Threads for pcrock
-
pcrock
11 days ago
|
link
| on:
The oldest privesc: injecting careless administrators’ terminals using TTY pushback
This is a great example why it’s not a good idea to do things like write your own sudo by yourself (unless you’re just doing it for kicks and giggles). Security is hard. There are just too many random edge cases in our operating systems for one lone brain to consider.
-
-
I have to say, this fulfills that classic stereotype of the JavaScript developer always seeking newer and better frameworks, as if framework churn wasn’t a problem in this ecosystem.
React has aged.
Initially released 9 years ago as of this writing, and still maintained! Hey, it might actually be stable enough to consider using!
Safe bets don’t pay off big.
… and risky bets usually come with a huge cost? But yeah, not my problem. By the time [new risky framework] dies, someone else will be maintaining the codebase, and it’ll be their problem. Because I’ve quit my job and moved on to the next company where I’ll keep playing with risky new frameworks.
Stability, reliability, longevity, sustainability… these are undervalued in today’s world. Nobody thinks about what will happen when the risky crap eventually hits the fan, and it’s usually our successors (or children and grandchildren) who experience the consequences.
We try to predict too much what technologies are going to stick around. The key to choosing a stable, reliable technology is not to try to predict the future; the key is to look at the past. If a framework has been around for a while, it’s much more likely to stay around for a bit longer.
-
Most frontend are rewritten every few years when trends change. Why predict anything when it’s all disposable anyway?
-
-
-
The crucial part of this is how the password / master key and decrypted secrets are kept secure in memory. I hope the daemon at least stores secrets in pinned RAM and zeroes out memory when it’s freed. Are there mechanisms that keep other processes like debuggers from being able to inspect the daemon’s address space?
(I’m not familiar with Unix key managers in general, just with Apple’s Keychain, which has pretty tight integration with the kernel and hardware trust module to keep it secure.)
-
there is a discussion on lwn about this between the author and mjg59. https://lwn.net/Articles/893327/
-
Welp, that’s Drew in a nutshell. He’s a very productive and innovative programmer doing fascinating & crucial work, and also a dick. I keep hoping he’ll tone down his confrontational tone, because I’m a fan of his work, but his stuff won’t last or be widely adopted if he can’t build a strong community around it. Sadly his behavior never changes, and it’s always driving people away who might otherwise be receptive to his projects and messages.
Here it comes with the additional downside that he can’t process legitimate criticism, which will interfere with his project being as good as it could be.
For anyone who doesn’t feel like reading the thread, mjg59 points out that the security feature for storing keys securely (keeping them out of memory space) only works on Linux, yet Hare works on other operating systems (like BSD). Drew considers this a feature, not a bug, calling it opportunistic improvements in security. Various people suggest it would be better to refuse to do the thing if it isn’t secure, that opportunistic improvements allow adversaries to target systems that lack the security feature, and it’s very hard for end users to know if a programmer used the library correctly (in this case, only on Linux). The conversation doesn’t really proceed further, in part because Drew calls people asking him to engage with mjg59 and/or his criticisms “hero worship”.
-
-
-
In case there’s some variation of English slang causing confusion here, I meant “dick” as shorthand for “not careful with the feelings of others”. I think this is just objectively true, an accurate description of his actions, or the pattern of his actions over time.
But you raise a valid point: I could have used more polite language, which could improve clarity, and been more gentle with my tone, at the cost of some emotional content. I think often in communication there is a conflict between genuinely communicating your emotions as you’re feeling them, versus realizing that your current emotions may be unhelpful and taking time until you can communicate something else genuinely instead.
-
Why can’t he defend himself here?
-
-
I’m normally pretty biased against Drew for the same reasons, but it seems to me like mjg59 is the aggressor here.
Drew explained his rationale, and then more-or-less said “let’s agree to disagree on this.” However rather than letting it go, everyone just kept pushing, stating the same points over and over in an incredibly harsh and disrespectful tone.
They all obviously had some valid concerns (which I agree with), but in this context it’s borderline trolling, and Drew handled it fairly well given the circumstances.
-
-
Everything’s a tradeoff. Rust’s borrow checker is one tool of many for helping programmers write correct code, not a moral imperative for all new systems languages. Plenty of thoughtful programmers are skeptical about the effectiveness of Rust’s approach to memory safety, and the cost of that approach with regard to other things that are important, like comprehensibility. For example, see this HN thread from Ron Pressler. Maybe he’s right; maybe he’s wrong. My point is that the question is by no means settled enough that a language designer rejecting Rust’s approach to memory safety should be considered ethically derelict.
-
-
-
but his stuff won’t last or be widely adopted if he can’t build a strong community around it. Sadly his behavior never changes, and it’s always driving people away who might otherwise be receptive to his projects and messages.
And yet: https://drewdevault.com/2022/03/14/It-takes-a-village.html
I hope to one day be as successful at building a community.
-
This is a fair point. Drew’s projects have communities built around them, bigger and more cohesive than anything I’ve built, for sure. Maybe that’s good enough, Drew has hit his goals, and he can afford to antagonize whoever comes across on the internet; perhaps his work has enough reach, and wouldn’t benefit from attracting more or different kinds of people.
I’m reminded of an old article about Usain Bolt, the fastest man in the world (still? Certainly when it was written), and how in one famous record-setting race, he turned around, saw that no one else was close to him, and coasted the rest of the way to the finish line. The piece suggested that this was representative of his approach to running in general. It then asked (as many have before and since) how fast could Usain Bolt run if he actually tried? https://www.esquire.com/sports/a7058/usain-bolt-bio-0410/
Well, how much community could Drew build if he, like, stepped away from the keyboard for a few minutes every time he was about to flame, insult, or even threaten people? Does it matter?
