1. 4

    Those strike me as fine points - but maybe a bit limited.

    If I had one piece of advice I’d want to learn as a junior developer, it’d be “focus on people and business problems, not technology”.

    Learning that I wasn’t paid to write code but to deliver business value took me a (embarrassingly long) while, but when I got it I went from “a good programmer” to a recognized expert in my company.

    And I’m just starting to learn that I can deliver even more value by focusing on mentoring and training my coworkers.

    1. [Comment from banned user removed]

      1. 3

        The last two comments I’ve seen from this user seem like the inverse of the friendlysock experiment. If this isn’t intentional, I’d highly recommend reading the blog post and reconsidering your posting style.

        1. 2

          I would like to know, why are you people down-voting stefantalpalaru for that comment?

          I am not a native speaker nor in the US, that remark was insightful for me - am I missing something except it (the comment) being slightly snarky?

          1. 32

            I’m sort of used to people making fun of my writing style (people complain about my use of exclamation marks on the internet every month or so, complaining about question marks is a new one :) ) but in general I find technical comments on my posts much more interesting.

            I’m honestly a bit disappointed by this comment – i tend to think of lobste.rs as a place where people try to have more substantive technical discussions about posts, as opposed to hacker news where comment threads frequently get derailed by conversations about irrelevant things and I end up not learning anything by reading the comments. To me the point of tech discussion sites like this is to discuss the technology! (for example: how could a kernel bug like this happen? have you run into other similar bugs on Mac/Linux? How did you debug them? Can you use dtrace to discover more about what’s going on inside the kernel?).

            There are so many interesting questions to talk about, and I think it’s kind of a shame to waste time making nitpicky comments about the use of a question mark in the title :)

            1. 11

              As a linguist who’s read enough language written without punctuation (Latin and Greek), I’d like to thank you for your use of punctuation, and to encourage it.

              Latin, fun fact, has two words to introduce questions, one that introduces questions where you expect an affirmative answer (“nonne”), and one that introduces questions where you expect a negative answer (“num”), and the interrobang was only invented millennia later. It’s always useful to have a metachannel conveying subtext, and punctuation is compact.

              “I think I found a Mac kernel bug.” sounds definitive, and immediately puts a team of kernel hackers on the defensive. “I think I found a Mac kernel bug?” sounds rather surprised at oneself, and emphasizes the incredulity that you’d posted on Twitter, that it was 4 days from kernel hacking to finding a bug, that you’d expected that people would have found it, and generally is the spirit of humility and exploration that has made your writings so interesting to read!

              Thank you for exploring syscalls :)

              1. 2

                So, however insignificant, this issue has, believe it or not, been (low-key) bugging me since this (sub)thread happened. I’m purely concerned with the linguistic question taken at face value, since I vaguely concur with the annoyance at the question mark (in the sense that I would feel odd to write in that style that myself, though I don’t care to tell anyone else what they should prefer). The reason it’s been bugging me is that it’s obvious that “just drop the question mark” can’t work, precisely because it significantly alters the quality of what is being expressed – as you stated. So how would I say that?

                And I think I just realised the answer: the way to correctly express that sentiment in a more formal register is simply “Have I really found a Mac kernel bug?” D’uh, I guess.

                1. 1

                  Absolutely. And there’s “I think I might have found a Mac kernel bug” in slightly more formal colloquial registers, “Discovery of potential Mac kernel bug” for a title of some Technical Letter to a journal 50 years ago. More formal titles have fewer questions.

                  And we’ve been repurposing punctuation to convey pitch of a sentence when spoken, useful to convey one’s meaning when writing. Sometimes it’s a question mark to convey High Rising Terminal, sometimes it’s comma splices and lack of terminal period to convey a fading train of thought, it’s a fun writing constraint, you should try it

              2. 8

                Thanks for taking the time to reply. I was asking because I felt I might be missing some language slang/common use that was pointed out here.

                Regarding your blog posts: I love reading them, your technical content is sound, delivered in a fun way and a dive into things I rarely look at myself - I’m following all your ruby profiler posts. Keep up what you are doing, the silent majority appreciates it ;)

              3. 11

                the high rising terminal - often associated with “valleyspeak” - is stereotypically associated with shallow, unintelligent women, especially in american pop culture.

                If anyone else on the site had asked about this, I’d wager we would see far less common contentious voting patterns. But hell, let’s call a spade a spade: I’ve seen enough of OPs previous comments to have a pretty good guess at what he’s doing when he made that comment - and I wager the downvoters did too.

                1. 7

                  As a meta-discourse thing, I don’t really like this kind of comment even from people whose good faith I’m confident of. It’s really easy for a forum to fall into a pattern where 90% of the discussion is about pretty superficial aspects of the posts, especially in a dismissive way. I wouldn’t say that kind of thing is always off-topic, but I guess I try to think: is this observation novel and non-obvious enough that someone reading the comment learns something? Usually when I’ve been tempted to post a comment complaining about superficial aspects of a post (and there are definitely things I dislike and am tempted to comment on!) it’s hard for me to argue with a straight face that the answer is “yes”.

            1. 2

              Any security minded people have thoughts on this?

              1. 13

                Debian’s security record regarding CAs is atrocious. By this I mean default configuration and things like the ca-certificates package.

                Debian used to include non-standard junk CAs like CACert and also refuse to consider CA removal a security update, so it’s hugely hypocritical of this page to talk about many insecure CAs out of 400+.

                Signing packages is a good idea, as that is bound to the data and not to the transport like https so in principle I agree that using https for debian repositories doesn’t gain much in terms of extra security. However these days the baseline expectation should be that everything defaults to https, as in no more port 80 unauthenticated http traffic.

                Yes, moving over to https for debian repositories breaks local caching like apt-cacher (degrades it to a tcp proxy) and requires some engineering work to figure out how to structure a global mirror network, but this will have to be done sooner or later. I would also not neglect the privacy implications, with https people deploying passive network snooping have to apply heuristics and put in more effort than simply monitoring http.

                Consider the case where someone sitting passively on a network just monitors package downloads that contains a fix for a vulnerability that is exploitable remotely. That passive attacker can just try to race the host and exploit the vulnerability before the update can be installed.

                Package signing in debian suffers from problems with the underlying gpg level, gpg is so 90s in that it’s really hard to sustainably use it long-term: key rotation, key strength are problem areas.

                1. 4

                  Package signing in debian suffers from problems with the underlying gpg level, gpg is so 90s in that it’s really hard to sustainably use it long-term: key rotation, key strength are problem areas.

                  What do you consider a better alternative to gpg?

                  1. 10

                    signify is a pretty amazing solution here - @tedu wrote it and this paper detailing how OpenBSD has implemented it.

                  2. 4

                    non-standard junk CAs like CACert

                    imho CACert feels more trustworthy than 90% of the commercial cas. i really would like to see cacert paired with the level of automation of letsencrypt. edit: and being included in ca packages.

                    1. 2

                      With the dawn of Let’s Encrypt, is there still really a use case for CACert?

                      1. 4

                        i think alternatives are always good. the only thing where they really differ is that letsencrypt certificates are cross signed by a ca already included in browsers, and that letsencrypt has automation tooling. the level of verification is about the same. i’d go as fas as to say that cacert is more secure because web of trust, but that may be just subjective.

