1. 6

    Interesting article, but saying we can’t truly fix free software until we destroy capitalism feels at once both a bit extreme and unhelpful.

    It’s a nice idea (Who doesn’t want to live in a world where everything is free? Oh wait. A lot of people :) but I’d rather focus on ideas that help us iteratively improve the current situation.

    1. 17

      I think the author’s point is that the free software movement is already a radical philosophy, but one which is doomed to failure by its individualist focus. As a movement, it doesn’t offer a solution for how to make free software the natural choice (where the structure of our systems inherently directs people to select it as the best option), preferring instead to focus on convincing individuals that it is the right choice (which may be true, but doesn’t scale, and will constantly fight against whatever the natural choice is, which is why open source has eaten free software’s lunch).

      So the choice is between an ineffective radical philosophy and a potentially effective one.

      1. 4

        how to make free software the natural choice…the best option

        There are many things that changed since the late 1990s when free software was the dominant ideology. One is that Google, and ultimately all of big tech, co-opted open source to mean “you are free to have all of the source code to the client that talks to our centralized proprietary service.” Having done so, free software isn’t the natural choice, because the benefits of freedom in being able to change the system to do what you want is not present. Its capabilities are limited to what the proprietary service provides, and it only works if the client implements what the proprietary service requires.

        1. 3

          I’m not sure in what sense it’s the case that “open source has eaten free software’s lunch”. At the moment, free software and open-source software are basically synonymous. An open-source library developed by paid programmers working for some Microsoft- or Facebook-sized corporation is free in exactly the same way that GNU Emacs or Firefox is.

          There are people who would like to change this situation - create and popularize software licenses that are “open-source” in the sense of having the source code be publicly available, but non-free in the sense of imposing four-freedoms-violating conditions on the use of that software. But the two main motivations for doing this are to prevent large cloud providers (such as Amazon specifically) from releasing products based on open-source software that might compete with smaller companies that develop such software, and to prevent organizations and people with political views specific activist programmers find distasteful from being able to freely use useful software. The former consideration is an attempt to limit the power of well-capitalized corporate institutions, and the latter is associated with “culturally leftist” politics but doesn’t directly help or hinder such institutions.

          1. 1

            At the moment, free software and open-source software are basically synonymous.

            I disagree, because “free software” is actually less free (as in freedom) than open source.

            For example, let’s say that “Bob” wants to release a videogame toolkit. He starts with the Quake III Arena source code (released under the GPL). He spends months building a complete game creation toolkit around it the likes of which could be compared to any modern AAA game engine.

            But, there are still sections of code that are recognizably Quake. If he tries to sell this thing that he spend so long on, he could get a cease-and-desist (and likely will).

            Imagine a similar situation where “Alice” does the same thing with the Sauerbraten engine (zlib license). She gets to sell her work (and it is hers if she’s spent months working on it). She can then decide later that she would like to release the source on her own time.

            Who had more freedom?

            This is a contrived example, because no reasonable person would start with GPL software who wants to sell something. The point is that “Bob” can’t use the Quake source for his own gains even though ID has decided that they are done using it.

            1. 3

              I don’t know how long you’ve been in the open source/free software realm, but these arguments were done to death 20 years ago.

              The difference is perspective: freedom for the developer vs. freedom for the user. When GNU started, AT&T was exercising its “freedom” to maintain exclusive control of UNIX, and RMS wanted the “freedom” to control what happened on his computer.

              From time to time this is intentionally confused by people with an agenda, as in “free software isn’t free because it doesn’t let us freely screw users.”

              1. 4

                I don’t know how long you’ve been in the open source/free software realm, but these arguments were done to death 20 years ago.

                Well, I’m only 20.

                The difference is perspective: freedom for the developer vs. freedom for the user.

                As the developer you always have the freedom to not release the source. As the user, you can choose to ignore the license (at your peril). Your freedom ends where another person’s freedom begins. It’s selfish and arrogant to think that you “deserve” to control other peoples use of your product.

                I like to draw a parallel with firearms. You have a right to not own one, but you cannot prevent me from owning one. Substitute any politically correct item for firearm if you wish.

                From time to time this is intentionally confused by people with an agenda, as in “free software isn’t free because it doesn’t let us freely screw users.”

                This is attributing the (perceived) malice of large corrupt corporations to people like me who prefer to keep personal liberties intact. It’s shameful.

                1. 5

                  This is attributing the (perceived) malice of large corrupt corporations to people like me who prefer to keep personal liberties intact. It’s shameful.

                  I didn’t mean to attribute it to you. As I said at the beginning of the post, I’m not sure about your background (thanks for clarifying it.) I do mean to say that the argument you provided is also provided by people with an agenda, and I’d encourage you to think critically about it.

                  Your freedom ends where another person’s freedom begins. It’s selfish and arrogant to think that you “deserve” to control other peoples use of your product.

                  Very true, but consider what that means in the context of software. Software released without source is trying to exercise control over the use of the product by preventing the user from altering it or improving it. These days it often goes further with code signing, DRM, online activation, etc, which is increasing the degree of control.

                  The point of copyleft is that if we accept as a society that authors control the use of their product, then authors are free to prevent what they would see as misuse of that product, including distributing it without source code. There is an alternate universe where authors have much less control in general, but we happen to live in this one.

                  The genius of RMS, IMHO, was more about economics than software. He observed that in a market where fixed costs are high and marginal costs are low, which software takes to the extreme, the result will be a small number of vendors and a large number of users. In that context, users do not have a remedy through competition: they cannot choose a vendor that gives them the level of freedom they want. Market forces would push any user-respecting vendor out of existence. Taking your example, find a games publisher that releases source code [edit: to their new release game]. In the ultimate, he observed that the degree of vendor control would only increase over time, without limit, which has since proven to be true. In the last 15 years we’ve moved from a world where anyone can write a device driver or application to a world where these need to be approved by platform vendors, for example, and entire classes of software are unavailable to users as a result.

                  If competition among vendors can’t deliver the products users want, then the issue needs to be around restricting what vendors can do to ensure users can do what they want. As you put it, one person’s freedom ends where another person’s begins - but if we accept that anything which restricts the freedom of vendors is bad, then we accept that users should have no freedom whatsoever.

                  1. 2

                    Prologue: This thread has ended up way longer than I thought. Thank you for your time.

                    I think we agree on a lot of principles, we just disagree on where the line between author and user freedom is.

                    Fair warning, my firearm analogies got a little out of hand. If you are unfamiliar, feel free to ask for clarification.


                    I didn’t mean to attribute it to you.

                    Yes, I re-read the comment and I think I was being a little paranoid :)

                    Software released without source is trying to exercise control over the use of the product by preventing the user from altering it or improving it.

                    The same thing happens when somebody releases a product without specifying exactly how it was put together. For example: there are a fair amount of proprietary firearm designs, but the most popular rifle (AFAIK) is the AR-15. A modular design that pretty much anybody is allowed to manufacture and sell (well, if the government lets them).

                    These days it often goes further with code signing, DRM, online activation, etc, which is increasing the degree of control.

                    I see code signing as a net good. I appreciate the assurance that when something runs with administrative privileges that the program is (sort of) verified. DRM can be done well, but most companies do it wrong. Steam is pretty good, but if they were a smaller company I wouldn’t trust them as much (mostly because I would have no guarantee that they would stick around).

                    The point of copyleft is that if we accept as a society that authors control the use of their product, then authors are free to prevent what they would see as misuse of that product, including distributing it without source code. There is an alternate universe where authors have much less control in general, but we happen to live in this one.

                    Code authors cannot control the use of their product, in the same way that a firearms manufacturer cannot prevent people from murdering people. All you can say is “we do not warranty this software if it is used for anything other than…”.

                    The genius of RMS, IMHO, was more about economics than software. He observed that in a market where fixed costs are high and marginal costs are low, which software takes to the extreme, the result will be a small number of vendors and a large number of users. In that context, users do not have a remedy through competition: they cannot choose a vendor that gives them the level of freedom they want. Market forces would push any user-respecting vendor out of existence.

                    I agree with this statement, but I believe the solution is more information. If more people knew how corrupt big tech was then they would use them less.

                    Taking your example, find a games publisher that releases source code.

                    I think the new Unreal Tournament is “public” source. UE4 and Crytek are also “public” source (with EULAs and royalties of course).

                    In the ultimate, he observed that the degree of vendor control would only increase over time, without limit, which has since proven to be true.

                    I assume by he you mean Richard Stallman.

                    In the last 15 years we’ve moved from a world where anyone can write a device driver or application to a world where these need to be approved by platform vendors, for example, and entire classes of software are unavailable to users as a result.

                    Sure anybody can write a device driver. The approval process is IMHO necessary because otherwise somebody could socially engineer people into installing a malicious driver or application (technically still possible, but more difficult). It’s like a carry permit. It (ostensibly) proves that you are competent and stable, and that you won’t use your thing (firearm, device driver) to intentionally harm an innocent person.

                    If competition among vendors can’t deliver the products users want, then the issue needs to be around restricting what vendors can do to ensure users can do what they want. As you put it, one person’s freedom ends where another person’s begins - but if we accept that anything which restricts the freedom of vendors is bad, then we accept that users should have no freedom whatsoever.