In actuality, we know that Drew has not hit all of his goals, and he is not entirely happy with the status quo. https://drewdevault.com/2022/05/30/bleh.html Drew has been so abrasive to so many people that now even members of his communities who are simply using his stuff get grief for being willing to work with him. He’s unhappy about that, he says he’s working to improve, and he asks for another chance. He recognizes a problem and claims to want to address it. But every time I look at new work from him, there’s new examples of him being a dick.
In other words, he’s already successful in building community, yes, but I think his abrasiveness is the biggest obstacle to further improvements, and Drew might even agree with that statement.
-
-
-
Oh, it’s the Hare guy. I feel like he’s actively harmful to the image of whatever project will employ his aid and just having him there is detrimental regardless of his technical ability.
-
-
I know his opinions that get loudly posted on every message board such as here (before he was banned for his self-promotion) and reddit, in addition to his bad behavior such as what is showcased here.
In short, I would never willingly use his products or work with him after these exposures 🤷🏽♂️
-
I know his opinions that get loudly posted on every message board such as here (before he was banned for his self-promotion) and reddit, in addition to his bad behavior such as what is showcased here.
And yet, Torvalds got a pass for many, many years. The man has a history of terrible public statements, E.G., referring to OpenBSD developers as masturbating monkeys. He has been downright abusive to many, including contributors to his projects. Examples are numerous. I’m more than happy to cite. I challenge anyone to show me just one example of where Drew Devault has displayed these levels of wanton cruelty.
One could be forgiven for thinking that there might be some double standards in the free software community. Torvalds is a darling of the corporate types, and as another horrible, cruel person once said: when you’re a star, they let you do it. You can do anything…
-
-
-
-
-
What a rude comment thread. The module that people are piling in on Drew about is clearly documented to do what it does (with the caveat that it doesn’t say which kernels it provides security on).
The readme is 4 paragraphs long and the code is like 50 low-density lines, it’s not like this info is hidden.
-
-
Even more: If such security can’t be guaranteed I may as well store my secrets in plaintext, that way I don’t get a false sense of security. (At the end of the day I’ll be vulnerable every time I decrypt my secrets. And if they are ever flushed to disk I’m vulnerable forever.)
-
The comment thread isn’t about the application himitsu, though. The starting post in that comment thread specifically asks about the API and links to it:
https://git.sr.ht/~sircmpwn/hare/tree/master/item/crypto/keystore - as an app developer targeting the standard library, how do I know whether or not my keys are going to be stored securely or not?
The API is specifically documented as being “low-level” and “not recommended for non-experts”. In the context of talking about this API, I think that:
- It is reasonable to expect the developer-users of this API to read the documentation and if it is not clear, the source code.
- mjg59’s comments are kind of overblown, and other people in the thread are worse. The API doesn’t do what mjg59 would prefer, and maybe mjg59’s core suggestion of refusing to store a value if it cannot be stored securely is better, but I think it is definitely arguable and either way the tone was very heavy handed from the beginning.
Personally, I think that there should be an API for testing if values can be stored securely, but it doesn’t necessarily have to live in this module for this thing to be useful. Maybe it makes more sense to group those capability-reporting functions somewhere else.
-
-
It’s really funny how different your impression of that thread is from mine. I think one comment summed it up well:
You don’t have to keep engaging with mjg59 if you don’t want to, but belittling people who agree with them as mere hero worshipers is beyond the pale. Remember that in asking us to use your language, you’re asking us to also trust you in your stewardship of that language and how you’ll respond to our concerns and needs as the maintainer. Seeing you attack people so aggressively out of the gate is not a confidence boosting start.
-
Yeah, obviously I disagree and I don’t think it’s worth talking about much further. I thought Drew was fairly courteous, and the comment he called out as hero worship certainly seems hyperbolic to me:
Someone who does not feel intensely motivated to learn from mjg59’s freely offered expertise has no legitimate claim on anyone’s attention.
Like, that’s a ridiculous claim. We can call attention to someone’s expertise without saying such silly things.
-
-
-
-
Are there mechanisms that keep other processes like debuggers from being able to inspect the daemon’s address space?
I was under the impression (from when I last did some game hacking) that you need root to read another process’s memory (Linux). So it should be fine? Now that you mention debuggers, I don’t remember having to escalate to root for
gdbto work - I wonder what the reason is.-
-
Is gdb setuid to root, or does it use a helper tool that is?
I know on MacOS you need to enter an admin password to authorize Xcode / lldb the first time you start a debugger after rebooting. And there are processes that cannot be attached to even if you run a debugger as root.
-
The second constraint is imposed by processes protected by macOS System Integrity Protection. The first I believe has to do with entitlements to attach to another process, but that’s just off the top of my head and I could be wrong.
Regardless, Linux has neither of these protections. Debuggers run as normal user programs and do not require special authorization.
-
-
-
-
chrispickard
1 year ago
|
link
| on:
the FSF’s relationship with firmware is harmful to free software users
The fsf is more interested in ideological purity than helping users solve their problems and do so with free software
-
I think that’s kind of the point. If you want to benefit from the fruits of the FOSS community while also using the odd non-free app, firmware/drivers or even OS, then there is a wealth of information and tools available to you. Many Linux users are happy operating their computers this way and they certainly don’t need FSF’s help.
FSF’s main purpose is being the irritatingly uncompromising voice. I like this article because it shows that they’re not managing to do that either - due to historical exceptions that probably made sense at the time, they’re now trapped in a weird middle ground where they’re neither pragmatic nor ensuring the freedom they really wanted. Hopefully they can modernise without making concessions to pragmatism or they will cease to be relevant at all.
