1.  

    Depending on what kind of site you’re using, you’d do well with something like trust levels or karma (I know Lobsters actually has a concept of a “new users”, who cannot downvote, and established users who can).

      1. 22

        suite of productivity apps

        heh, I’m still used to “Google” meaning “search”, not “productivity apps”. YaCy would be the real “open source Google” if we still remember that Search is the big part :D

        1. 4

          I don’t think search is the big part when it comes to replacing google. Most people I talked to about migrating from google products say they can’t because they rely too much on Gmail and Drive. Even though some of them also said search alternatives sucked, they were more willing to deal with that then losing the collaborative power that Google Drive gave them. I advocate against google as well by the way, but damn their Chrome + Gmail + Drive combo is becoming the definition of professional computing for a lot of people, specially since they also offer that in an Enterprise edition as well.

          1. 4

            I disagree, search is a biggest part.

            • Chrome replacable with Firefox 100%
            • Gmail replacable by something N% (Protonmail?)
            • Drive replacable by bunch of things - dropbox, one drive, IFS, NextCloud, etc. particularly with some tooling that utilize multiple things. Drive, IMO, has insulting interface and operability for 2019.

            Search on the other hand, is not easily replaced, especially since ddg, startpage and many others use google in the backend. Bing is retarded with those wallpapers and Yahoo is a mess. No bueno. All should die, perhaps we should return to altavista or do the SETI thing (best option IMO).

            1. 3

              DuckDuckGo uses Bing as its backend. Not Google.

              1. 4

                Well, it includes results from Bing. And a variety of other search engines.

              2. 3

                The pull is the multiple-concurrent-editors spreadsheets and text documents (which I think got rebranded from Docs to fall under Drive) rather than just the ability to share files.

                There are fewer competing products for the Docs use cases. They are quite hard to implement.

                1. 4

                  Document collaboration is possible in Next Cloud with Colabora and it works on premise and with open office docs:

                  https://nextcloud.com/collaboraonline/

                  1. 1

                    I did not know that and I am surprised. Interesting, thank you.

                2. 1

                  We’re discussing different things. I want practical results not theoretical ones.

                3. 2

                  Whoever down-voted with “incorrect”, can you please explain your reason? I don’t mind the vote count, I’m just genuinely interested in what was “incorrect” in my post?

                  1. -1

                    Down-voting is lame so any interaction with such dudes is meh. Provide comments when downvoting, don’t hide behind the counter.

                  2. 2

                    For me, replacing calendaring is the most difficult, because other than email, calendaring is the system most subject to network effects. I can switch to DDG or OpenStreetMaps on my own and it doesn’t affect those around me, but if I were to switch off Google Calendar, I don’t know how I’d be able to coordinate with others the same way.

                    1. 1

                      Yeah I have the same issue with Google Calendar. Though Docs is also subject to network effects, specially for professions that do a lot of document editing (journalism, PR, etc).

                      1. 1

                        Sure; I’ve pretty much made peace with being stuck with a work-related Google account and have only made efforts to remove it from my personal usage.

                  3. 2

                    That was my first reaction as well actually.

                    1. 1

                      Is YaCy still alive? I tried using their demo portal and my browser kept timing out.

                      1. 2

                        I’ve tried it at home relatively recently, with crawling enabled. Got my IP address temporarily banned from some places / started seeing more captchas everywhere :D Search did work, yes.

                      2. 0

                        Also there’s no Gmail replacement, which is probably the second most popular Google product.

                        1. 4

                          Gmail was a web-based mail system. It might have embraced and extended the concept of mail in such a way that Gmail is more than just a web-based mail user agent but that does not imply it can not be replaced by another web-based mail user agent, of which there there are many.

                          1. 1

                            Right, but there’s nothing in Bloom that replaces any part of Gmail.

                          2. 3

                            Think about what would be involved there. Setting up an SMTP server is non trivial for the average user (This is where 90 of you in the audience pop up and say “I set up SMTP servers in my sleep and 5 before breakfast!” :)

                            Of course a big part of that is all the infra that big mail processors like Google have put in place for spam prevention (and maybe a side order of lock-in :)

                            You could easily bundle a webmail interface with the assumption that all the guts would be handled elsewhere I guess, but there are already quite a number of those.

                            1. 2

                              Spam is a huge part, I think. I use Gmail for accounts and such, and self-host for my FOSS contributions / mailing lists / more personal interactions, and the open source spam filtering capabilities imo are nowhere near what Gmail offers. Don’t get me wrong, rspam has made things a lot better, but I still think self-hosting for most people isn’t feasible because of spam/phishing alone.

                          3. 0

                            YaCy is would be, if it proved to be practical, and so far it didn’t. Maybe it would be good to utilize some better strategy then theirs. For example, remember SETI screensavers ? All OS’es could have something like that but for search indexing.

                          1. 3

                            The same year Microsoft is proud to add a new terminal app with the full support of bash and everything to please developers.

                            Is Microsoft actually distributing a GPLv3 licensed copy of Bash with every Windows install? I’m surprised their lawyers are comfortable with that.

                            I guess the kids all think this is a good change, because now no one will have an old version of Python or Perl. Instead, they’ll have ten of them, and you’ll have to play with paths to pick the right one, like Windows.

                            Why is the author acting like this wasn’t already a problem– since OS X shipped with old versions of runtimes, installing N project’s depended-upon versions of Ruby/Python et al required having N+1 versions installed to begin with. This just drops it down to N.

                            And for someone supposedly concerned about the QoL of scripting devs, the author is oddly ignorant, or deliberately acting ignorant, of the fact that the Ruby/Python/et al communities developed tools to automatically manage paths for switching between different runtime versions a decade or more ago. It’s an absolute non-issue.

                            1. 3

                              Is Microsoft actually distributing a GPLv3 licensed copy of Bash with every Windows install? I’m surprised their lawyers are comfortable with that.

                              It’s an add-on you can get from the Windows Store. Naturally, at the bottom of the product page, you find links to the licensing terms and websites where you can get the source code. You could also use apt to fetch the source deb packages after installing it.

                              Which is kind of the same deal that Apple has with Xcode, so, no, I don’t see much difference with where they’re going. Microsoft’s just starting from a different place.

                              1. 1

                                Which is kind of the same deal that Apple has with Xcode, so, no, I don’t see much difference with where they’re going. Microsoft’s just starting from a different place.

                                Yeah, that’s basically my read on it as well

                              2. 3

                                Is Microsoft actually distributing a GPLv3 licensed copy of Bash with every Windows install? I’m surprised their lawyers are comfortable with that.

                                Perhaps Microsoft’s lawyers actually understand GPL3, then. Nothing about it is dangerous for Microsoft in this case.

                              1. 17

                                Interested in hearing other views. But I think what they are doing is reasonable.

                                Can this be extrapolated into a ‘BLISS’ principle: ‘Buy License if SaaS’ (just came up with abbreviation :-) )

                                “.. The one and only thing that you cannot do is offer a commercial version of CockroachDB as a service without buying a license. ..”

                                They should probably provide some examples of what they consider a CockroachDB service, vs a service that’s using CockroachDB underneath.

                                1. 10

                                  agreed. copying my comment over from hn:

                                  this seems like an excellent licence, clearly spelling out the intent of the copyright, rather than trying to fashion a one-size-fits-all set of rules. it reminds me of cory doctorow’s point that, intuitively, if some community theatre wanted to dramatise one of his works, they should be able to just do so, but if a major hollywood studio wanted to film it they should require a licence, and it is hard to draft a copyright law that does this properly.

                                  1. 13

                                    Can this be extrapolated into a ‘BLISS’ principle: ‘Buy License if SaaS’

                                    It can be. The question is not whether someone could do a thing, it’s whether they should do a thing.

                                    And the answer to that question is: Cockroach Labs itself wants to offer CockroachDB as SaaS, and they see it as absolutely necessary that they have the exclusive right to decide whether anyone else can do that and charge money for the privilege. Fair enough, they hold the copyright on the software (presumably) and can relicense it as they wish.

                                    But what happens to Cockroach Labs’ SaaS offering if every other component of the stack they run on adopts the same license and says “free but only if you’re not a for-profit SaaS”? If they have to pay dozens or, more likely, hundreds of separate license fees for the privilege of using all the other open-source components they depend on?

                                    The answer is Cockroach Labs would not be in the SaaS business for very long after that, because they wouldn’t be able to turn a profit in such a world. The categorical imperative catches up to people. And the real result would be everybody forking from the last genuinely open-source version and routing around the damage that way.

                                    1. 11

                                      But what happens to Cockroach Labs’ SaaS offering if every other component of the stack they run on adopts the same license and says “free but only if you’re not a for-profit SaaS”?

                                      but cockroachdb, as far as i can make out, is not doing this - they’re saying “free, unless you’re a for-profit cockroach-db-as-a-saas”, that is, if what you are selling is a hosted version of cockroachdb itself, rather than some other saas product that happens to use cockroach as a backend.

                                      1. 5

                                        Right. So assuming that Cockroach Labs offers no services except CockroachDB-as-a-service and a support line, Cockroach Labs would not have to pay for any additional licenses if all dependencies in their software stack switched to CockroachDB’s new license.

                                        I think very few companies would be harmed if this license became prevalent. (I make no statement on the worth of the services of the few companies that would be harmed by such mass relicensing.)

                                      2. 4

                                        But most of the deps of CockroachDB aren’t created by corporations who need to monetize them directly.

                                        1. 12

                                          Exactly. I think different kinds of projects end up preferring different kinds of licenses, for good reasons:

                                          • core infrastructure — libraries, runtimes, kernels, compilers — permissive and public domain-ish — because “stuff you were going to write anyway”, not written directly for profit, stuff you want to just exist and would love it if someone made a successful fork (because you wouldn’t have to maintain it anymore! — that’s most of my github projects) etc.
                                          • end user / GUI / client software — desktop, mobile apps — copyleft — because someone else turning your app into a proprietary one sucks, you want user freedom for the end users
                                          • SaaSable / Web Scale™ / serious business oriented server software — distributed DBMSes like this one — these “Buy License if SaaS” licenses — because reasons everyone discussed with the SaaS thing

                                          Of course not everyone will agree with my philosophy here, but I think it’s good and much more productive than “I hate GPL” / “I hate permissive” / “the anti-SaaS stuff is destroying all FOSS ever”. You don’t have to attach yourself personally to a kind of license, you can adopt a philosophy of “different licenses for different kinds of projects”.

