1. 6

    If systemd had restricted itself to services, it would have been a nice init replacement. The problem I have with systemd is everything else it does.

    1. 1

      IIRC those can be configured off if you only want to keep the init part.

    1. 1

      No, caching is disabled for C files.

      …any idea why? I wouldn’t expect a huge speedup, because C headers aren’t entirely insane, but it seems an odd decision.

      1. 2

        I noticed that the 2015 mailing list post says .c files are cached, so some time between then and the 2018 public release it was disabled for C.

        If I had to guess, the actual parsing pass is always going to be a lot less complex for C vs C++, so a simpler approach like ccache’s may get similar gains for less overhead generating & maintaining the actual cache.

        1. 1

          I agree. I push caching as the general rule if checking if it’s in the cache costs less than the time to compile the file. I’d think that was true for most languages.

        1. 3

          wouldn’t you have to agree to an embargo in order to break it?

          also: How about blaming the people who created the flaw instead of the people trying to fix it?

          1. 8

            Oh believe me, I would like to blame Damien Bergamini for lots of things :) But that wouldn’t do the overall great results of his work justice.

            KRACK was a common flaw across many independent WPA implementations. Which was quite surprising. It has been argued that it’s an 802.11 standard flaw because the standard authors didn’t alert anyone that the state machines described in the documents were incomplete and didn’t account for this issue. But of course the standard authors didn’t notice the problem either at the time.

            1. 7

              “because the standard authors didn’t alert anyone that the state machines described in the documents were incomplete and didn’t account for this issue.”

              Another example where formal specification of a standard might have caught a problem. Especially if it involved state machines.

            2. 2

              wouldn’t you have to agree to an embargo in order to break it?

              Yes, but if you don’t agree to it, don’t complain if you aren’t given disclosure.

              How about blaming the people who created the flaw instead of the people trying to fix it?

              Because that’s not a mutually exclusive position, and a transparent attempt to create a moral high ground where none exists. You can blame both the people who created the flaw and the people who trying to fix it if they act in bad faith.

              1. 4

                Yes, but if you don’t agree to it, don’t complain if you aren’t given disclosure.

                It’s rather hard to agree to an embargo if you’re not notified of it or offered a chance to agree.

                1. 0

                  Since the OBSD folks are talking about the embargo and their participation (or not) in it in all of the emails cited, I assume you’re speaking of the general case and not this specific one. I agree that, in the general case, if you aren’t notified it’s hard to agree to an embargo. That’s not the case here, of course.

                  1. 8

                    The OBSD people were talking about how they heard rumors of an embargo, and could not get a response from anyone relevant. They were absolutely clear that if they had been able to agree to the embargo, they would have. They were not offered the option.

                    The best they got was “You didn’t get a response because you asked the wrong people”. When asked who the right people were – crickets.

            1. 15

              As a junior developer doing my best to learn as much as I can, both technically and in terms of engineering maturity, I’d love to hear what some of the veterans here have found useful in their own careers for getting the most out of their jobs, projects, and time.

              Anything from specific techniques as in this post to general mindset and approach would be most welcome.

              1. 33

                Several essentials have made a disproportionate benefit on my career. In no order:

                • find a job with lots of flexibility and challenging work
                • find a job where your coworkers continuously improve themselves as much (or more) than you
                • start writing a monthly blog of things you learn and have strong opinions on
                • learn to be political (it’ll help you stay with good challenging work). Being political isn’t slimy, it is wise. Be confident in this.
                • read programming books/blogs and develop a strong philosophy
                • start a habit of programming to learn for 15 minutes a day, every day
                • come to terms with the fact that you will see a diminishing return on new programing skills, and an increasing return on “doing the correct/fastest thing” skills. (e.g. knowing what to work on, knowing what corners to cut, knowing how to communicate with business people so you only solve their problems and not just chase their imagined solutions, etc). Lean into this, and practice this skill as often as you can.

                These have had an immense effect on my abilities. They’ve helped me navigate away from burnout and cultivated a strong intrinsic motivation that has lasted over ten years.

                1. 5

                  Thank you for these suggestions!

                  Would you mind expanding on the ‘be political’ point? Do you mean to be involved in the ‘organizational politics’ where you work? Or in terms of advocating for your own advancement, ensuring that you properly get credit for what you work on, etc?

                  1. 13

                    Being political is all about everything that happens outside the editor. Working with people, “managing up”, figuring out the “real requirements’, those are all political.

                    Being political is always ensuring you do one-on-ones, because employees who do them are more likely to get higher raises. It’s understanding that marketing is often reality, and you are your only marketing department.

                    This doesn’t mean put anyone else down, but be your best you, and make sure decision makers know it.

                    1. 12

                      Basically, politics means having visibility in the company and making sure you’re managing your reputation and image.

                      A few more random bits:

                  2. 1

                    start a habit of programming to learn for 15 minutes a day, every day

                    Can you give an example? So many days I sit down after work or before in front of my computer. I want to do something, but my mind is like, “What should I program right now?”

                    As you can probably guess nothing gets programmed. Sigh. I’m hopeless.

                    1. 1

                      Having a plan before you sit down is crucial. If you sit and putter, you’ll not actually improve, you’ll do what’s easy.

                      I love courses and books. I also love picking a topic to research and writing about it.

                      Some of my favorite courses:

                  3. 14

                    One thing that I’ve applied in my career is that saying, “never be the smartest person in the room.” When things get too easy/routine, I try to switch roles. I’ve been lucky enough to work at a small company that grew very big, so I had the opportunity to work on a variety of things; backend services, desktop clients, mobile clients, embedded libraries. I was very scared every time I asked, because I felt like I was in over my head. I guess change is always a bit scary. But every time, it put some fun back into my job, and I learned a lot from working with people with entirely different skill sets and expertise.

                    1. 11

                      I don’t have much experience either but to me the best choice that I felt in the last year was stop worrying about how good a programmer I was and focus on how to enjoy life.

                      We have one life don’t let anxieties come into play, even if you intellectually think working more should help you.

                      1. 8

                        This isn’t exactly what you’re asking for, but, something to consider. Someone who knows how to code reasonably well and something else are more valuable than someone who just codes. You become less interchangeable, and therefore less replaceable. There’s tons of work that people who purely code don’t want to do, but find very valuable. For me, that’s documentation. I got my current job because people love having docs, but hate writing docs. I’ve never found myself without multiple options every time I’ve ever looked for work. I know someone else who did this, but it was “be fluent In Japanese.” Japanese companies love people who are bilingual with English. It made his resume stand out.

                        1. 1

                          . I got my current job because people love having docs, but hate writing docs.

                          Your greatest skill in my eyes is how you interact with people online as a community lead. You have a great style for it. Docs are certainly important, too. I’d have guessed they hired you for the first set of skills rather than docs, though. So, that’s a surprise for me. Did you use one to pivot into the other or what?

                          1. 7

                            Thanks. It’s been a long road; I used to be a pretty major asshole to be honest.

                            My job description is 100% docs. The community stuff is just a thing I do. It’s not a part of my deliverables at all. I’ve just been commenting on the internet for a very long time; I had a five digit slashdot ID, etc etc. Writing comments on tech-oriented forums is just a part of who I am at this point.

                            1. 2

                              Wow. Double unexpected. Thanks for the details. :)

                        2. 7

                          Four things:

                          1. People will remember you for your big projects (whether successful or not) as well as tiny projects that scratch an itch. Make room for the tiny fixes that are bothering everyone; the resulting lift in mood will energize the whole team. I once had a very senior engineer tell me my entire business trip to Paris was worth it because I made a one-line git fix to a CI system that was bothering the team out there. A cron job I wrote in an afternoon at an internship ended up dwarfing my ‘real’ project in terms of usefulness to the company and won me extra contract work after the internship ended.

                          2. Pay attention to the people who are effective at ‘leaving their work at work.’ The people best able to handle the persistent, creeping stress of knowledge work are the ones who transform as soon as the workday is done. It’s helpful to see this in person, especially seeing a deeply frustrated person stand up and cheerfully go “okay! That’ll have to wait for tomorrow.” Trust that your subconscious will take care of any lingering hard problems, and learn to be okay leaving a work in progress to enjoy yourself.

                          3. Having a variety of backgrounds is extremely useful for an engineering team. I studied electrical engineering in college and the resulting knowledge of probability and signal processing helped me in environments where the rest of the team had a more traditional CS background. This applies to backgrounds in fields outside engineering as well: art, history, literature, etc will give you different perspectives and abilities that you can use to your advantage. I once saw a presentation about using art critique principles to guide your code reviews. Inspiration can come from anywhere; the more viewpoints you have in your toolbelt the better.

                          4. Learn about the concept of the ‘asshole filter’ (safe for work). In a nutshell, if you give people who violate your boundaries special treatment (e.g. a coworker who texts you on your vacation to fix a noncritical problem gets their problem fixed) then you are training people to violate your boundaries. You need to make sure that people who do things ‘the right way’ (in this case, waiting for when you get back or finding someone else to fix it) get priority, so that over time people you train people to respect you and your boundaries.

                          1. 3

                            I once saw a presentation about using art critique principles to guide your code reviews. Inspiration can come from anywhere; the more viewpoints you have in your toolbelt the better.

                            The methodology from that talk is here: http://codecrit.com/methodology.html

                            I would change “If the code doesn’t work, we shouldn’t be reviewing it”. There is a place for code review of not-done work, of the form “this is the direction I’m starting to go in…what do you think”. This can save a lot of wasted effort.

                          2. 3

                            The biggest mistake I see junior (and senior) developers make is key mashing. Slow down, understand a problem, untangle the dependent systems, and don’t just guess at what the problem is. Read the code, understand it. Read the code of the underlying systems that you’re interacting with, and understand it. Only then, make an attempt at fixing the bug.

                            Stabs in the dark are easy. They may even work around problems. But clean, correct, and easy to understand fixes require understanding.

                            1. 3

                              Another thing that helps is the willingness to dig into something you’re obsessed with even if it is deemed not super important by everyone around you. eg. if you find a library / language / project you find fun and seem to get obsessed with, that’s great, keep going at it and don’t let the existential “should i be here” or other “is everyone around me doing this too / recommending this” questions slow you down. You’ll probably get on some interesting adventures.

                              1. 3

                                Never pass up a chance to be social with your team/other coworkers. Those relationships you build can benefit you as much as your work output.

                                (This doesn’t mean you compromise your values in any way, of course. But the social element is vitally important!)