-
-
-
-
-
It kind of makes sense for things that talk to a remote service: it means they can’t force you to take a firmware update you don’t want by saying “firmware versions older than X will not be supported”. But it’s still not really a good argument.
-
-
-
The thing about ideological purity is that it’s quite attractive to social movements. Totalizing worldviews are simple, and they give their adherents a feeling of righteousness (deserved or not) that can be a great recruitment tool, and also a great motivator for getting things done.
-
A truly totalizing worldview is the opposite of simple. Take for example the ideology of the market, which subsumes and totalizes all social relations under the measurement of how productive labor investments are in exchange as money. The web of justifications for this naturally self-expanding totality are as varied and complicated as modern history itself
-
Can you explain more about what you mean here? I think you’re disagreeing with the parent comment, but I don’t understand how what you say is incompatible with it.
I.e. “the ideology of the market” is simple, at least as I understand it (“Trade lets people get what they want”). Its instantiation and justification is complicated. The same seems true in many cases (Communism: “The means of production should be owned by everyone”; Free Software: “Software must preserve these 3 particular freedoms”; Nationalism: “Our country is the best country”; Futuramism: “All Glory To The Hypnotoad”). The claim is that this core is usually simple, and easy to put a lot of emotion into. There are almost always a lot of contortions that go into dealing with objections, and into putting that core into practice. But people are drawn in by the central idea, and by how emotionally appealing it is, which puts a lot of pressure on the central figures to be extremely devoted to the simple core, at least in their outward behavior.
-
-
-
-
-
This is the first time I’ve seen a lawyer argue that a license that differentiates between commercial and non-commercial use is a thing that you can do. The other advice I’ve read suggests that it’s too fraught with corner cases to be allowed. For example:
- If I use a music player to listen to music on my headphones while I’m working, is that a commercial use?
- If I put ads on my blog, is it a commercial use of the text editor that I use to write the entries or the CMS that I use to host it?
- If a company uses the software for a purpose that is not connected to their commercial activities, is that a commercial use?
- If I use the software for some free project and someone decides later to give me a donation to support my work, am I now violating the license?
- Does a fee-paying university count as a commercial use? What if it’s also a registered charity?
Splitting the world into commercial and non-commercial activities is normally a problem that lawyers say is too hard.
-
Well, Creative Commons did it back in the day by adding the NC variants.. in an intentionally flexible way:
In their experience there weren’t many conflicts over the definition. So I guess (like was recently said about engineering) “commercial use is like pornography, I know it when I see it” – and that’s good enough.
-
In all honesty, the whole software licensing idea is a bit anoying and not as useful as most people think.
I put the MIT license on code I push to github because they force me to use a license. But in good truth, I have no way to enforce it in most cases. Nor would I care about ofenses in many cases.
I wish software authors would be less possessive about their code and put the focus on the code itself rather than overhead. I miss the days when one would post code online and whomever wanted would do whatever they wanted with it without bringing the boring licensing discussions to attention. Attribution would naturally occur to an acceptable level givena good cominity with rnouth well intended people.
I also don’t quite agree with the concept of paying for a copy of the software and not being able to do whatever one wants with it, within reasonable limits such as non-usurpation. I understand it is a reality today and perhaps even the most adapted to today’s economy, but it is a practice that should be questionable. Is it really ethically correct? I don’t think so.
-
For me, licenses are not for the code publishers, but rather the code consumers.
If you publish code without a license, then in my jurisdiction it’s technically copyrighted by default. I’m legally not allowed to use it at all, and open myself up to legal liability if I do. After I make my millions, how do I know you won’t some day take me to court and demand a percentage of that? By putting a license on your code, you’re giving people peace of mind that you’re not gonna turn around and try to sue them later.
-
Agreed. At work a few years ago I copied-and-pasted a page of useful code from a gist I found on GitHub, including the comment identifying the author, and I added a comment saying where I got it from.
Before our next release, when we had to identify any new open source code we were using, I added a reference to that file. The legal department then became worried that there was no license associated with it. Someone ended up tracking down the author and asking him, and he assured him he had no claim on it and put it in the public domain.
-
-
I wish software authors would be less possessive about their code and put the focus on the code itself rather than overhead.
Unfortunately, this attitude only leads to mass exploitation of developers and enrichment of corporate interests.
The world is full of assholes who will take advantage of the free work and good will of others and give nothing back.
The world is also full of useful idiots who will give over their stuff to the aforementioned assholes and then, years later after discovering that you can’t pay rent with Github stars or HN posts, cry and piss and moan about how they were ripped off.
So, yeah, licenses are important.
-
You can’t “exploit” someone by taking [a copy of] what they’re giving away for free. Free means free.
If you create stuff and don’t charge money for it but have the expectation that people will give you money for it anyway or at least recompense you somehow_ … then you are either living in a small traditional village culture, or an anarchist commune. In both of those environments there is such a social contract*. If you’re not, you are indeed an idiot, unless you encumber your software with a license that forces such recompense.
I don’t believe most open source contributors who don’t use copyleft licenses are idiots. I believe they genuinely make their software available for free and don’t expect to see a dime directly from it.
In my case I do so to give back to the world, and because having people use and appreciate what I’ve made makes me feel good, and because it enhances my reputation as a skilled dude to whom my next employer should pay a handsome salary.
* I highly recommend Eric Frank Russells’s 1940s SF story “…And Then There Were None”, about a colony planet that adopts such a society, inspired by Gandhi, and what happens to a militaristic galactic empire starship that rediscovers the planet.
-
You can’t “exploit” someone by taking [a copy of] what they’re giving away for free.