                                          1. 1

                                            core infrastructure — libraries, runtimes, kernels, compilers — permissive and public domain-ish — because “stuff you were going to write anyway”,

                                            I don’t think that’s true given the value that great infrastructure can provide, esp with good ecosystem. The mainframe companies, VMS Inc, Microsoft, and Apple all pull in billions of dollars selling infrastructure. The cloud companies sell customized and managed versions of open infrastructure. The vendors I reference making separation kernels, safety-critical runtimes, and certifying compilers are providing benefits you can’t get with most open code. Moreover, stuff in that last sentence costs more to make both in developer expertise and time.

                                            I think suppliers should keep experimenting with new licenses for selling infrastructure. These new licenses fit that case better than in the past. If not open, then shared source like Sciter has been doing a long time. I’d still like to see shared source plus paying customers allowed to make unsupported forks and extensions whose licenses can’t be revoked so long as they pay. That gets really close to benefits of open source.

                                            1. 1

                                              Of course there’s still companies selling specialized, big, serious things. But FOSS infrastructure has largely won outside of these niches. Linux is everywhere, even in smart toilets and remote controlled dildos :D Joyent has open sourced their whole cloud stack. Google has open sourced Bazel, Kubernetes, many frontend frameworks… Etc. etc.

                                              shared source plus paying customers allowed to make unsupported forks and extensions whose licenses can’t be revoked so long as they pay

                                              IIRC that’s the Unreal Engine 4 model. It’s.. better than hidden source proprietary I guess.

                                              separation kernels, safety-critical runtimes, and certifying compilers are providing benefits you can’t get with most open code

                                              I’ve heard of some of these things.. but they’ve been FOSS mostly. NOVA: GPLv2. Muen: GPLv3. seL4: mix of BSD and GPLv2. CompCert: mix of non-commercial and GPLv2.

                                              1. 4

                                                “ But FOSS infrastructure has largely won outside of these niches. “

                                                Free stuff that works well enough is hard to argue with. So, FOSS definitely wins by default in many infrastructure settings.

                                                “but they’ve been FOSS mostly. NOVA: GPLv2. Muen: GPLv3. seL4: mix of BSD and GPLv2. CompCert: mix of non-commercial and GPLv2.”

                                                They’ve (pdf) all been cathedral-style, paid developments by proprietary vendors or academics. A few became commercial products. A few were incidentally open-sourced with one, Genode, having some community activity. seL4 may have some. Most seL4-based developments are done by paid folks that I’ve seen. The data indicates the best results come in security-focused projects when qualified people were paid to work on the projects. The community can do value-adds, shake bugs out, help with packaging/docs, translate, etc. The core design and security usually requires a from core team of specialists, though. That tends to suggest paid models with shared source or a mix that includes F/OSS are best model to incentivize further development.

                                                “and remote controlled dildos :D “

                                                There’s undoubtedly some developer that got laid off from their job shoving Windows CE or Symbian into devices that were once hot who dreamed of building bigger, better, and smarter dildos that showed off what their platforms had. The humiliation that followed wasn’t a smiling matter, Sir. For some, it may have not been the first time either.

                                                1. 2

                                                  cathedral-style, paid developments by proprietary vendors or academics

                                                  Yes, the discussion was about licensing, not community vs paid development. For this kind of project, I don’t see how non-FOSS shared source licensing would benefit anyone.

                                                  1. 2

                                                    Individuals outside business context could use, inspect, and modify the product for anywhere from cheap to free. Commercial users buy a license that’s anything from cheap to enterprise-priced. The commercial use generates revenues that pay the developers. Project keeps getting focused work by talented people. Folks working on it might also be able to maintain work-life balance. If 40-hr workweek, then they have spare time and energy for other projects (eg F/OSS). If mix of shared-source and F/OSS, a percentage of the funds will go to F/OSS.

                                                    I think that covers a large number of users with acceptable tradeoffs. Harder to market than something free. The size of the security and privacy markets makes me think someone would buy it.

                                          2. 3

                                            They aren’t today.

                                            But yesterday, CockroachDB was open-source software.

                                            1. 6

                                              Yeah people love free stuff and not paying for it.

                                              1. 4

                                                Well, most of the free stuff I have access to is reasonably priced.

                                                1. 2

                                                  Ok, I meant to say not paying what it is worth (draining the producers).

                                                2. 6

                                                  Yes, people love getting things for free.

                                                  Cockroach Labs likes getting things for free, but has decided that they don’t like giving things away for free. This is a choice they have the legal right to make, of course, but that doesn’t necessarily make it the right decision.

                                                  From a business perspective, it’s a very bad sign. A company suddenly switching from open source to proprietary/“source available” is usually a company where the vultures are already circling. And mostly it indicates a fundamental problem with the business model; changing the license like this doesn’t fix that problem, and in fact can’t fix it. If demand for CockroachDB is significant enough, other people will fork from the last open-source release and keep it going. If demand for it isn’t significant enough, well, they won’t. And either way, Cockroach Labs probably won’t make back what the VCs invested into it.

                                                  From a software-ecosystem perspective, it’s more than a bit hypocritical. Lots of people build and distribute permissive-licensed software, and Cockroach Labs has, if not profited (since they may not be profitable) from it, at least saved significant up-front development cost as a result. If what they wanted was a copyleft-style share-and-share-alike, there were licenses available to let them do that (which, from a business perspective, still would not have saved them). But that’s not really what they wanted (and by “they” I mean the people in a position to impose decisions, which does not mean the engineering team or possibly even the executive team). What they seem to have wanted was to be proprietary from the start, and therefore to have absolute control over who was allowed to compete with them and on what terms. There is no open-source or Free Software license available which achieves that goal; the AGPL comes closest, but still doesn’t quite get there.

                                                  And there simply may not have been a business model available for CockroachDB that would satisfy their investors, but Cockroach Labs was founded at a time when it already should have been clear – especially to a founding team of ex-Googlers – where the market was heading with respect to managed offerings for this type of software. They could have tried other options, like putting more work into integrating with cloud providers’ marketplaces, but instead they knowingly signed up to get their lunch eaten, and do in fact appear to have gotten their lunch eaten.

                                                  1. 9

                                                    Cockroach Labs likes getting things for free, but has decided that they don’t like giving things away for free.

                                                    You are hinting that Cockroach Labs are trying to act as freeloaders while ignoring the real elephant in the room: SaaS providers.

                                                    1. 0

                                                      You are hinting that Cockroach Labs are trying to act as freeloaders while ignoring the real elephant in the room: SaaS providers.

                                                      I’m pointing out the simple fact that Cockroach Labs wants to have the right to build a business on open-source software, but wants to say that other entities shouldn’t have that same right. That’s literally what this comes down to, and literally what their new license tries to say.

                                                    2. 3

                                                      Cockroach Labs likes getting things for free, but has decided that they don’t like giving things away for free.

                                                      That’s an unfair characterization. The code they use is made by people who like giving stuff away for free. If permissive, they’ve already chosen a license that lets commercial software reuse it without giving back any changes. If copyleft under GPL-like license, there’s already bypasses to sharing like SaaS that they’re implicitly allowing by not using a strong license. They’re also doing this in a market where most users of their libraries freeload. They then release the code under that license knowing all this for whatever reasons they have in mind.

                                                      And then Cockroach Labs, whose goal is a mix of profit and public benefit, uses some of the code they were given for free. They modify the license to suit their goals. Each party contributing code should be fine with the result because each one is doing exactly what you’d expect with their licenses and incentives. If anything, CockroachDB is going out of their way to be more altruistic than other for-profit parties. They could be locking stuff up more.

                                                      1. 1

                                                        They approve of the “take open-source software and build a business on it without financially supporting all the authors in a sustainable way” approach when it’s them doing it with other people’s software. They don’t approve when it’s Amazon doing it with CockroachDB. You can try to spin it, but that’s really what it comes down to.

                                                        And they want control over who’s allowed to compete with them and who’s allowed to use their software for what purposes. That’s fundamentally incompatible with their software being open source, and they’ve finally realized that, but it’s a bit late to be suddenly trying to change to proprietary.

                                                        1. 2

                                                          I agree it won’t be open source software when they relicense it. I disagree that there’s any spin. I tell people who want to force contributions or money back to put it in their license with a clause blocking relicensing to non-OSS/FOSS. Yet, the OSS people still keep using licenses or contributing to software with such licenses that facilitate exactly what CockroachDB-like companies are doing.

                                                          I don’t see how it’s evil or hypocritical for a for-profit company acting in self-interests to use licensed components whose authors choose knowing it facilitates that. It wasn’t the developers only option. There was a ton of freeloading and hoarding of permissively-licensed components before they made the choice. Developers wanting contributions from selfish parties, esp companies, should use licenses that force like AGPL or Parity. The kinds of companies they gripe about mostly avoid that stuff. This building on permissive licensing and relicensing problem has two causes, not one.

                                                          Note: There’s also people that don’t care if companies do that since they’re just trying to improve software they and other people use. Just figured I should mention that in case they’re reading.

                                                          1. 2

                                                            I don’t see how it’s evil or hypocritical for a for-profit company acting in self-interests to use licensed components whose authors choose knowing it facilitates that.

                                                            It’s not “evil”. But it is at least a bit hypocritical to decide that you’re OK doing something yourself, but not with other people doing it too.

                                                            Given their intended business model, CockroachDB probably should have been proprietary from the start. Would’ve avoided this specific headache (but probably still wouldn’t have avoided the problem with the business model they chose).

                                                            1. 1

                                                              “But it is at least a bit hypocritical to decide that you’re OK doing something yourself, but not with other people doing it too.” “CockroachDB probably should have been proprietary from the start”

                                                              “three years after each release, the license converts to the standard Apache 2.0 license”

                                                              Amazon isn’t giving all their stuff away after three years under a permissive, open-source license. What we’re really discussing is a company that will delay open-sourcing code by three years, not just license proprietary software. Every year, they’ll produce more open-source code. It will be three years behind the proprietary, shared-source version everyone can use except for SaaS companies cloning and selling their software. You’re talking like they’re not giving anything back or doing any OSS. They are. It’s just in a way that captures some market value out of it.

                                                              In contrast, the people making OSS dependencies usually aren’t doing anything to capture business value out of the code. If anything, they’re not even trying to. They’re directly or indirectly encouraging commercial freeloading with a license that enables it instead of using one that forbids it. So, CockroachDB doesn’t owe them anything or have any incentive to pay. Whereas, CockroachDB’s goal is to make profit on their own work. The goal differences are why there’s no hypocrisy here. It would be different if the component developers were copylefting or charging for CockroachDB’s dependencies with the company not returning code or pirating the components.