                1. 5

                  Obviously boiling lobsters is cruel and brutal, but so is eating them. There is no “compassionate” way to eat something. If you are bothered by boiling them, take the logic a step further and don’t eat them either.

                  1. 8

                    So you think that there’s no moral difference between “quick and painless”, “slow and horrible”, and “clumsy bludgeoning”? Sounds like a pretty extreme position to me.

                    http://futurama.wikia.com/wiki/Suicide_booth

                    1. 9

                      I think this is a useful attempt to elucidate a somewhat confusing position on dz’s part, but that reducing a choice like this to the apparent fundamental principles rarely advances a conversation. People weigh far more things than they are even aware of, and are often not able to explain their real reasons. That’s especially true with a concern like animal suffering which is difficult to think about without having an urge to dismiss it out-of-hand to avoid having to imagine horrifying implications in detail.

                      Personally, I think that both killing animals and causing them to suffer are wrong. Unfortunately, they’re on the list of wrong things that all humans are complicit in to some extent, although certainly we can individually adjust the degree to which we are, through our lifestyle choices. Political slogans are simplistic because they must be, but it’s important to remember the nuance when actually talking through something controversial like this.

                      I see the point of a device to kill lobsters faster. But let’s not name anything on the site after it. I expect that this thread has already gotten more political, and with less relevance to the site’s core mission, than many lobste.rs users are comfortable with.

                      1. 3

                        Yes I agree not to name anything on this site after it. It would be uncool and uncrustaceanly.

                        1. 2

                          Thank you. I very much agree that there’s a lot of subtlety to these kinds of issues, and that they are worth considerate discussion in depth, but that this is probably not the right venue.

                          I’m still learning how to write comments that are simultaneously relevant, provocative, and concise without being glib or mean… or encouraging others to. It’s hard! Sometimes it might be impossible. I think it’s still worth practicing.

                          1. 2

                            but that this is probably not the right venue

                            I dunno about everyone else but I find this sentiment common and deeply disappointing.

                            Programmers, like it or not, must learn to tackle ethical questions. We’ve automated jobs away, built software to cheat on emission standards, designed UIs with the intent to deceive users — and any attempt to discuss these issues where programmers dwell is invariably shut down with claims of “improper venue!”

                            How can we expect to advance our profession if we keep proclaiming that our spaces are strictly for tech chat only?

                            1. 7

                              I agree! But let’s spend those limited resources discussing ethical questions that relate to systems we, as programmers, might be asked to build someday. I can promise you that it’s possible to make an entire career simply out of thinking about those questions, and still barely scratch the surface.

                        2. 3

                          I didn’t say that. One would prefer “quick and painless” but the immoral act isn’t the suffering, it’s the killing.

                          1. 5

                            If the immoral act isn’t the suffering then you shouldn’t eat plants, either.

                            1. 2

                              While I don’t share @dz’s moral position, I don’t see this as a gotcha! that shows it is inconsistent.

                            2. 2

                              This is a really interesting position - Is there some underlying principle on which this belief rests? Or does it just feel self-evident? For you, is there any amount of crustacean suffering that’s worth more than one crustacean death?

                              1. 1

                                So as long as I don’t kill you I can make you suffer as much as I want and it wouldn’t be immoral. I certainly see the appeal of the philosophy.

                                1. 1

                                  edited: see below

                                  1. 1

                                    What if both things are immoral?

                                    1. 5

                                      There are certainly a large segment of people who think that killing and causing suffering are immoral, however this is the first time I’d ever seen that killing was immoral but suffering was not. Given that humans probably would go extinct without killing anything (plants included) usually people make the caveat “Killing is okay as long as you’re killing the beings that suffer the least”. Some go the whole fruits and nuts route, causing no harm at all, but I don’t think this is large scale sustainable. Plants only is a decent argument, but you’re still totally killing, so if suffering isn’t a moral criteria you might as well go eat whatever because I mean you’ve gotta kill you might as well kill the thing that reduces your suffering and I would have to kill like 400,000 clovers to equal one cow because biodensity.

                                      Something tells me this isn’t the philosophy DZ has and I’m going to take a generous interpretation that they really meant that reducing suffering doesn’t mean there is NO suffering. The animal was still ripped from its habitat, deprived of a normal life, separated from any family it might have had, etc. I’m going to also suspect that DZ also feels that killing is unilaterally wrong, which is I think not a bad moral basis to aspire to. I think there is some wisdom in having that goal.

                                      Being said, don’t make perfect the enemy of the good. If someone is going to kill and eat me, I should hope they don’t boil me alive. I would be a lot more upset about being tortured to death than I would about just being killed.

                                      1. 3

                                        Yes, this is the correct interpration, and I see how my post could be read differently.

                            3. 3

                              Something tells me if you were in the position of being boiled alive vs a painless death you would have more of an opinion on the matter.

                            1. 2

                              This could be a disappointingly cynical view, but I’m guessing I’ll get a few who agree :)

                              I work in meetings constanty because a vast majority of the time I spend in meetings are wasted.

                              Many are called to solve an issue that a simple email could solve. As soon as a request goes out, hangers on who don’t want to miss the chance to appear important or are interested in looking busy ask for a CC.

                              When the meeting actually happens, the participants include:

                              • the filibustering tech pedant
                              • the junior dev who aggressively focuses on self promotion
                              • the PM who doesn’t fully understand the project
                              • two people who forget to mute their phone
                              • and you / the person that needed a simple question answered

                              and it invariably stretches to an hour with the potential of a follow up.

                              “Not going” isn’t an option either: the PM is going to make decisions about the project based on their limited knowledge, the tech pedant is going to discuss a tangential project that links in to yours and the junior dev is going to sign you up for tasks. And when it’s time for performance appraisals, cross team managers will use how many meetings they saw you in as a proxy for your performance.

                              (And this doesn’t even touch on how business lines are aggressively split up so making a decision about the company web page requires five teams from three different branches of the company to be present…)

                              Corporate culture is broken; working during meetings is a symptom.

                                1. 4

                                  While small on the surface, it can’t stand alone — it includes bsd.prog.mk has some, ahem, complexity.

                                  (I couldn’t tell if your comment implies BSD makefiles are hairballs or if it implies they’re simple ;))

                                  1. 3

                                    bsd.prog.mk is quite the library, but CMake is much larger; I think it was meant positively.

                                1. 5

                                  Firefox is the only relevant browser that isn’t working for the corporate interests of big silicon valley companies. I’d rather have my employer misstep here and there, but listen to feedback than not at all. Besides, why is it always the idealized non-profit that gets the dirt, but not those working for shareholder value.. %shrugs%

                                  1. 4

                                    Besides, why is it always the idealized non-profit that gets the dirt, but not those working for shareholder value.

                                    Precisely because we know Google is out to sell our data for a nickel - that’s why we hold Mozilla to a higher standard, and why fuck ups like this are so disappointing.

                                    1. 2

                                      I noticed I got a down vote tagged “incorrect”. What do you think is incorrect? No corporate interests? Listening to feedback?

                                      Let’s talk!

                                    1. 5

                                      Related: AWS Fargate https://aws.amazon.com/blogs/aws/aws-fargate/

                                      AWS going wild with interesting product releases recently!

                                      1. 4

                                        re:Invent 2017 is going all week. Today was Andy Jassy’s keynote, and Werner Vogel’s is tomorrow. Typically Werner does the really fun launches — so something very interesting could drop tomorrow.

