as “having a conversation.”

                                                                                                                                                          But, sure, let’s return to the original claim:

                                                                                                                                                          C and C++ are perfectly safe in disciplined programmers’ hands

                                                                                                                                                          Yes, I claim this with no hubris, as someone who has been writing C++ off and on for well over a decade.

                                                                                                                                                          I’m prepared to defend that claim with my upcoming project, SweetieKit (NodeJS for iOS). I think overall it’s quite safe, and that if you manage to crash while using it, it’s because you’ve used the Objective-C API in a way that would normally crash. For example, pick apart the ARKit bindings: https://github.com/sweetiebird/sweetiekit/tree/cb881345644c2f1b2ac1a51032ec386d1ddb7ced/node-ios-hello/NARKit

                                                                                                                                                          I don’t think SweetieKit could have been made in any other language, partly because binding to V8 is difficult from any other language.

                                                                                                                                                          I do not claim at the present time that there are no bugs in SweetieKit (nor will I ever). But I do claim that I know where most of them probably are, and that there are few unexpected behaviors.

                                                                                                                                                          Experience matters. Discipline matters. Following patterns, matters. Complaining that C++ is inherently unsafe is like claiming that MMA fighters will inherently lose: the claim makes no sense, first of all, and it’s not true. You follow patterns while fighting. And you follow patterns while programming. Technique matters!

                                                                                                                                                          1. 5

                                                                                                                                                            Perhaps you are one of the few sufficiently disciplined programmers! But I really can’t agree with your last paragraph when, for example, Microsoft says this:

                                                                                                                                                            the root cause of approximately 70% of security vulnerabilities that Microsoft fixes and assigns a CVE (Common Vulnerabilities and Exposures) are due to memory safety issues. This is despite mitigations including intense code review, training, static analysis, and more.

                                                                                                                                                            I think you have a point about the impact of these types of issues compared to social engineering and other attack vectors, but I’m not quite sure that it’s sufficient justification if there are practical alternatives which mostly remove this class of vulnerabilities.

                                                                                                                                                            1. 1

                                                                                                                                                              For what it’s worth, I agree with you.

                                                                                                                                                              But only because programmers in large groups can’t be trusted to write C++ safely in an environment where safety matters. The game industry is still mostly C++ powered.

                                                                                                                                                              1. 3

                                                                                                                                                                I agree with that. I’ll add that games:

                                                                                                                                                                (a) Have lots of software problems that even the players find and use in-game.

                                                                                                                                                                (b) Sometimes have memory-related exploits that have been used to attack the platforms.

                                                                                                                                                                (c) Dodge lots of issues languages such as Rust address with the fact that you can use memory pools for a lot of stuff. I’ll also add that’s supported by Ada, too.

                                                                                                                                                                Preventable, buggy behavior in games developed by big companies continues to annoy me. That’s a sampling bias that works in my favor. If what I’ve read is correct, they’re better and harder-working programmers than average in C++ but still have these problems alternatives are immune to.

                                                                                                                                                                1. 3

                                                                                                                                                                  That, and games encourage an environment of ignoring security or reliability in favour of getting the product out the door, and then no long-term maintenance. If it weren’t for the consoles, they wouldn’t even have security on their radar.

                                                                                                                                                                  1. 1

                                                                                                                                                                    Yeah. On top of it, the consoles showed how quickly the private market could’ve cranked out hardware-level security for our PC’s and servers… if they cared. Also, what the lower end of the per-unit price might be.

                                                                                                                                                        2. 6

                                                                                                                                                          Would anyone dare write a browser in anything but C++?

                                                                                                                                                          That’s preeeetty much the whole reason Mozilla made Rust. It now powers a decent chunk of Firefox, esp the performance-sensitive parts like, say, the rendering engine.

                                                                                                                                                      2. 5

                                                                                                                                                        If you don’t know how to free memory when you’re done with it and then not touch that freed memory, you should not be shipping C++ to production.