                                                              1. 1

                                                                but not with other people doing it too

                                                                Have you heard anyone at Cockroach Labs say this? Wouldn’t they be able to offer their service based on 3 year old versions of every piece of OSS they use? It seems to me this license would work fine transitively, so there’s no hypocrisy involved.

                                                3. 3

                                                  If they have to pay dozens or, more likely, hundreds of separate license fees for the privilege of using all the other open-source components they depend on?

                                                  Sounds good to me. They have had millions of dollars of funding, they can easily pay some money to people who deserve it.

                                                  1. 1

                                                    Or we’ll get something like ASCAP, but for software instead of music.

                                                    1. 6

                                                      As a long time ASCAP member, I hope we could do better.

                                                  2. 3

                                                    They should probably provide some examples of what they consider a CockroachDB service, vs a service that’s using CockroachDB underneath.

                                                    I believe I read somewhere that they considered the user having the ability to freely modify the schema as being “as a service”

                                                    Edit: found it

                                                    1. 2

                                                      The user of a “CockroachDB as a Service” company, that is (not just a user of CockroachDB in general)

                                                      1. 2

                                                        Thx @trousers @johnaj for clarification. I guess, for me this ‘muddied’ waters so to speak.

                                                        Say, hypothetically, I have a SaaS that allows my customers to upload logs from IoT devices, and schema (in my DSL) explaining the data, and some SQL-like (but can also be my DSL) queries about their data.

                                                        My service is to provide the results of the queries back to them via dashboards/PDFs etc. The hypothetical SaaS charges for that service (and hopes, in some distant future, to make net profit)

                                                        Underneath, I want to use CockroachDB.

                                                        When customer provides their data explanation in DSL, I actually translate it into CockroachDB schema, and create materialized and non-materialized views (I do not know if the DB supports this, let’s assume – it does). I do that so that customer’s queries can be translated to database statements more easily (and run efficiently).

                                                        So I have a SaaS service, and allow customers (although indirectly) to create schema specific to their data in my database.

                                                        Will I need license?

                                                        From what I am reading right now, I will.
                                                        This is not good or bad – but I hope, then, Postgres would never adapt BLISS.

                                                        May be I am wrong .. so hope to hear what others think.

                                                        1. 2

                                                          Will I need license?

                                                          No. I think anything that is indirect (they are not using the wire protocol or directly issuing queries) is not going to require a license.

                                                          That said, I can see how your example is demonstrative of a possible problem – if Amazon created like a graphQL layer in front of it that just sort of translated to and from CockroachDB would that give them safety license wise – and I think it would.

                                                          1. 3

                                                            Right, there is ambiguity about the ‘type or class’ of layers that when added, will not require a license vs layers that will require a license.

                                                            If I correctly understand the spirit and the intent of their license, I actually think CockroachDB should protect themselves, and specify that following layers:

                                                            a) security + access control layers

                                                            b) performance + scalability layers

                                                            c) General (not domain specific) query meta language layers

                                                            d) Deployment layers (eg ansible roles on top)

                                                            e) Hardware layer underneath (eg optimized FPGA/GPUs)

                                                            If a SaaS business added on top of their DB only the above layers in essense, and then sold as SaaS together with CocroachDB – they would need the BLISS license.

                                                            Also, at the end of the day, their license may end up being, still, free for some businesses that fall under BLISS – but I think, CockrouchDB team and their investors, want to be in control of that decision…

                                                        2. 1

                                                          Right. Good clarification.

                                                      1. 2

                                                        oh i am so sorry, must have pasted it without noticing! Looks really sneaky but it was an honest mistake I assure you!

                                                        No way to edit the URL right, should i delete and repost?

                                                        Take it that HN isn’t the most popular site around here :D

                                                        1. 2

                                                          @pushcx you can fix it, can’t you?

                                                      1. 2

                                                        USB - A shitty problems-introducing half-baked solution, designed in the terms of the shittiest version of everything, to a problem that could have been perhaps left unsolved for a little longer.

                                                        Now we’re going to go with this for who knows how long, with all the mess it lugs behind. 6-simultaneous-key-press-limit on keyboards and everything.

                                                        Plus, with constant idiotic updates, the USB cables are becoming the issue they were attempting to solve. Great job!

                                                        1. 10

                                                          The 6-key limit is a myth. Competently designed USB keyboards can support NKRO fine. The problem seems more that a lot of keyboard makers don’t actually understand the the HID standard, or don’t care.

                                                          There’s plenty about USB that’s crap though.

                                                          1. 1

                                                            Did look on and found ergodox drivers firmware that have NKRO. Will look on it when I’m more pissed about the limit than what I’m now. Thank you.

                                                          2. 3

                                                            You really think leaving the problem unsolved for longer would have resulted in a better solution?

                                                            1. 0

                                                              It’s more about whether anybody was needed to solve it in the first place. I’m sure they already thought of universal connection for peripherals in 1960s but they couldn’t make it yet back then. Also the existing serial ports would have been getting smaller and faster in any case. Possibly we could have handled without USB perfectly well.

                                                              The answer to your question is yes though. You can use Internet protocol suite for communication between small devices as well. By now it could be extended to all peripherals. Instead of USB we could have had yet another entry on the link-layer.

                                                              1. 7

                                                                I think it’s important to view USB in the context of where it came from, rather than comparing it to current technology and evaluating it only in hindsight.

                                                                It’s more about whether anybody was needed to solve it in the first place.

                                                                The experience of using USB today completely outclasses the ISA, PCI, Parallel Port, and PS/2 connections of the day. I used to have to set physical jumpers on a sound card to make sure that the IRQ and DMA settings matched what my motherboard/OS supported and didn’t conflict with other installed cards. 20 minutes on my knees with a manual and screwdriver in hand, every time, only knowing if you got it right after booting up the OS each time and testing it with some software. Yes, I think someone needed to solve this.

                                                                Possibly we could have handled without USB perfectly well.

                                                                I honestly feel that we had to go through a painful phase (non-flippable connectors, manual jumpers, plethora of cable types, screwed-in vs non-screwed in connectors, manually setting non-conflicting IRQs, power distribution) before we could get to a decent one, and I’d rather that painful phase be in the past than the future. Same as with Bluetooth – there was a bad time, and now things “generally” work unless you’re doing something at the fringes. Waiting for the next thing would have just delayed any lessons the industry could have learned.

                                                                Did you know the USB spec required the ‘trident’ logo to be on the top side of the connector, meaning you always knew which way to plug it in? This seems like a great solution, until you witness millions of people messing it up every time (without even knowing this was part of the standard), compounded by dubious manufacturers flooding the market and ignoring the spec (sometimes making cables without any trident, let alone on the wrong side). You only witness these things by having a product in the wild or having seen another products/specs suffer these problems in the wild. In either case, there is a painful phase that eventually stabilizes into something useful.

                                                            2. 2

                                                              Plus, with constant idiotic updates, the USB cables are becoming the issue they were attempting to solve.

                                                              This, exactly! The U stands for Universal, the idea that any device could connect to another. If I recall correctly, even before USB 1.0 was released there were two incompatible plug types in widespread use: A and B. Supposedly this was to separate the host and client, but as devices quickly appeared that could be either host or client (think of plugging a camera directly into a printer) the mess because apparent. It’s only gotten worse from there, with USB C, mini- then micro-USB, and the micro versions of USB B and 3 (I still daily drive a Note 3 with the Micro USB 3 I think it is).

                                                              1. 1

                                                                What are you doing that requires more than six keys being pushed down at one time?

                                                                1. 3

                                                                  In my case, hotseat multiplayer games like Liero (think realtime Worms). Playing with two kids on one keyboard is super fun!

                                                                  1. 2

                                                                    Nothing, but it’s still a thing that limits the use of a keyboard and is stupidly low number for a key buffer. It should be at least 24 keys, preferable 4000 keys. Pointless to have so small buffer.

                                                                    1. 1

                                                                      I don’t know about you, but I only have ten fingers, and I only really use eight of them for typing.

                                                                      Probably should’ve made the limit 8 instead of 6. You could fit the full set of keycodes (assuming I’m reading this correctly and all USB scan codes are one byte) evenly into four 16bit registers, or, nowadays, one 64bit register.

                                                                      1. 3

                                                                        FWIW it’s not actually 6 keys total; modifier keys don’t count towards the limit.

                                                                1. 7

                                                                  The end of controlling what you see on the Web is coming.

                                                                  1. 27

                                                                    Not if you switch to Firefox :)

                                                                    I really hope Google is shooting themselves (and Chrome’s market share) in the foot with this move… but somehow I doubt it.

                                                                    1. 6

                                                                      Firefox development is mostly funded by Google. I can’t imagine them doing much to piss Google off.

                                                                        1. 13

                                                                          This actually sounds reassuring:

                                                                          Regardless of what happens with Chrome’s manifest v3 proposals, we want to ensure that ad-blockers and other similarly powerful extensions that contribute to user safety and privacy remain part of Mozilla’s add-ons ecosystem while also making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                                                                          1. 8

                                                                            making sure that users are not being exposed to extreme risks via malicious use of powerful APIs.

                                                                            This part is scary.

                                                                            1. 1

                                                                              Yeah, but …

                                                                              We have those APIs now isn’t it ? And the world isn’t collapsing.

                                                                              1. 4

                                                                                The scary part is that Firefox thinks it’s their job to decide how users use their own computers.

                                                                                1. 18

                                                                                  It’s kind of impossible not to if you’re creating consumer facing software, isn’t it?

                                                                                  1. 4

                                                                                    It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                                                                                    1. 12

                                                                                      If it’s about the signed extension thing, please read about the history of that feature It is not based on threat models and predictions. It was done this way to get rid of adware that was auto-installing itself and making real-world people’s lives worse. It has to be hard-coded into the EXE, because it’s only the EXE that Windows performs signature checks on and that Mozilla can sue adware developers for impersonating.

                                                                                      1. 2

                                                                                        Alright. If it doesn’t affect people building from source, I guess it doesn’t matter.

                                                                                        1. 2

                                                                                          So… block it on Windows?

                                                                                      2. 3

                                                                                        It’s one thing to provide safe defaults, and another thing entirely to ensure that those defaults can’t be overridden.