                                      1. 5

                                        There is some value to what she’s saying, but it would be better without the annoying tone. It smells of attention-seeking and it’s the worst part of twitter.

                                        1. 14

                                          I wouldn’t say it’s attention-seeking, she’s just not trying to be serious. Which she admits:

                                          These aren’t even facts anymore I’m just shitposting. But anyway,,,

                                          1. 2

                                            Which begs the question why would anyone think that this is a good fit for lobsters?

                                            1. 9

                                              Oh I’m not arguing whether it’s fit for Lobsters, I just think attention-seeking is an unfair insult.

                                              1. 2

                                                should be a good test case for our new “we delete trolls policy ;)

                                                For real though it seems pointlessly inflammatory.

                                                1. 2

                                                  Agreed on that, it’s a fun twitter exercise, but not much more then that. Definitely needs a satire tag, at least.

                                                  1. 1

                                                    Agreed on that, it’s a fun twitter exercise, but not much more then that. Definitely needs a satire tag, at least.

                                                    1. 1

                                                      The first 15-20 or so are relevant facts amusingly phrased. I agree the later points are a lot less good, but those first points make the thread worth posting, to me.

                                                  1. 25

                                                    wait, it has 17 upvotes (if one is to believe the archived version) and then got deleted?

                                                    edit: and the “hate post” self-description was clearly sarcasm. even a non native speaker can see that. can we pretty please just use the voting system for moderation except for extreme cases (like, real hate speech)?

                                                    1. 34

                                                      Yeah, I’m not immediately sure how I feel about this. I agree that the comment was low-value, but I also haven’t traditionally felt that my feeling alone should be sufficient justification to delete, in part because others might disagree. That’s never been how lobste.rs does things.

                                                      I do acknowledge that without the accidental recursive deletion, the impact would have been lower, and of course that aspect of it was a one-off.

                                                      Now that the technical migration is done, the new leadership team should all talk at some point about moderation philosophy and get on the same page.

                                                      1. 13

                                                        why was it low-value? just because of the wording? the title said “minimal”, and that is at least a bit hazy in its meaning. so saying that electron isn’t minimal is a valid point in the discussion. even with a grain of sarcasm.

                                                        1. 7

                                                          To me personally it was low-value because it took me a while to understand (might have been easier if I’d seen it while it was up and therefore the article’s subject matter in mind…), and because I didn’t feel that I got much out of it after putting in that effort. It was a valid and accurate criticism of Electron and of the article, without being a constructive one.

                                                          It’s certainly legitimate to express feelings about the article and about Electron, and I appreciate that many people have strong feelings on technical subjects, and I wouldn’t ask anyone to suppress those feelings. I don’t think it’s something that shouldn’t have been said. But if I’d personally said something this short I’d have expected to be downvoted.

                                                          My personal approach is that if I don’t have anything to add about how we got to this bad situation, or how we might get out of it, I just don’t say anything. This is out of respect for the time people spend reading this kind of remark, and with awareness that it takes time away from reading other pithy critiques. :) I do not consider it appropriate to enforce that on others though.

                                                          1. 1

                                                            My personal approach is that if I don’t have anything to add about how we got to this bad situation, or how we might get out of it, I just don’t say anything. This is out of respect for the time people spend reading this kind of remark, and with awareness that it takes time away from reading other pithy critiques.

                                                            If it comes in the form a one-line comment less than twenty words long, I think the dear citizens of Lobsters will be able to stomach having your opinion fly across their screen without much hazard, no matter how non-substantive it is.

                                                            1. 3

                                                              That’s fair. I guess I over-emphasized concern for others’ reactions: Only saying things I consider worth saying is mostly a thing I do for myself.

                                                        2. 9

                                                          And, hopefully, have that moderation philosophy align with the people using the site!

                                                          1. 17

                                                            It does to be fair go in both directions to some extent, since moderation philosophies impact who you get on a site and vice versa. But it’s tricky here because it’s a change in moderation team. People signed up basically expecting the jcs+Irene brand of moderation, but it’s not clear the pushcx brand is the same as that one. I personally feel very comfortable with the previous two moderators, and if they wanted to become a bit more hands-on as the community grows, I wouldn’t be too worried, because I trust how they’ve moderated the site so far. But a new moderator becoming significantly more hands-on than the existing moderation team makes me more nervous.

                                                            1. 4

                                                              I can’t speak for pushcx; I’ve always considered that a constraint. I believe I’m on record with it, although I can’t find the comments right now.

                                                            2. 5

                                                              FWIW, I think that any shift in moderation philosophy isn’t necessarily bad - I just hope it’s something discussed openly as a meta post, considered thoughtfully, and implemented transparently. That transparency was one of the features that pulled many people here and I’d hate to see it change.

                                                              1. 4

                                                                It had a lot of value for me, it told me that it uses Electron, which I try to avoid. Just because something has low value for you does not mean it has low value for everybody.

                                                                1. 0

                                                                  Yeah, I’m not immediately sure how I feel about this.

                                                                  I am: a censor abused his powers. In a just world, he would be forced to step down and suffer with the rest of us mortals. Fortunately for him, this is not a just world.

                                                                2. 11

                                                                  Final count according to the author was 23 and -4

                                                                  1. 9

                                                                    Upvotes are not necessarily a good way to judge a comment. People are herd animals, and it’s easy to upvote. There is a type of post that optimizes for “time taken” and “upvotes received:” the “zinger.”

                                                                    1. 20

                                                                      up/down votes are imho a clearly better moderation system than randomly deleting posts out of a mood.

                                                                      1. 11

                                                                        I don’t agree. Upvotes are very prone to herd movements and rarely express a useful policy in aggregates.

                                                                        1. 7

                                                                          Since we’re in meta territory here: I’ve found that the score hiding feature at least seems to weed out some of the herd tendencies.

                                                                          Maybe we should look at adjusting the score visibility threshold up? Or keep the score hidden for a bit longer?

                                                                          1. 8

                                                                            maybe just don’t show the score except for the poster so the feedback is still there, but the herd effect doesn’t kick in

                                                                          2. 3

                                                                            but what’s a better alternative? at least with (down-)votes there is a feedback, maybe to better state a point via an edit. i always had the feeling the votes worked rather good here.

                                                                            1. 5

                                                                              This still doesn’t make them “clearly a better moderation system”. A mix of both is very usual and proven.

                                                                              1. 5

                                                                                This still doesn’t make them “clearly a better moderation system”.

                                                                                like i’ve said: “imho”, but i have felt as i typed “clearly” that it would be a point of criticism for some.

                                                                                A mix of both is very usual and proven.

                                                                                to quote myself:

                                                                                can we pretty please just use the voting system for moderation except for extreme cases (like, real hate speech)?

                                                                      2. 1

                                                                        can we pretty please just use the voting system for moderation except for extreme cases (like, real hate speech)?

                                                                        And how is “real” “hate speech” defined? In reality, the term is just a catch-all excuse for censorship of various kinds.

                                                                      3. 0

                                                                        if this causes a “problem” in moderation lobste.rs is pretty much dead to me.

                                                                      1. [Comment removed by author]

                                                                        1. 34

                                                                          I fully agree with you on this. The best moderation is moderation no one notices. I read the original comment and it started a valid dialogue. It wasn’t hateful, it was an obvious joke about not being a fan of electron.