I would argue that you absolutely can if you take something offered freely, make a profit at it, and do not somehow pay that back to the person who helped you out. It’s somewhat worse for many maintainers because there is active pressure, complaining, and hounding to extract still further value out of them.
I don’t believe most open source contributors who don’t use copyleft licenses are idiots. I believe they genuinely make their software available for free and don’t expect to see a dime directly from it.
Not idiots–useful idiots. It’s a different thing.
I think there is for many of us a belief that we give away our software to help out other developers. I think of neat little hacks I’ve shared specifically so other devs don’t ever have to solve those same problems, because they sucked and because I have myself benefited from the work of other devs. This is I would argue an unspoken social compact that many of us have entered into. That would be the “not directly see a dime” you refer to, I think.
Unfortunately, it is obvious that as a class we are not recouping the amount of value we generate. It is even more painful because it’s a choice that a lot of developers–especially web developers, for cultural and historical reasons–sleepwalk through.
Consider Catto and Angry birds, right? Dude wrote Box2D (without which you don’t really get Angry Birds as a physics game) and never saw (as reported anyways) a red cent of the 12BUSD in revenue they booked in 2012. That’s insane, right? There’s no world in which that is just.
(One might argue “@friendlysock, ours is not a just world.” In which case, sure, take all you can and give nothing back, but fucking hell I’m not gonna pretend I don’t find it in equal measure sad and offensive.)
Our colleague I’m responding to is exactly that sort of person that a company, investor, or founder loves–yes, yes, please, don’t think too hard about licenses, just put your work in the public domain! Don’t worry your pretty little head about getting compensated for your work, and most certainly don’t worry about the other developers you put out of a job! Code wants to be free, after all, and don’t fret about what happens to development as a career when everything we need to write has either been written or can be spun whole-cloth by a handful of specialists with the aid of GPT descendants!
I suspect our colleague means well, and lord knows I wish I could just focus on solving neat problems with code, but we can ill afford to ignore certain realities about our industry.
-
I would argue that you absolutely can if you take something offered freely, make a profit at it, and do not somehow pay that back to the person who helped you out.
Nah, I’ve published MIT stuff, and my take is - go for it, commercialize the hell out of it, you don’t have to pay me anything.
The point of MIT is to raise the state of the art, to make the solution to a problem universal. That includes corporations. No reciprocity is required: the code being there to be used is the point of releasing it.
-
I would argue that you absolutely can [exploit someone] if you take something offered freely, make a profit at it, and do not somehow pay that back to the person who helped you out.
I assume the definition your link refers to is “to make use of selfishly or unethically,” because the others don’t fit. But if someone offers you a thing with explicit assurance that you can use it freely without encumbrance (except maybe a token like thanking them in a readme), and you do so, how is that exploitation?
Feudal lords exploited peasants because the peasants had no choice but to work the lord’s lands for subsistence, or leave and starve. That has nothing to do with open source developers. No one is forced or coerced into releasing code freely.
This is I would argue an unspoken social compact that many of us have entered into.
If that’s the social compact you want, then for gods’ sake choose a license that expresses it. Choose an Old Testament eye-for-an-eye license (GPL) not a New Testament “turn the other cheek” license (MIT et al).
That would be the “not directly see a dime” you refer to, I think. Unfortunately, it is obvious that as a class we are not recouping the amount of value we generate.
Dude, you and I are in the same class. I’m sure we have comparable skill sets. I went to work for The Man after school, and in exchange for writing what The Man wants all day, I make good $$$. I don’t know what you do exactly, but if you aren’t getting paid for code then I guess you’re either working at something you like better and coding as a hobby, or you aren’t tied to the capitalist treadmill at all and get to code whatever you choose all day; I don’t know. But you probably have your compensations.
I do know that it is super unlikely that there is a class of impoverished coders out there unable to find good paying jobs. Tech companies like the one I work for are desperate for talent. In the ten years I’ve been at this job I have witnessed how effin’ hard it is to find good programmers. Most of the ones the recruiters turn up are deeply mediocre, and we give up and hire the best of a mixed bunch. We have gone to great lengths like filing H1-b visas and dealing with six months or more of government bureaucracy hell, just to get one mostly-competent programmer from a distant country. In fact most of the people we hire are from outside the US, because seemingly all the local developers know nothing except React or whatever trendy web junk is popular these days … not the CS fundamentals we need.
In a crazy seller’s-market for coding skills like this, I refuse to listen to Marxist arguments about exploitation of the working classes. That is not the world I have seen in my 40 years in this industry.
-
-
-
-
I think you overestimate how common those “idiots” are (I disagree that the world is “full” of them as snej explains in the sibling comment), maybe due to the occasional cases that get a lot of attention, and I think you underestimate how a spirit of giving can benefit the commons, for genuine non-financialized benefit to the giver and others. Copyleft hasn’t solved the domination problem, and with AI-(re)written code being a likely dominant future force, I won’t be surprised to see license relevance decline. There’s other approaches to the world’s problems than licenses, and maybe in some cases restrictive licenses trap us in local minima.
-
-
I feel similarly, in terms of over-focusing on licenses, and I don’t care what the not-well-intentioned people do with most of the code I put online; not that I would never speak out but life’s too short and I’d rather focus on other ways to convey my values and have a positive impact. (this isn’t a statement against other people using copyleft or non-commercial, I still consider using them in some cases) Two licenses that might fit those goals better than MIT are the public domain Unlicense and WTFPL.
With the future looking like it’ll be full of AI-assisted code trained on every open codebase, we need solutions other than licenses more than ever. “Computer, generate me a program in Zig that passes the LLVM test suite in the style of Fabrice Bellard.”
-
Also the Zero-clause BSD License (0BSD).
-
-
Thanks for pointing that out, do you know of the best alternative? The Unlicense Wikipedia page says the FSF recommends CC0 instead.