                                                                                                                                                        Did you ever botch up memory management? If you say “no” I am going to assume you haven’t ever used C nor C++.

                                                                                                                                                        1. 5

                                                                                                                                                          There’s a difference between learning and shipping to production.

                                                                                                                                                          Personally, I definitely can’t get memory management right by myself and I’m pretty suspicious of people who claim they can, but people can and do write C++ that only has a few bugs.

                                                                                                                                                          1. 5

                                                                                                                                                            There’s always one or other edge case that make it slip into prod even with the experts. A toolchain on a legacy project that has no santizer flags you are used to. An integrated third party library with ambiguous lifecycle description. A tired dev on the end of a long stint. Etc etc.

                                                                                                                                                            Tooling helps, but anytime you have an allocation bug caught in that safety net means you screwed up on your part.

                                                                                                                                                            1. 5

                                                                                                                                                              Amen. I thought I was pretty good a while back having maintained a desktop app for years (C++/MFC (yeah, I know)). Then I got on a team that handles a large enterprise product - not exclusively C++ but quite a bit. There are a couple of C++ guys on the team that absolutely run circles around me. Extremely good. Probably 10x good. It was (and has been) a learning experience. However, every once in a while we will still encounter a memory issue. It turns out that nobody’s perfect, manual memory management is hard (but not impossible), and sometimes things slip through. Tooling helps tremendously - static analyzers, smarter compilers, and better language features are great if you have access to them.

                                                                                                                                                              I remember reading an interview somewhere in which Bjarne Stroustrup was asked where felt he was on a scale of 1-10 as a C++ programmer. His response, iirc, was that he was a solid 7. This from the guy who wrote the language (granted, standardization has long since taken over.) His answer was in reference to the language as a whole rather than memory management in particular, but I think it says an awful lot about both.

                                                                                                                                                              1. 4

                                                                                                                                                                My first job included a 6 month stint tracking down a single race condition in a distributed database. Taught me quite a bit about just how hard it is to get memory safety right.

                                                                                                                                                                1. 2

                                                                                                                                                                  You’re probably the kind of person that might be open-minded to the idea that investing some upfront work into TLA+ might save time later. Might have saved you six months.

                                                                                                                                                                  1. 2

                                                                                                                                                                    The employer might not have needed me in 2007 if the original author had used TLA+ (in 1995, when they first built it).

                                                                                                                                                                    1. 2

                                                                                                                                                                      Yeah, that could’ve happened. That’s why I said you. As in, we’re better off if we learn the secret weapons ourselves, go to employers who don’t have them, and show off delivering better results. Then, leverage that to level up in career. Optionally, teach them how we did it. Depends on the employer and how they’ll react to it.

                                                                                                                                                                      1. 2

                                                                                                                                                                        This particular codebase was ~600k lines of delphi, ~100k of which was shared between 6 threads (each with their own purpose). 100% manually synchronized (or not) with no abstraction more powerful than mutexes and network sockets.

                                                                                                                                                                        It took years to converge on ‘only crashes occasionally’, and has never been able to run on a hyperthreaded CPU.

                                                                                                                                                                        1. 1

                                                                                                                                                                          Although Delphi is nice, it has no tooling for this that I’m aware of. Finding the bugs might have to be a manual job. Whereas, Java has a whole sub-field dedicated to producing tools to detect this. They look for interleavings, often running things in different orders to see what happens.

                                                                                                                                                                          “~100k of which was shared between 6 threads (each with their own purpose).”

                                                                                                                                                                          That particularly is the kind of thing that might have gotten me attempting to write my own race detector or translator to save time. It wouldn’t surprise me if the next set of problems took similarly long to deal with.

                                                                                                                                                            2. 1

                                                                                                                                                              Oh yes. That’s how you become an expert.

                                                                                                                                                              You quickly learn to stick to patterns, and not deviate one millimeter from those patterns. And then your software works.