                    How does not restricting vendors lead to users having no freedom? I don’t mean to be snarky, I just don’t understand.

                    1. 6

                      I think the high level observation I’d make is that each of us exist in a society that establishes certain “normal” practices. Those practices change over time. When RMS was starting in software, “normal” meant that commercial vendors provide sources, and moving away from that was a redline for him. When I was starting in software, “normal” meant closed source but no signing/activation/forced updates, and moving away from that was a redline for me. Over the next couple decades, “normal” will continue to change and the things which seem normal for you now will become more restrictive due to competitive forces. When you see it happen, RMS stops looking crazy.

                      I see code signing as a net good. I appreciate the assurance that when something runs with administrative privileges that the program is (sort of) verified.

                      “Verified” in this context means it does what the vendor intended, not that it does what you want. If it was done to verify that it does what you want, then you’d be in control of the certificates that you’re willing to trust, and would be able to use software that is trusted by anyone you trust. As it stands, you’re not allowed to run code that you wrote yourself, because the vendor doesn’t trust you.

                      Code authors cannot control the use of their product…

                      (I’m avoiding firearms comparisons since it’s a business I don’t know anything about.) Code authors have an unusually high amount of control due to things like the DMCA which give legal protection to any measure they can create. Control is just an arms race - if it can be enforced somehow, it’s legal and legitimate. The makers of devices have a lot of resources to ensure they retain control of things like the applications that run, and they are highly motivated to exercise that control since they get a 30% cut. The maker of a hammer cannot control how it is used, but the maker of a technical device can and does control the software that runs on it (although you are free to use it to drive nails into a wall, which is often its most valuable use.)

                      I believe the solution is more information. If more people knew how corrupt big tech was then they would use them less.

                      Users are given the choice to use tech or not use tech. They do not have a competitive remedy. Your cell phone company knows where you are at all times and sells that information to marketers. Your remedy is to not carry a cell phone. It is true that if everyone rejects the entire category of tech then the problem goes away, but that seems like a big societal failure that gives us a choice between dystopia or dark ages.

                      I think the new Unreal Tournament is “public” source.

                      It’s an interesting model to be sure, but note that UT4 is cancelled. You’re free to get the source code so long as anything you do with it has copyright assigned such that your contributions can be released as part of UT4. This is a volunteers-develop-a-commercial-product model. I think the reason this thread started - taking issue with the idea that “free software” is more free than “open source” - is because “open source” is often a volunteers-develop-a-commercial-product model. This one happens to be far more explicit than most.

                      Sure anybody can write a device driver. The approval process is IMHO necessary because otherwise somebody could socially engineer people into installing a malicious driver

                      To be clear, you can write a device driver, but you cannot run the thing you just wrote.

                      The argument about needing approval amounts to an argument that users cannot be trusted to make their own decisions. Logically, it applies to anything. Can you socially engineer people into installing a malicious usermode program? Can you socially engineer people to visit a website with a bitcoin miner? Can you socially engineer people to visit a phishing website? If the solution is an explicit approval step, then we’d live in a very different world - perhaps our conversation might need explicit approval, because we might be engaging in social engineering right now.

                      How does not restricting vendors lead to users having no freedom? I don’t mean to be snarky, I just don’t understand.

                      This is exactly the argument you made about one person’s freedom ending where another’s begins. It’s easy enough to illustrate by example, but that relies on examining the examples with an open mind, and remembering that in the not-that-distant past things which appear as normal today were not remotely normal.

                      Personally I’m in the strange position of developing device drivers professionally. There’s a lot of value in them - I’m paid pretty well really - but I haven’t written any open source drivers. Why not? Because nobody could run them. I have written open source applications, because people can run those. But when you’re on both sides of the same fence and realize that you have a skill which is valuable but can’t contribute it to the community, the lack of user freedom becomes very visible.

                      1. 1

                        To be clear, you can write a device driver, but you cannot run the thing you just wrote.

                        I thought that (on windows at least) you could develop the driver and run in unsigned on your own machine? I’ll take your word for it if I’m wrong because I looked at your blog and it looks like you’re a lot more knowledgeable on the subject than I am.

                        This is exactly the argument you made about one person’s freedom ending where another’s begins. It’s easy enough to illustrate by example, but that relies on examining the examples with an open mind, and remembering that in the not-that-distant past things which appear as normal today were not remotely normal.

                        I would appreciate an example. My point is that practically speaking a vendor cannot limit the freedoms of a user. They can get the user to agree not to do something, but what cost would be incurred in trying to enforce that agreement?

                        Personally I’m in the strange position of developing device drivers professionally. There’s a lot of value in them - I’m paid pretty well really - but I haven’t written any open source drivers. Why not? Because nobody could run them. I have written open source applications, because people can run those. But when you’re on both sides of the same fence and realize that you have a skill which is valuable but can’t contribute it to the community, the lack of user freedom becomes very visible.

                        You have a very interesting vantage point, thank you for your contribution to the conversation.

                        1. 3

                          I thought that (on windows at least) you could develop the driver and run in unsigned on your own machine?

                          The bootloader has no way to know whether the unsigned code it’s loading came from your compiler or came from a malicious source on the Internet. The “obvious” way to fix this is to allow for self signed code and allow the user to manage which certificates they trust, but attestation signing is doing the exact opposite of that.

                          The way I develop drivers is by running systems under a kernel debugger, which disables driver signing requirements. A kernel debugger runs on a second machine. So you could run arbitrary drivers if you configure a machine to run multiple VMs so one can act as a debugger for the other, but realistically there’s no point writing drivers for that set of users, and nobody is going to run in that configuration to run code that’s not written.

                          It’s hard to describe the things that don’t exist as a result of restrictions. I can’t point you to a giant repo of things you can’t run; nobody bothered to create the repo because nobody can use what’s in it. But note that every app store restriction exists to prevent some developer from doing something that users want. (If developers didn’t want to build it or users didn’t want to run it, there’d be no point preventing it, because it wouldn’t have a market.) I don’t know how you feel about this, but I don’t think my cell phone has more amazing software now than it did six years ago. Either human creativity just ended, or something is preventing that creativity from getting to our phones - and it’s not hard to find what’s between the developers and the users.

                          Edit: To be a bit more concrete, note that most commercial phones have locked bootloaders, and most PCs are capable of booting arbitrary operating systems. As a result, there’s a large PC Linux community, but a very small Android developer community. Since the community is smaller, there’s not as much benefit to a user using a community Android distribution. I don’t know exactly what we’re missing out on, but the PC Linux community has contributed a ton of value, and there’s no equivalent on the phone, because our phones have locked bootloaders.

                          1. 2

                            So you could run arbitrary drivers if you configure a machine to run multiple VMs so one can act as a debugger for the other

                            But note that every app store restriction exists to prevent some developer from doing something that users want.

                            Ok, I was sorely mistaken on the kernel driver point. You’re also correct that most app store restrictions are BS. Code signing would also be a lot better if you could permanently “trust” an application like on macOS (or a driver).

                            I don’t know how you feel about this, but I don’t think my cell phone has more amazing software now than it did six years ago.

                            The crazy thing is that I feel like we go backwards in a lot of ways. I’m with you on this one.

                            1. 2

                              If developers didn’t want to build it or users didn’t want to run it

                              One of the common complaints in the Windows world is bundled browser toolbars. While there are people who actually like the Ask Toolbar and Yahoo Search, does anybody want it bundled with the JRE?

                              In a strict neoliberal sense, I suppose that users do willingly run the Java installer and consent to everything it installs, but describing it as something that the end users “wants to run” doesn’t ring true. The JRE itself is usually just a means to run some other app, and the bundled toolbars are probably not part of the end-user goal.

                              After all, free software distributions like Debian and Fedora have rules about what they allow in their repositories. And plenty of people complain about those rules. But do you actually think they’re trying to be user-hostile?

                              I don’t know how you feel about this, but I don’t think my cell phone has more amazing software now than it did six years ago. Either human creativity just ended, or something is preventing that creativity from getting to our phones - and it’s not hard to find what’s between the developers and the users.

                              Or, as an alternative explanation, the easy and low-hanging fruit has already been exhausted. Web apps haven’t really gotten better now as quickly as they were improving ten years ago, yet it isn’t any more proprietary now than it was in the past (If you say “Google’s fault”, I’ll reply by reminding you of IE6).

                              1. 2

                                While there are people who actually like the Ask Toolbar and Yahoo Search, does anybody want it bundled with the JRE?

                                No, clearly not. But as you say, there are people who want them, outside of the JRE. Platforms which restrict classes of software will invariably exclude software that some people do want. At least personally, I did use the Google toolbar back when it added value to me by displaying Pagerank. Somewhat cynically, I can’t help but notice these things are designed to redirect traffic to obtain revenue, and platform owners would like to keep that revenue for themselves, so they have an interest in preventing things unrelated to user benefit.

                                software distributions like Debian and Fedora have rules about what they allow in their repositories…do you actually think they’re trying to be user-hostile?

                                No, I don’t. But as distributions, they don’t have a monopoly on software, and a feedback loop exists. If some piece of software is released that breaches a repository rule but a lot of people end up going around the repository to install it, it will spark a conversation about whether the repository’s policies are correct. That’s why people are able to complain about rules. In more closed ecosystems, that new piece of software just can’t exist, so users are excluded from the feedback loop.