From Wikipedia on CC0:
Or, when not legally possible, CC0 acts as fallback as public domain equivalent license.
-
The Unlicense also intended to do exactly that. The “Anyone is free…” and the “AS IS” paragraphs are the fallback.
-
While the FSF recommends the CC0 for non-software content, they do not recommend it for software. The OSI has similar concerns.
-
-
-
-
Jim Weirich (author of rake, rest in peace) used the MIT license for most of his work but a few smaller projects used this simple license:
You are granted permission to read, copy, modify, redistribute this software or derivatives of this software.
It’s important to grant at least some license, otherwise (as I understand it) in the US you do not have any rights to make copies of the work unless you are the copyright holder or are granted a license. There is a lot of old software in the world where the author has passed away or otherwise moved on, without ever granting an explicit license, leaving the software to sit unused until the copyright expires.
(I am not a lawyer and this is not legal advice)
-
What happens if you copy paste a 20 line script from a blog and include it in the project of a product you make in the context of a private company of yours which doesn’t publish its code?
It’s not like the open source police will read all your source files and search line by line to try to find it out there on the web. If anything, most companies a ton of low quality code that no one wants to look at.
-
I think you are making the point that a license does not in practice restrict someone from using your code under terms not granted by the license; I agree.
You wrote that you wished “software authors would be less possessive about their code and put the focus on the code itself rather than overhead”. I also agree with that sentiment, but I do not believe that implies publishing code “without bringing the boring licensing discussions to attention” (which I interpreted as “without a license”) is the best path to putting the focus on the code.
-
-
-
-
The most common thing that I see is a pair of products. Product Community Edition is MIT or BSD or AGPL or, occasionally, GPL, and comes with a git repo and a mailing list, and a refusal to take patches unless accompanied by an IP transfer. It’s always free.
Product Business Edition or Enterprise Edition is licensed on commercial terms and includes at least one major feature that businesses feel is a must-have checkbox item, and some amount of support.
I used to see a bunch of open source products where the main (usually sole) dev sold a phone app that went with the product, in order to raise some money. That seems less popular these days.
-
As you and I have discussed here before, it is quite reasonable to talk about Free Software licenses which are effectively non-commercial. The licenses I enumerated at that time are uniform in how they would answer your questions: yes, all of those things are allowed, but some might be unpalatable to employers. Pleasingly, on your third point, a company would be afraid to try to use Free Software provided under these licenses, even for purposes outside their charter of commerce.
-
I got something slightly different from reading the post; it’s not “you can differentiate between commercial and non-commercial” in a license; it’s “if you want to differentiate between commercial and non commercial then don’t dual-license using the MIT license because that creates ambiguity”.
-
-
I don’t see why one couldn’t write a software license that differentiates between commercial and non-commercial use, using whatever criteria the license writer wants for edge cases. That will probably end up not being a free software license - a license that attempts to judge what kinds of uses of software count as “commercial” and legally forbid them limits user freedom to use that software in a way incompatible with the notion of free software - and this will affect free software advocates’ willingness to use software licensed under such terms. But there are plenty of non-free software licenses in this world, what’s one more?
-
Love this. My only complaint is at the end where he stops to go work on “useful” stuff. Programming is an art form and there is value in creative endeavors like this whether or not someone makes money off itl
-
-
Reminds me of Cautionary Tales - Fritterin’ Away Genius.
I’m not saying Bryan Braun is going to be the next Claude Shannon, but there is a strong argument for the benefits of spending non-trivial amounts of time on fun things.
-
-
-
It seems like we’re stuck between a rock and a hard place. Make your standard simple, and people will build extensions because the standard doesn’t have enough features, “ruining” the standard, adding complexity, and leading to a monoploy situation.
Make your standard complex, and there will only be one or two implementations to start with, leading to a monopoly situation.
So we have some good examples of standards that are going wrong. Where are the good examples that have managed to survive the test of time existing between this rock and hard place?
The only successful simple standards I can think of are standards that only hardcore nerds use exclusively. The nerds who appreciate a lack of features. It seems like the core of the issue is not “simple vs complex”, but rather use case. It’s a cultural issue.
Edit: A very relevant article, one of my favorites: The Danger of Simplicity
-
Clean code is a really good book. Even if it has some examples that are on the edge, and some examples that you don’t agree on, it doesn’t mean that rest of the examples are bad.
Most of the things from Clean Code is simply a good idea. I’m not sold on all points, but it’s a damaging reaction to “stop recommend” 1000 hints, just because 20 of them are bad (in the worst case). If everyone would use 25% of the hints that Martin suggested, the world would simply be a better place. Even if people would follow the “bad” advice from this book, it still would be a better situation than people inventing their own strange philosophies for e.g. naming things, that happen to change from variable to variable. From my experience, lots of people don’t even consider most points that Martin has proposed. And if there’s a value to the book, then it might be just to tell you what you should think about. Which is a good outcome I think.
-
-
Are there so many books on the same topic as Clean Code? I only know Code Complete, and then an incomplete, outdated smattering of language-specific ones including Eloquent Ruby, Effective *, and Smalltalk Best Practice Patterns.
-
-
I didn’t have an impression that the book contradicts itself.
I don’t think the blog post does a good job with argumentation. Author’s rationalization after reading a paragraph is often completely different than mine.
-
-
These days I write maintainable code because I have been forced to maintain my own code. Martin’s ideas were a great help to get me started on the journey, and I still draw from them periodically. So yes, I think Martin is great learning material, with the huge caveat that experience is the best teacher and Martin’s ideas are not gospel.
-
I have yet to see maintainable code written by someone who has not spent a few years maintaining code they wrote.