                                                                                                                                                              I vividly remember when I became disillusioned with shared_ptr: I put my faith into magic to solve my problems rather than understanding deeply what the program was doing. And our performance analysis showed that >10% of the runtime was being spent solely incrementing and decrementing shared pointers. That was 10% we’d never get back, in a game engine where performance can make or break the company.

                                                                                                                                                              1. 2

                                                                                                                                                                Ok, I take it you withheld shipping code into prod until you reached that level of expertise? I’m almost there after 20+ years and feel like a cheat now ;)

                                                                                                                                                            3. 4

                                                                                                                                                              It’s funny you mention slow compiles given your alternative is C++: the language that had the most people complaining about compile times before Rust.

                                                                                                                                                              Far as other comment, the C++ alternative for a browser should be fairly stable. Rust and Ada are safer. D compiles faster for quicker iterations. All can turn off the safety features or overheads on a selective basis where needed. So, yeah, I’d consider starting a browser without C++.

                                                                                                                                                              The other problem with C++ for security is that it’s really hard to analyze with few tools compared to just C. There still isn’t even a formal semantics for it because the language itself is ridiculously complicated. Unnecessarily so given more powerful languages, PreScheme and Scheme48, had a verified implementations. It’s just bad design far as security is concerned.

                                                                                                                                                          2. 6

                                                                                                                                                            Comparing something as large as an OS to a project like Tarsnap seems awfully simplistic. C has a bad rap because of undisciplined developers, sure, but also because manual memory management can be hard. The more substantial the code base, the more difficult it can get.

                                                                                                                                                            1. 6

                                                                                                                                                              Tarsnap is written in C

                                                                                                                                                              I want a rule in any conversation about C or C++ that nobody defending what can be done in those languages by most people uses an example from brilliant, security-focused folks such as Percival or DJB. Had I lacked empirical data, I’d not know whether it was just their brilliance or the language contributing to the results they get. Most programmers, even smart ones, won’t achieve what they achieved in terms of secure coding if given the same amount of time and similar incentives. Most won’t anyway given the incentives behind most commercial and FOSS software that work against security.

                                                                                                                                                              Long store short, what those people do doesn’t tell us anything about C/C++ because they’re the kind of people that might get results with assembly, Fortran, INTERCAL, or whatever. It’s a sampling bias that shows an upper bound rather than what to expect in general.

                                                                                                                                                              1. 8

                                                                                                                                                                Right. As soon as you restrict the domain to software written by teams, over a period of time, then it’s game over. Statistically you’re going to get a steady stream of CVE’s, and you can do things to control the rate (like using sanitizers) but qualitatively there’s really nothing you can do about it.

                                                                                                                                                              2. 4

                                                                                                                                                                My frustration to C is that it makes lots of things difficult and dangerous that really don’t need to be. Ignoring Rust as a comparison, there’s still lots of things that could be improved quite easily.

                                                                                                                                                                1. 4

                                                                                                                                                                  That’s pretty much Zig. C with the low-hanging fruit picked.

                                                                                                                                                                  1. 0

                                                                                                                                                                    Now we’re talking! What kind of things could be improved easily?

                                                                                                                                                                    I like conversations like this because it highlights areas where C’s designers could have come up with something just a bit better.

                                                                                                                                                                    1. 9

                                                                                                                                                                      That’s easy. Add slices.

                                                                                                                                                                      1. 5

                                                                                                                                                                        A significant amount of the undefined behavior in C and C++ is from integer operations. For example, int x = -1; int y = x << 1; is UB. (I bet if you did a poll of C and C++ programmers, a majority would say y == -2). There have been proposals (Regehr’s Friendly C, some more recent stuff in WG21) but so far they haven’t gotten much traction.