                              1. 31

                                at this point most browsers are OS’s that run (and build) on other OS’s:

                                • language runtime - multiple checks
                                • graphic subsystem - check
                                • networking - check
                                • interaction with peripherals (sound, location, etc) - check
                                • permissions - for users, pages, sites, and more.

                                And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                                1. 11

                                  Browsers rarely link out the system. FF/Chromium have their own PNG decodes, JPEG decodes, AV codecs, memory allocators or allocation abstraction layers, etc. etc.

                                  It bothers me everything is now shipping as an electron app. Do we really need every single app to have the footprint of a modern browser? Can we at least limit them to the footprint of Firefox2?

                                  1. 10

                                    but if you limit it to the footprint of firefox2 then computers might be fast enough. (a problem)

                                    1. 2

                                      New computers are no longer faster than old computers at the same cost, though – moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

                                      (Maybe secondary storage speed will have a big bump, if you’re moving from hard disk to SSD, but that only happens once.)

                                      1. 3

                                        moore’s law ended in 2005 and consumer stuff has caught up with the lag. So, the only speed-up from replacement is from clearing out bloat, not from actual hardware improvements in processing speed.

                                        Are you claiming there have been no speedups due to better pipelining, out-of-order/speculative execution, larger caches, multicore, hyperthreading, and ASIC acceleration of common primitives? And the benchmarks magazines post showing newer stuff outperforming older stuff were all fabricated? I’d find those claims unbelievable.

                                        Also, every newer system I had was faster past 2005. I recently had to use an older backup. Much slower. Finally, performance isn’t the only thing to consider: the newer, process nodes use less energy and have smaller chips.

                                        1. 2

                                          I’m slightly overstating the claim. Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                                          Once we’ve picked all the low-hanging fruit (simple optimization tricks with major & general impact) we’ll need to start seriously milking performance out of multicore and other features that actually require the involvement of application developers. (Multicore doesn’t affect performance at all for single-threaded applications or fully-synchronous applications that happen to have multiple threads – in other words, everything an unschooled developer is prepared to write, unless they happen to be mostly into unix shell scripting or something.)

                                          Moore’s law isn’t all that matters, no. But, it matters a lot with regard to whether or not we can reasonably expect to defend practices like electron apps on the grounds that we can maintain current responsiveness while making everything take more cycles. The era where the same slow code can be guaranteed to run faster on next year’s machine without any effort on the part of developers is over.

                                          As a specific example: I doubt that even in ten years, a low-end desktop PC will be able to run today’s version of slack with reasonable performance. There is no discernible difference in its performance between my two primary machines (both low-end desktop PCs, one from 2011 and one from 2017). There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.

                                          1. 5

                                            Performance increases have dropped to incremental from exponential, and are associated with piecemeal attempts to chase performance increase goals that once were a straightforward result of increased circuit density through optimization tricks that can only really be done once.

                                            I agree with that totally.

                                            “Multicore doesn’t affect performance at all for single-threaded applications “

                                            Although largely true, people often forget a way multicore can boost single-threaded performance: simply letting the single-threaded app have more time on CPU core since other stuff is running on another. Some OS’s, esp RTOS’s, let you control which cores apps run on specifically to utilize that. I’m not sure if desktop OS’s have good support for this right now, though. I haven’t tried it in a while.

                                            “There isn’t a perpetually rising tide that makes all code more performant anymore, and the kind of bookkeeping that most web apps spend their cycles in doesn’t have specialized hardware accelerators the way matrix arithmetic does.”

                                            Yeah, all the ideas I have for it are incremental. The best illustration of where rest of gains might come from is Cavium’s Octeon line. They have offloading engines for TCP/IP, compression, crypto, string ops, and so on. On rendering side, Firefox is switching to GPU’s which will take time to fully utilize. On Javascript side, maybe JIT’s could have a small, dedicated core. So, there’s still room for speeding Web up in hardware. Just not Moore’s law without developer effort like you were saying.

                                  2. 9

                                    Although you partly covered it, I’d say “execution of programs” is good wording for JavaScript since it matches browser and OS usage. There’s definitely advantages to them being smaller. A guy I knew even deleted a bunch of code out of his OS and Firefox to achieve that on top of a tiny, backup image. Dude had a WinXP system full of working apps that fit on one CD-R.

                                    Far as secure browsers, I’d start with designs from high-assurance security bringing in mainstream components carefully. Some are already doing that. An older one inspired Chrome’s architecture. I have a list in this comment. I’ll also note that there were few of these because high-assurance security defaulted on just putting a browser in a dedicated partition that isolated it from other apps on top of security-focused kernels. One browser per domain of trust. Also common were partitioning network stacks and filesystems that limited effect of one partition using them on others. QubesOS and GenodeOS are open-source software that support these with QubesOS having great usability/polish and GenodeOS architecturally closer to high-security designs.

                                    1. 6

                                      Are there simpler browsers optimised for displaying plain ol’ hyperlinked HTML documents, and also support modern standards? I don’t really need 4 tiers of JIT and whatnot for web apps to go fast, since I don’t use them.

                                      1. 12

                                        I’ve always thought one could improve on a Dillo-like browser for that. I also thought compile-time programming might make various components in browsers optional where you could actually tune it to amount of code or attack surface you need. That would require lots of work for mainstream stuff, though. A project like Dillo might pull it off, though.

                                        1. 10
                                          1. 3

                                            Oh yeah, I have that on a Raspberry Pi running RISC OS. It’s quite nice! I didn’t realise it runs on so many other platforms. Unfortunately it only crashes on my main machine, I will investigate. Thanks for reminding me that it exists.

                                            1. 2

                                              Fascinating; how had I never heard of this before?

                                              Or maybe I had and just assumed it was a variant of suckless surf? https://surf.suckless.org/

                                              Looks promising. I wonder how it fares on keyboard control in particular.

                                              1. 1

                                                Aw hell; they don’t even have TLS set up correctly on https://netsurf-browser.org

                                                Does not exactly inspire confidence. Plus there appears to be no keyboard shortcut for switching tabs?

                                                Neat idea; hope they get it into a usable state in the future.

                                              2. 1

                                                AFAIK, it doesn’t support “modern” non-standards.

                                                But it doesn’t support Javascript either, so it’s way more secure of mainstream ones.

                                              3. 8

                                                No. Modern web standards are too complicated to implement in a simple manner.

                                                1. 3

                                                  Either KHTML or Links is what you’d like. KHTML would probably be the smallest browser you could find with a working, modern CSS, javascript and HTML5 engine. Links only does HTML <=4.0 (including everything implied by its <img> tag, but not CSS).

                                                  1. 2

                                                    I’m pretty sure KHTML was taken to a farm upstate years ago, and replaced with WebKit or Blink.

                                                    1. 6

                                                      It wasn’t “replaced”, Konqueror supports all KHTML-based backends including WebKit, WebEngine (chromium) and KHTML. KHTML still works relatively well to show modern web pages according to HTML5 standards and fits OP’s description perfectly. Konqueror allows you to choose your browser engine per tab, and even switch on the fly which I think is really nice, although this means loading all engines that you’re currently using in memory.

                                                      I wouldn’t say development is still very active, but it’s still supported in the KDE frameworks, they still make sure that it builds at least, along with the occasional bug fix. Saying that it was replaced is an overstatement. Although most KDE distributions do ship other browsers by default, if any, and I’m pretty sure Falkon is set to become KDE’s browser these days, which is basically an interface for WebEngine.

                                                  2. 2

                                                    A growing part of my browsing is now text-mode browsing. Maybe you could treat full graphical browsing as an exception and go to the minimum footprint most of the time…

                                                2. 4

                                                  And more importantly, is there any (important to the writers) advantage to them becoming smaller? Security maybe?

                                                  user choice. rampant complexity has restricted your options to 3 rendering engines, if you want to function in the modern world.

                                                  1. 3

                                                    When reimplementing malloc and testing it out on several applications, I found out that Firefox ( at the time, I don’t know if this is still true) had its own internal malloc. It was allocating a big chunk of memory at startup and then managing it itself.

                                                    Back in the time I thought this was a crazy idea for a browser but in fact, it follows exactly the idea of your comment!

                                                    1. 3

                                                      Firefox uses a fork of jemalloc by default.

                                                      1. 2

                                                        IIRC this was done somewhere between Firefox 3 and Firefox 4 and was a huge speed boost. I can’t find a source for that claim though.

                                                        Anyway, there are good reasons Firefox uses its own malloc.

                                                        Edit: apparently I’m bored and/or like archeology, so I traced back the introduction of jemalloc to this hg changeset. This changeset is present in the tree for Mozilla 1.9.1 but not Mozilla 1.8.0. That would seem to indicate that jemalloc landed in the 3.6 cycle, although I’m not totally sure because the changeset description indicates that the real history is in CVS.

                                                    2. 3

                                                      In my daily job, this week I’m working on patching a modern Javascript application to run on older browsers (IE10, IE9 and IE8+ GCF 12).

                                                      The hardest problems are due the different implementation details of same origin policy.
                                                      The funniest problem has been one of the used famework that used “native” as variable name: when people speak about the good parts in Javascript I know they don’t know what they are talking about.

                                                      BTW, if browser complexity address a real problem (instead of being a DARPA weapon to get control of foreign computers), such problem is the distribution of computation among long distances.

                                                      Such problem was not addressed well enough by operating systems, despite some mild attempts, such as Microsoft’s CIFS.

                                                      This is partially a protocol issue, as both NFS, SMB and 9P were designed with local network in mind.

                                                      However, IMHO browsers OS are not the proper solution to the issue: they are designed for different goals, and they cannot discontinue such goals without loosing market share (unless they retain such share with weird marketing practices as Microsoft did years ago with IE on Windows and Google is currently doing with Chrome on Android).

                                                      We need better protocols and better distributed operating systems.

                                                      Unfortunately it’s not easy to create them.
                                                      (Disclaimer: browsers as platforms for os and javascript’s ubiquity are among the strongest reasons that make me spend countless nights hacking an OS)

                                                    1. 3

                                                      I get out of most daily standups by standing up and walking away.

                                                      1. 6

                                                        BSDCan!

                                                        1. 2

                                                          I was on my way to BSDCant, but it turns out they’ve cancelled it. There’s nothing BSD Can’t do!

                                                          Enjoy!

                                                          PS: (I made this joke on Mastodon as well, with similar groans for responses).

                                                        1. 1

                                                          I looked at the API, but it seems that this only handles diffie-hellman key exchanges. What problem does this API solve, and where would I use it?