This effect mostly seems to kick in around the two year mark; if you change jobs every two years you may have never seen the long term impact your work had on code health.
-
-
What specifically is good about it? The specific points that this article makes do strike me as egregiously bad code - and moreover, it seems like the book’s dictums are fairly closely tied to the Java ecosystem and its mandatory object oriented paradigm. If I was writing code in Rust or Haskell, what advice in this book would even be applicable?
-
Prefer small functions over large ones, prefer consistence when naming things, write tests for your code, prefer to document the app through code/naming conventions instead of comments but remember about adding comments if you need to, remember to maintain the comments as much as the code, think about maintenance aspect when writing code, perfer abstraction over code duplication.
There are lots of things in the book that are general. Granted, lots of the things are aimed towards Java. But I think think that lots of things from the book are applicable to e.g. C++. Rust is not an exception (no puns here).
-
-
-
Yeah, I wrote some of the worst code of my entire life in the two years after reading Clean Code. I kept adding more and more functions into my code at different layers, and it made my code into a mess with way too much indirection for relatively simple problems. When reading back through the code months later, I would be hard-pressed to figure out where modifications needed to be made, and had to walk back a lot of my design decisions. Pretty embarrassing.
It reached a breaking point when I went back to a previous project to ship something for a client months later, and every single file I had written had been thrown out because the senior developer on the project was sick of having to deal with it. I felt humiliated and spiteful, and then I grew from the experience a bunch.
Lately I’ve been following the idea from Casey Muratori’s Semantic Compression post a bit, mainly this little tidbit:
Like a good compressor, I don’t reuse anything until I have at least two instances of it occurring. Many programmers don’t understand how important this is, and try to write “reusable” code right off the bat, but that is probably one of the biggest mistakes you can make. My mantra is, “make your code usable before you try to make it reusable”.’
It seems obvious, but it’s been helpful for me to avoid abstractions until I have a better sense of where the code is going (and usually only two instances of some code is too small a number for that).
Making functions when you have obvious inputs and outputs can be nice too, although it can be more difficult when writing graphics code, which tends to be pretty stateful (part of the motivation for Carmack’s post in defense of inlined code).
-
When reading back through the code months later, I would be hard-pressed to figure out where modifications needed to be made, and had to walk back a lot of my design decisions. Pretty embarrassing.
This is such a good point. Code written in that style isn’t even read only it’s write only. All you can ever seem to do to change how any of it works is to delete swathes of code and write more because all the functionality is implemented in the form of class relationships rather than simple logic.
Like a good compressor, I don’t reuse anything until I have at least two instances of it occurring.
Very much agree with this too.
-
make your code usable before you try to make it reusable
Thanks for the Semantic Compression recommendation, and this quote in particular. I think I’ll get a lot of mileage out of this concept.
-
I had a similar experience. Clean code rules are great to get you thinking about this subject, and actually get you to start experimenting with making maintainable code. But your first experiments will always end up very bad, no matter how many books you read on the subject. Only experience with your old code will teach you how to write better code.
-
Wow, I came to the same conclusion of Semantic Compression just naturally. After awhile you realize how wasteful you’ve been codewise and adapt a better way of thinking.
-
-
To be fair, this isn’t so much a TypeScript behavior as it is an interface behavior. Interfaces like in C#, Java, or any number of other languages behave like this too, and it’s by design.
The bug probably would have been much harder to create if they were using a class with a constructor rather than an interface.
-
pcrock
2 years ago
|
link
| on:
I’m a Developer. I Won’t Teach My Kids to Code, and Neither Should You
The title is sadly a distraction from the real topic at hand: Teaching and learning. I don’t think the point is to avoid teaching kids skills. The point is to focus on encouraging a kid’s curiosity and teaching them how to learn. Code can be a part of that, yes, but so is baking cookies. I think we could all agree that learning syntax isn’t the key to a kid’s success, and that “learning to love learning” is much more important.
-
I knew it a few seconds in, but I listened on 1.75x in the background… then he finally gets there that the folks who got rms to resign were complaining about stuff not worth mentioning by name which indeed was part of a national scandal.
Centering in part on a WWII era center of American thought MIT, the scandal over Epstein, over dehumanizing women’s lived experience, wasn’t a joke scandal. The acts of RMS for years were bugging people out, in ways that if he’d done them to fellow men, fellow young men, he probably would’ve gotten booted years ago. But here in this video it doesn’t even merit mention by name, only vague reference.
Being excellent to each other means replacing missing stairs.
-
I think there are two separate issues here: what RMS said and did, and the mob reaction that forced him out. Maybe both are wrong.
-
There was no mob reaction, let alone a ‘linux users mob’ That’s really the crux of it. The video assumes Linux users had some majority agency in removing him, when in fact he was booted because no organization can have someone like that associated with them. It’s common decency not Linux community decency that forced him out. No mob of any sort needed.
-
-
If I’m ever in the mood for reading toxic rhetoric (which never happens), I go read RMS. While the things you listed are important, I never really knew about them until the mob happened, because I chose to ignore him.
Anyway, toxic rhetoric is exactly the thing that polarizes our world and turns everyone into abominable villains. Toxic rhetoric starts wars and tears communities apart. So in my book, toxic rhetoric alone is enough to get anyone fired.
-
Yeah I don’t get why some people insist on defending Richard Stallman after his:
- pedophilia support
- untoward behaviors towards women
- utter lack of humility bordering on parody
It often makes me think the RMS defenders really think that low of women and that their only code is the bro code. As a woman in technology, it makes me feel somewhat jaded. Just because someone does good things doesn’t excuse them from acting like a human being. :-/ It feels more that people like me are perfectly fine to sacrifice as long as some figure head gets his adoration. And that bothers me a lot.