                                                                                                                                                                        1. 5

                                                                                                                                                                          I tweeted this as a poll. As of the time I posted the answer, 42% said -2, 16% correctly said it was UB, another 16% said implementation defined, and 26% picked “different in C and C++.” Digging a little further, I’m happy to see this is fixed in the C++20 draft, which has it as -2.

                                                                                                                                                                          1. 1

                                                                                                                                                                            Agreed; int operations are one area I find hard to defend. The best I could come up with is that int64_t should have been the default datatype. This wouldn’t solve all the problems, but it would greatly reduce the surface.

                                                                                                                                                                      2. 4

                                                                                                                                                                        I wonder about how well C maps to machine semantics. Consider some examples; for each, how does C expose the underlying machine’s abilities? How would we do this in portable C? I would humbly suggest that C simply doesn’t include these. Which CPU are you thinking of when you make your claim?

                                                                                                                                                                        • x86 supports several extensions for SIMD logic, including SIMD registers. This grants speed; performance-focused applications have been including pages of dedicated x86 assembly and intrinsics for decades.
                                                                                                                                                                        • amd64 supports “no-execute” permissions per-page. This is a powerful security feature that helps nullify C’s inherent weaknesses.
                                                                                                                                                                        • Modern ARM support embedded “thumb” ISAs which trade functionality for size improvements. This is an essential feature of ARM which has left fingerprints on video game consoles, phones, and other space-constrained devices.

                                                                                                                                                                        Why is software slow? This is a sincere and deep question, and it’s not just about the choice of language. For example, we can write an unacceptably-slow algorithm in any (Turing-equivalent) language, so speed isn’t inherently about choice of language.

                                                                                                                                                                        I remember how I learned to hate C; I wrote a GPU driver. When I see statements like yours, highly tribal, of forms like, “try writing [a native-code object with C linkage and libc interoperability] in a language other than C[++],” I wonder why you’ve given so much of your identity over to a programming language. I understand your pragmatic points about speed, legacy, interoperability, and yet I worry that you don’t understand our pragmatic point about memory safety.

                                                                                                                                                                        1. 4

                                                                                                                                                                          It was designed specifically for the advantages and limitations of the PDP-11 on top of authors’ personal preferences. It’s been a long time since there was a PDP-11. So, the abstract machine doesn’t map to current hardware. Here’s a presentation on its history that describes how many of the “design” decisions came to be. It borrowed a lot from Richard’s BCPL which wasn’t designed at all: just what compiled on even worse hardware.

                                                                                                                                                                          1. 1

                                                                                                                                                                            I keep hearing this trope, but coming from the world of EE, I’m readily convinced it is false. C never was designed to give full access to the hardware.

                                                                                                                                                                            1. 1

                                                                                                                                                                              The K&R book repeatedly describes it as using data types and low-level ops that reflect the computer capabilities of the time. Close to the machine. Then, it allows full control of memory with pointers. Then, it has an asm keyword to directly program in assembly language. It also was first used to write a program, UNIX, that had full access to and manipulated hardware.

                                                                                                                                                                              So, it looks like that claim is false. It was designed to do two things:

                                                                                                                                                                              1. Provide an abstract machine close to hardware to increase (over assembly) productivity, maintain efficiency, and keep compiler easy to implement.

                                                                                                                                                                              2. Where needed, provide full control over hardware with a mix of language and runtime features.

                                                                                                                                                                              1. 1

                                                                                                                                                                                Yet even the PDP-11 had a cache. C might have been low enough to pop in to assembly or write to an arbitrary memory position, but that does not mean it ever truly controlled the processor.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  That would be an exception to the model if C programmers routinely control the cache. It wouldn’t be if the cache was an accelerator that works transparently in the background following what program is doing with RAM. Which is what I thought it did.

                                                                                                                                                                                  Regardless, C allows assembly. If instructions are availsble, it can control the cache with wrapped functions.