                                                                                      3. 3

                                                                                        I never understand this sort of rhetoric.

                                                                                        I maintain quite a few open-source projects, and contribute to others. They all make choices about what they support and what they don’t. Is it sinister of them to do so? Many of them don’t provide any sort of toggle to make them support things the developers have chosen not to support, which is what you seem to object to. Is that really controlling behavior, or just developers disagreeing about what should be supported?

                                                                                        1. 1

                                                                                          My issue is that it’s user-hostile to prevent users from doing what they want with their computers. Firefox runs on my computer; I as an end user — and my grandparents as end-users — should be free to determine which extensions I run within Firefox. It’s not Mozilla’s computer to control. The ability to choose how to use one’s computer shouldn’t be reserved to developers: it should be available to everyone.

                                                                                          1. 0

                                                                                            Mozilla is free to develop the software they want to develop. You’re free to not use it.

                                                                                            You don’t have the right to force them to develop something they don’t want to, but you seem to be trying to assert such a right.

                                                                                2. 2

                                                                                  Or, rely on blocklists: https://firebog.net/ I’ve got a little side project to automate it: https://gitlab.com/dacav/myofb

                                                                                  If you want something more complex, more popular, more user-friendlly: pi-hole

                                                                                  1. 3

                                                                                    Until they fully control DNS as well with something like DoH.

                                                                                    1. 1

                                                                                      Ah, this cat-and-mouse thing! :) Let’s try. You play adversary :)

                                                                                      My next move is to use the blacklist to place a filter at firewall level instead of using it at dns level.

                                                                                      Your move

                                                                                      1. 1

                                                                                        Or use /etc/hosts

                                                                                        1. 1

                                                                                          That’s actually one of the options of my scripts: populating /etc/hosts. :)

                                                                                        2. 1

                                                                                          Proxying ads through the website you want to see, so the ad urls are http://destination.com/double click/ad/1234

                                                                                          1. 1

                                                                                            Definitely. But the website gets a performance penalisation, I think.

                                                                                            Plus, I’m wondering, will it be as effective for the trackers to deal with the tracked browser with a proxy server in between? (maybe, maybe not).

                                                                                          2. 1

                                                                                            I place Ads and DoH on the same IP address as the CDN that millions of websites use.

                                                                                            1. 1

                                                                                              Wait what? I don’t get this one. How many millions of websites are passing through the same IP address? Can you elaborate?

                                                                                              1. 1

                                                                                                Many of the ones that sit behind CloudFlare and Fastly.

                                                                                1. 8

                                                                                  You shouldn’t have to enter an elite tech priesthood just to preserve your privacy, security, and safety online.

                                                                                  I disagree with this attitude. There’s nothing special or elite about basic infosec and use of devices. There’s no special magic to “don’t post personal information online unless you’re okay with bad people potentially knowing it.” There’s no one special trick to avoiding toxic online communities: don’t join, or leave.

                                                                                  Like, the author even hints at the problem in the preceding paragraph:

                                                                                  Does anyone under 21 actually care whether the code on their phone is open-source and whether, Stallman-style, they can dive into an Objective-C file and change something? Probably not many.

                                                                                  It seems to me that if we don’t raise people with the expectation that they learn some mastery over basic skills and technology, we do them (and ourselves, when they’re inevitably exploited) a great disservice. If we don’t stop the trend towards digital sharecropping we can’t be surprised when we end up with a bunch of serfs and slaves.

                                                                                  1. 16

                                                                                    I agree with you that a little tech literacy can go a long way. But I think the bar is far too high, especially for a “full tech vegan” lifestyle. One question I commonly ask myself is, “Could my mother do this? My grandfather? How about someone who has chosen not to work with computers for a living, and to spend their time on something else?”

                                                                                    I can drive a car without learning how the internal combustion engine works. I can eat food without knowing about pasteurization or food safety laws. Why is it that with computers, suddenly the only way I can be safe, secure, and private is to be an expert?

                                                                                    1. 8

                                                                                      One question I commonly ask myself is, “Could my mother do this? My grandfather?

                                                                                      My mother is nearly 85 years old, a retired history teacher, and a daily user of Red Hat Enterprise Linux — has been since it was first available, which is almost 20 years now.

                                                                                      She never really used Windows systems or PCs outside of exposure to them at work.

                                                                                      She had a Cromemco back in the 1980s (I had a Commodore then) but otherwise she always used the computers I either handed down to her or bought for her use - I recall she used a SPARCstation-1 from (around) late 1990 until about 1993, a NeXTstation until 1998 or 1999, and began to use Linux after that, so she’s been using UNIX as an end-user for about 30 years.

                                                                                      She was always just an end-user and was never interested in programming or chasing the latest technology; that was always me, back then.

                                                                                      Every now and then, she will email me for help with something, and I’m surprised at what she’s doing. She doesn’t have a deep understanding of the inner workings or theory of how the computer works, but when it comes to software, UNIX is all she knows and all she’s ever known.

                                                                                      She does use Facebook, but only on an older iPad dedicated to just that task, and she is very skeptical of providing any information, posting pictures, etc.

                                                                                      When she first signed up she provided a false name, address, DOB, etc, and only recently updated it to real info - this, she explained to me, was because she wanted to retire “in peace” and not have to feel obligated to respond to former students and coworkers.

                                                                                      I guess the point is that I have more faith in mothers and grandmothers than I do millennials and Gen Z kids.

                                                                                      We are at the time where it’s our grandmothers and grandfathers (or our parents) who are the ones who grew up during the computer revolution. They were the ones working on mainframes and minicomputers in school in the 1960’s and witnessing the entire computer and Internet revolution from then through today.

                                                                                      “Kids” on the other hand, don’t know a world without smartphones and the Internet, and never experienced the progression of the technology or used the older systems.

                                                                                      A 24-year old college student today doesn’t know a world without modern PCs - when they were babies in the cradle, we were using Pentium-class computers running Windows 95 with TCP/IP and connecting to the Internet, and using web browsers. They grew up in a world where sharing information with online services was the norm.

                                                                                      I worry a lot more for the newest generations than the older ones - the average grandmother or mother has better basic computer literacy and information hygiene than their grandkids.

                                                                                      To so many kids, computers and online services are just magical boxes.

                                                                                      1. 6

                                                                                        I agree with you that a little tech literacy can go a long way.

                                                                                        I think a really good starting point for “non-technical people” would be “tech vegetarianism” – that is, a watered down version of “tech veganism”.

                                                                                        A good starting point might be deleting Facebook, since they’ve demonstrated beyond any doubt that user abuse is in their DNA, they’re not going to meaningfully stop the abuse, and they have virtually no moral compass to speak of.

                                                                                        So I guess I’d recommend tech-savvy folks encourage non-technical folks to start their journey by deleting Facebook.

                                                                                        1. 6

                                                                                          Be glad that you can trust the consumer protection laws in your country to keep your food and your car above some minimum safety threshold, but don’t just take them for granted. They have evolved over many decades of genuine struggle in courts and legislatures. This is still early days for information technology in the general public.

                                                                                          1. 2

                                                                                            And even with those laws, if somebody gets sick from eating raw hamburger meat or eggs without cooking them our reaction is not to call up every cook in the world and decry how we can make eating still more foolproof!

                                                                                            1. 3

                                                                                              In many jurisdictions in the US, it’s illegal to sell raw, unpasteurized milk, for food safety reasons. Since there are some people who deliberately want raw milk, a black market in raw milk has sprung up. A black market, of course, means an illegal market, and the only reason the police haven’t (yet) shut this down and thrown the people involved into the criminal justice system is because no one cares all that much about enforcing raw milk laws and the cops don’t want to harass the people who participate in that market for other reasons, using the milk thing as a pretext.

                                                                                              I don’t personally care about drinking raw milk myself, and I do think that it’s good that people in the west can in general assume that the food they buy is safe, but I am opposed to laws that prevent people who do want to drink raw milk from doing so.

                                                                                              1. 5

                                                                                                They do it openly, too, with that being a local example. The trick is they say it’s “for pets only.” Sure, they’re all buying $11 a gallon milk for their cats. Haha.

                                                                                                On a serious note, there’s lots of info popping up connecting gut bacteria to preventing or causing something. Raw milk might end up being a beneficial, harmful, or some mix. Just saying I’d rather it be on the market in case there’s potentially benefit. Worst case, have them inform people of the low risks and they sign a waiver to buy it. Then, uh, be careful about the supplier.

                                                                                                1. 4

                                                                                                  It seems there was some progress being made into allowing these type of raw-milk cheese products to be made (or imported and sold here), but momentum seems to have stalled and such French staples are still illegal black market goods in the US.

                                                                                                  Interestingly, the artisanal and traditionally produced “high-risk” food products are often safer than the same product mass produced, due to the method of production.

                                                                                                  For example, here in the South, fresh squeezed (unpasteurized) orange juice is a staple, but to purchase it from someone else is either often outright illegal (or done legally but highly regulated with alcohol or cigarette-like warning labeling), due to the risk of death and illness from contamination.

                                                                                                  This isn’t theoretical.

                                                                                                  (But, yes, you can taste the difference between pasteurized and fresh squeezed juice. Blind tastings at my house!)

                                                                                                  At the risk of oversimplification, if you squeeze a glass of orange juice at home, you’ll wash the fruit and squeeze a glass worth, and then (hopefully!) clean the juicer and the glass.

                                                                                                  In a factory setting, you are rinsing off, squeezing, and storing the juice (of tens of thousands to millions of oranges) on an industrial scale, and any bacteria on even a few of the oranges might contaminate entire vats of product. You are then bottling, transporting, and disseminating this (potentially contaminated) product. Refrigeration doesn’t kill the bacteria either (though it does makes it grow more slowly, depending on the type.)

                                                                                                  There are analogies to software and “tech veganism” here. When all your data is with one provider (Facebook for example) or distributed but still a monoculture of software and hardware implementations, then it only takes one crack in the defenses for a potentially devastating breach.

                                                                                                  Of course, in this analogy to handmade traditional products, the individual instances/implementations are still subject to the same threats, but the risk of catastrophic loss is spread out so it’s only affecting individuals or small groups (vs. everyone).

                                                                                                  This is where the debate comes in!

                                                                                                  Does this mean that everyone needs to be “an expert” in best practices to meaningfully protect their federated instances from mass exploitation, or will such best practices eventually become a natural part of the process of implementation?