-
RMS never supported pedophilia. I actually read the supposed evidence. They are thoughts/questions, admittedly naive, on the subject of unintended consequences of laws (evidence against pedosexual activity being itself illegal) and whether non-coercive, mutually beneficial, pedosexual activity, could, in principle, be possible.
Also, please don’t use the term ‘pedophilia’ here. Pedosexual activity is child abuse and that is what is wrong, not ‘pedophilia’. We should encourage people to come forward as pedophiles to counselors and therapists so they can learn to live with a -philia that they must never follow up on. Shaming them for their feelings or even calling them evil merely for their feelings only makes the risk greater.
-
pedophilia support
It was a single philosophical blog banter that he later retracted. Calling it a support is a far far stretch.
untoward behaviors towards women
Am I missing something or all he did was literaly ask out women on dates? Is that bad?
Stallman is weird in many ways but to consider him to be a malicious monster is ridiculous.
-
-
When I did initially read about it, I was quite skeptic, particularly as I had recently seen many cases of mob justice gone wrong.
Later it blew out of control and I did some digging. It turned out to be nothing else than the usual character assassination some collectives favor. Due to his personality and lack of awareness of current trends, Stallman proved an easy victim.
-
-
I disagree. RMS was a seminal contributor to the movement, but there is no reason to pretend that his behavior - which might have acceptable back in the day when computer sciences were a boys club and movies like Revenge of the Nerds were considered funny even though they depict non-consensual sex as a ‘prank’ - is compatible with today’s world.
Epstein’s case is not subject to ‘politics’: the guy was a known pedophile and sex trafficker. There’s not even a point in arguing that. Minsky, who Stallman defended, was well-aware of Epstein’s circumstances and willingly took money from him and sexual favors from one of his victims. One could argue that Stallman was trying to make a ‘philosophical’ argument or playing devil’s advocate, but you’d have to ignore the kind of message that would be sending to any young women or victim of sexual assault in that mailing list: welp, it’s a shame Minsky got caught doing something really bad, let’s just ignore this other victim so we avoid rocking the boat!
-
Epstein’s case is not subject to ‘politics’: the guy was a known pedophile and sex trafficker. There’s not even a point in arguing that. Minsky, who Stallman defended, was well-aware of Epstein’s circumstances and willingly took money from him and sexual favors from one of his victims. One could argue that Stallman was trying to make a ‘philosophical’ argument or playing devil’s advocate, but you’d have to ignore the kind of message that would be sending to any young women or victim of sexual assault in that mailing list: welp, it’s a shame Minsky got caught doing something really bad, let’s just ignore this other victim so we avoid rocking the boat!
It is insane to me that RMS’s opponents would denounce a person for making an argument that a personal friend of theirs is not guilty of a crime, on the grounds that making this argument “sends a message” to people who might see it who are members of a demographic they assume is likely to be a victim of that crime. I’m deliberately not addressing the question of whether or not Stallman’s argument is correct or not, in the context of the actual alleged crime. Maybe he’s wrong and Minsky really was guilty in a legal or moral sense of having illict sex. I’m not sure what I think about Stallman’s argument in context, although I agree with him that something seems morally wrong about charging a person with the crime of statutory rape who was unaware that the person they had sex with was under the age of consent.
I’m not particularly interested in litigating the details of a media-reported crime I have no special information about, and it doesn’t matter in any event. Young women as a demographic, or even actual victims of sexual assault, have no particular right to never see someone argue that a specific sort of sexual encounter wasn’t actually a sexual assault. I refuse to be complicit in condemning RMS for doing so.
-
Do you even understand how society works? Are you arguing that people - in particular people in a position of power in a learning institution - should be able to say whatever comes to their minds, disregarding how other people are going to take what they say?
That’s the kind of behavior that leads to the normalization of behaviors like Minsky’s. The fact that people like RMS are comfortable thinking this is some philosophical riddle we are able to discuss, instead of clearly gross behavior that would creep the fuck out of any young person in the lab, is the problem. This is not someone pondering whether a bear shits in the woods, this is someone defending a 74 year man having sex with people in the age range of his students in front of his students.
Now, if that’s perfectly normal behavior for you, then I don’t know what to tell you. Maybe a consultation with a therapist would be a good start (and no, I’m not being an flippant about it).
-
Do you even understand how society works?
I believe this is a bit patronizing.
Are you arguing that people - in particular people in a position of power in a learning institution - should be able to say whatever comes to their minds,
Yes? I believe that anyone should be able to say almost anything. Of course, there are the traditional exceptions for slander and specific incitation of a crime.
disregarding how other people are going to take what they say?
Lacking foresight is no reason to deny someone’s voice.
-
I believe that anyone should be able to say almost anything.
Good argument against arresting someone. None of this is illegal, nor should it be.
Bad argument for leaving someone in charge of the FSF. Figureheads have resigned for less.
-
-
Not being the head of the FSF any more is not the same thing as being banished.
-
-
If it works out anything like it worked out for Brian Eich, I’m sure Starman would do fine.
-
-
-
-
-
-
I believe this is a bit patronizing.
But, on the other hand, it isn’t patronizing at all to assume how everyone should behave around people who say things that make them feel unsafe?
Yes? I believe that anyone should be able to say almost anything. Of course, there are the traditional exceptions for slander and specific incitation of a crime.
Sure, and I believe people should be able to fire a co-worker they disagree with or find generally disagreeable.
Lacking foresight is no reason to deny someone’s voice.
‘Lacking foresight’ is hardly the problem, when there’s an extensive email thread where RMS kept digging deeper and deeper. I could see him lacking foresight before the first email, but by the third reply you’d assume he’d have some hindsight.