                                                          1. 1

                                                            Well, as it says:

                                                            In due course various applications and libraries will be able to benefit from a clean and robust API, rather than using libcrypto or other similar APIs directly.

                                                            I guess if you really like the libcrypto API you just stick with that.

                                                            1. 1

                                                              In due course various applications and libraries will be able to benefit from a clean and robust API, rather than using libcrypto or other similar APIs directly.

                                                              I understand the desire for a non-awful API. I’m just wondering why these are the primitives that were chosen, since only having DH key exchanges seems a bit… limited for general use.

                                                              1. 1

                                                                Oh, well, you have to start somewhere, and these operations happen to be useful to ssh.

                                                          1. 11

                                                            A quick check of posix suggests PWD should always be exported.

                                                            1. 8

                                                              I get the feeling that POSIX compliance is not always a priority. For instance, I once pointed out that the ed(1) l(ist) command doesn’t print a ‘$’ at the end of each line. I don’t even qualify as a programming enthusiast, but it seems to me that this should be a simple enhancement. A poor fellow thought Theo approved of his fix (so did I, to be honest), but it was just a rebuke in his usual style, without further explanation [1].

                                                              Since there’s a big overlap between crustaceans and OpenBSD developers, I’d be grateful to learn of the rationale for not touching this. Maybe the old-styled output for the list command is used in essential system scripts?

                                                              [1] https://marc.info/?l=openbsd-misc&m=141679790528805&w=2

                                                              1. 2

                                                                I’d be grateful to learn of the rationale for not touching this.

                                                                Perhaps because the person touching it didn’t bother trying to find out what it was backwards compatible with, and didn’t analyze why the code was there in the first place?

                                                                If it’s unclear why code is there, clear that up before deleting it.

                                                            1. 8

                                                              I still don’t get why HTTPS not just TLS. Because of the server coalescing? Don’t like the sound of that much, in practice maybe lots of sites do get served from a few CDNs, but is that the centralising/monopoly-operation-normalising kind of thing we want to be enshrining in open source browsers? Oh Cloudflare are helping to push it? Hmmmm

                                                              1. 7

                                                                DNS over TLS also a thing that’s been spec’d. The problem is that so many pieces of networking hardware have ossified over the years that there are real challenges to introducing new protocols on the internet. Using an existing protocol is a solution to that.

                                                                1. 4

                                                                  Ah right, that does make some sense. Even though the server coalescing etc is HTTP/2 which ossified hardware is hardly going to support. But even still, HTTPS seems like a complex & possibly heavyweight protocol to use as a carrier for comparatively simple payloads, no?

                                                                  1. 6

                                                                    Port 853 (DNS over TLS) is easy to block (in collateral freedom sense). Port 443 (HTTPS) can’t be blocked.

                                                                    1. 4

                                                                      If “block any and all DNS” is a viable approach for censorship, it’s pretty easy to change the port. There’s no reason to use a nearly unimplementably complex protocol stack to serve DNS.

                                                                      1. 1

                                                                        That’s the best argument I’ve heard for it, by far. I wonder if there’d be some way to smart-multiplex protocols over 443 though. Mongrel2 used to do it I seem to recall.

                                                                        1. 1

                                                                          Years ago I used a reverse proxy to do exactly that. Unfortunately I can not remember the tools I used.

                                                                          Probably stunnel and iptables on the server were used but I cannot really remember the tricks. I also had to do some tricks on the client, probably.

                                                                          1. 2

                                                                            I have experience with both sniproxy and sslh. I never looked whether or not they support DNS+TLS or could easily be taught DNS+TLS.

                                                                    2. 3

                                                                      But it’s not a new protocol – it’s TLS. If a middlebox can tell what is going over TLS in order to treat it differently, we refer to the situation as an “attack”.

                                                                      1. 4

                                                                        There are plenty of situations in which TLS interception is consented to – corporate MITM boxes are the popular example – and they absolutely cause problems with deployment of new protocols (TLS 1.3 is filled with examples).

                                                                        (I should note that TLS MITM boxes in my experience are all hot garbage and people shouldn’t use them, but there’s nothing wrong with them from a TLS threat modeling perspective.)

                                                                        1. 1

                                                                          There are plenty of situations in which TLS interception is consented to – corporate MITM boxes are the popular example

                                                                          Yes, but at that point, changes to DNS don’t help – you have a social problem, not a technical one. The group that is putting in the MITM boxes has the ability to force you to reveal your traffic regardless of what technology you put in. You’ve lost by default.

                                                                          1. 3

                                                                            You don’t have to be trying to defeat that person, the goal would simply be to make sure it doesn’t break when deployed.

                                                                        2. 2

                                                                          The middle box knows the node ips.

                                                                          It might be enough, for censorship.

                                                                          1. 2

                                                                            You might be onto something, scarily enough. They are actling like Cloudflare is a reputable middleman.

                                                                            1. 2

                                                                              You mean, like 1.1.1.1, which is used to serve TLS over HTTP?

                                                                              This isn’t a problem that throwing HTTP into the mix solves.

                                                                              1. 1

                                                                                This isn’t a problem that throwing HTTP into the mix solves.

                                                                                You really don’t need to convince me.

                                                                                My first thought when I read about this was: where is the hypertext? I can’t think of me explaining to my grandchildren 20 years from now why we decided to use something designed to distribute HTML for DNS responses.

                                                                          2. 3

                                                                            The problem is that so many pieces of networking hardware have ossified over the years that there are real challenges to introducing new protocols on the internet.

                                                                            While I understand your argument, I always think of what ancient Egyptians would think of our “real challenges”.

                                                                            Compared to people from 5000 years ago, we are all sissies.

                                                                            1. 4

                                                                              The Egyptians never tried to coordinate hundreds of vendors, tens of thousands of deployments, and a billion users to update their network protocols.

                                                                              I’m sure we could do better, but there are legitimate challenging technical problems, combined with messy incentive problems (no individual browser vendor wants to cause a perceived breakage, since the browser is generally blamed, and that would give an advantage to their competitors, or cause people to not upgrade, which for a modern browser would be catastrophic to security).

                                                                              1. 1

                                                                                The Egyptians never tried to coordinate hundreds of vendors, tens of thousands of deployments, and a billion users to update their network protocols.

                                                                                You should really visit Giza.

                                                                                None of your arguments is false. But they are peanuts compared to building a Pyramid with the tools available 5000 years ago.

                                                                                We should really compare to such human endeavours before celebrating our technical successes and before defining an issue as a “real challenge”.

                                                                        1. 4

                                                                          Is it really wise to solve something as high-volume as name resolutions with TCP with all its overhead? If so, why HTTP? What do you need headers for?

                                                                          1. 4

                                                                            HTTP is necessary because you can’t assume any ports other than 80 and 443 to be open.

                                                                            1. 5

                                                                              Thankfully, we have --port options for the daemons.

                                                                          1. 1

                                                                            But why everyone blame npm and “micro-libraries” as the main problem in js? Aren’t all other languages (except C/C++) has the same way of dealing with dependencies? Even in conservative Java installing hundreds of packages from Maven is norm.

                                                                            1. 10

                                                                              Something to consider is that JavaScript has an extreme audience. People who barely consider themselves programmers, because they mostly do design use it, or people just doing tiny modifications. Nearly everyone building a web application in any kind of language, framework, etc. uses it.

                                                                              I think the reason there is so much bad stuff in JavaScript is not only something rooted in language design. JavaScript isn’t so much worse than other popular bad languages, it just has a larger base having even more horrible programmers and a lot of them also build some form of frameworks.

                                                                              Don’t get me wrong, JavaScript is not a great language by any stretch, but blaming the ecosystem of a language who certainly has at least a few of the bright minds designing and implementing (working at/with Google, Mozilla and Joyent for example) it should not result in something so much more unstable.

                                                                              Of course this doesn’t mean that it’s not about the language at all either. It’s just that I have yet to see a language where there isn’t a group writing micro-libraries, doing bad infrastructure, doing mostly worst-practice, finding ways, to work around protections to not shoot yourself in the foot, etc. Yes, even in Python, Rust, Go, Haskell and LISP that exists.

                                                                              Maybe it’s just that JavaScript has been around for ages, many learned it do so some animated text, they wrote how they did it, there is a ton of bad resources and people that didn’t really learn the language and there is a lot of users/developers that also don’t care enough, after all it’s just front-end. Validation happens on the server and one wants to do the same sending off some form and loading something with a button, updating some semi-global state anyway.

                                                                              JavaScript is used from people programming services and systems with it (Joyent, et al.) to a hobby web designer. I think that different approaches also lead to very different views on what is right and what isn’t. Looking at how it started and how the standards-committee has to react to it going into backend, application and even systems programming direction probably is a hard task and it’s probably a great example of how things get (even) worse when trying to be the perfect thing for everything, resulting in the worst.

                                                                              On a related note: I think the issue the community, if you even can call it like that (there are more communities around frameworks rather than the language itself, which is different from many other scripting languages) doesn’t seem to look at their own history too much, resulting in mistakes to be repeated, often “fixing” a thing by destroying another, sometimes even in different framework-layers. For example some things that people learned to be bad in plain JavaScript and HTML get repeated and later learned to be bad using some framework. So one starts over and builds a new framework working around exactly that problem, overlooking other - or intentionally leaving them out, because it wasn’t part of the use case.

                                                                              1. 2

                                                                                there are more communities around frameworks rather than the language itself, which is different from many other scripting languages

                                                                                In general I tend to agree, but at least at some time ago I am pretty sure the Rails community was larger than the Ruby community. The Django community in Python also seems to be quite big vocal, but probably not larger than its language community given that the Python community is overall way more diversified and less focused on one particular use of the language.

                                                                              2. 9

                                                                                A lot of Java frameworks predate maven - e.g. Spring was distributed as a single enormous jar up until version 3 or so, partly because they didn’t expect everyone to be using maven. I think there’s still a cultural hangover from that today, with Java libraries ending up much bigger than those in newer languages that have had good package management from early on (e.g. Rust).

                                                                                1. 5

                                                                                  Even including all transitive libraries, my (quite large) Android app Quasseldroid has 21 real dependencies. That’s for a ~65kLOC project.

                                                                                  In JS land, even my smallest projects have over 300 transitive dependencies.

                                                                                  It’s absolutely not the same.

                                                                                  1. 3

                                                                                    In technical terms, npm does not differ much from how python does package management. Culturally, however, there are a big difference in how package development is approached. Javascript has the famous left-pad package (story). It provided a single function to left-pad a string with spaces or zeroes. Lots of javascript libraries are like it, providing a single use case.