                                If you say “Google’s fault”

                                I think the comments and criticisms I’m making here apply to pretty much all of the tech majors and are comments on restrictions that exist now among multiple vendors which did not exist 15 years ago. I don’t mean to single any one of them out.

                2. 2

                  Both engines are Free Software. Both engines are Open Source. The FSF and the OSI both define their licensing criteria, and the GPL and ZLIB licenses both comply with the Four Freedoms and with the Open Source Definition.

                  You’re contrasting copyleft with permissive licensing, which is a totally different distinction.

                  1. 1

                    Thank you for pointing this out. I thought Stallman’s definition of free software required copyleft.

                    I stand behind my arguments for permissive licensing though.

                    1. 1
                      1. 2

                        Thank you for linking it. I’ve just read it. I still disagree with a lot of Stallman’s assertions.

                        1. 4

                          I’m not asking that you agree with him. I certainly don’t.

                          I just don’t want you to misrepresent him, or anyone else.

                          1. 1

                            Understandable. We could do with less misrepresentation these days.

                  2. 2

                    I don’t quite follow the argument you’re making, nor what distinction you’re drawing between “free software” and “open source”. It sounds like you’re saying that even though a piece of software like Quake III Arena is “free software” (that is, released under the GPL free software license), someone forking that software, writing a derivative work, and trying to sell it would be subject to legal action from Id Software for violating their Quake-related intellectual property rights - whereas some other piece of software Sauerbraten (which I’m not familiar with), released under a different-but-still-FSF-approved license, wouldn’t have this problem?

                    1. 1

                      @notriddle hit the nail on the head. I am talking about copyleft vs permissive licensing, the zlib license doesn’t preclude inclusion in proprietary software. The GPL does.

                      1. 2

                        I am talking about copyleft vs permissive licensing, the zlib license doesn’t preclude inclusion in proprietary software. The GPL does.

                        Interestingly, that makes GPL software less free in its own right, copyleft people seem to disagree that this matters but its the root of why some of us dislike it. Sometimes I just want to get my job done and don’t want to involve the legal team. Its also why I don’t put anything I do up as GPL unless I have to. I want others to do the same.

                        GPL’s virality is both a pro and a con. I lean to it being more of a con in that it imposes a philosophy of world upon source code that I find too extreme. We can differ on this but axiomatically they are approaching free from different starting points.

                    2. 1

                      remember that free software has no restrictions on commercial use. so when you say “if he tries to sell this thing that he spend so long on, he could get a cease-and-desist,” you are either mistaken, or employing a rhetorical trick.

                      it would be more honest to say that bob can’t prevent people from reading and modifying the source code of his game. this may or may not make it more difficult to make money on, depending on the circumstances.

                      with a clear view of the situation, people can decide for themselves whether the freedom to violate other peoples’ freedom is a worthy criteria for what makes a license “free.”

                      1. 1

                        it would be more honest to say that bob can’t prevent people from reading and modifying the source code of his game. this may or may not make it more difficult to make money on, depending on the circumstances.

                        The reason I chose a game engine rather than a game, is because the product is the source code. Sure, there are a handful of image assets for the GUI but those can easily be replicated. Am I wrong in my understanding that you cannot sell a GPL program without providing the source for free? (or at least allowing the purchasers to distribute it for free?)

                        with a clear view of the situation, people can decide for themselves whether the freedom to violate other peoples’ freedom is a worthy criteria for what makes a license “free.”

                        My point is that GPL violates more freedoms than permissive licenses.

                        1. 4

                          Am I wrong in my understanding that you cannot sell a GPL program without providing the source for free? (or at least allowing the purchasers to distribute it for free?)

                          yes, the latter is correct.

                          My point is that GPL violates more freedoms than permissive licenses.

                          yes, it violates the freedom to violate other people’s freedoms.

                          1. 1

                            yes, it violates the freedom to violate other people’s freedoms.

                            What “other people’s freedoms” does a permissive license allow people to violate?

                            1. 2

                              the freedom to read/modify/share the code.

                              1. 1

                                Using a closed-source program that is based on open-source software is a choice. Don’t make it if you don’t want to. Vote with your money.

                                Here’s something I think we can all agree on: selling a program based on open-source software without putting any significant work in is immoral.

                                My additional point, is that one can put enough effort into something that they earn the right to keep the source to themself.

                                1. 1

                                  Using a closed-source program that is based on open-source software is a choice. Don’t make it if you don’t want to. Vote with your money.

                                  i don’t see your point. same goes for software that was proprietary to begin with. in each case the software violates freedoms. or does it not?

                                  1. 0

                                    Yeah, looking back I wasn’t really saying anything there.

                                    What I should’ve said is: I don’t believe that seeing how everything works and being able to pick it apart/audit it is an inalienable right. (This may have something to do with the fact that I’m a Catholic and I believe things that have no scientific explanation, and to criticize them would be heresy.)

                                    1. 2

                                      nor is it an inalienable right to keep proprietary control over one’s modifications to a code base.

                                      that’s why complaints that the GPL is “less free” come off as concern trolling. if you care about software freedom, you would at least acknowledge that the only freedom the GPL takes away is the freedom to take away other people’s freedom. preferring a license that allows modifications to be proprietary would suggest that you don’t actually care about software freedom, so complaining about the GPL being less free seems hollow.

                                      if you simply disagree with free software and would prefer to be able to keep control over a digital artifact with no reproduction cost, fine, but you aren’t arguing for freedom at that point.

                                      1. 0

                                        if you simply disagree with free software and would prefer to be able to keep control over a digital artifact with no reproduction cost, fine, but you aren’t arguing for freedom at that point.

                                        I think it depends on your definition of freedom. In a communist sense, the GPL is more free. If property rights factor in at all, then permissive licenses are still superior (even if you don’t think it’s more free).

                                        The only issue I have with the GPL is that people who legally obtain your source code can distribute it for free, which would destroy any business that I built off of it. As an anti-communist, I won’t participate in the spread of the GPL virus.

                                        I wish more licenses required that modified source be distributed, but only if they don’t allow users to distribute it further.

                                        1. 4

                                          Whether property rights should apply to intangibles like software is an open question.

                                          “Intellectual property” is actually an artificial monopoly enforced by the state.

                                          1. 1

                                            The only issue I have with the GPL is that people who legally obtain your source code can distribute it for free, which would destroy any business that I built off of it.

                                            So what’s your take on Redhat? Their product is GPL’ed, and you can even argue that it benefits them, because anyone who chooses to also use and improve their software, necessarily has to give back their contribution, so that Redhat benefits from it again.

                                            1. 1

                                              I wish more licenses required that modified source be distributed, but only if they don’t allow users to distribute it further.

                                              what do you mean

                                              1. 1

                                                The GPL requires that modified source be available to users. That’s something that I wish caught on more. I just don’t like the part where the users can distribute the source themselves.

                                                1. 1

                                                  so who can modify the source? only someone with a specific license agreement with the company/person that wrote the code?

                                                  1. 1

                                                    The idea would be that anybody who obtains/buys the software can modify it, but they would need a specific license agreement to distribute/sell it.

                                                    The point would be to put such a clause on an open-source project so that if somebody uses it in a proprietary application, the users can at least modify that portion of the software.

                          2. 1

                            This point has been made may times, and it boils down to “localized” or “downstream” freedom. Do you give Alice the power to restrict/control their users? Alice could have extended the engine with a mechanism that requires her to be paid every month, or that (for whatever reason) only works on Intel CPUs. By not releasing the source, and allowing the software to be modified+shared, “Carol” is dependent on Alice, or is not allowed to port the engine to her Raspberry Pi. That’s certainly less freedom for her (setting aside that this is “just” a game engine we are discussing). And there are a lot more “Carol”s than there are “Alice”es.

                            I’m quite pro-copyleft, and I see it in the same terms (albeit less extreme) as we would dismiss anyone who claims that the fact he can’t own a slave limits his freedom. It’s the freedom to restrict others (“permissive”) vs the freedom from foreign control.

                            1. 2

                              You can also draw an analogy (I think direct but perhaps not quite) to negative vs positive rights. Permissive licenses grant negative rights to do whatever you want with the software, while copyleft grants positive rights to have access to free software.

                              I’m rather sad that all rhetoric about rights tends toward negative rights, even though that’s not what most people care about once a baseline of negative rights is established.

                          3. 1

                            and to prevent organizations and people with political views specific activist programmers find distasteful from being able to freely use useful software

                            what do you mean by this exactly?

                            is there any reason releasing code under the GPL would not satisfy the wants of these smaller companies?

                            1. 1

                              what do you mean by this exactly?

                              The people who promote licenses like this want to be able to write software under a license that is widely-accepted as open-source but that also bans their political enemies from using the software.

                              is there any reason releasing code under the GPL would not satisfy the wants of these smaller companies?

                              The GPL allows software licensed under it to be used for any purpose, and creating a SaaS product that competes with the SaaS product the core developers of the software use to fund themselves is “any purpose”.