                                                                                                  Does the distributed nature of millions of decentralized federated instances make your data safer from actual exploitation than with a single large, usually corporate, “expert entity”? And we haven’t even contemplated that the “expert entity” is one that may or may not align with your morals and values.

                                                                                                  I wish there was more literature that explored these lines of inquiry.

                                                                                                  Edit: About the fresh orange juice example and traditional vs. factory methods of production, this is why you can legally buy fresh squeezed, unpasteurized, ‘raw’ orange juice by the glass from a roadside stand or farmers’ market but not in the form of a bottle on a store shelf.

                                                                                                  1. 2

                                                                                                    Re cheese

                                                                                                    Ive seen cheese in my local grocer that said it was made from raw milk. It was mild cheddar, though. We buy sharp or just more interesting miilds like gouda. It got discontinued due to nobody buying it. A lot of the fancy cheeses get marked down, though. That’s how I get real parmesan. ;)

                                                                                                    Re OJ

                                                                                                    Don’t forget the flavor packs from perfume companies and stuff. Most OJ companies admitted to using them. So, there’s definitely a taste difference if they add flavor back in using chemists.

                                                                                                    The organic ones are usually stored frozen. Better comparison. Id still wonder if the difference was pasteurization, freezing, or both.

                                                                                                    EDIT: We’re looking at about 100 deaths that might be juices looking at three of your links. I know what Im supposed to stay but… uh… just 100 out of 300+ million a year to make all our juice taste better? Something similar for dairy products? Statistically speaking, it doesnt look that risky. ;)

                                                                                                    1. 1

                                                                                                      I took a quick look, and it seems that US states may allow the sale of raw milk products, but at the federal level, the FDA bans all interstate sale or distribution of raw milk products, so the importation of my cheese is illegal. I guess the raw milk cheese is fine in your state, as long as it never moves across state lines.

                                                                                                      Here in Florida, raw milk products can be sold when labeled as “pet food” and not for human consumption - but that doesn’t help me get my cheese from France.

                                                                                                      I’ve never seen super fancy brie cheese marketed to cats - at least not yet!

                                                                                                      I’m going to end this here since I can’t imagine a way to bring this back on topic. ;-)

                                                                                                      1. 1

                                                                                                        I just found some online at Whole Foods. I agree on thread. Ill send it privately.

                                                                                                2. 4

                                                                                                  The very first time I ever actually used cryptocurrency, it was to buy illegal cheese from France on a Tor-based black market website.

                                                                                                3. 2

                                                                                                  I think this is sort of a poor analogy, if only because I eat raw eggs every morning. The rate of salmonella in eggs is known to be somewhere between 1:20000 and 1:50000.

                                                                                                  Worst case, if you eat a raw eggs every weekday from the age of 18 on, eating 260 raw eggs a year, you could reasonably expect to be exposed to salmonella maybe once in your lifetime; and not every exposure will cause illness.

                                                                                                  Eating raw eggs is exceedingly safe - and eating pasteurized raw eggs has essentially no risk at all and is sanctioned by the US government.

                                                                                                  Raw ground beef is commonly consumed with raw eggs, and is quite tasty! I’ve been eating raw foods essentially my entire life.

                                                                                                  The risk of adverse effects from poor data hygiene and subsequent data exposure is much higher than the risk of adverse affects from eating raw foods, and potentially much more damaging to your quality of life, yet people are paranoid about their food but careless with their data!

                                                                                                4. 2

                                                                                                  And user education from many of us playing watchdog. These companies try to pull stuff non-stop. Especially trying to redefine artificial or questionable stuff as “natural.” Or just hide ingredients or make them non-obvious to the consumer. The pink slime situation was a nice example.

                                                                                                5. 5

                                                                                                  Why is it that with computers, suddenly the only way I can be safe, secure, and private is to be an expert?

                                                                                                  That’s emphatically not the case, though.

                                                                                                  If you want to be private, don’t put personal information on the internet. This was how we handled things in the chat/BBS days…you don’t put up private info unless you’re damned sure what’s going to happen to it. If you want to be secure, use easy-to-remember long passphrases and don’t re-use them across services.

                                                                                                  None of those things requires anything other than a healthy suspicion of a magical box and a willingness to ask “okay, but what if should happen?” and working through the consequences. They don’t need to be compiler designers, system engineers, programmers, or even particularly technical.

                                                                                                  This meme that this is somehow complicated or the ken of experts absolves users of the responsibility of learning and us of the responsibility of teaching.

                                                                                                  1. 1

                                                                                                    Why is it that with computers, suddenly the only way I can be safe, secure, and private is to be an expert?

                                                                                                    First part is user demand: people almost never buy stuff that’s actually secure when it’s available due to its tradeoffs or their apathy. Second, there’s no regulations preventing or liability for suppliers damaging customers with preventable vulnerabilities. So, everyone makes things insecure by design externalizing the problems on others. Then, the things people use often interact with each other in ways that create even more problems. The result is a massive pile of externalized problems each person or groups of them must deal with until they address the root cause.

                                                                                                    For proof, the market immediately started producing both secure systems after TCSEC was implemented and safer software after DO-178B standard for aerospace kicked in. With TCSEC withdrawn, they went right back to insecure stuff the market was buying the most. The DO-178B standard stayed, got updated to DO-178C, and market continued supplying both certified components for cost reductions and tools to make software safety easier (esp static analysis and test generators). Just need something like that for general, commercial software with a minimum set of practices that make sense.

                                                                                                    1. 2

                                                                                                      I’d argue that (DO-178) life-critical and mission-critical avionics and aerospace software is a special market segment, due to the very high stakes of failure.

                                                                                                      There is a distinct difference when we are talking about security from the standpoint of this “tech veganism” discussion — we are referring to the likes of Twitter and Google and Facebook and social media companies and information aggregators.

                                                                                                      When it comes to motivations, these companies have a motivation first and foremost to their shareholders and investors, by selling their product, which is, when you distill it, the personal information of their “users” (or the product of user surveillance). The shareholders and the advertisers are the customers and the users are the product.

                                                                                                      I’d argue that the only reason they care about the safety of “user” data at all is to maintain their position of obtaining a continuous stream of it to sell.

                                                                                                      They don’t want to lose it all in a breach, and they don’t want “users” to stop “giving” them this data to sell. “Users” aren’t “giving” their data for free either - the cost to the company to “buy” personal data is the expense of research, development, and maintenance of the end-user (‘free’) services used by these “users”, and the internal surveillance and analysis frameworks they use to distill consumer interactions with these services into a product for sale.

                                                                                                      If, breach after breach, the “users” keep coming back, and all they have to do is apologize and not actually change anything, it follows that they shouldn’t invest in better security, because it’s simply not needed — not until users begin the change their behavior. Words without action have essentially zero cost.

                                                                                                      (Edit: “Wasting” money on better security for the users when it’s demonstrably not needed to continue the business - especially when excuses suffice - and not directly translatable to profitability could even be considered mismanagement, or worse, criminal behavior - defrauding the investors. They are, after all, the highest priority. This lack of caring about end-user/consumer privacy and security isn’t corporate apathy - it’s calculated and intentional.)

                                                                                                      Once the consumer begins to consider their privacy as mission-critical, then we will see changes, but until then, I’d argue that no standards or regulations will have meaningful effect.

                                                                                                      You’ll never even get to the point of passing meaningful (legally binding legislation) regulation in the first place when consumers are apathetic about privacy and security, or prioritize cost.

                                                                                                  2. 6

                                                                                                    Reading Objective-C is not a basic skill any more than disassembling and reassembling an automobile engine and having it still work is a basic skill of operating a car. Not saying that there can’t be some expected skill in operating a computer, but there’s a whole range of skill sets between uninformed button-mashing and being able to read and comprehend source code. End-user autonomy really doesn’t have anything to do with the availability of source code.

                                                                                                    1. 4

                                                                                                      End-user autonomy really doesn’t have anything to do with the availability of source code.

                                                                                                      One of the things that makes the GPL special is it actually tries to address this: not only is the source code available, but you - the end user - are also able to shop around for modified versions other people made, so you don’t have to yourself.

                                                                                                      I’d argue the freest aspect of the GPL is not the source available to developers, any source-available license does that, but rather forks being available to end users so they can find less offensive versions.

                                                                                                      (I understand that in practice actually finding and evaluating other versions is easier said than done, but still, the benefit of it does go beyond people who can modify code themselves.)

                                                                                                  1. 4

                                                                                                    Falsehoods Writers Believe About Readers:

                                                                                                    • Repetition is funny.

                                                                                                    • Repetition is tolerable.

                                                                                                    • Repetition doesn’t lead to readers closing the page.

                                                                                                    1. 10

                                                                                                      If there were an open source licence that let me specify “If you distribute a modified version of this code you may not provide a link to my issue tracker” I would adopt it for everything in a heartbeat.

                                                                                                      The problem isn’t that distros set things up the way they want; the problem is they break things and then funnel complaints about the breakage upstream.

                                                                                                      1. 1

                                                                                                        if there were a license like that it wouldn’t be open source.

                                                                                                        1. 0

                                                                                                          It wouldn’t be libre. The source would be open.

                                                                                                          1. 2

                                                                                                            if you go by the OSD, it would not be open source. it would be what we call “source-available proprietary.”

                                                                                                            1. 1

                                                                                                              Which simplifies to “proprietary”.

                                                                                                        2. 1

                                                                                                          I like the idea. “You broke it, it’s your problem.” Pretty sure you can just add that to whatever license you’re already using.

                                                                                                          1. 2

                                                                                                            Not easily. Really needs a specialist lawyer.

                                                                                                            1. 1

                                                                                                              I think that’d result in DFSG de-listing.

                                                                                                              1. 2

                                                                                                                Cool. I’m OK with:

                                                                                                                • Debian shipping an unmodified version.
                                                                                                                • Debian modifying it and running their own issue tracker
                                                                                                                • Users installing from my PPA
                                                                                                                1. 2

                                                                                                                  I’m not sure if this actually contradicts the DFSG or not. DFSG Point 4, “Integrity of the author’s source code,” allows a free software application’s license to require renaming the application when it’s modified.

                                                                                                                  On the other hand, if the Debian council decides that such a license violates the DFSG, then they will not distribute it. It doesn’t matter whether you’re okay with it or not; the DFSG are a promise from Debian to everyone else. Everything in the repositories has to allow the end user to modify the software and then redistribute the modified version themselves.

                                                                                                              2. 1

                                                                                                                So a more TeX-like license?