                                                                          @pushcx you are power tripping in removing comments alone, but your attitude after the fact is just unbelievable. I’ve been part of this community for years now and you’re making me rethink that now after just a week. I don’t have any interest in contributing or being part of this community if that’s how you want to run it.

                                                                          Edit: who downvoted this as “troll” and why?

                                                                          1. 0

                                                                            Edit: who downvoted this as “troll” and why?

                                                                            Some people still use downvotes as a form of protest. I recently had an “incorrect” downvote on a simple piece of info directly from the Go documentation: https://lobste.rs/s/nvfu1o/implementing_gos_defer_keyword_c#c_xkzj1u

                                                                          2. 7

                                                                            @pushcx needs to step back

                                                                            That’s a bit harsh, don’t you think? However, I do share your view that moderators should not shape the discourse instead anyone should be able to decide for himself what a hate/unacceptable/whatever post or comment is and what not.

                                                                            1. 0

                                                                              -1 incorrect, -1 troll

                                                                              Ok, I can accept the incorrect flag but troll, really? Can someone please explain why my comment was flagged as trolling?

                                                                              1. 3

                                                                                I had 2 troll downvotes on my response to this. Maybe they’re trying to self-identify?

                                                                            2. 5

                                                                              I’d like to see @pushcx step down for a few months and wait to be democratically elected (supported?) to return to a moderator position.

                                                                              1. 8

                                                                                Does this mean we’d have to form some kind of committee? How do we determine who gets to vote and how that vote takes place?

                                                                                From discussions on IRC, and @pushcx’s comments in this thread, the deletion of the whole thead was unintentional and recovery of those comments may be difficult. This is clearly a mistake, but one that I feel is understandable and forgivable.

                                                                                As for the deletion of the comment intended, that may also be a mistake, but one with deeper consequences. I, for one, thought the “hate post” was a low value comment that didn’t need to be made in the first place. I am indifferent to it being there at all and probably would downvote it if was still there. The fact that it’s gone doesn’t bother me. The only thing that gives me pause is that it was deleted since this is the first time something like this has happened here, to my knowledge.

                                                                                My personal view is that pushcx jumped the gun, but I don’t want it to be a regular occurrence, but on the other hand, it’s consistent with his previous views on moderation, as I recall. I’d prefer a less heavy handed approach, where the moderator can hide the post, the post indicates that it’s been moderated, and you have to click through to see it.

                                                                                On the other hand, I agree with pushcx in that I don’t want to see more “hate posts” because I don’t think they help the community.

                                                                                1. 6

                                                                                  I would like this too. I think it is a good compromise. I loathe comments like the one in question, and would love to see less of them.

                                                                                2. 1

                                                                                  Maybe just let people elect whether mods should be able to delete comments for arbitrary reasons? I’m just as crazy about this as you seem to be (which is to say not at all), but @pushcx has put a lot of work in and I’d hate to see that all put on hold for three months just because of one misstep.

                                                                                3. -5

                                                                                  If you don’t like moderators, usenet is still up. Godspeed.

                                                                                  EDIT: A less grumpy response is that every active community has moderation, and with good reason. The places that have little to no moderation like Usenet and 4chan are very, very different culturally. And not in a good way, in my opinion.

                                                                                  1. 27

                                                                                    who had 8 days in the post-migration death pool?

                                                                                    EDIT: since we’re getting less grumpy ;)

                                                                                    We’ve been running under new management for eight days. The previous comment-killing moderations were, in reverse-chronological order:

                                                                                    • as the site was finding feet
                                                                                    • to correct an obvious issue
                                                                                    • “language” - not sure what that one is.

                                                                                    People are going to be rightfully nervous when they perceive a change in the tone of moderation. Especially when the comment in question was maybe trolly but definitely not anything excessive.

                                                                                    1. 15

                                                                                      I don’t think “no moderation” is even a meaningful concept. As detailed at length in the classic essay The Tyranny of Structurelessness, when the people who provide a community with its venue decline to get involved in questions about what kind of community it is, other people step in to do that. I’m sure you can think of the same people offhand who’ve been doing that here as I can. :)

                                                                                      1. [Comment removed by author]

                                                                                        1. 10

                                                                                          I agree with that. I’m sure that we differ on details, but I want the process to be transparent and clear.

                                                                                          1. 2

                                                                                            Could you please link to some successful communities that rely on a democratic moderation process and limit moderators limited to spam/dmca?

                                                                                            1. 12

                                                                                              Most of the good mailing lists I’m on are sort-of like that, though it depends on what you mean by “democratic”. For technical reasons moderators obviously don’t delete messages on mailing lists, and interventions on the ones I’m on are usually limited to banning users who repeatedly refuse to follow community norms, plus occasionally gently intervening in wildly off-topic threads to suggest maybe they could be taken offlist. Usually by the time someone’s banned there’s a pretty good consensus that most of the people want them gone, so the moderator is in a sense just carrying out the prevailing view, though it’s not democratic in a formal sense like there being votes or anything. (I do think up/downvotes are not a great mechanism.)

                                                                                        2. 8

                                                                                          shots fired

                                                                                          edit: fair enough, but there are shades of moderation level, usenet and 4chan haven’t really moderation from the userbase, while lobsters has and it should be favored over moderation from admins.

                                                                                          1. 2

                                                                                            lobste.rs has moderated invites, to me this implies that we don’t need internal moderation except for spam, etc.

                                                                                          2. 3

                                                                                            The USENET group alt.hackers is unique in that it’s a moderated group, but with no moderator, which was the whole point. It was a fun exercise in learning how to post there, and the signal-to-noise ratio was quite good for a moderatorless moderated group.

                                                                                            1. 2

                                                                                              If you don’t like moderators, usenet is still up. Godspeed.

                                                                                              Okay. That made me laugh.

                                                                                              But fwiw, I don’t agree with aggressive moderation. If we some how reach reddit-level brigading and shit posting then it might be appropriate.

                                                                                              1. 3

                                                                                                It might have been funny, but more importantly it was mean. I consider it a mistake. It deserved every downvote and I’m only not deleting it because it’s better off visible as the part of an important meta conversation.

                                                                                          1. 4

                                                                                            Looks like a good primer to Go - thanks!

                                                                                            Smaller number of packages as compared to other ecosystems like Node.js and Ruby. However, it’s increasing.

                                                                                            I’ve heard this as a criticism before, but as a person who did quite a bit of Ruby, I think this isn’t a downside but is instead an upside ;)

                                                                                            Consider some of the most frequently downloaded Ruby gems. Lots of these are right in the Go stdlib:

                                                                                            Is this just a case that Go has more batteries included than Ruby or Node.js?

                                                                                            1. 1

                                                                                              Yeah, exactly! I know what you mean, I came from both Nodejs and Ruby communities to Go. And, millions of fragmented packages bit me too…

                                                                                              I put it there in disadvantages however I don’t think most of them as disadvantages, only that, people can may judge it that way, I’m not sure.

                                                                                            1. 11

                                                                                              It’s egregious judgement errors like this that make me wonder if the appropriate course of action is not to apply a patch, change settings, etc. but instead just uninstall and stop using it entirely. Who knows what else might be lurking in there?

                                                                                              1. 17

                                                                                                This seems a bit harsh.

                                                                                                This feature allows iTerm to check whether links are clickable, which is a really cool feature IMO.

                                                                                                Also, we should give the iTerm team props for releasing a patch so quickly.