                        2. 4

                          challenging capitalism is perfectly compatible with iterative improvements. you can make iterative steps to put more resources and power in the hands of working people, and less in the hands of corporations. the importance of free software comes when you see that proprietary software is one lever of power that corporations can use against working people.

                          1. 5

                            It’s a nice idea (Who doesn’t want to live in a world where everything is free? Oh wait. A lot of people :) but I’d rather focus on ideas that help us iteratively improve the current situation.

                            Capitalism != markets. If you’d like I’d be happy to answer questions, but this is my usual recommendation for friends who have been taught that all market systems are “capitalism”. https://m.youtube.com/watch?v=ysZC0JOYYWw

                          1. 24

                            That headline is pretty confusing. It seems more likely twitter itself was compromised, than tons of individual users (billionaires, ex-leaders, etc)?

                            1. 18

                              You’re right. This is a case of Verge reporting what they’re seeing, but the scope has grown greatly since the initial posts. There have since been similar posts to several dozen prominent accounts, and Gemini replied that it has 2FA.

                              Given the scope, this likely isn’t accounts being hacked. I suspect that either the platform or an elevated-rights Twitter content admin has been compromised.

                              1. 12

                                Twitter released a new API today (or was about to release it? Not entirely clear to me what the exact timeline is here), my money is on that being related.

                                A ~$110k scam is a comparatively mild result considering the potential for such an attack, assuming there isn’t some 4D chess game going on as some are suggesting on HN (personally, I doubt there is). I don’t think it would be an exaggeration to say that in the hands of the wrong people, this could have the potential to tip election results or even get people killed (e.g. by encouraging the “Boogaloo” people and/or exploiting the unrest relating to racial tensions in the US from some strategic accounts or whatnot).

                                As an aside, I wonder if this will contribute to the “mainstreaming” digital signing to verify the authenticity of what someone said.

                                1. 13

                                  or even get people killed

                                  If the Donald Trump account had tweeted that an attack on China was imminent there could’ve been nuclear war.

                                  Sounds far-fetched, but this very nearly happened with Russia during the cold war when Reagan joked “My fellow Americans, I’m pleased to tell you today that I’ve signed legislation that will outlaw Russia forever. We begin bombing in five minutes.” into a microphone he didn’t realize was live.

                                  1. 10

                                    Wikipedia article about the incident: https://en.wikipedia.org/wiki/We_begin_bombing_in_five_minutes

                                    I don’t think things would have escalated to a nuclear war that quickly; there are some tensions between the US and China right now, but they don’t run that high, and a nuclear war is very much not in China’s (or anyone’s) interest. I wouldn’t care to run an experiment on this though 😬

                                    Even in the Reagan incident things didn’t seem to have escalated quite that badly (at least, in my reading of that Wikipedia article).

                                    1. 3

                                      Haha. Great tidbit of history here. Reminded me of this 80’s gem.

                                      1. 2

                                        You’re right - it would probably have gone nowhere.

                                    2. 6

                                      I wonder if this will contribute to the “mainstreaming” digital signing to verify the authenticity of what someone said

                                      It’d be nice to think so.

                                      It would be somewhat humorous if an attack on the internet’s drive-by insult site led to such a thing, rather than the last two decades of phishing attacks targeting financial institutions and the like.

                                      1. 3

                                        I wonder if this will contribute to the “mainstreaming” digital signing to verify the authenticity of what someone said.

                                        A built-in system in the browser could create a 2FA system while being transparent to the users.

                                        1. 5

                                          2fa wouldn’t help here - the tweets were posted via user impersonation functionality, not direct account attacks.

                                          1. 0

                                            If you get access to twitter, or the twitter account, you still won’t have access to the person’s private key, so your tweet is not signed.

                                            1. 9

                                              Right, which is the basic concept of signed messages… and unrelated to 2 Factor Authentication.

                                              1. 2

                                                2FA, as I used it, means authenticating the message, via two factors, the first being access to twitter account, and the second, via cryptographically signing the message.

                                                1. 3

                                                  Twitter won’t even implement the editing of published tweets. Assuming they’d add something that implicitely calls their competence in stewarding people’s tweets is a big ask.

                                                  1. 2

                                                    I’m not asking.

                                        2. 2

                                          A ~$110k scam

                                          The attacker could just be sending coins to himself. I really doubt that anyone really falls for a scam where someone you don’t know says “give me some cash and I’ll give you double back”.

                                          1. 15

                                            I admire the confidence you have in your fellow human beings but I am somewhat surprised the scam only made so little money.

                                            I mean, there’s talk about Twitter insiders being paid for this so I would not be surprised if the scammers actually lost money on this.

                                            1. 10

                                              Unfortunately people do. I’m pretty sure I must have mentioned this before a few months ago, but a few years ago a scammer managed to convince a notary to transfer almost €900k from his escrow account by impersonating the Dutch prime minister with a @gmail.com address and some outlandish story about secret agents, code-breaking savants, and national security (there’s no good write-up of the entire story in English AFAIK, I’ve been meaning to do one for ages).

                                              Why do you think people still try to send “I am a prince in Nigeria” scam emails? If you check you spam folder you’ll see that’s literally what they’re still sending (also many other backstories, but I got 2 literal Nigerian ones: one from yesterday and one from the day before that). People fall for it, even though the “Nigerian Prince” is almost synonymous with “scam”.

                                              Also, the 30 minute/1 hour time pressure is a good trick to make sure people don’t think too carefully and have to make a snap judgement.

                                              As a side-note, Elon Musk doing this is almost believable. My friend sent me just an image overnight and when I woke up to it this morning I was genuinely thinking if it was true or not. Jeff Bezos? Well….

                                              1. 12

                                                People fall for it, even though the “Nigerian Prince” is almost synonymous with “scam”.

                                                I’ve posted this research before but it’s too good to not post again.

                                                Advance-fee scams are high touch operations. You typically talk with your victims over phone and email to build up trust as your monetary demands escalate. So anyone who realizes it’s a scam before they send money is a financial loss for the scammer. But the initial email is free.

                                                So instead of more logical claims, like “I’m an inside trader who has a small sum of money to launder” you go with a stupidly bold claim that anyone with a tiny bit of common sense, experience, or even the ability to google would reject: foreign prince, huge sums of money, laughable claims. Because you are selecting for the most gullible people with the least amount of work.

                                          2. 5

                                            My understand is that Twitter has a tool to tweet as any user, and that tool was compromised.

                                            Why this tool exists, I have no idea. I can’t think of any circumstance where an employee should have access to such a tool.

                                            Twitter has been very tight-lipped about this incident and that’s not a good look for them. (I could go on for paragraphs about all of the fscked up things they’ve done)

                                            1. 5

                                              or an elevated-rights Twitter content admin

                                              I don’t think content admins should be able to make posts on other people’s account. They should only be able to delete or hide stuff. There’s no reason they should be able to post for others, and the potential for abuse is far too high for no gain.

                                              1. 6

                                                Apparently some privileges allow internal Twitter employees to remove MDA and reset passwords. Not sure how it played out but I assume MFA had to be disabled in some way.

                                              1. 5

                                                That’s a good article! Vice has updated that headline since you posted to report that the listed accounts got hijacked, which is more accurate. Hacking an individual implies that the breach was in their control: phone, email, etc. This is a twitter operations failure which resulted in existing accounts being given to another party.

                                              1. 1

                                                They don’t prevent, but they do reduce, or perhaps inhibit.

                                                Clearly I need a domain for this knowledge.

                                                1. 4

                                                  if you were going to infect 20 people without a mask, but instead you infected 10 people with a mask, the mask prevented 10 infections.

                                                  1. 2

                                                    But what you really should have done was stay at home when you had symptoms indicating you’ve got a transmissable disease. Even mild symptoms. Then you wouldn’t infect anyone.

                                                    1. 0

                                                      If you were going to crash into two ships but only crashed into one, did your actions prevent a crash, or just reduce the damage from your crash?

                                                      In your scenario, the mask prevented ten infections. It did not prevent the spread. It inhibited infection (the 10 may be asymptomatic or experience fewer symptoms due to lower volumes of virus).

                                                      We have a rich and very fuzzy language, let’s agree to use the wide variety of words we have to express ourselves.

                                                      1. 6

                                                        We have a rich and very fuzzy language, let’s agree to use the wide variety of words we have to express ourselves.

                                                        oh stop with this this tone-policing, “everything has to be about how polite we are” nonsense. Both of my parents had Covid. One of their friends died of it.

                                                        This isn’t a thought experiment. It’s not a game. It’s not a simulation. Your semantic thought experiments wind up convincing people not to wear a mask because they “don’t prevent the spread”, a conclusion so plainly false on its face that it’s ridiculous. When somebody says “masks prevent the spread” they’re not saying “if you put on a mask the virus is instantly eradicated”. When “ten fewer people get infected” gets countered with “it did not prevent the spread” all you’re showing is that you are more convinced of some abstract argument about semantics than other people’s actual lives. What is the result of you “being right” in this argument, downplaying the efficacy of mask-wearing? An asymptomatic observer concluding you’re in the right might say “you know, maybe I shouldn’t wear a mask, it doesn’t actually prevent the spread”, infecting someone they might not have otherwise infected.