                                                                                                            1. 3

                                                                                                              Yes, on modern CPU, branch misprediction is the bottleneck for qsort. This has been known for >10 years. But this is not inherent to the algorithm, see BlockQuicksort: How Branch Mispredictions don’t affect Quicksort.

                                                                                                              1. 6

                                                                                                                Is it me or is GitHub really going into their product arms recently? Like over the last two years; they’ve pushed out more non-VCS specific features into their platform that (if embraced) makes it hard to move away / compare against other options.

                                                                                                                It feels a bit icky to me.

                                                                                                                1. 9

                                                                                                                  Also today: https://dependabot.com/blog/hello-github/

                                                                                                                  Personally, I don’t really see the issue. It is making the platform better, and I don’t really see a “lock-in”: git is still open and distributed, and I can git push to $any server just as easy as GitHub.

                                                                                                                  1. 5

                                                                                                                    Git, as it stands, is decentralized, totally.

                                                                                                                    The Wiki is marginally as well, since it’s Git backed.

                                                                                                                    I’m talking about the VCS features (the pipelines, status reporting in merge requests, issue management, following other projects, “trending” repositories, a pseudo social graph, etc). A lot of it are marginally useful and some others feels like straight up noise.

                                                                                                                    Granted, this is def a side effect of them having to doubly prove their worth outside of just hosting a crap ton of data.

                                                                                                                    1. 14

                                                                                                                      GitHub has certainly become more of a “package deal” in the last few years. I fine things like code reviews quite useful. Others like Projects strike me as less useful, at least to me.

                                                                                                                      Thus far, GitHub has fairly reasonable. For example the “funding button” you can now create is controlled by a YAML file, and the default includes options for patreon, open collective, and a number of others, as well as providing a “custom” option. It’s not “you must use GitHub funding”.

                                                                                                                      Could this change in the future? I guess. But I don’t think that we should live in fear of “what could potentially happen” (while also, of course, not being naïve, but thus far there are no strong red flags at GitHub).

                                                                                                                      I don’t think it’s in GitHub/Microsoft’s interests anyway. GitHub earns most of its money from Enterprise sales, and these kind of features strike me as a kind of “marketing”. I also think that Microsoft in particular learned that corporate assholery is a good way to antagonize developers (then again, they still made plenty of money, a does e.g. Oracle).

                                                                                                                  2. 6

                                                                                                                    Let’s look at some definitions of the Embrace, Extend, Extinguish strategy.

                                                                                                                    Embrace: Development of software substantially compatible with a competing product, or implementing a public standard.

                                                                                                                    Extend: Addition and promotion of features not supported by the competing product or part of the standard, creating interoperability problems for customers who try to use the ‘simple’ standard.

                                                                                                                    Extinguish: When extensions become a de facto standard because of their dominant market share, they marginalize competitors that do not or cannot support the new extensions.

                                                                                                                    Given these definitions I don’t think it’s quite embrace extend extinguish due to how it doesn’t yet create interoperability problems. However I do think it is reasonable to be concerned, given how closely it does track to EEE.

                                                                                                                    1. 7

                                                                                                                      I don’t think it’s quite embrace extend extinguish due to how it doesn’t yet create interoperability problems

                                                                                                                      Git is just git, and that seems fine. But can you easily port your GitHub issues and CI pipelines to another forge or hosting platform, even a straight-up clone like GitLab? As far as I know, there’s no feature in either GitHub or any of their competitors to support that. But in principle, I believe it’s just a scrape-and-parse job, without any legal impediments. I agree, not much EEE going on there.

                                                                                                                      Although I don’t use it at all myself, I think the real value that GitHub provides is the “social network” aspect of the platform. The “network effects” are, I suspect, what really keeps individuals and open-source projects on it despite being free to walk away any time. Similar to Medium, especially now with this funding / sponsorship feature.

                                                                                                                      1. 6

                                                                                                                        But can you easily port your GitHub issues and CI pipelines to another forge or hosting platform, even a straight-up clone like GitLab? As far as I know, there’s no feature in either GitHub or any of their competitors to support that.

                                                                                                                        https://docs.gitlab.com/ee/development/github_importer.html

                                                                                                                        https://meta.discourse.org/t/introducing-github-issues-to-discourse/46671

                                                                                                                        These are just the ones I knew existed.

                                                                                                                        1. 1

                                                                                                                          I tried this and it doesn’t work as well as it looks, especially if you want to keep bidirectionality.

                                                                                                                          1. 3

                                                                                                                            It doesn’t allow you to synchronize them. It’s just there if you want to ditch GitHub entirely.

                                                                                                                      2. 6

                                                                                                                        Their strategy is to offer extra features above their commodity GIT hosting services. Proprietary features make it harder to switch if other services don’t have those features. But crucially, GitHub adding these features does not mean others can not either. It’s not anti-competitive yet.

                                                                                                                      3. 4

                                                                                                                        They have Microsoft money and resources now. Additionally, their competitor Gitlab has been advertising itself as a “full developer pipeline” for a while now.

                                                                                                                      1. 11

                                                                                                                        The biggest gripe I have with gopher is that it’s all monospaced text. I just don’t find it very readable. It would not be hard to make a graphical client with proportional fonts and have it reasonably work, but it’s not designed for that (and last time I looked, I couldn’t really find an existing client).

                                                                                                                        On a more deeper level, I dislike that Gopher treats documents as “strings of characters”, and nothing more. In many ways this is very much an engineer’s “function over form” approach (“the airflow is actually quite good”), but I think presentation is part of a good reading experience. Presentation can be done poorly, but it can also be done well and be innovative and surprising. I don’t want to lose the great stuff just because there is also bad stuff. Sounds like mediocracy.

                                                                                                                        I’d love to have a “rich Gopher”, with a reasonable (but not excessive) way to style documents, and perhaps even a some amount of scripting capability (not JavaScript). I think this is also something that could appeal to people beyond the tech community.

                                                                                                                        The problem now is that we’re kind of stuck between two extremes. Many people dislike the web, but many people also dislike Gopher (certainly outside the tech community). If you want Gopher to remain this tiny niche then that’s fair enough, but if you’re really serious about taking on web privacy then a more pragmatic and realistic solution than “no JS, CSS, or any feature that could every possibly be used to track anything” is going to be needed (I have some ideas, but I won’t sidetrack this thread with them).

                                                                                                                        1. 6

                                                                                                                          The protocol is dead simple and one could probably write a client in sh if one wanted to. In fact, it was developed at the same time as HTTP, but without knowledge of HTTP, so it’s a parallel evolution, and at one point, more popular than the web (even Time Magazine had a gopher site back in day). It’s a shame that web browsers stopped supporting it though.

                                                                                                                          As for formatting, HTML is still a viable text format, well documented, highly supported, etc. The major complaint of the web in gopherspace is generally the bloat and abuse of Javascript. I’ve also found that most gopher sites (including my own violate RFC-1436 and use UTF-8 instead of ISO-8859-1 so there’s some progress being made.

                                                                                                                          Personally, I think scripting the web was a bad idea but sadly, it was probably inevitable.

                                                                                                                          1. 1

                                                                                                                            Do you think “scripting the web” is an improvement over web pages + Java applets?

                                                                                                                            1. 1

                                                                                                                              Java applets, Javascript, they’re both “scripting the web” both of which were bad ideas.

                                                                                                                              1. 1

                                                                                                                                I see them as different. Java applets had much more separation between code and content. Applets always felt to me like something different than the web, even though they were shipped to the user via the web.

                                                                                                                                Javascript blurs the lines between code and content. I could turn off Java or not install it, but this is much more difficult with Javascript. At least we rid ourselves of server-side imagemaps and CGI forms, but at what cost?

                                                                                                                          2. 6

                                                                                                                            but I think presentation is part of a good reading experience.

                                                                                                                            Yes. Take a step back from the technical view and ask what you’re actually trying to achieve as an author of a document on the Internet. You want that people read and understand the document. So the document has to be presented in a way that makes reading and understanding most accessible. Making everything monospace does not help readability at all – in centuries of book print we have agreed on non-monospace fonts for a reason.

                                                                                                                            I’d love to have a “rich Gopher”, with a reasonable (but not excessive) way to style documents,

                                                                                                                            Whatever it is called, an alternative web focused on document presentation would be very nice. While I’m a strict opponent of the excessive JavaScript now found everywhere, I don’t see a reason to ban CSS in its entirety. To the contrary, it is the author who knows best what he wants to say in his document, therefore it is required to give him the tools to present it ideally. A uniform design to the liking of the client’s user can actually hinder best presentation of the information contained. If the user prefers black background for instance, any black arrows you used in your wonderful diagrams vanish. Again, take a look at the books you come over. They don’t look all the same. Font, form, layout, etc. are chosen (by a good publisher) in such a way that they support understanding the presentation. This is the form-follows-function approach. Where there is room left after fitting the page to the function, optional styling can be used for visual identity.

                                                                                                                            That being said, a fallback must be provided. The desire to present the information to the majority of the people in the best way possible can occasionally conflict with the needs of disabled persons that do need an environment tuned to their needs.

                                                                                                                            Readability is not identical with retro-minimalism.

                                                                                                                            1. 3

                                                                                                                              I do actually completely agree with you about book typography. The restrictions I suggest in the article are meant to be thought-provoking, and to specify something that’s too restrictive to be abused, on the principle that if you give them an inch, they’ll take a mile.

                                                                                                                              1. 1

                                                                                                                                While I’m a strict opponent of the excessive JavaScript now found everywhere, I don’t see a reason to ban CSS in its entirety.

                                                                                                                                HTML 3.2 + CSS2 - JavaScript seems pretty close to the goal. We used to have nice sites with just HTML and CSS. Maybe a few other HTML features. I’ll leave it to web developers to figure out which ones are worth the potential costs.

                                                                                                                                1. 4

                                                                                                                                  It’s the sweet spot if you are a mouse user. Gopher makes a lot more sense in a world without mice and touchscreens (because of the way it displays numbered links compared to lynx or any of the mozilla/firefox addons that I’ve tried). I could navigate through gopherspace on my 1200bps modem at a speed that I can barely match on the modern web.

                                                                                                                                  1. 1

                                                                                                                                    Good point. I used to use keyboard on older browsers but lots of tabbing. Maybe have a command that puts a little number or letter on each actionable item on the page that user can type in? Just kind of highlights them for a keyboard selection.