                                                                                    Python packages on the other hand usually handle a series of cases or technical area - HTTP requests, cryptography or, in the case of left-pad, string manipulation in general. Python also has PEP8 and other community standards that mean code is (likely to be) more homogeneous. I am using python here as that is what I know best.

                                                                                    1. 1

                                                                                      Because npn micro-libraries tends to be much worse than most other languages.

                                                                                      1. 1

                                                                                        It’s a problem there too.

                                                                                      1. 8

                                                                                        Trying to wrap up a bunch of partially finished projects. XCB for Myrddin is working, for example, but has a rather deadlock prone API, and I want to fix that. Libdraw on Plan 9 works, but the font cache just errors when you have too many glyphs, instead of flushing old glyphs to make room. I’ve been doing a bunch of work on the libcrypto code, but there’s a known cache timing attack in the GCM multiplication. I’ve started trying to implement vt plumb handling 9front, but scope crept and I should redo the way selections are handled as part of that. I want to try to get that done. Realistically, not going to have time for too much more this week.

                                                                                        I also need to put a talk together for Papers We Love, where I’m signed up to ramble about slab allocation.

                                                                                        If time permits (ha), I’ll probably also work on automatic C binding generation, based on ac’s qc C compiler.

                                                                                        1. 3

                                                                                          I find this post to be too much on the “rant for the sake of rant” side:

                                                                                          None of these “fancy” tools still builds by a traditional make command.

                                                                                          – that can be said about almost anything not written in C. I understand where the author is coming from (the old-school universe of C packages), but come on, the world is much more complex and diverse now. Hadoop is definitely a good horse for beating in this case, but would not it be a nightmare to build and maintain it with any approach?

                                                                                          the Docker approach boils down to downloading an unsigned binary, running it

                                                                                          – I find this statement very weird: docker build and private registries are your friends. I understand that setting up proper CI and a private registry can take a non-trivial amount of complexity and effort, but it is a way to ensure trust and upgrades, but the author is still talking only about running unsigned binaries from Dockerhub as if a proper secure process does not exist.

                                                                                          Feels like downloading Windows shareware in the 90s to me.

                                                                                          – with the difference that shareware is explicitly hostile to user inspection and modification, and any pre-built Docker containers should have clear, public and reproducible build process, otherwise I don’t bother running them.

                                                                                          With signed packages, built from a web of trust.

                                                                                          – maybe I’m being too strict here in my understanding of “a web of trust”, but has the author actually ever exchanged PGP keys with maintainers of the old-school Linux distros/BSD distributions? Isn’t the traditional sysadmin model also based on trust: you get an installation image from a trusted place and trust the distro maintainers? In case of almost any distro except Gentoo, you also run binaries made by someone else (with root access to your system and no isolation whatsoever except for manually set up chroots, cgroups, namespaces, … oh wait, it smells like Docker already).

                                                                                          Some even work on reproducible builds.

                                                                                          – isn’t that one of the promises of Docker, reproducible builds with some effort, but without overhauling-in-depth every build system in existence?

                                                                                          Docker itself may be a short-sighted overhyped product with lots of technical weaknesses, but containerization is here to stay.

                                                                                          1. 2

                                                                                            but would not it be a nightmare to build and maintain it with any approach?

                                                                                            Yes, that’s the core of the problem: The design choices that make it a nightmare to build and maintain regardless of the approach taken. Potentially, if containers weren’t used, people might feel the need to fix this bug.

                                                                                            isn’t that one of the promises of Docker, reproducible builds with some effort, but without overhauling-in-depth every build system in existence?

                                                                                            Except I need to build code on systems without docker. Getting some docker-built libraries into a state where I could include them linked into an android app turned from a “Well, it’ll take an hour or so, uses cmake, can’t possibly be that bad” into 3 engineers trying things out for about a week, including debugging cmake with strace, and gdb in order to get the build to work.

                                                                                            1. 1

                                                                                              – isn’t that one of the promises of Docker, reproducible builds with some effort, but without overhauling-in-depth every build system in existence?

                                                                                              How is that possible, though? Programs still need to get built through their existing infrastructure.

                                                                                              1. 2

                                                                                                Taking a minimal fixed image as the base for building and paying some attention to what is being downloaded from where is much more closer to reproducible builds than building a package on a continuously changing traditional system with lots and lots of libraries and admin/user activity.

                                                                                                When you start nailing versions of OS and every library to build a reproducible image, soon you will be down to managing many virtual machines, and at some point plain containerization of builds makes more sense.

                                                                                                1. 2

                                                                                                  But we still have the problem of building our software reproducbly.

                                                                                                  Also, I disagree that reusing the same binary artifact (in this case an OS image) counts as reproducible builds. It’s like saying installing a prebuilt piece of software is a reproducible build.

                                                                                                  1. 1

                                                                                                    I agree that full reproducibility is a noble goal and I hope that NixOS/bazel approach will be dominant someday.

                                                                                                    Right now, it’s easier to deal with existing/legacy systems just building from minimal fixed images: that does not give full reproducibility in the strict sense, but it’s way better to have those kinda-reproducible builds in practice than what we had before.

                                                                                                    1. 1

                                                                                                      Also, I disagree that reusing the same binary artifact (in this case an OS image) counts as reproducible builds. It’s like saying installing a prebuilt piece of software is a reproducible build.

                                                                                                      Seems closer to building with a prebuilt compiler to me. Of course it’s important to ensure that you can rebuild the compiler/OS image, but you wouldn’t expect to rebuild it for every build.

                                                                                                      1. 2

                                                                                                        We’ve had that state of affairs for over a decade, at least, though. I don’t know anyone who was calling building AMIs “reproducible builds”. To make my critique more nuanced: I don’t think Docker is changing the state of reproducible builds.

                                                                                                        1. 1

                                                                                                          Usability matters. I don’t think I ever saw people using AMIs to run the build in, which is what would be the equivalent here.

                                                                                                          1. 1

                                                                                                            What does “run the build in” mean?

                                                                                                            1. 1

                                                                                                              Performing the build process - running the compiler etc. - inside the known-state system that the AMI provides. I didn’t ever see them being used that way.

                                                                                                              1. 1

                                                                                                                That is how one builds a new AMI: you launch an existing AMI, run your build process, then save that as a new AMI.

                                                                                                                1. 1

                                                                                                                  I never saw that being used as the primary build process, probably because it takes so long (comparatively) to launch an AMI. Rather there would be a language-specific process that built a binary, and then a distinct AMI-building process that just stuck that binary in the AMI. Whereas docker is more practical to use as your sole build process.

                                                                                                                  1. 1

                                                                                                                    Maybe, I see using AMIs to build AMIs quite commonly. But either way, I’m not really sure if this changes my core critcism: Docker is not changing the state-of-the-art of reproducible builds.

                                                                                                                    1. 1

                                                                                                                      As I said, usability matters; Docker doesn’t change what’s possible, but it does change what’s easy.

                                                                                                                      1. 1

                                                                                                                        That’s fine, but as I explicitly stated earlier, my point was about the ability to do reproducible builds, and docker has not changed one’s ability to accomplish that.

                                                                                              1. 5

                                                                                                Distaste of Electron in general aside, I think the author does have a point in that you would think we can come up with a way for Electron apps to run more directly in ChromeOS. Do we really need to run basically Chrome on top of a stripped-down Linux, then run another full Linux container inside of that, and run another instance of Chrome inside of that?

                                                                                                Although looking at his apps list, Slack is already an Android app and web app, can run fine on ChromeOS in multiple ways. Hyper appears to be some sort of Electron-based terminal. I have no idea right now why you would want to do that, but there are several types of terminals on ChromeOS already. Don’t know much about SimpleNote either, but it also looks like it’s already a web app and an Android app. VS Code is the only thing on the list that doesn’t really run in some form on ChromeOS already.

                                                                                                1. 3

                                                                                                  I think the author does have a point in that you would think we can come up with a way for Electron apps to run more directly in ChromeOS.

                                                                                                  I think it’s called a web browser.

                                                                                                  1. 1

                                                                                                    Web Browsers have a lot of UI messiness around them that a “contained app” doesn’t, and sandbox things enough to where you cannot always make a sane experience (you can’t really do VSCode in a web browser, no access to local files)

                                                                                                1. 5

                                                                                                  I’m gong to be looking very hard at stealing this for Myrddin. I may also add an implementation that generates HTML so that I can have documentation for both the website and manpages generated from one source.

                                                                                                  Tosses another log on the too many things to do fire

                                                                                                  1. 6
                                                                                                    • E-Mail (Postfix+Dovecot) + XMPP (Prosody) + TeamSpeak3 on one server
                                                                                                    • websites and files (Syncthing) and misc shit (IRC bots, Discord bots) on another
                                                                                                    • Syncthing on home NAS, also Subsonic (but I never really use it)
                                                                                                    • OpenVPN and socks5-proxy via SSH on demand (I rarely need those)

                                                                                                    Actually I think the only thing I’m not self-hosting is one Wordpress blog at wordpress.com (don’t want to have my real name associated with it, but it’s only a gaming blog, nothing super secret).

                                                                                                    1. 3

                                                                                                      What has your experience hosting your own email been like? I’ve idly considered it, but it’s a famously unfriendly service to deal with (spam, major providers deciding your messages are spam, all the onerous metaprotocols to combat spam) and I’m happy with Fastmail’s service.

                                                                                                      1. 9

                                                                                                        I’ve been hosting email myself for 15+ years. Postfix made it easier to configure (Sendmail was… complicated, in comparison, in my opinion.) Dovecot works really well for IMAP/POP3. Finally Let’s Encrypt allows you to get a nice certificate relatively easily.

                                                                                                        Greylisting helped a lot to reduce spam, but spam is still a nuisance - especially if you don’t have good filtering in your mail client (I’m using crm114).

                                                                                                        Setting up SPF, DKIM and DMARC can be a little complicated, but it seems to work fine, as long as all email from your domain is sent from a well defined set of IPs.

                                                                                                        1. 6

                                                                                                          I’ve not had many problems, but there’s a bit of luck of the draw in getting a clean IP. I have SPF and DKIM set up (not DMARC), with the self-signed certificate that Debian auto-generated, and that seems to be enough to get mail delivered to the big providers.

                                                                                                          For incoming spam, I reject hosts that: 1) lack valid RDNS, or 2) are on the Spamhaus ZEN RBL. This seems to catch >95% of spam. Minor config hint if you’re using the free Spamhaus tier: you need to set up a local DNS resolver (I use unbound) so you query directly, otherwise your usage gets aggregated with whoever else is using your upstream DNS, which probably exceeds the free tier.