                                                                                                                                                                          2. 1

                                                                                                                                                                            In my experience, C is very close to how the processor. Pretty much every C “phoneme” maps to one or two instructions, making it very close to how your processor actually works. The assembly is a bit more expressive, especially when it comes to bit operations and weird floating point stuff (and loads of weird, speciallized stuff), but C can only use features it can expect any reasonable ISA to have. It usually is easily extensible to accomodate the more specific things, far easier than most other languages.

                                                                                                                                                                            About your three examples:

                                                                                                                                                                            1. Adding proper support for SIMD is difficult, because it is very different between architectures or between versions of an architecture. The problem of designing (in a perfomant way, because if someone is vectorizing by hand, perfomance is important) around these differences is hard enough that I haven’t seen a good implementation. GCC has an extension that tries, but it is a bit of a PITA to use (https://gcc.gnu.org/onlinedocs/gcc/Vector-Extensions.html#Vector-Extensions ). There are relatively easy to use machine specific extensions out there that fit well into the language.

                                                                                                                                                                            2. If you malloc anything, you’ll get memory in a non-executable page from any sane allocator. If you want memory with execute permissions, you’ll have to mmap() yourself.

                                                                                                                                                                            3. Thumb doesn’t really change the semantics of the logical processor, it just changes the instruction encoding. This is almost completly irrelevant for C.

                                                                                                                                                                            You can of course argue that most modern ISAs are oriented around C (I’m looking at you, byte addressability) and not the other way around, but that is a debate for another day.

                                                                                                                                                                            1. 2

                                                                                                                                                                              “Adding proper support for SIMD is difficult, because it is very different between architectures or between versions of an architecture.”

                                                                                                                                                                              There’s been parallel languages that can express that and more for years. C just isn’t up to the task. Chapel is my current favorite given all the deployments it supports. IIRC, Cilk language was a C-like one for data-parallel apps.

                                                                                                                                                                              1. 1

                                                                                                                                                                                Cilk is a C extension. Also, it is based upon multithreading, not SIMD.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  Oh yeah. Multithreading. Still an example of extending the language for parallelism. One I found last night for SIMD in C++ was here.

                                                                                                                                                                          3. 3

                                                                                                                                                                            I see your point regarding people sh*tting all over C/C++. These are clearly good languages and they definitely have their place. However, I work with C++ pretty frequently (not low-level OS stuff, strictly backend and application stuff on Windows) and I’ve encountered a couple of instances in which people way more capable than I am managed to shoot themselves in the foot. That changed my perspective.

                                                                                                                                                                            To be clear, I also love C (mmmm…less C++), and I think that most developers would do well to at least pick up the language and be able to navigate (and possibly patch a large C codebase.) However, I’d also wager that an awful lot of stuff that is written in C/C++ today, probably doesn’t need the low level access that these languages provide. I think this its particularly true now that languages like Rust and go are proving to be both very capable at the same kinds of problems and also substantially little less foot-gunny.

                                                                                                                                                                          4. 2

                                                                                                                                                                            This is a bit tangential, but your link for “Modern C++ Won’t Save Us” points to the incorrect page.

                                                                                                                                                                            It should point to: https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/

                                                                                                                                                                          1. 3

                                                                                                                                                                            If you needed a signed JSON object to retain JSON structure, why wouldn’t you add a valid JSON envelope with the token and the original payload as attributes like so:

                                                                                                                                                                            {
                                                                                                                                                                                "header": {
                                                                                                                                                                                    "alg": "HS256",
                                                                                                                                                                                    "typ": "JWT"
                                                                                                                                                                                },
                                                                                                                                                                                "token": "XXXXXXX",
                                                                                                                                                                                "payload": {
                                                                                                                                                                                    "sub": "1234567890",
                                                                                                                                                                                    "name": "John Doe",
                                                                                                                                                                                    "iat": 1516239022
                                                                                                                                                                                }
                                                                                                                                                                            }
                                                                                                                                                                            
                                                                                                                                                                            1. 8

                                                                                                                                                                              Imagine that the sender of the JSON document is Node and the ECMAScript JSON API, and the recipient of the document is using Rust and Serde.