                                                        I’m not going to play this toxic game of dandy politeness where we curtsy and bow and say “good day” “I disagree with your argument! but disagreement nourishes the mind!” and giggle about how much disagreement makes us wiser. Your ego is literally deadly. Your ego is literally endangering other people’s lives.

                                                        1. 1

                                                          Why do you think I don’t wear a mask? I’ve got one next to me at my desk at home right now.

                                                          Do you think that lying using language and saying masks mean nobody will get corona (prevent) is better than the truth of inhibit?

                                                    2. 1

                                                      WHO has your back:

                                                      “However, the use of a mask alone is insufficient to provide the adequate level of protection and other equally relevant measures should be adopted” 1

                                                      They have also said that asymptomatic carriers rarely transmit:

                                                      “Current evidence suggests that most transmission occurs from symptomatic people through close contact with others.”2

                                                      http://canyoumakemewhereamask.ynaas.com/

                                                      1. 2

                                                        Thanks for the WHO reference, a quote from the website expands a bit on your summary.

                                                        Accordingly, most recommendations by WHO on personal protective measures (such as use of masks and physical distancing) are based on controlling transmission from symptomatic patients, including patients with mild symptoms who are not easy to identify early on.

                                                        1. 2

                                                          WHO has dispensed too much of damaging advice this year.

                                                      2. 1

                                                        Do people hate dashes in domain names or something?

                                                        http://do-masks-prevent-the-spread-of-corona-virus.ynaas.com/

                                                        ^– is more readable in my opinion.

                                                      1. 2

                                                        Lists have already been mentioned. The other thing I use is contextual music.

                                                        If I’m doing well, the music can be more relaxed. Something like this works well: https://www.youtube.com/watch?v=wgWP0Su5Z6A Or: Maybe something with lyrics, but not something super novel: https://www.youtube.com/watch?v=A1oPoxKMMuA

                                                        If I’m having trouble concentrating, it can help to drown out unrelated thoughts with some heavier stuff: https://www.youtube.com/watch?v=QHRuTYtSbJQ (side note: Mick Gordon is a damn genius) If having lyrics also helps, it’s better if you can’t understand them (my personal Hardbass playlist, subject to change): https://www.youtube.com/watch?v=4RtWx62z1OU&list=PLAzwT4DST7SbUkO9i8oZwAPUnhzpqGtKM&index=1

                                                        Now to get back to my heavy music and put my nose back to the grindstone.

                                                        1. 7

                                                          Literally the only thing that works for me is lists. It took me way too long to figure it out, considering how common the advice is for those with heavy ADHD. But I have a git folder with a notes and a lists directory. In the lists directory is a markdown file per “large scope of work”. For me that’s usually 1 per service I work on.

                                                          Each list is just a bunch of bullet points of in-order TODOs. They don’t have any context or details outside the literal chore (if I need those, I can cross reference the notes folder). That way when I come back in on Monday I generally know “I need to do the thing on Service B” and when I open up lists/service_b.md the first bulletpoint is an immediately actionable small-scope (like 10min) section of work. I do it, delete the bulletpoint, and by the end of that I have all the context I need loaded in my head. Because it includes no context/caveats/timing/anything else, maintenance just means updating the list in an open vim buffer as I work on the project.

                                                          I guess my answer is: To get back into the groove, give yourself an entry point to the groove. The smaller the better.

                                                          1. 2

                                                            This. I work for multiple companies, and I have a .txt file for each list.

                                                            Another thing that can help a lot is to actually print the list and physically cross out finished items. The dopamine hit is much greater that way. I find myself printing emails and having them on my desk as I work on them as well.

                                                            Edit: much grammer, wow

                                                          1. 10

                                                            Didn’t Microsoft pay out a fat settlement for doing less than this with their browser?

                                                            1. 11

                                                              Because they were abusing their monopoly, which Apple doesn’t have, they are not even the biggest player in the market.

                                                              1. 4

                                                                Windows : PC :: Apple : Mobiles, then sure, no monopoly.
                                                                Windows : Intel PCs :: Apple : A5 Mobiles, then 😉

                                                                Or maybe it’s about what we can do with a particular piece of form factor? Was Windows a monopoly because of the network effects of its software ecosystem? Apple has one of its own, complete with exclusives.

                                                                Microsoft enjoys so much power in the market for Intel-compatible PC operating systems that if it wished to exercise this power solely in terms of price, it could charge a price for Windows substantially above that which could be charged in a competitive market. Moreover, it could do so for a significant period of time without losing an unacceptable amount of business to competitors. In other words, Microsoft enjoys monopoly power in the relevant market.

                                                                That Apple Tax.

                                                                It all depends on how we draw the lines of monopoly.

                                                                1. 2

                                                                  The Apple Tax is 110% a real thing on desktop/mobile form factors.

                                                                  On mobile it’s a whole other thing. Compare, for instance, their geekbench scores (in operations per second):

                                                                  The cheapest iphone ($400 USD iphone SE) scores 1326.

                                                                  The samsung galaxy ultra at $2000 scores 840 on the same benchmark.

                                                                  The cheapest iphone is nearly twice as fast (single-core) as the fastest android. On multi-core it’s still faster, but only slightly.

                                                              2. 3

                                                                I haven’t read the EULA for iOS in it’s entirety, but if it says that the default browser is not allowed to be changed then that is a solid (legal) defense for Apple. I did just check and it has a clause stating that you aren’t allowed to modify the software. Changing what application is opened when you click a link in the Mail app (for example) would likely constitute modifying the software in a court of law.

                                                                I don’t understand why people still buy Apple products at this point.

                                                                1. 6

                                                                  EULAs are generally unenforceable against private parties in the US* and Apple’s legal has far better things to do than to file frivolous lawsuits against people who jailbreak their phones to change the default browser. The situation with AOL and Microsoft fighting for the dominant browser doesn’t exist today, so an antitrust case against Apple for bundling Safari seems much weaker now. Remember that there are far more Android phones than iPhones today; in the 90s, Windows had over 90% of the market.

                                                                  *If you’re an iPhone reseller and you jailbreak the phones you’re selling to change the default browser, then Apple might go after you. If you’re a private party, nobody cares.

                                                                  1. 1

                                                                    EULAs are generally unenforceable against private parties in the US* and Apple’s legal has far better things to do than to file frivolous lawsuits against people who jailbreak their phones to change the default browser.

                                                                    This is very true. My point however, was that somebody who tries to sue Apple because they don’t provide this functionality wouldn’t get very far because of the EULA that they (either implicitly or explicitly) agreed to.

                                                                    Remember that there are far more Android phones than iPhones today; in the 90s, Windows had over 90% of the market.

                                                                    I believe this is one of the reasons that we haven’t seen any of these lawsuits.

                                                                    Edit: accidentally posted with an edit for my other comment.

                                                              1. 2

                                                                Serious question, who would use this?

                                                                1. 6

                                                                  Someone who likes Perl? Someone who has Perl code which he wants to run in a browser for <reasons/>? Someone who likes the idea of running any language in those tags and takes this idea a bit further to run her <script type="text/cobol"> code?

                                                                  1. 1

                                                                    <script type="text/cobol">

                                                                    Well, I can’t see any appeal for this particular option. However I do see now that this is just one of many languages that could be implemented now. For some reason Lua comes to mind.

                                                                    1. 2

                                                                      Cobol is the new hot technology for the upcoming 50’s, only thirty years (plus an off-by-one century) away now. Be prepared.

                                                                  2. 4

                                                                    As a heavy Perl user, the prospect of having a web app with Perl backend talking to a Perl frontend sounds fantastic.

                                                                    1. 1

                                                                      That does sound intriguing. I’m speaking from very little direct experience writing Perl and some decent experience maintaining a few Perl scripts. There’s a joke around the office that Perl is “write once read never”.

                                                                      To be clear: I think Perl is great for what it is, but I don’t think it’s cut out for front-end development. However, thinking about this more clearly in the morning, I can see the appeal a bit better.

                                                                      1. 2

                                                                        Well… in terms of Perl web development the very best thing is https://mojolicious.org

                                                                        When you look at the two examples on the front page: first, you can run a local web server with just 3 lines of code; second, you can spin up a websocket server from a single file with a short snippet. That file includes some javascript. I wonder how it would look with just WebPerl. That’s the appeal for me.

                                                                  1. 2

                                                                    So, why is this coding stream upvoted and mine was marked as spam?

                                                                    Is it because I had posted my own stream? Because I was fixing bugs on an existing project that isn’t particularly popular? Because it was in progress rather than an old stream?

                                                                    I’m just trying to understand what is considered on-topic and what is considered spam. Is it more appropriate to post upcoming livestreams on IRC?

                                                                    1. 8

                                                                      You got one person marking it as spam. This isn’t necessarily indicative of everyone’s feelings here!

                                                                      Personally, I think that this board is maybe a bit not ideal for announcements on time sensitive things, but posting full recordings later if it’s an interesting stream is good.

                                                                      If you are interested in announcing in-progress streams, perhaps the IRC channel would be a better fit? I would click on it if it were posted in there

                                                                      To be crystal clear: I think a lot of people in the community like this kind of content! I imagine the spam vote was from somebody in a bad mood who read your post as “self promotion” (personally doesn’t make much sense to me)

                                                                      1. 5

                                                                        I appreciate that, I’ll try the IRC the next time I stream. Thanks!