                                                                                                          Like the other commenters, I use Postfix, which is reasonably nice, and has good documentation.

                                                                                                          1. 6

                                                                                                            Mostly positive. I had that discussion this morning on IRC, so I’m gonna quote myself to not retype everything:

                                                                                                            [...] on a "decent" hoster blacklist-wise and not DO or something
                                                                                                            and it's been running for 10 years, I don't seem to have the typical 
                                                                                                            "gmail thinks I am spam"-problem
                                                                                                            usually.
                                                                                                            interestingly I had it yesterday when sending something to myself
                                                                                                            but dunno, empty body, 25mb-video.. who knows
                                                                                                            I hardly use my gmail-account
                                                                                                            

                                                                                                            But thinking about it, sending a job application in November ended up in the spam folder for 2 people and I only got a reply once I pinged them out of band. That was a shitty experience, but as I hate using GMail I prefer this to a years-long shitty experience using it :P

                                                                                                            If I was to “start over” these days I might go to a dedicated email hoster like FastMail, but I think it’s just too expensive. I have 4 people with their main email addresses on my server and it costs me 10 EUR /month and I get to host other “communication” services as well. For FM it would be 15-20 USD per month and I still haven’t found out if I could use “a low amount of” domains and not just “use your own (one) domain”. Sure it takes some maintenance work, but it’s part hobby, part learning experience and part keeping in touch how stuff is done as it touches on my dayjob, depending on which role at what company I do. (Been running my own mailserver for roughly 15 years I guess)

                                                                                                            1. 3

                                                                                                              if I could use “a low amount of” domains and not just “use your own (one) domain”.

                                                                                                              You can, I have 5 domains * under one, one-user account. It’s explicitly spelt out here: https://www.fastmail.com/help/account/limits.html

                                                                                                              № domains 100, plus 1 for every user in the account

                                                                                                              * – One with my AFK name, and four domain hacks, of which I have a guilty pleasure of buying ;-)

                                                                                                            2. 3

                                                                                                              Generally, problem free since I started doing it in the mid 2000s.

                                                                                                          1. 6

                                                                                                            For the curious observers, the code that’s been committed so far lives here: https://git.eigenstate.org/npnth/mc.git/tree/lib/math?h=libmath

                                                                                                            Overall, this looks like great code that’s solving a hard problem – it’s always nice when you have people smarter than you contributing to your project.

                                                                                                            1. 75

                                                                                                              Capitalism is killing us in a very literal sense by destroying our habitat at an ever accelerating rate. The fundamental idea of needing growth and having to constantly invent new things to peddle leads to ever more disposable products, that are replaced for the sake of being replaced. There’s been very little actual innovation happening in the phone space. The vendors are intentionally building devices using the planned obsolescence model to force the upgrade cycle.

                                                                                                              The cancer of consumerism affects pretty much every aspect of society, we’ve clear cut unique rain forests and destroyed millions of species we haven’t even documented so that we can make palm oil. A product that causes cancer, but that’s fractionally cheaper than other kinds of oil. We’ve created a garbage patch the size of a continent in the ocean. We’re poisoning the land with fracking. The list is endless, and it all comes down to the American ethos that making money is a sacred right that trumps all other concerns.

                                                                                                              1. 22

                                                                                                                Capitalism is killing us in a very literal sense by destroying our habitat at an ever accelerating rate.

                                                                                                                The cancer of consumerism affects pretty much every aspect of society, we’ve clear cut unique rain forests and destroyed millions of species we haven’t even documented so that we can make palm oil.

                                                                                                                One can get into a big debate about this, but the concept of externalities has existed for a long time and specifically addresses these concerns. Products do not cost what they should when taken their less tangible environment impact into account. It’s somewhat up to the reader to decide if the inability of society to take those into account is capitalism’s fault, or just human nature, or something else. I live in a country that leans much more socialist than the US but is unequivocally a capitalist country and they do a better job of managing these externalities. And China is not really capitalistic in the same way the US is but is a pretty significant polluter.

                                                                                                                1. 5

                                                                                                                  Indeed, it’s not the fault of the economic system (if you think Capitalistic societies are wasteful, take a look at the waste and inefficiency of industry under the USSR). If externalities are correctly accounted for, or to be safe, even over-accounted for by means of taxation or otherwise, the market will work itself out. If the environmental cost means the new iPhone costs $2000 in real costs, Apple will work to reduce environmental cost in order to make an affordable phone again and everyone wins. And if they don’t, another company will figure it out instead and Apple will lose.

                                                                                                                  Currently, there is basically no accounting for these externalities, and in some cases (although afaik not related to smart phones), there are subsidies and price-ceiling regulations and subsidies that actually decreases the cost of some externalities artificially and are worse for the environment than no government intervention at all.

                                                                                                                  The easy example of this is California State water subsidies for farmers. Artificially cheap water for farmers means they grow water-guzzling crops that are not otherwise efficient to grow in arid parts of the state, and cause environmental damage and water shortage to normal consumers. Can you imagine your local government asking you to take shorter showers and not wash your car, when farmers are paying 94% less than you to grow crops that could much more efficiently be grown in other parts of the country? That’s what happens in California.

                                                                                                                  Step 1 and 2 are to get rid of the current subsidies and regulations that aggravate externalities and impose new regulation/taxes that help account for externalities.

                                                                                                                  1. 2

                                                                                                                    I have talked to a factory owner in china. He said China is more capitalist than the USA. He said China prioritizes capital over social concerns.

                                                                                                                    1. 1

                                                                                                                      Ok? I can talk to lots of people with lots of opinions. That doesn’t make it true.

                                                                                                                      1. 1

                                                                                                                        It’s just impressive that a capitalist would say. If China was even remotely communist, don’t you find it interesting that most capitalists who made deals with China seem ok helping ‘the enemy’ become the second largest economy in the world? I prefer to believe the simpler possibility that China is pretty darn capitalist itself.

                                                                                                                        1. 2

                                                                                                                          I did not say China was not capitalist, I said it’s not in the same way as the US. There is a lot more state involvement in China.

                                                                                                                          1. 2

                                                                                                                            Is your claim then that state involvement means you have more pollution? Maybe I’m confused by what you were trying to get at, sorry :-/

                                                                                                                            1. 2

                                                                                                                              No, I was pointing out that different countries are doing capitalism differently and some of them are better at dealing with externalities and some of them are worse. With the overall point being that capitalism might be the wrong scapegoat.

                                                                                                                    1. 7

                                                                                                                      I think the consumer could be blamed more than capitalism, the companies make what sells, the consumers are individuals who buy products that hurt the environment, I think that it is changing though as people become more aware of these issues, they buy more environmentally friendly products.

                                                                                                                      1. 30

                                                                                                                        You’re blaming the consumer? I’d really recommend watching Century of the Self. Advertising has a massive impact and the mass of humans are being fed this desire for all the things we consume.

                                                                                                                        I mean, this really delves into the deeper question of self-awareness, agency and free will, but I really don’t think most human beings are even remotely aware.

                                                                                                                        Engineers, people on Lobster, et. al do really want standard devices. Fuck ARM. Give me a god damn mobile platform. Microsoft for the love of god, just publish your unlock key for your dead phone line so we can have at least one line of devices with UEFI+ARM. Device tree can go die in a fire.

                                                                                                                        The Linux-style revolution of the 2000s (among developers) isn’t happening on mobile because every device is just too damn different. The average consumer could care less. Most people like to buy new things, and we’re been indoctrinated to that point. Retailers and manufactures have focus groups geared right at delivering the dopamine rush.

                                                                                                                        I personally hate buying things. When my mobile stopped charging yesterday and the back broke again, I thought about changing it out. I’ve replaced the back twice already and the camera has spots on the sensor under the lenses.

                                                                                                                        I was able to get it charging when I got home on a high amp USB port, so instead I just ordered yet another back and a new camera (I thought it’d be a bitch to get out, but a few YouTube videos show I was looking at the ribbon wrong and it’s actually pretty easy to replace).

                                                                                                                        I feel bad when I buy things, but it took a lot of work to get to that point. I’ve sold or given away most of my things multiple times to go backpacking, I run ad block .. I mean if everyone did what I’d did, my life wouldn’t be sustainable. :-P

                                                                                                                        We are in a really solidly locked paradigm and I don’t think it can simply shift. If you believe the authors of The Dictators Handbook, we literally have to run our of resources before the general public and really push for dramatically different changes.

                                                                                                                        We really need more commitment to open standards mobile devices. The Ubuntu Edge could have been a game changer, or even the Fairphone. The Edge never got funded and the Fairphone can’t even keep parts sourced for their older models.

                                                                                                                        We need a combination of people’s attitudes + engineers working on OSS alternatives, and I don’t see either happening any time soon.

                                                                                                                        Edit: I forgot to mention, Postmarket OS is making huge strides into making older cellphones useful and I hope we see more of that too.

                                                                                                                        1. 7

                                                                                                                          I second the recommendation for The Century of the Self. That movie offers a life-changing change of perspective. The other documentaries by Curtis are also great and well worth the time.

                                                                                                                          1. 3

                                                                                                                            Century of the Self was a real eye opener. Curtis’s latest documentary, HyperNormalisation, also offers very interesting perspectives.

                                                                                                                          2. 26

                                                                                                                            Capitalism, by it’s very nature, drives companies to not be satisfied with what already sells. Companies are constantly looking to create new markets and products, and that includes creating demand.

                                                                                                                            IOW, consumers aren’t fixed actors who buy what they need; they are acted upon to create an ever increasing number of needs.

                                                                                                                            There are too many examples of this dynamic to bother listing.

                                                                                                                            1. 12

                                                                                                                              It’s also very difficult for the consumer to tell exactly how destructive a particular product is. The only price we pay is the sticker price. Unless you really want to put a lot of time into research it is hard to tell which product is better for the environment.

                                                                                                                              1. 14

                                                                                                                                It’s ridiculous to expect everyone to be an expert on every supply chain in the world, starting right from the mines and energy production all the way to the store shelf. That’s effectively what you are requiring.

                                                                                                                                I’m saying this as a very conscious consumer. I care about my carbon footprint, I don’t buy palm oil, I limit plastic consumption, I limit my consumption overall, but it’s all a drop in the ocean and changes nothing. There are still hundreds of compounds in the everyday items I buy whose provenance I know nothing about and which could be even more destructive. Not to mention that manufacturers really don’t want you to know, it’s simply not in their interest.