                                                                                                EDIT: It’s also nice to see someone owning up to their mistake: https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue

                                                                                                1. 7

                                                                                                  This feature allows iTerm to check whether links are clickable, which is a really cool feature IMO.

                                                                                                  It’s a nice feature, but it’d work just as well if it only checked a regex. Web browsers don’t even disable invalid links, so it’s a stretch to expect a terminal to do so.

                                                                                                  I do agree it’s a bit harsh to completely uninstall just over this issue, though.

                                                                                                  1. 10

                                                                                                    This seems a bit harsh.

                                                                                                    I don’t think so: if you need a bug to grasp why leaking DNS queries is bad, what other insane privacy gaps did you build in to your software?

                                                                                                    This feature allows iTerm to check whether links are clickable, which is a really cool feature IMO.

                                                                                                    • build a list of clickable URIs in code
                                                                                                    • let the user specify URI prefixes
                                                                                                    • … or a regex!
                                                                                                    • … or even better push it to my plumber daemon!

                                                                                                    There are plenty of ways to make clickable links without adding a massive privacy vulnerability.

                                                                                                    1. 9

                                                                                                      Sure! And @gnachman owned up to the fact that he didn’t think this through.

                                                                                                      My concern is with the people attacking iTerm and threatening to uninstall because the guy made a mistake. I have no doubt he works hard on iTerm and his response was both fast and transparent. I’m sure he’s learned a good lesson and this won’t happen again. If anything, I have more respect for him than I did before.

                                                                                                      1. 25

                                                                                                        It’s kind of gross that @gnachman has a long history of steadily improving iTerm and there are cries of “uninstall!” when he makes a single mistake that he fesses up to and fixes quickly. Seriously, why make free/OSS stuff if people are going to be that uncharitable about it?

                                                                                                        1. 2

                                                                                                          Totally gross, indeed. Only took at least 3 bug reports (the other two are directly referenced by the OP of the new one), each detailing the very same security issue from a different angle (but each one is, in fact, security-related), over a period of 2 years (each report came roughly 1 year apart of the other one).

                                                                                                          But, of course, the alternative facts is that once the word spread out to Hacker News / Lobsters / whatnot, the issue was “fixed” very quickly, so, to even entertain the idea that such software should be uninstalled due to this, is entirely unjustified and gross!

                                                                                                          P.S. Did you know he has a Patreon, too, as per HN? If you do appreciate his work all that much, maybe instead of arguing against the solid security concerns that people with knowledge of the matter do have, you should instead be setting up your recurring donation?

                                                                                                          1. 1

                                                                                                            I’m not quite sure where to start with this response. I suspect we are talking past each other, or not talking about the same thing. I’m advocating for a little grace here. The implementation was bad, period. He should’ve fixed it earlier. But even with both concerns I can’t get too worked up about it. It’s funny because I work in infosec and I despise software bloat because it usually produces stupid bugs like this.

                                                                                                            Anyway, thanks for the thoughts.

                                                                                                        2. 8

                                                                                                          I quite like iTerm2, will continue to use iTerm2, and I’m grateful for the continued innovation and effort in iTerm2.

                                                                                                          A concern I have is the issue has been reported twice over the past few years, both raising concerns around privacy and security:

                                                                                                          only after the high level of attention paid to the bug on HN and Lobsters was the severity of the issue considered.

                                                                                                          1. 2

                                                                                                            I agree that this is a problem, but uninstalling isn’t the solution.

                                                                                                            A better approach would be a post-mortem. Any reasonable engineering company would do this after finding a security issue in their software has been reported multiple times. Why not do the same in OSS?

                                                                                                            I’ve opened this issue to try to get this started: https://gitlab.com/gnachman/iterm2/issues/6068

                                                                                                      2. 1

                                                                                                        Good looks owning up to it. I’ve been happy with iTerm2 for some time now, and this issue won’t change that, now that they have responded quickly and appropriately (in my mind).

                                                                                                      3. 1

                                                                                                        I uninstalled it after this. Apple has been improving terminal a lot in recent years. It now supports many of the features I sought in iTerm, like ligature rendering.

                                                                                                        I appreciate iTerm a lot, but really obvious security mistakes (correctly) lower people’s confidence in the security of the product in other respects.

                                                                                                      1. 20

                                                                                                        Look, here’s the thing. If you’re holding 30 million dollars in 250 lines of code that you haven’t audited, then it’s on you. Seriously. It takes any half-decent appsec guy less than one man-day to fleece those 250 lines. At most, that would cost them a few thousands of dollars. They didn’t do it because they wanted it all for free. They didn’t do it because they’re greedy and cheap. They absolutely deserve this.

                                                                                                        I kinda agree with this, honestly. :-\

                                                                                                        1. 2

                                                                                                          I kinda agree with this, honestly. :-\

                                                                                                          That’s because, as your post history on Lobsters has established, you need to get you some ethics and morals.

                                                                                                          I kinda agree with the top comment in the article:

                                                                                                          “ Look, here’s the thing. If you’re holding 30 million dollars in 250 lines of code that you haven’t audited, then it’s on you.”

                                                                                                          Look here’s the thing. If you’ve parked your car on the street like a pleb instead of buying a house with a garage, then its on you.

                                                                                                          Look here’s the thing. If you’re holding a PC and a TV and a washing machine in a house with single glazing on the rear windows, then it’s on you.

                                                                                                          Whilst this was an extremely interesting read and I’m sure awesome fun to pull off, theft is theft. The rule of law is the rule of law. You know that these ETH belong to other people and you have taken them for yourself. That’s theft, and I hope the law catches up with you.

                                                                                                          1. 13

                                                                                                            But the entire point of “smart” contracts is that the code IS the contract, right? Your analogy is flawed. It’s not like stealing a car, it’s like finding a loophole in an agreement (or “dumb” contract) and exploiting it in the courts. That happens literally every day, and it is perfectly legal.

                                                                                                            The difference is that when you have actual humans making the decisions instead of computers you can make more subtle arguments about what was intended instead of being beholden to the most pedantic possible interpretation of the contract.

                                                                                                            1. 14

                                                                                                              This is the correct interpretation. The “smart contract” hype is built around the concept that the blockchain is the judge and the jury: it’s all built on the assumption that the blockchain is incorruptible and perfect. To quote from Gavin Wood’s paper “Ethereum: A Secure Decentralised Generalised Transaction Ledger:”

                                                                                                              [Ethereum has attributes] not often found in the real world. The incorruptibility of judgment, often difficult to find, comes naturally from a disinterested algorithmic interpreter.

                                                                                                              Further:

                                                                                                              …natural language is necessarily vague, information is often lacking, and plain old prejudices are difficult to shake.

                                                                                                              Most ominously, perhaps:

                                                                                                              …the future of law would be heavily affected by [smart contract] systems… Ethereum may be seen as a general implementation of such a crypto-law system.

                                                                                                              Based on these concepts, the idea that they’re building a perfect replacement for law, they implemented a Turing-complete language with no concept of or provision for proofs, and run it on a distributed VM from which no malicious programs can be purged. Brilliant!

                                                                                                              1. 4

                                                                                                                Is it brilliant? I’m not so sure: what sovereign citizens and computer geeks alike seem to believe is that the law is a sequence of perfectly defined rules - which is why the former loves to look for the magical series of words that exempts them from it.