                                                                                                                                    1. 2

                                                                                                                                      Vimperator for Firefox does just that. My only issue with it was adding and removing the keyboard hints on a slow machine (try it on a Raspberry Pi or an old workstation) adds a bit of a delay while the content on page reflows to adjust.

                                                                                                                                      I believe there is an equivalent plugin for Chrome-based browsers as well.

                                                                                                                                      1. 1

                                                                                                                                        Outside the styling, that picture is the kind of thing I had in mind. To me, it was kind of like hitting Alt on Windows where I could see something to speed up what I was doing.

                                                                                                                                      2. 2

                                                                                                                                        This is what happens if you use lynx -number_links, but I find it to have a high cognitive load. A new link added since the last time I visited the page can renumber all the remaining links, so I can’t use muscle memory (this can happen with gopher too, but new links are usually added at the end). Links also aren’t in the same place on each page, so I have to scan the whole page to find all my choices, whereas with gopher I only scan down the left column of the screen.

                                                                                                                                        1. 2

                                                                                                                                          Yes, that is my biggest complaint with something like Vimperator (or lynx -number_links). ELinks can produce a simple list of all the targets of visible links (elinks -dump) but it’s not integrated with interactive browsing.

                                                                                                                                    2. 2

                                                                                                                                      Yeah, that’s pretty much the sweet spot. But there are a bunch of nice semantic things in HTML5, like main, article, details/summary, and the new input types. Those things are good in the absence of JavaScript, but some of them also help replace it.

                                                                                                                                  2. 3

                                                                                                                                    By having a look at nroff 1 and mandoc 2, I realize that plain text formatting is a thing. It helps a bit.

                                                                                                                                    It is possible to transmit html and javascript over the current gopher, or say, markdown document, and have the client display them.

                                                                                                                                    There is already a HTTP of Markdown movement through plugins 3.

                                                                                                                                    The simple fact of having the text at the middle of the screen rather than displayed at the left edge of the screen helps. Either with a window manager, terminal emulator or a gopher client.

                                                                                                                                    Just like for the web, the clients are defining a sensible set of choices of what to do with the content or the user through plugins (web) / wrappers scripts (xdg-open custom script for gopher? “Plumbing”).

                                                                                                                                    It is all about how things balance themself, and I do not think extension to the Gopher protocol are needed yet.

                                                                                                                                    Probably one concern is related to encryption, but for that, Gopher over Tor is already quite well settled down, and fully compatible with the current protocol (.onion links are self-describing).

                                                                                                                                    1. 3

                                                                                                                                      Gopher is simple enough that the menu and selector presentation is really an implementation concern.

                                                                                                                                      There have been some novel interfaces designed, like GopherVR, where you can fly around the selectors, and while it doesn’t directly address your concern that most Gopher content itself is monospaced text [for easy (and secure) access from within the average Gopher client], Gopher isn’t limited to that, and can serve up arbitrary rich-text and binary document formats.

                                                                                                                                      A thoroughly modern client could implement sandboxed and secure RTF, PDF, HTML, etc. viewers within the client itself, or build on a browser as other projects have in the past, but that doesn’t actually address your concern, which is that of the main “Gopher site” - the menus & selectors themselves.

                                                                                                                                      I’ve come to view the clear and simple Gopher menu structure as a feature. The design is especially useful for those with disabilities, especially those who are motion or vision impaired. Of course, if you have a proposal to improve presentation, while maintaining backward compatability with existing clients and Gopher’s legendary accessibility, I’d encourage you to join the gopher-project mailing list or the freenode #gopherproject IRC channel and present it - while you might get some pushback (or at least be met with initial skepticism), it’s worthwhile to get these ideas out to the community.

                                                                                                                                      It’s my personal opinion, however, that the classic plaintext selectors should stay as-is. The most distinctive Gopher sites are distinctive because of the actual content that they host, rather than the presentation of the menus leading to the content. This allows the content itself to stand on it’s own merit. It’s a Gopher feature that you don’t have to be a designer (or hire one) to produce a quality Gopher hole, and you won’t be written-off or ignored if you lack those skills or don’t want to pay for them.

                                                                                                                                      A big reason a lot of Gopher advocates have turned against the Web is because the ‘rich’ nature of the Web can lead to favoring style over substance.

                                                                                                                                      1. 3

                                                                                                                                        I’ve come to view the clear and simple Gopher menu structure as a feature.

                                                                                                                                        This is exactly right. Some people complain about minecraft because everything is blocky, but it’s the simple nature of the blocks that make it what it is.

                                                                                                                                        A big reason a lot of Gopher advocates have turned against the Web is because the ‘rich’ nature of the Web can lead to favoring style over substance.

                                                                                                                                        Would you really want to live in a world where hamsterdance never happened?

                                                                                                                                        1. 2

                                                                                                                                          I’d like to live in a world where Twitter doesn’t suck the battery life out of my iPad when I visit it (if it doesn’t outright crash because of the megabytes of Javascript shoved down the pipe).

                                                                                                                                          1. 1

                                                                                                                                            Megabytes of JavaScript for a site that is (still essentially) built on the concept of sharing 140-character messages is exactly the sort of thing that makes a person scratch their head. The style to substance ratio is quite low indeed.

                                                                                                                                        2. 1

                                                                                                                                          the mailing list is dead (and they wont approve my account) and that IRC channel, has, lets say less than helpful characters in it. I found mastodon #gopher tag and the tildesverse IRC a much more productive and respectful place to talk about gopher.

                                                                                                                                          1. 1

                                                                                                                                            Sorry I didn’t see you on IRC to say ‘Hello!’ and try to be a more helpful character.

                                                                                                                                            Also, the gopher-project mailing list is active - I’ve received multiple messages from it today in fact. You could try to send a message to the list owner if all else fails.

                                                                                                                                        3. 1

                                                                                                                                          I agree with these points and I think that support for a (cut down form of) markdown documents in gopher would be a really great solution to them.

                                                                                                                                          A system with scripting could be cool but that would definitely be done as a separate thing to gopher.

                                                                                                                                          1. 3

                                                                                                                                            a (cut down form of) markdown

                                                                                                                                            Why cut down? If anything, it should have extra features standard markdown implementation don’t have, but everyone ends up wanting, like tables or footnotes. Having these kinds of things “by convention, by default” would IMO prove to be a good argument.

                                                                                                                                            1. 2

                                                                                                                                              How would you handle links inside markdown documents? (given that gopher documents generally have one link == one line of text)

                                                                                                                                              1. 1

                                                                                                                                                How would you handle links inside markdown documents? (given that gopher documents generally have one link == one line of text)

                                                                                                                                                Well markdown wouldn’t be reduced to a gopher map, but it would be a special type of document, a gopher man can link to. I’ve mentioned this here before, but I still think it’s nonsense to use gophermaps as a markup language.

                                                                                                                                            2. 2

                                                                                                                                              Markdown feels like a really good fit for gopher.

                                                                                                                                              (I’m actually partial to creole, but markdown seems to have won the text-based markup war)

                                                                                                                                              1. 3

                                                                                                                                                Markdown feels like a really good fit for gopher.

                                                                                                                                                Markdown is an extremely do-what-I-mean hard-to-parse markup language. That’s the opposite of something like Gophermaps, which can be parsed with an algorithm that would fit on a business card, and which are very hard to type with a normal keyboard.

                                                                                                                                          1. 8

                                                                                                                                            TSV? What happens if your file names have tabs in them?

                                                                                                                                            (in case you’re curious, the only characters that are banned in Linux file names are null bytes and forward slashes; if there was one thing I’d change in Linux, it would be to ban newlines in file names)

                                                                                                                                            1. 6

                                                                                                                                              So after reading this I’m like … okay? I don’t know what I’m supposed to do with this, there’s no concrete information, no “lessons learned”, or anything else. I learned pretty much nothing from reading it, and it just seems venting about an encounter with a toxic person.

                                                                                                                                              I’m sorry that happened to you, and writing down things like that can be good for you, but it doesn’t seem like the sort of thing that can/should be discussed on the internet.

                                                                                                                                              1. 19

                                                                                                                                                I get you. I have read other articles similar to this one and in many cases I did not learn anything, in others I learnt a lot. I never expected to write something like this. However after all this happened I had to explain to many people, groups what happened. People that I don’t know called me and told me they had similar issues with the security specialist! I was and am tired of explaining everything. In addition to that yesterday I was again trolled by him. I was tired and decided to write something that I can send to somebody that asks me for details. I know will this will be helpful to some people. I am really sorry if I made you waste time. I really tried to add some type of disclaimer so that anybody that is not interested in something like this did not waste time reading it.

                                                                                                                                                I also wanted to avoid being dramatic. I am really not trying to get attention with this. This is BAD attention. There are way more important things for anybody that a conference’s problema but I decided that it was the best thing to do based on all the things that are happening.

                                                                                                                                                1. 5

                                                                                                                                                  If only lobsters supported blocklists it would be useful for identifying “reverse racism oh no!” fools as evidenced by the two -10 comments below.

                                                                                                                                                  1. 20

                                                                                                                                                    If the community decides it needs block lists, I’ll probably leave. I don’t want to be part of a place with the level of sustained hostility that implies.

                                                                                                                                                    1. 10

                                                                                                                                                      It’s not even about hostility necessarily. I just find that certain users consistently post garbage comments. It’d be nice to just not read it at all.

                                                                                                                                                      1. 6

                                                                                                                                                        In the case of this article, the downvoting was enough; the garbage comments are at the bottom of the page and hidden until you click the + to show them. But yeah, that isn’t always the case.

                                                                                                                                                      2. 2

                                                                                                                                                        I agree. We can all see what this did to Twitter and the development of echo chambers (on both sides of the political spectrum).

                                                                                                                                                        1. 3

                                                                                                                                                          I disagree with almost everything you’ve said in reply to this post, but I agree about that. Twitter’s design is worse than Reddit’s, which is a real achievement considering how bad Reddit is for politically charged discussions. It creates echo chambers, where people who slightly deviate from your own opinions become invisible, but it does nothing to stop the real harassment, who can manufacture sockpuppets quite easily (unlike Reddit, there’s no community moderators to hide the harassing content before you see it).

                                                                                                                                                        2. 2

                                                                                                                                                          Agreed. I think blocklists are a dangerous and entirely unnecessary tool. If someone is misbehaving and trolling constantly, there are probably common sense rules that can be pointed at (e.g. “no harassing users, no doxxing, no threats, no spam, etc.”), that can be used as justification to block their account (after a warning). Downvotes for everything else. That is enough in virtually all circumstances in the case of online forums. Blocklists, OTOH, I have never seen lead to anything good. They are easily abused, and are practically guaranteed to generate groupthink.