                                                                      2. 4

                                                                        This is actually a good discussion that needs to happen here. There are already platforms that do some aggregation of live coding and my opinion is that they work better than lobsters for that. The front page is changing very fast already and having time constrained elements would make it change even faster.

                                                                        1. 2

                                                                          Thanks for the link! I’ll be sure to use that site next time.

                                                                          Edit: This bit does resonate with me;

                                                                          The front page is changing very fast already and having time constrained elements would make it change even faster.

                                                                          I wasn’t planning on posting every stream here, but this makes a lot of sense and I probably won’t post another here unless it’s much more relevant.

                                                                        2. 3

                                                                          Andrew Kelley is definitely a favorite on this site, which makes anything posted immediately more visible. I’m not sure why yours was flagged spam, but perhaps someone didn’t want to see it and needed a reason to downvote.

                                                                          1. 0

                                                                            Ah, so this is just a classic double-standard. Nice.

                                                                            I can understand if nobody liked my stream, but if livestreams are welcome then a “spam” downvote is just false.

                                                                          2. 3

                                                                            This is probably more about what is shown here: The demonstration aspect of what you can do in zig. And about showing people how you can do this live, thus in a reasonable amount of time and effort. This more a show-off how capable zig is already, and lobster is pretty interested in zig and new languages like this. At least this is why I felt like this belongs here, even though I haven’t watched it.

                                                                          1. 3

                                                                            Probable list of things

                                                                            • Upgrade machines to Xubuntu 20.04, which was released yesterday
                                                                            • Cook & smoke a rack of ribs on the grill (first time)
                                                                            • Continue looking into “Bug Out Bag” equipment, particularly first aid because I’ve ordered most of the other gear. I’m using this: https://theprepared.com/bug-out-bags/guides/bug-out-bag-list/. Also need to make a basic list and plan of what to do in this kind of emergency. Some of the gear should be arriving this weekend so I’ll have a chance to check it out. I’m totally new to camping/backpacking so lots to learn.

                                                                            FWIW I wouldn’t call myself a “prepper” and I don’t think I’ll need to use this stuff anytime soon. But I do live in NYC so I figured why not just have the gear and view it as insurance, or if I have the urge to really go camping when it’s a better time. I don’t live very close to immediate family so having the option to camp out somewhere and survive for a few days puts me at ease. A lot of camping gear is on sale right now too.

                                                                            1. 2

                                                                              On the subject of a “Bug Out Bag”. I find that it only makes sense to “But Out” if you live alone (it seems like you do, but you aren’t specific enough). I’m a big fan of the “Get Home Bag” concept in contrast. I recommend Warrior Poet Society’s videos on the subject: https://www.youtube.com/watch?v=FtcH73kXxZY (original) https://www.youtube.com/watch?v=DZmSX6LHZQk (update)

                                                                              1. 2

                                                                                Wow, he just released another video 2 hours ago, “Why I ditched my Bug-Out bag”: https://www.youtube.com/watch?v=RVdMHDaiaFs

                                                                                1. 2

                                                                                  This is a great video! I agree with him that from a security perspective, bugging out probably isn’t the best idea in most situations.

                                                                                  Given my situation where I live with my girlfriend and we don’t have kids, it’s easier for us to bug out compared to most people in NYC. Our immediate family is between 5-20H away. So getting to them would likely be a priority but it’s difficult to leave your community and friends many of whom are still here. Plus the journey could be dangerous. If I lived in the suburbs or owned a home with family closer by, then I don’t think bugging out would be a very good option.

                                                                            1. 2

                                                                              I’m going to try and make time this Saturday to work on some error handling and optimization in Envelope https://github.com/workflowproducts/envelope

                                                                              I usually don’t have time M-F to work on our OSS stuff because that time is better spent billing clients, but it needs to get done at some point.

                                                                              As an aside, is anybody interested in a coding stream? I had the idea last week, but I wanted to see if there was any interest before setting it up.

                                                                              1. 4

                                                                                What does the expression at the end mean?

                                                                                Looking at the manual it looks like | is Max/Or. I also saw that |/ is defined as “Max-Over”?

                                                                                1. 7

                                                                                  It’s the K implementation of the algorithm above. Find the max of a list of numbers.

                                                                                  1. 1

                                                                                    Ah, for some reason I thought it was a pun to the effect of “hah, you noobs”.

                                                                                  2. 6

                                                                                    | is max. It’s also boolean or. If you wanted the minimum, it’d be &/, because & is min/boolean and.

                                                                                    The APLs have teased apart lots of common operations into atomic parts that combine cleanly, sometimes unpacking them further than other languages go. The single-argument form of & (“where”) is a good example:

                                                                                      &1 2 3
                                                                                    0 1 1 2 2 2
                                                                                    

                                                                                    It counts up, repeating each successive number based on the next number in the argument.

                                                                                      &5 5 5
                                                                                    0 0 0 0 0 1 1 1 1 1 2 2 2 2 2
                                                                                    

                                                                                    Okay, so that makes the pattern clearer. By why is that useful?

                                                                                      & 0 0 0 1 0 1 1 0 1 0
                                                                                    3 5 6 8
                                                                                    

                                                                                    Ah ha – “what are the offsets of the 1s?”

                                                                                      x:10?!1000    / draw 10 random numbers 0 to 999
                                                                                      x             / print them
                                                                                    379 998 594 106 191 686 123 845 495 700
                                                                                      x < 500       / what values are less than 500
                                                                                    1 0 0 1 1 0 1 0 1 0
                                                                                      x[&x<500]     / slice x by indices where x is less than 500
                                                                                    379 106 191 123 495
                                                                                    

                                                                                    So it combines with a conditional to become a sort of SELECT, but it also combines with other operators in a predictable way, and the implementation is straightforward.

                                                                                    1. 1

                                                                                      Thank you! I was stumped as to what the where usage of & is for. This is a great explanation.

                                                                                  1. 8

                                                                                    While many entries are now 4 or 5 years old, I always greatly appreciated How I Start for this kind of thing, and wished documentation like it got more popular. I recently had a bit of a primal scream trying to get an OCaml setup and I identified what I’d love most in any programming environment for a project, especially when jumping into a new language:

                                                                                    • Project/directory structure.
                                                                                    • make-like invocations to do the following:
                                                                                      • Build artifact
                                                                                      • Run
                                                                                      • Run tests
                                                                                      • Clean
                                                                                      • Perform static analysis, if there are external tools (e.g. mypy, formatters)
                                                                                      • Deploy
                                                                                      • Open an interactive shell with definitions loaded.
                                                                                    • Easy to add reproducible dependencies (usually pinned with a lockfile these days).
                                                                                    • Use a language server (or plugin, or IDE) to give features like:
                                                                                      • Type of highlighted expression
                                                                                      • Jump to definition
                                                                                      • Find usages of highlighted term. Safe rename/delete.

                                                                                    And there’s only one or two languages I can do all of 👆 with, and it often takes a lot of tweaking. Also, many of the commands get slow as teams grow, so it’s less about quick iterative cycles (thinking of every slow pytest suite I’ve ever sat through for a ~50kloc project…).

                                                                                    Did I miss any? And how do we proliferate the knowledge or solidify the tools so that fewer of us have to work around the lack of these things?

                                                                                    I think a lot about Bret Victor’s mentioning sometime that a lot of programming skill is about being able to “play computer” in your mind, modeling its limitations while you work. But we do this… in front… of a computer! 😛

                                                                                    Anyways, happy to see this sentiment (“it’s more than just the source code”) getting traction 🙂

                                                                                    1. 3

                                                                                      I am a big fan of cookiecutter for much of this. It’s like an executable version of some of those “how I start” essays, but it doesn’t quite take you from absolute zero the way some of those do.

                                                                                      For stuff that’s new to me, I like to start by finding an opinionated cookiecutter for it. Once I’ve been at something long enough to have formed a more concrete opinion of my own, I’ll often fork one to suit my environment or needs a little better.

                                                                                      It’s not a full answer to your question, but it gets me going with a lot less tweaking than I used to do.

                                                                                      1. 1

                                                                                        That looks really cool! I’m going to have to use this in the future, Thanks!

                                                                                        1. 1

                                                                                          This looks awesome, I’ll take a look! 😄

                                                                                      1. 3

                                                                                        I don’t know if you’d count autotools and C as modern, but I found GNU Hello to be a nice starting point.

                                                                                        1. 5

                                                                                          At $work, we used autohell for a few months. I ended up hand-rolling a configure script that suits modern *nix quite nicely. I now use it as a base for personal projects.

                                                                                          1. 4

                                                                                            Just scanning over it:

                                                                                            • The helptext says you can say --prefix <directory>, but the actual argument-parsing code looks for --prefix=<directory>

                                                                                            • You check for the openssl binary, and later again for the header files; isn’t that a bit redundant?

                                                                                            • You have a test to see is libev wants you not to link to libm, but you also unconditionally link to it anyway.

                                                                                            1. 1

                                                                                              The helptext says you can say --prefix <directory>, but the actual argument-parsing code looks for --prefix=<directory>

                                                                                              This is definitely a bug, thanks!

                                                                                              You check for the openssl binary, and later again for the header files; isn’t that a bit redundant?