                                                                                                                But in reality the law is often about intent and judgment. If I found a bank that let me put my name on everyone’s account and I did with the purpose of withdrawing their savings, the court would hold a dim view of me saying “but they let me do it!

                                                                                                                1. 4

                                                                                                                  That was sarcasm. :)

                                                                                                                  1. 3

                                                                                                                    thank god. but like the best sarcasm - and I say this with complete sincerity - it’s indistinguishable from what people are claiming both here and in the article.

                                                                                                                    1. 1

                                                                                                                      Well note, only the “Brilliant” part was sarcasm. The rest was literally quoting a seminal paper in the space.

                                                                                                                2. 2

                                                                                                                  hopefully the interest in contract languages on blockchains will encourage more folks to get involved in formal verification.

                                                                                                                3. 3

                                                                                                                  But the entire point of “smart” contracts is that the code IS the contract

                                                                                                                  Agreed. The analogies given above were ridiculous:

                                                                                                                  Look here’s the thing. If you’ve parked your car on the street like a pleb instead of buying a house with a garage, then its on you.

                                                                                                                  This is not a comparison. Try this instead:

                                                                                                                  Look here’s the thing. If you’ve parked your limited edition McLaren F1 on the street instead of in your garage, then yeah that was dumb

                                                                                                                  But this is still a rubbish analogy because in Ethereum: Code is Law.

                                                                                                                  1. 8

                                                                                                                    The correct analogy would be to leave the thing unlocked, with the keys in a plastic box inside, and with a notarized affidavit that reads, ‘I, goodger, hereby transfer ownership of this vehicle and its contents to whomsoever may open this box’.

                                                                                                                    1. -1

                                                                                                                      Bingo!!

                                                                                                                4. 19

                                                                                                                  That’s because, as your post history on Lobsters has established, you need to get you some ethics and morals.

                                                                                                                  Says the guy who posted 9/11 truther conspiracies from his blog. Angersock has ethics and morals, and I’m a little disheartened that your ad hominem attack got upvoted.

                                                                                                                  1. 6

                                                                                                                    There are a few certain types of stories regarding politics and cryptocurrencies that seem to bring out a group of extremely angry and aggressive posters that don’t seem to want to have anything but traditional internet yelling. “Get morals” has been yelled at me any time the US government is brought up and always seems heavily upvoted.

                                                                                                                    1. -5

                                                                                                                      Says the guy who posted 9/11 truther conspiracies from his blog

                                                                                                                      And what is wrong with that?

                                                                                                                      9/11 Truthers are called 9/11 Truthers because they aren’t 9/11 Frauds.

                                                                                                                      EDIT: BTW, those downvoting this as “off-topic” might want to downvote @ngoldbaum’s post instead. I didn’t bring up 9/11, he did. I’ll defend myself if called and, and so to quote from elsewhere: It’s been 16 years now and over $300k in research by multiple teams have refuted NIST multiple times — enough is enough.

                                                                                                                      and I’m a little disheartened

                                                                                                                      That’s too bad.

                                                                                                                      It’s what happens to people who don’t understand basic physics.

                                                                                                                      Have fun with the paid sock puppets though.

                                                                                                                      1. 2

                                                                                                                        Damn, I’m a sock puppet after all… Also ad hominem.

                                                                                                                        1. 2

                                                                                                                          me too! #sockpuppet

                                                                                                                          1. -4

                                                                                                                            Keep it up, y’all are going to spend the end of your lives in a prison of your own making.

                                                                                                                            You think smart people can’t see past these fake votes?

                                                                                                                            1. 5

                                                                                                                              It must be very hard living a life where you think every time someone disagrees with you it’s because of a huge conspiracy.

                                                                                                                              I encourage you to talk to a mental health professional.

                                                                                                                              1. -2

                                                                                                                                It must be very hard living a life where you think every time someone disagrees with you it’s because of a huge conspiracy.

                                                                                                                                You misunderstand, I don’t think that.

                                                                                                                                But 9/11 is a huge conspiracy, so on this particular topic it’s perfectly sensible to think that.

                                                                                                                              2. 2

                                                                                                                                I know that this is futile and I’m shouting into the void, but why would you assume that everyone who disagrees with you is a sock puppet? These aren’t fake votes I think people are disagreeing with your aggressiveness, there is no reason for this to be a psy-ops campaign just to mess with you.

                                                                                                                                1. -4

                                                                                                                                  but why would you assume that everyone who disagrees with you is a sock puppet?

                                                                                                                                  See my response to your sock puppet friend’s identical question.

                                                                                                                                  But, tell me (since now with the fake downvotes nobody can see your response), how much do you get paid to write this stuff?

                                                                                                                                  Are you an American? If so, is it enough to sleep at night, knowing that you’re supporting the terrorists who attacked this country on 9/11?

                                                                                                                                  1. -3

                                                                                                                                    You gonna answer my question or just exercise your downvote button?

                                                                                                                                    Think McFly!

                                                                                                                          2. -5

                                                                                                                            Angersock has ethics and morals

                                                                                                                            Yeah, theft is cool man. Totally ethical. Totally moral. And your upvotes totally didn’t appear simultaneously as a bunch of sock puppets upvoted your comment.

                                                                                                                      1. 2

                                                                                                                        Re-orderable position shouldn’t be stored as integers but as fractions (rational numbers). That way there is always room to find a number between any other two.

                                                                                                                        This seems logical enough at face but it has me very nervous. Are my instincts correct, or is this totally fine?

                                                                                                                        1. 1

                                                                                                                          From what I’ve seen, it’s usually sufficient as long as you occasionally renumber items. It takes a user intentionally resorting items extensively in short succession to get to the pathological case.

                                                                                                                          1. 1

                                                                                                                            See the linked article on Postgres wiki, especially:

                                                                                                                            There are a number of possible approaches. Using integers is simple but tends to require frequent renumberings. Using floats and picking the midpoints between adjacent values also runs out of space rapidly (you only need 50-odd inserts at the wrong spot to start hitting problems). So this approach uses integer fractions, choosing the values (from the Stern–Brocot tree) such that they can be sorted using (p::float8/q) but renumbering values is only rarely required.

                                                                                                                            and:

                                                                                                                            -- want to renormalize both to avoid possibility of integer overflow
                                                                                                                            -- and to ensure that distinct fraction values map to distinct float8
                                                                                                                            -- values. Bounding to 10 million gives us reasonable headroom while
                                                                                                                            -- not requiring frequent normalization.
                                                                                                                            
                                                                                                                            IF (np > 10000000) OR (nq > 10000000) THEN
                                                                                                                              perform cat_renormalize(cat_id);
                                                                                                                            END IF;
                                                                                                                            
                                                                                                                            1. 1

                                                                                                                              Ah - reading more into that Wiki entry was illuminating. I think when I first read OP I came away thinking they were advocating storing numbers as reals, not rationals.

                                                                                                                              What a clever solution - thanks for helping clarify!

                                                                                                                          1. 1

                                                                                                                            How does this work? If bitcoin is currency, and you are printing currency, why not spend the currency yourself rather than selling the currency to someone else (which must be below face value). This means that the miner is hedging that the cost of bitcoin will drop to below whatever they are selling it as. (My financial acumen is pretty low)

                                                                                                                            Seeing the answers below I am clarifying my question:

                                                                                                                            If you have the hardware to mine bitcoin, why aren’t you mining the bitcoins for yourself? It looks like these folks are selling a service to mine bitcoins. So they spend $X on electricity and infrastructure to mine $Y in bitcoins. By selling the bitcoins they can make $Y - $X profit. I got they impression they were rather charging $Z (which has to be < $Y) to others to mine the bitcoin for them leaving $Y - $Z on the table.