                                                                                                                                                          1. 2

                                                                                                                                                            I’m super happy that somebody finally posted a response that more-or-less summarizes my objections, so I didn’t have to write it. :) I was a bit surprised, though I shouldn’t have been, that the first few responses were coming from other angles that I didn’t think got at the fundamental thing.

                                                                                                                                                      3. 2

                                                                                                                                                        I think the lesson learned is to understand the risks you may face organizing a conference. A lot of the logistical risks are assumed and documented, but this is a facet of the experience that might catch you by surprise. A part of this gives perspective on an approach to dealing with the scenario.

                                                                                                                                                        Some of it is venting, sure, but i do think there’s value in hearing these personal stories. Fair enough if it didn’t resonate as anything you needed to know, but it seems clear that it struck a chord with others

                                                                                                                                                      1. 1

                                                                                                                                                        If I understand correctly, AMP is needed to get higher on the search results page. The question is, why is so important to get higher on the search results page. If a company/individual is confident in the product that is being produced/sold why it is important where it appears on google search page?

                                                                                                                                                        1. 39

                                                                                                                                                          The best place to hide a dead body is page 2 of Google search results.

                                                                                                                                                          1. 7

                                                                                                                                                            The general user perception is that the higher results are more relevant and of higher quality. It doesn’t matter if #5 turns out to be objectively better than #1, if the user’s only metric at the time of comparison is where they are on the results page, they’ll go with #1.

                                                                                                                                                            1. 1

                                                                                                                                                              this is becoming less and less true. nowadays the first page of results is often full of fake sites which focus on SEO, and the more useful results are often burred on the second page.

                                                                                                                                                              1. 2

                                                                                                                                                                Well, that just means it’s even more important that the quality results place higher.

                                                                                                                                                                1. 3

                                                                                                                                                                  on the other hand maybe it’s best if consumers learn that google search is not as useful as it once was

                                                                                                                                                                  1. 9

                                                                                                                                                                    on the other hand maybe it’s best if consumers learn that google search is not as useful as it once was

                                                                                                                                                                    This isn’t the consequence. Users perceive that the internet is not as useful as it once was. People will consume whatever’s on top, even if it’s useless nonsense, and won’t even realize the stuff on page two exists.

                                                                                                                                                                    1. 5

                                                                                                                                                                      Have you got any good suggestions for how to get information from the Internet, on a topic that you’re not familiar enough with to know which website to consult, other than a search engine like Google, Bing, or DuckDuckGo? (all of which are vulnerable to similar SEO tactics)

                                                                                                                                                                      1. 1

                                                                                                                                                                        In this situation, I search for online communities, typically the relevant subreddits. In the subreddit presentation text, there are suggested resources/websites or a pinned post often titled “Where do I start?” or something similar.

                                                                                                                                                                        Of course, this is the optimistic path. In reality, you have to rely somehow on search engines.

                                                                                                                                                                        1. 3

                                                                                                                                                                          Reddit isn’t any more resilient to fake social proof than Google is.

                                                                                                                                                                      2. 2

                                                                                                                                                                        i’m sure different users react in different ways. users who identify google with “the internet” will of course perceive it as the internet being less useful, and indeed it will be less useful for them.

                                                                                                                                                                      3. 1

                                                                                                                                                                        I agree, but I don’t think deliberately letting users get burned by bad/hostile results is the right way to go about it.

                                                                                                                                                                2. 7

                                                                                                                                                                  I was chatting with someone on the AMP team and they told me that AMP gets you into the news carousel, but it does not get factored into search rankings beyond the degree to which it helps your page speed. I was interested to hear it because I had the same understanding as you.

                                                                                                                                                                  1. 2

                                                                                                                                                                    I don’t know what is the news carousel, since I’m using ddg. It seems to me that all this tech from google will die off fast, once its search monopoly is no more.

                                                                                                                                                                    1. 5

                                                                                                                                                                      all this tech from google will die off fast, once its search monopoly is no more.

                                                                                                                                                                      Yup, and all life on Earth will die off fast, once the sun is no more.

                                                                                                                                                                      There’s nobody even close to touching Google’s search monopoly. There’s no alternative that is a better product (I use DuckDuckGo too, but sometimes I have to turn to Google); even if there were we know that defeating a monopoly needs more than just a better product.

                                                                                                                                                                      Your attitude in these comments of “who really cares about Google?” is so detached from reality almost makes me wonder whether you’re trolling.

                                                                                                                                                                      1. 2

                                                                                                                                                                        For sure I’m not trolling. I know many people that are not using google for search. You said it yourself: I use DuckDuckGo too, but sometimes I have to turn to Google. I’m not suggesting people will stop using google at all.

                                                                                                                                                                      2. 2

                                                                                                                                                                        …once its search monopoly is no more.

                                                                                                                                                                        You sure that’ll happen anywhere in our lifetimes? It’s too ingrained in our culture that no one simply says “searching on the Internet” anymore.

                                                                                                                                                                      3. 1

                                                                                                                                                                        To news publishers the news carousel is effectively the #1 ranking. For news searches, the result page looks like a list of news articles with irrelevant crap below, so even organic high ranking moves you below “here is the news” section into the bargain bin of other links.

                                                                                                                                                                      4. 1

                                                                                                                                                                        I agree. However, I noticed that AMPed pages are generally very text-centric (journals, blogs, discussions), so they are not always products. I guess the AMP project targets this kind of text-based websites.

                                                                                                                                                                      1. 4

                                                                                                                                                                        I’m not surprised. Dismayed, yes, but not surprised.

                                                                                                                                                                        The people behind services like this should be fined, just like people who spin lies like this in newspaper ads. This stuff is already illegal. The only reason it’s not shut down is because it’s too much hassle tracking stuff across national lines.

                                                                                                                                                                        1. 3

                                                                                                                                                                          Social proof is going to continue to be gamed by retailers until the public perceives these widgets as the tacky crap that they are.

                                                                                                                                                                          It’s a bad time in human history to be extrinsically motivated. Perhaps this can be a gentle nudge towards intrinsic motivation.

                                                                                                                                                                          1. 1

                                                                                                                                                                            Need to devise a “proof of action” scheme that is easy to consume and verify by the average user.

                                                                                                                                                                            1. 4

                                                                                                                                                                              I believe this is called, “due diligence?” :)

                                                                                                                                                                              But the whole point of social proof is that someone else has done vetting for you, so this seems ill-fated.

                                                                                                                                                                        1. 6

                                                                                                                                                                          PHP gets a lot of crap from the people I currently work with, but I really never had a problem with it. I’m more of a sysadmin type, not a strong coder. I don’t pick up languages easily but I always found PHP to be pretty straightforward to work with. There was an MVC framework for PHP called CodeIgniter that was excellent… even someone with my limited ability was able to set up a functional CRUD app within about 30 minutes of sitting down with it.

                                                                                                                                                                          I’m convinced that 99% of PHPs poor rep comes from the sheer amount of bad code written with it, simply because it lowered the barrier to web programming so dramatically. Believe me, I’ve had my share of seeing (and supporting) crappy PHP. But I’ve also seen some very elegant frameworks and libraries written with it.

                                                                                                                                                                          1. 3

                                                                                                                                                                            Personally, I dislike the weird syntactical things and inconsistencies more than anything. Concat with a .? Instance calls with instance->method()? Static methods with Class::method()? camelCase() or snake_case() in the standard library. explode() and implode() instead of split() and join()? And what is up with the use Something\SomethingElse syntax? I just don’t get it.

                                                                                                                                                                            1. 3

                                                                                                                                                                              The . operator for concatenation and the -> method calls are Perl legacy and Perl got that from C/C++.

                                                                                                                                                                              1. 1

                                                                                                                                                                                I know where they come from, but it doesn’t make it any better

                                                                                                                                                                                1. 1

                                                                                                                                                                                  It doesn’t matter, it honestly doesn’t. I always see a ton of bike shedding among holier-than-thou developers against PHP and it always gives me a bad impression of them. It’s like watching people making fun of fat people at a gym.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    For one, that analogy makes no sense at all. Having an opinion on the syntax (saying I don’t like them) doesn’t mean you have to agree with me. It also has nothing to do with making fun of anyone or anything. It’s a personal preference.

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      Looks like I replied to the wrong thread. We all have our preferences and that’s fine. What I was referring to in my comment is the disgusting way the developer community dog-piles on a language largely out of personal preference; I have personally witnessed it alienate good people and I have had enough.

                                                                                                                                                                              2. 3

                                                                                                                                                                                I don’t mind the things when PHP is inconsistent with other languages. I hate when it’s inconsistent with itself. Why array_map, count, and strlen? Why is stdClass spelled like that, when DateTime is spelled like that?

                                                                                                                                                                                1. 1

                                                                                                                                                                                  That’s more of what I was getting at in the camelCase vs snake_case thing. It really makes no sense, there’s no rhyme or reason about why things are the way they are. I would think at some point, they’d look at their standard library and say “let’s actually put the standard in this.” It would be backwards incompatible, sure, but they could alias and deprecate for a few versions to make it easier on slow pokes. It’s just disappointing that it’s still a cluster.

                                                                                                                                                                                  I built my NHL94 stat tracking site with PHP because I had buddies who said they’d help and it’s all they knew (spoiler: they didn’t help), but that was the last major thing I did with it (2013). I pretty much refuse to use it for anything if I have a choice in the matter. There are langs that do everything it does and more that are put together better.

                                                                                                                                                                            1. 1

                                                                                                                                                                              So the fix here is to build a SAO which does two things:

                                                                                                                                                                              • Install the new certificate we have made.

                                                                                                                                                                              • Force the browser to re-verify every add-on so that the ones which were disabled become active.

                                                                                                                                                                              But wait, you say. Add-ons don’t work so how do we get it to run? Well, we sign it with the new certificate!

                                                                                                                                                                              … Lemme make sure I’m not missing anything here…

                                                                                                                                                                              1. build an SAO (special add-on)
                                                                                                                                                                              2. the SAO installs the new certificate
                                                                                                                                                                              3. By the way, the SAO was signed with the new certificate

                                                                                                                                                                              Huh?

                                                                                                                                                                              1. 1

                                                                                                                                                                                The SAO, actually all add-ons, have an attached certificate chain. The root cert is in the browser. Every add-on has an intermediate cert, plus the leaf cert, attached to it.