                                                                                              No, because somebody who has only the openssl package installed, needs to install the openssl-devel/-dev package.

                                                                                              You have a test to see is libev wants you not to link to libm, but you also unconditionally link to it anyway.

                                                                                              I will look into this. I copied some of that from libev’s configure script, but it’s been a while.

                                                                                              Thanks for the feedback!

                                                                                              Edited because I pressed post instead of Preview

                                                                                              1. 3

                                                                                                You check for the openssl binary, and later again for the header files; isn’t that a bit redundant?

                                                                                                No, because somebody who has only the openssl package installed, needs to install the openssl-devel/-dev package.

                                                                                                Right, but the -dev package will always depend on the binary package, so you can just check for the header.

                                                                                                1. 1

                                                                                                  Right, but the -dev package will always depend on the binary package, so you can just check for the header.

                                                                                                  Ah, I see what you’re saying now. Thanks again!

                                                                                        1. 3

                                                                                          This happened to my family (my Father, older brother, and myself) the last time we tried to run a FreeBSD home server. I was 15(?) at the time. We had decided that we wanted to use ZFS because of all of it’s cool features, including really nice backup stuff. We made meticulous instructions on how to set up our email, file share and DNS and tested it a couple of times on real hardware before trying to actually replace our old Mac OS X server.

                                                                                          flashbacks intensify

                                                                                          It took years for FreeBSD to be approached by one of us again. We also considered the hard drives to be completely useless at this point. The computer (an Intel NUC) also collected dust for a while.

                                                                                          We didn’t actually diagnose it until a few years later when we (just my Father and myself this time) tried to re-use the computer, at a client. We used CentOS 7 this time. We were seeing some Weird Shit™ like rsync locking up the system, and one of us had the idea to run a memory test.

                                                                                          Memtest86 found it in less than half an hour. This is the only time in my professional career that I’ve ever considered bad memory a possibility. Thankfully it was only one of the modules and we were able to leave soon after we figured this out. (We were only using this computer in the interim while setting up their old Mac OS X server with Linux.)

                                                                                          On the way back late that night after having everything resolved my Father told me that he actually remembers having issue with FreeBSD due to bad memory sticks that didn’t happen under any other OS.

                                                                                          sighs intensify

                                                                                          He said he heard that FreeBSD swaps less often than Linux or something like that. Well, since then, I’ve installed FreeBSD on my own computer to fiddle with. It’s pretty nice! I’ve got xdm launching dwm with dmenu, st, surf.

                                                                                          Kind of off-topic: If anybody has any tips on getting tabbed and surf to play nice, I would appreciate it.

                                                                                          1. 9

                                                                                            today’s languages contain far too many features

                                                                                            Totally agree on that – it doesn’t even need qualification.

                                                                                            Things I’d rather not see in new languages:

                                                                                            • if-then-else and ternary operators and switch and …
                                                                                            • unary operators
                                                                                            • half a dozen ways to write number literals
                                                                                            • static keyword
                                                                                            • semicola
                                                                                            • generics with <>
                                                                                            1. 4

                                                                                              But then it wouldn’t look like C, and no-one would adopt the language! /s

                                                                                              1. 0

                                                                                                True, I’m waiting for the angry troll, unkind and incorrect flags to drop. ;-)

                                                                                              2. 1

                                                                                                if-then-else and ternary operators and switch and …

                                                                                                I personally never use switch in C, but I do use ternary operators occasionally (although they can get messy).

                                                                                                unary operators

                                                                                                I agree when it comes to increment/decrement. I always i = i + 1 for clarity.

                                                                                                Then again, how else do we get the one’s compliment (~)? Address of (&)? De-reference (*)? (If you’re answer to the last two is there are no pointers, then get off my lawn)

                                                                                                half a dozen ways to write number literals

                                                                                                If you are writing constants that need to have specific bits set, it helps to have hex/octal literals.

                                                                                                The 1.0f thing for denoting single-precision and other things like that are useless to me. Modern compilers are able to infer typing for literals.

                                                                                                static keyword

                                                                                                Agreed.

                                                                                                semicola

                                                                                                How else do you terminate a statement? If you want to force one statement per line, that’s fine. But then, what if I want a multi-line statement?

                                                                                                generics with <>

                                                                                                I personally don’t care about generics at this point in my career. I’ve never used them in production software.

                                                                                              1. 2

                                                                                                Envlope passes PostgreSQL NOTIFYs through websocket connections: https://github.com/workflowproducts/envelope

                                                                                                I used this recently to detect data updates in a webpage and automatically fetch the new records.

                                                                                                (Shameless self-plug, I developed the Envelope server component for $work)

                                                                                                1. 2

                                                                                                  (Another shameless self-plug)

                                                                                                  I also wrote a notification provider that works with iOS and Android using PostgreSQL NOTIFYs as the basis.

                                                                                                  https://github.com/wickednotify/wickednotify-server for those interested. There are full tutorials for iOS and Android usage.

                                                                                                1. 4

                                                                                                  One important limitation: You can’t use it with connection pooling proxy (pgbouncer). So as soon as you need to manage hundreds of connections to the DB its not usable.

                                                                                                  1. 3

                                                                                                    I’m a bit of a noob here - doesn’t that depend on the type on the pool mode (session, transaction, statement)?

                                                                                                    1. 5

                                                                                                      Sorry, yes you are right! Session pooling allows all Postgresql features.

                                                                                                      However session pooling is only useful for limited use cases such as maintaining a long-lived connection for short-lived clients. In most cases, people use transaction pooling to handle more connection than postgres would allow.

                                                                                                      1. 1

                                                                                                        Got it! We’re currently using connection poolers at the application level (Clojure + hikari-cp connection pool) and it’s been working great so far - it give us session-mode connections, but without overloading our PG instances. I wonder if at some point we will need something like pgBouncer

                                                                                                        1. 3

                                                                                                          Depending on your architecture, you can use a single dedicated connection per worker process to LISTEN and dispatch notifications to other threads within the process. Then you can use transaction pooling for all your other threads, reducing the total number of connections needed.

                                                                                                          1. 1

                                                                                                            Yes, that’s more or less what I had in mind - the notification listener doesn’t have to process the jobs itself. Are you aware of any existing open source solutions that implement this kind of strategy? All I could find are Python and Ruby implementations where threads are not really a thing.

                                                                                                            1. 3

                                                                                                              I don’t know of any, but it’s pretty straightforward. Especially since your dedicated listen thread only needs to LISTEN, you can still NOTIFY normally through a transactional connection pool.

                                                                                                              Have each worker thread create a promise, .put to a shared Java BlockingQueue, then deref the promise (blocking). Have the dedicated LISTEN thread .take from the queue, send LISTEN to PostgreSQL, and then (deliver worker-promise notify-payload). Taking from the promise queue before sending LISTEN to PostgreSQL ensures you don’t LISTEN before you can use the payload.

                                                                                                              You could even use a dedicated connection pool in the LISTEN thread with maximumPoolSize=1, reusing all of Hikari’s reconnect logic.

                                                                                                              1. 2

                                                                                                                That’s super helpful - thank you! I guess I could also play around with core.async instead of BlockingQueue, although that’s more an implementation detail.

                                                                                                                1. 2

                                                                                                                  You probably could, promises and async code go hand in hand.

                                                                                                                  Unpopular opinion: unless you’re writing something approximately similar to a load balancer, async is a waste of time. It’s 2020, mutexes are fast, context switching is cheap, and asynchronous code comes with plenty of poorly understood problems.

                                                                                                                  1. 2

                                                                                                                    Not sure if it’s an unpopular opinion, I’ve been avoiding core.async as much as possible, as on the server there’s not many reasons to use it and it doesn’t solve any problems for me (or my team - we have ~12 Clojure applications in production right now).

                                                                                                                    I’m also not convinced if it’s useful in Clojurescript, but admittedly I didn’t build anything significant to have a better opinion.

                                                                                                              2. 2

                                                                                                                the notification listener doesn’t have to process the jobs itself. Are you aware of any existing open source solutions that implement this kind of strategy

                                                                                                                Take a look at rxJava (or rxCPP [1] or rx.NET – same semantic, but different languages). Eg review this article:

                                                                                                                https://vlkan.com/blog/post/2016/07/20/rxjava-backpressure/

                                                                                                                I am assuming that

                                                                                                                • a) you are within single process
                                                                                                                • b) you want one producer (eg your listener).. although multiple producers will work
                                                                                                                • c) you want multiple non-blocking consumers within same process as the producers
                                                                                                                • d) you want some control over backpressure (eg slow down the producer,if some consumers cannot keep up). you want to use queue with backpressure monitoring, and multiple clients

                                                                                                                Of course, if your listeners are out of process (and/or running on different machines), then rxJava will not help.

                                                                                                                I will also say, that rxJava has been really helpful in just writing mobile app clients (Android) because there are a number of things, when you write these clients, that require reacting to ‘events’ (Eg responses coming from backends, purchase/subscription acks from playstore, even user clicks.., etc). So this is not just for server-side code.