                                                                                                                            Perhaps I have misunderstood all this.

                                                                                                                            1. 8
                                                                                                                              • Bitcoin is a notoriously volatile commodity, varying by over 10% in the last week alone. RMB is stable.
                                                                                                                              • If they mined bitcoin for themselves they’d still need to convert it to RMB anyway, which has its own costs and hassles.
                                                                                                                              • Many people who hold bitcoin do so under the assumption that the price is going to go to the moon, so subjectively value it much higher than miners.
                                                                                                                              • In a gold rush, sell shovels.
                                                                                                                              1. 2

                                                                                                                                In a gold rush, sell shovels.

                                                                                                                                Came to post exactly this ;)

                                                                                                                                I think mining on contract is a brilliant hedge. If you’re bearish on cryptocurrency (like me), you can structure your agreements to pay for the equipment quickly and take a low but steady return.

                                                                                                                                If it keeps going up uP UP your return steadily increases, albeit slowly - and you can get more customers. If it tanks, you’ve made steady profit and you can try to offload your gear on eBay.

                                                                                                                                1. 1

                                                                                                                                  Many people who hold bitcoin do so under the assumption that the price is going to go to the moon, so subjectively value it much higher than miners.

                                                                                                                                  This part doesn’t make sense. No matter what any individual subjectively values bitcoin at, they’re going to be paying market price. Miners can sell at market price and hodlers can buy at market price. There’s no “arbitrage” opportunity from transferring to hodlers directly, because if they can get it cheaper from an exchange, they will.

                                                                                                                                  1. 1

                                                                                                                                    What the above posters are saying, and I agree, is that miners are folk who don’t believe in bitcoin as an investment AND can’t be bothered to sell the coins at current market value. They would rather get cold hard cash right now, even if it is at a discount. Their market is people who do believe in bitcoin as an investment but can’t be bothered to setup the infrastructure themselves.

                                                                                                                                    For this market to work, the customers have to get a discount (or hedge) on the bitcoin price and the miners believe the discount/hedge is less than the value of the hassle they would have to go through to sell the coins on the open market.

                                                                                                                                    1. 1

                                                                                                                                      It’s worth calling out that mining costs electricity, the price of which is highly variable around the world.

                                                                                                                                      Large-scale miners are almost universally operating where they can get electricity cheaper than their customers.

                                                                                                                                2. 4

                                                                                                                                  Bitcoin isn’t currency. It behaves much more like a commodity asset.

                                                                                                                                  1. 1

                                                                                                                                    Because to buy mining hardware and electricity, they need to use RMB.

                                                                                                                                    1. 2

                                                                                                                                      Right mouse button? I’m confused.

                                                                                                                                      1. 1

                                                                                                                                        Yuan. There’s very little you can actually buy with BTC, so most people instead sell BTC for dollars/pounds/shekels/yuan and use that instead.

                                                                                                                                        1. 1

                                                                                                                                          Ah, gotcha, thanks. Thought maybe I was whooshing on a joke. :)

                                                                                                                                    2. 1

                                                                                                                                      Edited to reflect your clarification:

                                                                                                                                      Electricity is far, far cheaper at these remote hydroelectric dams than in the cities. It’s worth mining BTC where electricity is cheap.

                                                                                                                                    1. 2

                                                                                                                                      Preface: I’m bad at DNS. Way bad. :)

                                                                                                                                      Don’t the root nameservers who are authoritive for .IO maintain the A records in the root .IO zone file?

                                                                                                                                      His own dig output seems to point at this: after he registered ns-a1.io we saw:

                                                                                                                                      ns-a1.io. 172800 IN A 194.0.1.1

                                                                                                                                      That’s not his IP. That’s one of ICBs, the registrar that runs .IO.

                                                                                                                                      DNS traffic would never flow down to his box because the query for foo.io would go to a root nameserver authoritive for .io, which would hand back a domain name possibly owned by the attacker but an IP owned by the registrar.

                                                                                                                                      So even though they clearly fucked up, this isn’t what he claims it to be. Right?

                                                                                                                                      1. 1

                                                                                                                                        There’s another post making a similar point. https://mpounsett.blogspot.ca/2017/07/the-io-error-problem-with-bad-optics.html

                                                                                                                                        Although the author says he collected lots of queries? I guess he could make that up, but I think it’s also possible that not every resolver does exactly what we’d expect. I guess he could have redirected half of keybase.io traffic for a day to test, but that’s not a nice thing to do.

                                                                                                                                      1. 4

                                                                                                                                        Wait what I’ve been using irssi for like a decade. How is it only at 1.0.something?

                                                                                                                                        1. 5

                                                                                                                                          I started using my favorite window manager around when it was first released. Now it is old enough to drink but is “only” at version 0.95.8.

                                                                                                                                          The version number arms race/great acceleration/lie is a relatively new invention!

                                                                                                                                          1. 2

                                                                                                                                            I used wmaker for the longest time, and it wouldn’t require much to pull me back in :)

                                                                                                                                            Sometimes software is pretty much complete for what it wants to .

                                                                                                                                          2. 3

                                                                                                                                            Enlightenment 0.17 was in development for over 12 years.

                                                                                                                                            TeX, out of all things, has been at version π since 1978.

                                                                                                                                            A great number of programs do not ever achieve version 1.0.

                                                                                                                                            Unless you’re Google Chrome or Firefox, a high version number means very little to a lot of open source projects.

                                                                                                                                          1. 6

                                                                                                                                            Erm, so I disable priv ports. I start a web server on port 80. Little Timmy comes along and starts a web server on port 80. What happens now?

                                                                                                                                            1. 3

                                                                                                                                              Timmy’s call to bind() fails, because the port is already in use by you.

                                                                                                                                              1. 4

                                                                                                                                                Then how is this actually useful for running multiple web servers on the same box? Wouldn’t it end up in a free-for-all, with the first user who starts up their Wordpress install getting port 80, while the rest have to contend with another, non-standard port?

                                                                                                                                                1. 12

                                                                                                                                                  What *nix really needs is the ability to assign users ownership to IP addresses. With IPv6 you could assign every machine a /96 and then map all UIDs onto IP space.

                                                                                                                                                  This is probably a better idea than even getting rid of privileged ports. You can bind to a privileged port if you have rw access to the IP.

                                                                                                                                                  The real issue here is that Unix has no permissions scheme for IPs the way it does for files, etc.

                                                                                                                                                  1. 5

                                                                                                                                                    Its not so very much code to write a simple daemon that watches a directory of UNIX sockets, then binds to the port of the same name, forwarding all traffic. Like UNIX programming 101 homework easy. One can certainly argue its a hack, but its possible and its been possible for 20 years if that’s what people wanted. No kernel changes required.

                                                                                                                                                    I think theres a corollary to necessity is the mother of all invention. If it hasn’t been invented, its not necessary. To oversimplify a bit.

                                                                                                                                                2. 2

                                                                                                                                                  Sounds like Timmy needs a VM, so now I’m unclear on exactly how we’ve solved the energy crisis.