                                                                                                                                You’re creating an impossible task and setting people up to fail. It is not the answer.

                                                                                                                                1. 2

                                                                                                                                  “It’s ridiculous to expect everyone to be an expert on every supply chain in the world, starting right from the mines and energy production all the way to the store shelf. That’s effectively what you are requiring.”

                                                                                                                                  I don’t think it is what they’re requiring and it’s much easier than you describe. Here’s a few options:

                                                                                                                                  1. People who are really concerned about this at a level demanding much sacrifice to avoid damaging the environment should automatically avoid buying anything they can’t provably trust by default. The Amish are a decent example that avoids a lot of modern stuff due to commitment to beliefs.

                                                                                                                                  2. There’s groups that try to keep track of corporate abuse, environmental actions, and so on of various companies. They maintain good and bad lists. More people that supposedly care can both use them and join them in maintaining that data. It would be split among many people to lessen each’s burden. Again, avoid things by default until they get on the good lists. Ditch them if they get on the bad ones.

                                                                                                                                  3. Collectively push their politicians for laws giving proper labels, auditing, etc that help with No 2. Also, push for externalities to be charged back to the companies somehow to incentivize less-damaging behavior.

                                                                                                                                  4. Start their own businesses that practice what they preach. Build the principles into their charters, contracts, and so on. Niche businesses doing a better job create more options on the good lists in No 2. There’s entrepreneurs doing this.

                                                                                                                                  So, not all-knowing consumers as you indicated. Quite a few strategies that are less impossible.

                                                                                                                                  1. 4

                                                                                                                                    @ac specifically suggested consumer choice as the solution to environmental issues, and that’s what I disagreed with.

                                                                                                                                    Your point number 3 is quite different from the other three, and it’s what I would suggest as a far more effective strategy than consumer choice (along with putting pressure on various corporations). As an aside, I still wouldn’t call it easy - it’s always a hard slog.

                                                                                                                                    Your points 1, 2 and 4 still rely on consumer choice, and effectively boil down to: either remove yourself from modern civilisation, or understand every supply chain in the world. I think it’s obvious that the first choice is neither desirable nor “much easier” for the vast majority of people (and I don’t think it’s the best possible solution). The second is impossible, as I said before.

                                                                                                                                    1. 1

                                                                                                                                      “consumer choice as the solution to environmental issues”

                                                                                                                                      edit to add: consumer choice eliminated entire industries worth of companies because they wanted something else. It’s only worsened environmental issues. That’s probably not an argument against consumer choice so much as in favor of them willing to sacrifice the environment overall to get the immediate things they want.

                                                                                                                                      “either remove yourself from modern civilisation, or understand every supply chain in the world”

                                                                                                                                      This is another false dichotomy. I know lots of people who are highly-connected with other people but don’t own lots of tech or follow lots of fads. In many cases, they seem to know about them enough to have good conversations with people. They follow what’s going on or are just good listeners. Buying tons of gadgets or harmful things isn’t necessary for participation. You can get buy with a lot less than average middle or upper class person.

                                                                                                                                      What you said is better understood as a spectrum to be in like most things. Lots of positions in it.

                                                                                                                                      1. 2

                                                                                                                                        I think we might actually be mostly in agreement, but we’re talking past each other a bit.

                                                                                                                                        That’s probably not an argument against consumer choice so much as in favor of them willing to sacrifice the environment overall to get the immediate things they want.

                                                                                                                                        I agree with this. But even when consumer choice is applied with environmental goals in mind, I believe its effect is very limited, simply because most people won’t participate.

                                                                                                                                        This is another false dichotomy.

                                                                                                                                        Yeah, but it was derived from your points :) I was just trying to hammer the point that consumer choice isn’t an effective solution.

                                                                                                                                        You can get buy with a lot less than average middle or upper class person.

                                                                                                                                        Totally. I’ve been doing that for a long time: avoiding gadgets and keeping the stuff I need (eg a laptop) as long as I can.

                                                                                                                                        1. 1

                                                                                                                                          “But even when consumer choice is applied with environmental goals in mind, I believe its effect is very limited, simply because most people won’t participate.”

                                                                                                                                          Oh OK. Yeah, I share that depressing view. Evidence is overwhelmingly in our favor on it. It’s even made me wonder if I should even be doing the things I’m doing if so few are doing their part.

                                                                                                                                2. 5

                                                                                                                                  The blame rests on the producers, not on the consumers.

                                                                                                                                  Consumers are only able to select off of the menu of available products, so to speak. Most of the choices everyday consumers face are dictated by their employers and whatever is currently available to make it through their day.

                                                                                                                                  No person can reasonably trace the entire supply chain for every item they purchase, and could likely be impossible even with generous time windows. Nor would I want every single consumer to spend their non-working time to tracing these chains.

                                                                                                                                  Additionally, shifting this blame to the consumer creates conditions where producers can charge a premium on ‘green’ and ‘sustainable’ products. Only consumers with the means to consume ‘ethically’ are able to do so, and thus shame people with less money for being the problem.

                                                                                                                                  The blame falls squarely on the entities producing these products and the states tasked with regulating production. There will be no market-based solution to get us out of the climate catastrophe, and we certainly can’t vote for a green future with our dollars.

                                                                                                                                  1. 4

                                                                                                                                    Consumers are only able to select off of the menu of available products, so to speak. Most of the choices everyday consumers face are dictated by their employers and whatever is currently available to make it through their day.

                                                                                                                                    That’s not true even though it seems it is. The consumers’ past behavior and present statements play a major role in what suppliers will produce. Most of what you see today didn’t happen overnight. There were battles fought where quite a few companies were out there doing more ethical things on supply side. They ended up bankrupt or with less marketshare while the unethical companies got way ahead through better marketing of their products. With enough wealth accumulated, they continued buying the brands of the better companies remaking them into scumbag companies, too, in many cases.

                                                                                                                                    For instance, I strongly advise against companies developing privacy- or security-oriented versions of software products that actually mitigate risks. They’ll go bankrupt like such companies often always did. The companies that actually make lots of money apply the buzzwords customers are looking for, integrate into their existing tooling (often insecure), have features they demand that are too complex to secure, and in some cases are so cheap the QA couldn’t have possibly been done right. That has to be private or secure for real against smart black hats. Not going to happen most of the time.

                                                                                                                                    So, I instead tell people to bake cost-effective security enhancements and good service into an otherwise good product advertised for mostly non-security benefits. Why? Because that’s what demand-side responds to almost every time. So, the supply must provide it if hoping to make waves. Turns out, there’s also an upper limit to what one can achieve in that way, too. The crowds’ demands will keep creating obstacles to reliability, security, workers’ quality of life, supplier choice, environment… you name it. They mostly don’t care either where suppliers being honest about costs will be abandoned for those delivering to demand side. In face of that, most suppliers will focus on what they think is in demand across as many proven dimensions as possible.

                                                                                                                                    Demand and supply side are both guilty here in a way that’s closely intertwined. It’s mostly demand side, though, as quite a few suppliers in each segment will give them whatever they’re willing to pay for at a profit.

                                                                                                                                    1. 3

                                                                                                                                      I agree with a lot of your above point, but want to unpack some of this.

                                                                                                                                      Software security is a strange case to turn to since it has less direct implications on the climate crisis (sure anything that relies on a datacenter is probably using too much energy) compared to the production of disposable, resource-intensive goods.

                                                                                                                                      Demand and supply side are both guilty here in a way that’s closely intertwined. It’s mostly demand side, though, as quite a few suppliers in each segment will give them whatever they’re willing to pay for at a profit.

                                                                                                                                      I parse this paragraph to read: we should blame consumers for buying what’s available and affordable, because suppliers are incapable of acting ethically (due to competition).

                                                                                                                                      So should we blame the end consumer for buying a phone every two years and not the phone manufacturers/retailers for creating rackets of planned obsolescence?

                                                                                                                                      And additionally, most suppliers are consumers of something else upstream. Virtually everything that reaches an end consumer has been consumed and processed several times over by suppliers above. The suppliers are guilty on both counts by our separate reasoning.

                                                                                                                                      Blaming individuals for structural problems simply lets suppliers shirk any responsibility they should have to society. After all, suppliers have no responsibility other than to create profits. Suppliers’ bad behavior must be curtailed either through regulation, public education campaigns to affect consumption habits, or organizing within workplaces.

                                                                                                                                      (As an aside, I appreciate your response and it’s both useful and stimulating to hear your points)

                                                                                                                                      1. 2

                                                                                                                                        “I parse this paragraph to read: we should blame consumers for buying what’s available and affordable, because suppliers are incapable of acting ethically (due to competition).”

                                                                                                                                        You added two words, available and affordable, to what I said. I left affordable off because many products that are more ethical are still affordable. Most don’t buy them anyway. I left availability off since there’s products appearing all the time in this space that mostly get ignored. The demand side not buying enough of what was and currently is available in a segment sends a message to suppliers about what they should produce. Especially if it’s consistent. Under vote with your wallet, we should give consumers their share of credit or blame for anything their purchasing decisions as a whole are supporting or destroying. That most won’t deliberately try to obtain an ethical supplier of… anything… supports my notion demand side has a lot to do with unethical activities of financially-successful suppliers.

                                                                                                                                        For a quick example, there are often coops and farmers markets in lots of rural areas or suburban towns in them. There’s usually a segment of people who buy from them to support their style of operation and/or jobs. There’s usually enough to keep them in business. You might count Costco in that, too, where a membership fee that’s fixed cost gets the customers a pile of stuff at a promised low-markup and great service. There’s people that use credit unions, esp in their industry, instead of banks. There’s people that try to buy from nonprofits, public beneit companies, companies with good track record, and so on. There’s both a demand side (tiny) and suppliers responding to it that show this could become a widespread thing.

                                                                                                                                        Most consumers on demand side don’t do that stuff, though. They buy a mix of necessities and arbitrary stuff from whatever supplier is lowest cost, cheapest, most variety, promoting certain image, or other arbitrary reasons. They do this so much that most suppliers, esp market leaders, optimize their marketing for that stuff. They also make more money off these people that let them put lots of ethical, niche players out of business over time. So, yeah, I’d say consumer demand being apathetic to ethics or long-term thinking is a huge part of the problem given it puts tens of billions into hands of unethical parties. Then, some of that money goes into politicians’ campaign funds so they make things even more difficult for those companies’ opponents.