                                                                                                                In my view, the rx set of libraries, their semantic, and use cases are exceptionally useful to learn and that knowledge will not become ‘irrelevant’ a few years, instead, you will be able to utilze it (and probably same APIs for next decade or more). Even in programming languages that do not have native threads …

                                                                                                                [1] https://github.com/ReactiveX/RxCpp

                                                                                                      2. 2

                                                                                                        Server hardware is getting better and better, with more and more cores. The standard 100 connection limit of PostgreSQL is making less and less sense as time goes on.

                                                                                                        Fun fact: I just installed PostgreSQL on a server with a 3900X and it compiled in less than a minute with make -j24. (Yes, it is a completely different workload. But it’s still really cool!)

                                                                                                        edit: missing “on”

                                                                                                      1. 2

                                                                                                        Nitpick: Advent consists of the four weeks before Christmas (starting with Sunday), rather always starting on December first. (Source: https://www.fisheaters.com/customsadvent1.html)

                                                                                                        (Yes, I know. This year Advent does start on December first. Your point?)

                                                                                                        “First get your facts straight. Then distort them at your leisure.”
                                                                                                        -Neil deGrasse Tyson (https://twitter.com/neiltyson/status/835938739784314880?lang=en)

                                                                                                        1. 7

                                                                                                          You are technically correct, but most advent calendars start from 1 Dec and end on Christmas Eve or Day.

                                                                                                          Using the secular form (i.e. all days in December up to 24 or 25) prevents acrimonious debate about when, exactly, Advent Sundays fall. For example, according to the fount of all human knowledge:

                                                                                                          In the Ambrosian Rite and the Mozarabic Rite, the First Sunday in Advent comes two weeks earlier than in the Roman, being on the Sunday after St. Martin’s Day (11 November), six weeks before Christmas.

                                                                                                          1. 4

                                                                                                            And in the Orthodox world the Christmas fast starts 40 days before Christmas!

                                                                                                            1. 2

                                                                                                              In the Ambrosian Rite and the Mozarabic Rite, the First Sunday in Advent comes two weeks earlier than in the Roman

                                                                                                              I didn’t know that until today (I’m a member of the Roman Rite). However, this only strengthens the point that Advent is a religious thing and secularization is diluting the meaning of such names.

                                                                                                              Using the secular form (i.e. all days in December up to 24 or 25) prevents acrimonious debate about when,

                                                                                                              I’m not angry at anyone in particular over this. It would be nice if secular customs didn’t use religious names, but I think it’s a bit late for that.

                                                                                                              1. 4

                                                                                                                These rites were news to me too!

                                                                                                                The creator of the project seems to have German Lutheran (cultural) roots, so the project was inspired by his memory those calendars. See this talk: https://lobste.rs/s/ay9oft/advent_code_behind_scenes

                                                                                                                1. 2

                                                                                                                  See this talk: https://lobste.rs/s/ay9oft/advent_code_behind_scenes

                                                                                                                  I don’t know if I’ll watch the whole thing, but it’s good to know this was addressed. Thanks for the link!

                                                                                                                  1. 2

                                                                                                                    A big part of the talk was that the planned audience for this contest was ~70 people. Virality expanded that to 100K (?) during the first year. No doubt if this had been a corporate project it would have been focus-grouped and someone might have raised the issues with naming it after Advent.

                                                                                                          1. 1

                                                                                                            Note: @rtxb mentioned two different kinds of containers, but I think this applies to both kinds.

                                                                                                            Before I explain why I don’t use containers, I want to make sure I’m on the same page with the benefits:

                                                                                                            • Consistent environments no matter where they are deployed
                                                                                                            • Cross platform
                                                                                                            • Security? (this one seems dubious, and I’m not sure I’ve actually seen somebody give this as the reason they use containers)

                                                                                                            If I am wrong, please correct me.

                                                                                                            Now onto my reasons not to use containers. Keep in mind that this written from my perspective as a high-performance C programmer and web developer.

                                                                                                            In my experience, the fewer layers between your program and the hardware it’s running on the more performant it will be[1].

                                                                                                            Having more layers can not only impact processing performance, but also network latency, file I/O and memory access. In the context of containers, most of these problems can be mitigated by using a hardware based hypervisor and thin network/disk layers. However, in my experience with virtual machines on Linux they can be fiddly to setup properly[2] and you might not even get equivalent performance.

                                                                                                            On the subject of security, I don’t see containers as a benefit because if the outside work as access to your program and they get arbitrary code execution you are still screwed.

                                                                                                            I would appreciate any criticism of this reasoning.

                                                                                                            [1]: I do use Electron at work, but that is because the applications I’ve built with it started life as web applications and Electron seemed like the best option. If I had to do it again, I’d probably write a Gecko-based shell.
                                                                                                            [2]: My experiences have been with KVM on Fedora 24 or 25 for CI-esque purposes.

                                                                                                            1. 2

                                                                                                              Security is one of main reason not to use containers. A trustworthy Linux distribution provides stable packages and timely security updates, OTOH container images do not, and many images ship vulnerable packages.

                                                                                                              Using system packages and linking to shared libraries goes a long way.

                                                                                                              1. 0

                                                                                                                A trustworthy Linux distribution

                                                                                                                Does that even exist (pdf slides)? Seems like you already sacrifice most trust to run a Linux distribution. Your enemies don’t even have to be nation states to get results.

                                                                                                                1. 1

                                                                                                                  It exists: despite the FUD, there are plenty of Linux system running critical workloads that make them very interesting targets for a large number attackers. Payments systems and firewalls especially. While the security of the kernel is far from perfect and can be improved, most organizations are choosing Linux over alternatives and they are not going bankrupt from daily break-ins.

                                                                                                                  1. 0

                                                                                                                    Years back, media ran stories about so-called “APT’s” that were hackers breaching companies with regular vulnerabilities. Apparently, most of the big ones had been hit with attackers leaking data for months without their knowledge. Other sources doing surveys said vast majority of breaches go unreported. Finally, addressing “bankrupt,” most breach’s were to take trade secrets or had limited damage with no punishment by government or courts. So, that part is more of a legal issues.

                                                                                                                    All together, these facts mean we have no way of knowing how secure Linux is or isn’t in practice due to all the hidden and unknown breaches that are in all probability still happening. All we can know for sure, proven empirically by tools like I linked, is its consistently-horrible Q.A. makes it an magnet for attackers. Better be using advanced mitigations with it or a security-focused OS like OpenBSD, Genode on a separation kernel, or INTEGRITY-178B.

                                                                                                            1. 14

                                                                                                              Of all the BSDs I’ve tried, OpenBSD is my favourite. I’ve even statically build a few portable programms (ksh, mg) to use on my university server.

                                                                                                              Nevertheless, my main annoyance has always been package managment. It just feels a lot less native and integrated, and far hacky-er than on most linux distributions. Every 5-6 months I have an urge to install OpenBSD on my laptop again, but package management always annoys me so much, that I switch back to Debian. I don’t think there’s any denying that the base system of (Open)BSD is a lot better integrated and cleaner than on the average linux distro (although systemd is trying to fix this), but this seems to come at the cost of making everything outside the base system seem more foreign.

                                                                                                              If I were to finally figure out how to do backwards http-proxies with httpd(8), I’d at least be using it on my server. But even though I’ve tried many times, I always fail ._.

                                                                                                              1. 4

                                                                                                                pkg management (pkg upgrades) is slow but reliable for me, do you have a particular pain point in mind?

                                                                                                                httpd is not a proxy but you should check out relayd. Fun fact httpd is basically a heavily modified relayd fork.

                                                                                                                1. 2

                                                                                                                  pkg management (pkg upgrades) is slow but reliable for me, do you have a particular pain point in mind?

                                                                                                                  I sadly can’t remember the specifics, and it was probably more of a feeling than something specific (one thing I remember finding wierd the first time was that I had to use pkg_add instead of pkg-add to install a package – until then I always thought of _ as designating “lower level” tools). When I used apt, dnf or xbps, I just have the feeling it’s better integrated and it more probable to warn me if something critical is going on.

                                                                                                                  httpd is not a proxy but you should check out relayd.

                                                                                                                  You’re right, I messed that up, but I also tried to figure that out without success.

                                                                                                                  1. 7

                                                                                                                    apt […] it’s better integrated

                                                                                                                    huh, it’s a very dis-integrated system, with dpkg and apt being separate pieces, apt-get vs aptitude, a complex system for (re)configuring packages at runtime…

                                                                                                                    1. 2

                                                                                                                      Now they have apt as well as apt-get, just for extra confusion. Debian users kept telling me “just use apt now” but I find it screws with my scrollback history because of the way it uses curses or something.

                                                                                                                      1. 1

                                                                                                                        And apt is like a python wrapper around apt-get or something IIRC

                                                                                                                      2. 1

                                                                                                                        Structurally, yes, but when you just use apt, which is possible, it feels a lot better (more information, more intuitive, …), which is all I am saying.

                                                                                                                  2. 1

                                                                                                                    If I were to finally figure out how to do backwards http-proxies with httpd(8), I’d at least be using it on my server.

                                                                                                                    AFAIK, this is not a function of httpd, you’re supposed to use relayd for this.

                                                                                                                    This guide is specific to some software I develop at $work, but you should be able to pull out the good bits: https://github.com/workflowproducts/envelope/blob/master/INSTALL_RELAYD.md