                                                                                                                                                  1. [Comment removed by author]

                                                                                                                                                    1. 2

                                                                                                                                                      Well, what happens when I grab 10.0.0.2 too? And .3 and .4?

                                                                                                                                                      There needs to be an address broker at some level, and I’m not convinced it’s impossible for that broker to be nginx.conf proxying a dozen different IPs to a dozen different unix sockets. There’s a fairly obvious solution to the problem that doesn’t involve redesigning everything.

                                                                                                                                                      So why then does AWS offer VMs instead of jamming a hundred users onto a single Linux image? Well, what if I want to run FreeBSD? VM offers a nice abstraction to allow me run a different operating system entirely. Now maybe this is an argument for exokernels and rump kernels and so forth, but I didn’t really see that being proposed.

                                                                                                                                                      1. [Comment removed by author]

                                                                                                                                                        1. 6

                                                                                                                                                          OK, sorry, didn’t mean to be argumentative. But it’s a really long article, so I could only keep some of it in my head, and it got a lot of upvotes, so I’m trying to mine out what the insights are. But don’t feel personally obligated to explain. :)

                                                                                                                                                          There seemed to be a metapoint that things are inefficient because we’re using some old design from another era and it’s obsolete. But I didn’t see much discussion of why we can’t keep the design we have and use the tools we have in a slightly better way. Like nginx.conf to multiplex. Shared web hosting used to be a thing, right?

                                                                                                                                                          1. 4

                                                                                                                                                            I feel the metapoint was the opposite. The author wanted to go back to the old way things were done, but simply allow users to have their own IP address in the same way they have their own home directory.

                                                                                                                                                            You can already add many IP addresses to a single machine in BSD and Linux. In Linux (don’t know about BSD), you can even create virtual sub-interfaces that have their own info, but reside on the same physical interface. The author wanted unix permissions on interfaces too, rwx = read write bind. So your hypothetical user Timmy user would have /home/timmy and eth0:timmy, with rwx on /home/timmy, and r-x on eth0:timmy. They would be able to read their IP, MAC, etc, and bind to it, but not change it.

                                                                                                                                                            1. 2

                                                                                                                                                              Shared web hosting used to be a thing. I think people have realised that hosting a website means running code, one way or another, and traditional unix was never really suited to the idea that there would be multiple people organizing code on the same machine: multiple users yes, but unix is very much single-administrator.

                                                                                                                                                              More concretely, library packaging/versioning sucks: it’s astonishingly difficult to simply have multiple versions of a shared library installed and have different executables use the versions they specify. Very few (OS-native) packaging systems support installing a package per-user at all. Even something like running your website under a specific version of python is hard on shared hosting. And OS-level packaging really hasn’t caught up with the Cambrian explosion of ways to do data storage: people have realised that traditional square-tables-and-SQL has a lot of deficiencies but right now that translates into everyone and their dog writing their own storage engine. No doubt it will shake out and consolidate eventually, but for now an account on the system MySQL doesn’t cut it but the system has no mechanism in place for offering the user persistence-service-of-the-week.

                                                                                                                                                              Personal view: traditional unix shared too much - when resources were very tight and security not very important it made sense to optimize for efficiency over isolation, but now the opposite is true. I see unikernels on a hypervisor as, in many ways, processes-on-a-shared-OS done right, and something like Qubes - isolation by default, sharing and communication only when explicitly asked for, and legacy compatibility via VMs - as the way forward.

                                                                                                                                                              1. 1

                                                                                                                                                                Isn’t this exactly the problem solved by virtualenv and such? I’ve never found it especially difficult to install my own software. There was a big nullprogram post about doing exactly this recently.

                                                                                                                                                                There are some challenges for sure, but I get the sense that people just threw their hands in the air, decided to docker everything, and allowed the situation to decay.

                                                                                                                                                                1. 1

                                                                                                                                                                  virtualenv has never worked great: a lot of Python libraries are bindings to system C libraries and depend on those being installed at the correct version. And there’s a bunch of minor package-specific fiddling because running in virtualenv is slightly different from running on native python.

                                                                                                                                                                  People reached for the sledgehammer of docker because it solved their problem, because fundamentally its UX is a lot nicer than virtualenv’s. Inefficient but reliable beats hand-tuning.

                                                                                                                                                              2. [Comment removed by author]

                                                                                                                                                                1. 1

                                                                                                                                                                  You can’t quite use namespaces that way. Net namespaces are attached to a process group, not a user. But doing something like I described would truly assign one IP address to a user. That user would have that IP address always. They would ssh to it, everything they started would bind to it by default, and so on. It would be their home IP in the same way their home directory is theirs.

                                                                                                                                                                  1. 1

                                                                                                                                                                    Docker is mentioned as also bloat because of image for each container.

                                                                                                                                                                    Container and layer sprawl can be real. I can’t deny that :)

                                                                                                                                                                    But you have two options to mitigate that:

                                                                                                                                                                    1. Build your dockerfile FROM scratch and copy in static binaries. If you’re doing C, or Go, this works very well

                                                                                                                                                                    2. Pick a common root - Alpine Linux (FROM alpine) is popular since it is fairly small. Once that is fetched, any container that references it will reuse it - so your twenty containers will not all go download the same Linux system.

                                                                                                                                                          2. 1

                                                                                                                                                            They have different ip addresses, There must be some way to use multiple addresses on the same linux install and if there isnt it would be easy to add.

                                                                                                                                                        2. 2

                                                                                                                                                          From the article: network service multi-tenancy. What does that even mean? Good question. I think that in his ideal world we’d be using network namespaces and we’d assign more ips per machine.

                                                                                                                                                          Honestly it sounds like despite his concerns about container overhead, his proposal is basically to use containers/namespaces. Not sure why he thinks they are “bloated”.

                                                                                                                                                          1. 3

                                                                                                                                                            A few numbers would certainly make the overhead argument more concrete. Every VM has its own kernel and init and libc. So that’s a few dozen megabytes? But a drop in the bucket compared to the hundreds of megabytes used by my clojure web app. So if I’m provisioning my super server with lots of user accounts, I can get away with giving each user 960MB instead of 1024MB like I would for a VM? Is that roughly the kind of savings we’re talking about?

                                                                                                                                                        1. 7

                                                                                                                                                          … You’ll have to make it use folders under /home/yourname/… but eventually you’ll have your own local MySQL server running in your own local user-space.

                                                                                                                                                          Containers are just namespaces. Yes, namespacing packages costs some disk space (you can make this very small with Alpine, advanced filesystem tricks, etc), but so does installing packages in /home/$USER! You don’t have to install a massive CentOS image in your container (but you can, and that’s sort of neat).

                                                                                                                                                          Multi-tenancy on Linux is better now than anyone from the 1970s ever dreamed possible (systemd even has nice support for multiple independent physical display/keyboard/mouse sets!). There may be a valid gripe to be had about aesthetics, but not about resource overhead, or really even fundamental complexity. Even privileged ports can be shared with inetd, sudo, iptables, or linux capabilities.

                                                                                                                                                          1. 3

                                                                                                                                                            You don’t have to install a massive CentOS image in your container

                                                                                                                                                            I want to highlight this because it bears repeating.

                                                                                                                                                            It’s absolutely possible to create a statically linked binary and place that - and nothing more - in a Docker container.

                                                                                                                                                            Traefik, a golang loadbalancer, does this - the container has the binary and a trusted list of CAs. As a result the whole container clocks in at 12mb