                                                                                                                                        “Blaming individuals for structural problems simply lets suppliers shirk any responsibility they should have to society.”

                                                                                                                                        Or the individuals can buy from different suppliers highlighting why they’re doing it. Other individuals can start companies responding to that massive stated demand. The existing vendors will pivot their operations. Things start shifting. It won’t happen without people willing to buy it. Alternatively, using regulation as you mentioned. I don’t know how well public education can help vs all the money put into advertising. The latter seems more powerful.

                                                                                                                                        “(As an aside, I appreciate your response and it’s both useful and stimulating to hear your points)”

                                                                                                                                        Thanks. Appreciate you challenging it so I think harder on and improve it. :)

                                                                                                                                    2. 2

                                                                                                                                      Only consumers with the means to consume ‘ethically’ are able to do so, and thus shame people with less money for being the problem.

                                                                                                                                      This is ignoring reality, removing cheaper options does not make the other options cheaper to manufacture. It is not shaming people.

                                                                                                                                      You are also ignoring the fact that in a free country the consumers and producers are the same people. A dissatisfied consumer can become a producer of a new alternative if they see it as possible.

                                                                                                                                    3. 3

                                                                                                                                      Exactly. The consumers could be doing more on issues like this. They’re complicit or actively contribute to the problems.

                                                                                                                                      For example, I use old devices for as long as I can on purpose to reduce waste. I try to also buy things that last as long as possible. That’s a bit harder in some markets than others. For appliances, I just buy things that are 20 years old. They do the job and usually last 10 more years since planned obsolescence had fewer tricks at the time. ;) My smartphone is finally getting unreliable on essential functions, though. Bout to replace it. I’ll donate, reuse, or recycle it when I get new one.

                                                                                                                                      On PC side, I’m using a backup whose age I can’t recall with a Celeron after my Ubuntu Dell w/ Core Duo 2 died. It was eight years old. Attempting to revive it soon in case it’s just HD or something simple. It’s acting weird, though, so might just become a box for VM experiments, fuzzing, opening highly-untrustworthy URLs or files, etc. :)

                                                                                                                                    4. 7

                                                                                                                                      Capitalism is killing us in a very literal sense by destroying our habitat at an ever accelerating rate

                                                                                                                                      Which alternatives would make people happier to consume less – drive older cars, wear rattier clothing, and demand fewer exotic vacations? Because, really, that’s the solution to excessive use of the environment: Be happier with less.

                                                                                                                                      Unfortunately, greed has been a constant of human nature far too long for capitalism to take the blame there.

                                                                                                                                      1. 9

                                                                                                                                        Which alternatives would make people happier to consume less – drive older cars, wear rattier clothing, and demand fewer exotic vacations?

                                                                                                                                        Why do people want new cars, the latest fashions, and exotic vacations in the first place? If it’s all about status and bragging rights, then it’s going to take a massive cultural shift that goes against at least two generation’s worth of cultural programming by advertisers on the behalf of the auto, fashion and travel industries.

                                                                                                                                        I don’t think consumerism kicked into high gear until after the end of World War II when modern advertising and television became ubiquitous, so perhaps the answer is to paraphrase Shakespeare:

                                                                                                                                        The first thing we do, let’s kill all the advertisers.

                                                                                                                                        OK, maybe killing them (or encouraging them to off themselves in the tradition of Bill Hicks) is overkill. Regardless, we should consider the possibility that advertising is nothing but private sector psyops on behalf of corporations, and should not be protected as “free speech”.

                                                                                                                                        1. 2

                                                                                                                                          If there was an advertising exception for free speech, people would use it as an unprincipled excuse to ban whatever speech they didn’t like, by convincing the authorities to classify it as a type of advertising. After all, most unpopular speech is trying to convince someone of something, right? That’s what advertising fundamentally is, right?

                                                                                                                                          Remember that the thing that Oliver Wendell Holmes called “falsely shouting fire in a crowded theater” wasn’t actually shouting “fire” in an actual crowded theater - it was a metaphor he used to describe protesting the military draft.

                                                                                                                                          1. 9

                                                                                                                                            I agree: there shouldn’t be an advertising exception on free speech. However, the First Amendment should only apply to homo sapiens or to organisms we might eventually recognize as sufficiently human to possess human rights. Corporations are not people, and should not have rights.

                                                                                                                                            They might have certain powers defined by law, but “freedom of speech” shouldn’t be one of them.

                                                                                                                                        2. 3

                                                                                                                                          IMO, Hedonistic adaptation is a problem and getting worse. I try to actively fight against it.

                                                                                                                                          1. 2

                                                                                                                                            It would be a start if we designed cities with walking and public transportation in mind, not cars.

                                                                                                                                            My neighborhood is old and walkable. I do shopping on foot (I have a bicycle but don’t bother with it). For school/work, take a single bus and a few minutes walking. Getting a car would be a hassle, I don’t have a place to park it, and I’d have to pay large annual fees for rare use.

                                                                                                                                            Newer neighborhoods appear to be planned with the idea that you’ll need a car for every single task. “Residential part” with no shops at all, but lots of room for parking. A large grocery store with a parking lot. Even train stations with a large parking lot, but no safe path for pedestrians/cyclists from the nearby neighborhoods.

                                                                                                                                          2. 4

                                                                                                                                            The new features on phones are so fucking stupid as well. People are buying new phones to get animated emojis and more round corners. It’s made much worse with phone OEMs actively making old phones work worse by slowing them down.

                                                                                                                                            1. 7

                                                                                                                                              There has been no evidence to my knowledge that anyone is slowing old phones down. This continues to be an unfounded rumor

                                                                                                                                              1. 2

                                                                                                                                                There’s also several Lobsters that have said Android smartphones get slower over time at a much greater rate than iPhones. I know my Galaxy S4 did. This might be hardware, software bloat, or whatever. There’s phones it’s happening on and those it isn’t in a market where users definitely don’t want their phones slowing down. So, my theory on Android side is it’s a problem they’re ignoring on purpose or even contributing to due to incentives. They could be investing money into making the platform much more efficient across devices, removing bloat, etc. They ain’t gonna do that.

                                                                                                                                                1. 3

                                                                                                                                                  Android smartphones get slower over time at a much greater rate than iPhones.

                                                                                                                                                  In my experience, this tends to be 3rd party apps that start at boot and run all the time. Factory reset fixes it. Android system updates also make phones faster most of the time.

                                                                                                                                                  1. 1

                                                                                                                                                    Hmm. I’ll try it since I just backed everything up.

                                                                                                                                                    1. 3

                                                                                                                                                      I’m still using a Nexus 6 I got ~2.5 years ago. I keep my phone pretty light. No Facebook or games. Yet, my phone was getting very laggy. I wiped the cache (Settings -> Storage -> Cached data) and that seemed to help a bit, but overall, my phone was still laggy. It seemed to get really bad in my text messaging app (I use whatever the stock version is). I realized that I had amassed a lot of text messages over the years, which includes quite a lot of gifs. I decided to wipe my messages. I did that by installing “SMS Backup & Restore” and telling it to delete all of my text messages, since apparently the stock app doesn’t have a way to do this in bulk. It took at least an hour for the deletion to complete. Once it was done, my phone feels almost as good as new, which makes me really happy, because I really was not looking forward to shelling out $1K for a Pixel.

                                                                                                                                                      My working theory is that there is some sub-optimal strategy in how text messages are cached. Since I switch in and out of the text messaging app very frequently, it wouldn’t surprise me if I was somehow frequently evicting things from memory and causing disk reads, which would explain why the lag impacted my entire phone and not just text messages. But, this is just speculation. And a factory reset would have accomplished the same thing (I think?), so it’s consistent with the “factory reset fixes things” theory too.

                                                                                                                                                      My wife is still on a Nexus 5 (great phone) and she has a similar usage pattern as me. Our plan is to delete her text messages too and see if that helps things.

                                                                                                                                                      Anyway… I realize this basically boils down to folk remedies at this point, but I’m just going through this process now, so it’s top of mind and figured I’d share.

                                                                                                                                                      1. 2

                                                                                                                                                        I’ll be damned. I baked up and wiped the SMS, nothing else. The phone seems like it’s moving a lot snappier. Literally a second or two of delay off some things. Some things are still slow but maybe app just is. YouTube always has long loading time. The individual videos load faster now, though.

                                                                                                                                                        Folk remedy is working. Appreciate the tip! :)

                                                                                                                                                        1. 2

                                                                                                                                                          w00t! Also, it’s worth mentioning that I was experiencing much worse delay than a second or two. Google Nav would sometimes lock up for many seconds.

                                                                                                                                                          1. 1

                                                                                                                                                            Maps seems OK. I probably should’ve been straight-up timing this stuff for better quality of evidence. Regardless, it’s moving a lot faster. Yours did, too. Two, strong anecdotes so far on top of factory reset. Far as we know, even their speed gains might have come from SMS clearing mostly that the reset did. Or other stuff.

                                                                                                                                                            So, I think I’m going to use it as is for a week or two to assess this change plus get a feel for a new baseline. Then, I’ll factory reset it, reinstall some apps from scratch, and see if that makes a difference.

                                                                                                                                                            1. 2

                                                                                                                                                              Awesome. Please report back. :-)

                                                                                                                                                              1. 2

                                                                                                                                                                I’ll try to remember to. I’m just still stunned it wasn’t 20 Chrome tabs or all the PDF’s I download during the day. Instead, text messages I wasn’t even using. Of all things that could drag a whole platform down…

                                                                                                                                                                1. 2

                                                                                                                                                                  Sms is stored on the SIM card, right? That’s probably not got ideal I/O characteristics…

                                                                                                                                                                  1. 1

                                                                                                                                                                    I thought the contacts were but messages were on phone. I’m not sure. The contacts being on there could have an effect. I’d have hoped they cached a copy of SIM contents onto in-phone memory. Yeah, SIM access could be involved.

                                                                                                                                                        2. 2

                                                                                                                                                          Now, that’s fascinating. I don’t go in and out of text a lot but do have a lot of text messages. Many have GIF’s. There’s also at least two other apps that accumulate a lot of stuff. I might try wiping them. Btw, folk remedies feel kind of justified when we’re facing a complex, black-box system with nothing else to go on. ;)

                                                                                                                                                  2. 2

                                                                                                                                                    Official from apple: https://www.apple.com/au/iphone-battery-and-performance/

                                                                                                                                                    They slow phones with older batteries but don’t show the user any indication that it can be fixed very cheaply by replacing the battery (Until after the recent outrage) and many of them will just buy a new phone and see it’s much faster.