                                                                                                                                                                              Most cryptographic algorithms, including hashing functions, operate on bytes. So to take the hash of that payload, you need to decode the entire JSON document, pull the payload object out of memory, re-encode it as a JSON document, and perform the hashing algorithm on that. When you do this in Node, you’ll wind up hashing the ASCII bytes of {"sub":"1234567890","name":"John Doe","iat":1516239022}, getting 3032e801ce56c762a1485e5dc2971da67ffff81af5cc7dac49d13f5bfbe95ba6. Also, because of the way objects are represented in Node, seemingly innocuous changes to the code can result in the keys being in a different order when you initially build an object, but Node does preserve order in JSON documents when it decodes and reencodes it. (node also does not provide any good APIs for manipulating the order of keys in objects, as far as I know, because ECMAScript actually says that the order is unspecified)

                                                                                                                                                                              Serde, on the other hand, does not preserve order when you decode a JSON document. There are basically two common ways to decode a JSON object: you can decode it into a HashMap, which literally randomizes the order, or you can decode it into a struct, which if you re-encode it, will encode it in the same order that the struct is written in. So, given this code:

                                                                                                                                                                              #[derive(Deserialize,Serialize)]
                                                                                                                                                                              struct FullMessage {
                                                                                                                                                                                  header: MessageHeader,
                                                                                                                                                                                  token: String,
                                                                                                                                                                                  payload: MessagePayload,
                                                                                                                                                                              }
                                                                                                                                                                              #[derive(Deserialize,Serialize)]
                                                                                                                                                                              struct MessagePayload {
                                                                                                                                                                                  iat: u64,
                                                                                                                                                                                  name: String,
                                                                                                                                                                                  sub: String,
                                                                                                                                                                              }
                                                                                                                                                                              

                                                                                                                                                                              If you decode into a FullMessage, and then re-encode the MessagePayload, you will wind up hashing {"iat":1516239022,"name":"John Doe","sub":"1234567890"}, which hashes to 907b71ecd7dbc6cb902905e053fe990ed5957aa5217150b2355c36583fcf9519. It will, thus, report that the payload was tampered with, even though both versions of the payload are equivalent for your purposes.

                                                                                                                                                                              Because the JSON specifications say that order is not important in an object, both behaviors are spec-compliant.

                                                                                                                                                                              1. 3

                                                                                                                                                                                Gotcha. I don’t use Node or Rust, but I can understand how different JSON libraries could make this a problem. What if the payload was serialized?

                                                                                                                                                                                {
                                                                                                                                                                                    "header": {
                                                                                                                                                                                        "alg": "HS256",
                                                                                                                                                                                        "typ": "JWT"
                                                                                                                                                                                    },
                                                                                                                                                                                    "token": "XXXXXXX",
                                                                                                                                                                                    "payload": "{\"iat\": 1516239022, \"sub\": \"1234567890\", \"name\": \"John Doe\"}"
                                                                                                                                                                                }
                                                                                                                                                                                

                                                                                                                                                                                In this form, the token is computed and verified on the given bytes of the serialized payload, so differences in parsers should not matter.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  That would totally work. It’s basically the same as the OP’s recommendation (serialize your JSON, then concatenate it with the signature) except you’re using a much more complicated way of “concatenating” them.

                                                                                                                                                                                  1. 3

                                                                                                                                                                                    Right, but the result is still valid JSON, which was the problem they raised with “just concatenation.”

                                                                                                                                                                                    1. 3

                                                                                                                                                                                      Technically, yes. Unfortunately, whatever signature-unaware middleware you’re using won’t be able to get at the JSON keys and values within the payload part. Most people deploy such middleware specifically because they want to be able to filter or route based on the contents of the message, and you lose that.