                                                                                                                                                    1. 12

                                                                                                                                                      Wow, so much to unpack here.

                                                                                                                                                      You said they slow old phones down. That is patently false. New versions of iOS are not made to run slowly on older model hardware.

                                                                                                                                                      Apple did not slow phones down with old batteries. They throttled the CPU of phones with failing batteries (even brand new ones!) to prevent the phone from crashing due to voltage drops. This ensured the phone was still functional even if you needed your phone in an emergency. Yes it was stupid there was no notification to the user. This is no longer relevant because they now provide notifications to the user. This behavior existed for a short period of time in the lifespan of the iPhone: less than 90 days between introduction of release with throttling and release with controls to disable and notifications to users.

                                                                                                                                                      Please take your fake outrage somewhere else.

                                                                                                                                                      1. 5

                                                                                                                                                        Apple did not slow phones down with old batteries. They throttled the CPU of phones with failing batteries (even brand new ones!) to prevent the phone from crashing due to voltage drops.

                                                                                                                                                        In theory this affects new phones as well, but we know that as batteries grow older, they break down, hold less charge, and have a harder time achieving their design voltage. So in practice, this safety mechanism for the most part slows down older phones.

                                                                                                                                                        You claim @user545 is unfairly representing the facts by making Apple look like this is some evil ploy to increase turnover for their mobile phones.

                                                                                                                                                        However, given the fact that in reality this does mostly make older phones seem slower, and the fact that they put this in without ever telling anyone outside Apple and not allowing the user to check their battery health and how it affected the performance of their device, I feel like it requires a lot more effort not to make it look like an intentional decision on their part.

                                                                                                                                                        1. 2

                                                                                                                                                          Sure, but if you have an old phone with OK batteries, then their code did not slow it down. So I think it is still more correct to say they slowed down those with bad batteries than those that were old even if most of those with bad batteries were also bad which really depended on phone’s use.

                                                                                                                                                          The difference is not just academic. For example I have “inherited” iPhone6 from my wife that still has a good battery after more than 2 years and performs fine.

                                                                                                                                                          1. 2

                                                                                                                                                            the fact that they put this in without ever telling anyone outside Apple

                                                                                                                                                            It was in the release notes of that iOS release…

                                                                                                                                                            edit: additionally it was known during the beta period in December. This wasn’t a surprise.

                                                                                                                                                            1. 1

                                                                                                                                                              Again, untrue. The 11.2 release notes make no mention of batteries, throttling, or power management. (This was the release where Apple extended the throttling to the 7 series of phones.) The 10.2.1 release notes, in their entirety, read thus:

                                                                                                                                                              iOS 10.2.1 includes bug fixes and improves the security of your iPhone or iPad. It also improves power management during peak workloads to avoid unexpected shutdowns on iPhone.

                                                                                                                                                              That does not tell a reader that long-term CPU throttling is taking place, that it’s restricted to older-model iPhones only, that it’s based on battery health and fixable with a new battery (not a new phone), etc. It provides no useful or actionable information whatsoever. It’s opaque and frankly deceptive.

                                                                                                                                                              1. 0

                                                                                                                                                                You’re right, because I was mistaken and the change was added in iOS 10.2.1, 1/23/2017

                                                                                                                                                                https://support.apple.com/kb/DL1893?locale=en_US

                                                                                                                                                                It also improves power management during peak workloads to avoid unexpected shutdowns on iPhone.

                                                                                                                                                                A user on the day of release:

                                                                                                                                                                Hopefully it fixes the random battery shutoff bug.

                                                                                                                                                                src: https://forums.macrumors.com/threads/apple-releases-ios-10-2-1-with-bug-fixes-and-security-improvements.2028992/page-2#post-24225066

                                                                                                                                                                additionally in a press release:

                                                                                                                                                                In February 2017, we updated our iOS 10.2.1 Read Me notes to let customers know the update ‘improves power management during peak workloads to avoid unexpected shutdowns.’ We also provided a statement to several press outlets and said that we were seeing positive results from the software update.

                                                                                                                                                                Please stop trolling. It was absent from the release notes for a short period of time. It was fixing a known issue affecting users. Go away.

                                                                                                                                                                1. 4

                                                                                                                                                                  Did you even read the comment you are responding to? I quoted the 10.2.1 release notes in full–the updated version–and linked them too. Your response is abusive and in bad faith, your accusations of trolling specious.

                                                                                                                                                                  1. [Comment removed by moderator pushcx: We've never had cause to write a rule about doxxing, but pulling someone's personal info into a discussion like this to discredit them is inappropriate.]

                                                                                                                                                                    1. 2

                                                                                                                                                                      I don’t hate Apple. I’m not going to sell my phone because I like it. The battery is even still in good shape! I wish they’d been a little more honest about their CPU throttling. I don’t know why this provokes such rage from you. Did you go through all my old comments to try to figure out what kind of phone I have? Little creepy.

                                                                                                                                                                      1. 2

                                                                                                                                                                        I’m not angry about anything here. It’s just silly that such false claims continue to be thrown around about old phones intentionally being throttled to sell new phones. Apple hasn’t done that. Maybe someone else has.

                                                                                                                                                                        edit: it took about 30 seconds to follow your profile link to your website -> to Flickr -> to snag image metadata and see what phone you own.

                                                                                                                                                          2. -3

                                                                                                                                                            They throttled the CPU of phones with failing batteries (even brand new ones!)

                                                                                                                                                            This is untrue. They specifically singled out only older-model phones for this treatment. From the Apple link:

                                                                                                                                                            About a year ago in iOS 10.2.1, we delivered a software update that improves power management during peak workloads to avoid unexpected shutdowns on iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus and iPhone SE. [snip] We recently extended the same support to iPhone 7 and iPhone 7 Plus in iOS 11.2.

                                                                                                                                                            In other words, if you buy an iPhone 8 or X, no matter what condition the battery is in, Apple will not throttle the CPU. (In harsh environments–for example, with lots of exposure to cold temperatures–it’s very plausible that an 8 or X purchased new might by now have a degraded battery.)

                                                                                                                                                            1. 2

                                                                                                                                                              You are making a claim without any data to back it up.

                                                                                                                                                              Can you prove that the batteries in the new iPhones suffer voltage drops when they are degraded? If they use a different design with more/smaller cells then AIUI they would be significantly less likely to have voltage drops when overall capacity is degraded.

                                                                                                                                                              But no, instead you continue to troll because you have a grudge against Apple. Take your crap elsewhere. It’s not welcome here.

                                                                                                                                                              1. 3

                                                                                                                                                                You’re moving the goalposts. You claimed Apple is throttling the CPU of brand new phones. You were shown this to be incorrect, and have not brought any new info to the table. Your claim that the newer phones might be designed so as to not require throttling is irrelevant.

                                                                                                                                                                Please don’t accuse (multiple) people of trolling. It reflects poorly on yourself. All are welcome here.

                                                                                                                                                                1. 3

                                                                                                                                                                  You can buy a brand new phone directly from Apple (iPhone 6S) with a faulty battery and experience the throttling. I had this happen.

                                                                                                                                                        2. 1

                                                                                                                                                          Google services update in the background even when other updates are disabled. Even if services updates are not intended to slow down the phone, they still do.

                                                                                                                                                        3. 3

                                                                                                                                                          The new features on phones are so fucking stupid as well.

                                                                                                                                                          I think the consumer who pays for it is stupid.

                                                                                                                                                          1. 3

                                                                                                                                                            It’s both. The user wants something new every year and OEMs don’t have anything worthwhile each year so they change things for the sake of change like adding rounded corners on the LCD or cutting a chunk out of the top. It makes it seem like something is new and worth buying when not much worthwhile has actually changed.

                                                                                                                                                            1. 4

                                                                                                                                                              I think companies would always take the path of least resistance that works. If consumers didn’t fall for such stupid tricks the companies that did them would die off.

                                                                                                                                                        4. 2

                                                                                                                                                          Yep. I guess humanity’s biggest achievement will be to terraform itself out of existence.

                                                                                                                                                          This planet does neither bargain nor care about this civilizations’ decision making processes. It will keep flying around the sun for a while, with or without humans on it.

                                                                                                                                                          I’m amazed by the optimism people display in response to pointing out that the current trajectory of climate change makes it highly unlikely that our grand-grand-children will ever be born.

                                                                                                                                                          1. 2

                                                                                                                                                            The list is endless, and it all comes down to the American ethos that making money is a sacred right that trumps all other concerns.

                                                                                                                                                            s/American/human

                                                                                                                                                            You can’t fix a problem if you misunderstand what causes it.

                                                                                                                                                            1. 5

                                                                                                                                                              Ideology matters, and America has been aggressively promoting toxic capitalist ideology for many decades around the world. Humans aren’t perfect, but we can recognize our problems and create systems around us to help mitigate them. Capitalism is equivalent of giving a flamethrower to a pyromaniac.

                                                                                                                                                              1. 3

                                                                                                                                                                If you want to hash out how “toxic capitalism” is ruining everything, that’s fine–I’m just observing that many other countries (China, Germany, India, Mozambique, Russia, etc.) have done things that, to me at least, dispel the notion of toxic capitalism as purely being American in origin.

                                                                                                                                                                And to avoid accusations of whataboutism, the reason I point those other countries out is that if a solution is put forth assuming that America is the problem–and hence itself probably grounded in approaches unique to an American context–it probably will not be workable in other places.

                                                                                                                                                                1. 2

                                                                                                                                                                  Nobody is saying that capitalism alone is the problem or that it’s unique to America. I was saying that capitalism is clearly responsible for a lot of harm, and that America promotes it aggressively.

                                                                                                                                                                  1. 0

                                                                                                                                                                    Don’t backpedal. You wrote:

                                                                                                                                                                    The list is endless, and it all comes down to the American ethos that making money is a sacred right that trumps all other concerns.

                                                                                                                                                                    As to whether or not capitalism is clearly responsible for a lot of harm, it’s worth considering what the alternatives have accomplished.

                                                                                                                                                                    1. 0

                                                                                                                                                                      Nobody is backpedaling here, and pointing at other failed systems saying they did terrible things too isn’t much of an argument.

                                                                                                                                                          1. 6

                                                                                                                                                            I hear there’s a lot of gold to be had in alchemy, though. It’s even better than a science if your goals line up with what it’s good at.

                                                                                                                                                            1. 8

                                                                                                                                                              Raising money from venture capitalists?

                                                                                                                                                              1. 4

                                                                                                                                                                Exactly! :)