-
-
-
Do you even understand how society works? Are you arguing that people - in particular people in a position of power in a learning institution - should be able to say whatever comes to their minds, disregarding how other people are going to take what they say?
Yes. In fact, providing a space for people to say things that (some) other people take to be offensive is an important function of universities as an institution. This is the purpose of tenure systems, for instance.
That’s the kind of behavior that leads to the normalization of behaviors like Minsky’s. The fact that people like RMS are comfortable thinking this is some philosophical riddle we are able to discuss, instead of clearly gross behavior that would creep the fuck out of any young person in the lab, is the problem.
This isn’t (only) a question over whether some kind of sexual behavior is gross on an abstract philisophical level, it’s a question about whether something a friend of his did in fact or should have have constituted a serious felony under law. Discussing questions of law is absolutely the rightful concern of any citizen. I completely reject the idea that the standard of whether a behavior is moral or not should be based on whether some people claim it makes young people in a lab feel grossed out or not.
This is not someone pondering whether a bear shits in the woods, this is someone defending a 74 year man having sex with people in the age range of his students in front of his students.
I defend this. I explicitly believe that it is possible for a 74 year old man to have sex with someone of the traditional age to go to college (18-22 or so - that is, legal adults!) without either party doing something immoral. In fact, I believed this when I myself was within the ages of 18-22! Again, I refuse to be complicit in condemning someone else for making this kind of argument.
-
Yes. In fact, providing a space for people to say things that (some) other people take to be offensive is an important function of universities as an institution. This is the purpose of tenure systems, for instance.
RMS, as a non-tenured member of MIT, should’ve known that didn’t apply to him.
This isn’t (only) a question over whether some kind of sexual behavior is gross on an abstract philisophical level, it’s a question about whether something a friend of his did in fact or should have have constituted a serious felony under law.
‘Gross’ vs. ‘legal’ isn’t abstract in the context he was discussing though. Let’s think of a different example: let’s say someone in an academic context talks about his experiences with prostitutes in a country where that’s legal. Would that be acceptable?
Just because something is legal, it doesn’t mean discussing it or defending it is appropriate in every context.
I defend this. I explicitly believe that it is possible for a 74 year old man to have sex with someone of the traditional age to go to college (18-22 or so - that is, legal adults!) without either party doing something immoral. In fact, I believed this when I myself was within the ages of 18-22! Again, I refuse to be complicit in condemning someone else for making this kind of argument.
Well, we agree to disagree on that. Personally, I feel like there are so many questions about power imbalance embedded in that statement, that it could lead to a loooooong conversation I’m not willing to have seeing as people have been flagging my replies because apparently not defending RMS is a sin or something.
-
Yes. In fact, providing a space for people to say things that (some) other people take to be offensive is an important function of universities as an institution. This is the purpose of tenure systems, for instance.
There is a time and place for this - for example, invited speakers, seminars, lectures. A free-form mailing list for students and faculty would fall outside of this in most contexts - i.e. if some idiots starts spouting Nazi propaganda for trolling purposes, they can be banned from the conversation.
Dr. Stallman did not have tenure at MIT. In fact, he was not even part of the staff. His office and access to the mailing list was provided as a courtesy.
This isn’t (only) a question over whether some kind of sexual behavior is gross on an abstract philisophical level, it’s a question about whether something a friend of his did in fact or should have have constituted a serious felony under law.
The sad part of this is before this happened, I had no idea that Marvin Minsky was mentioned in the Guiffre deposition[1]. Had Dr. Stallman not gone out on the field and broken a lance for him, I would not have to contend with the plausible possibility of him availing himself of sexual favors provided through Epstein.
I refuse to be complicit in condemning someone else for making this kind of argument.
One can simultanously agree that Dr. Stallman has and did have a right to make this argument, and also agree with the right of MIT to terminate his unofficial occupancy of an office, and the right of the FSF to remove him from a leadership position[2].
Free speech is the right of an individual not to be gagged by the state, not an obligation that private parties have to host that speech.
______[1] a deposition isn’t a statement of fact under the law, it’s a document submitted by one party in an ongoing lawsuit.
[2] as an advocacy group, the FSF is reliant on persuading people to their ideals (and usually soliciting financial donations). A public view (no matter how legally absurd) that their primary spokesperson is a defender of pedofilia is counterproductve to the mission of the FSF.
-
Free speech is a principle of good society. Yes it has legal protection in some states but this constant appeal to ‘free speech is just a law stopping the STATE from censoring you’ is pathetic. Should we condone attacks on free speech in other states because it’s not protected by law in China or North Korea? Freedom of expression existed as a principle of a decent society far before it was ever enshrined in legislation. In New Zealand it isn’t even supreme law, essentially just a rule of administrative law and of legal interpretation (interpret ambiguity in favour of rights).
Nobody is talking about whether MIT had the right to terminate his privileges. That’s not in question, anywhere in this thread. The discussion is around whether it was right to do so.
-
Nobody is talking about whether MIT had the right to terminate his privileges. That’s not in question, anywhere in this thread. The discussion is around whether it was right to do so.
In the narrow circumstances of Epstein’s alleged contributions to Harvard (he also had access to an office there as a private citizen, I believe) which is currently tearing Harvard apart, it was absolutely correct of MIT to defensively cut off Dr. Stallman from access to official MIT facilities and mailing lists. Not doing so would only have hurt MIT’s image (and possible future endowments).
Note that if Dr. Stallman had been part of the faculty or student body, I would probably not accept MIT’s behavior.
What is your opinion on the FSF removing him from a leadership position?
-
-
-
-
Do you even understand how society works? Are you arguing that people - in particular people in a position of power in a learning institution - should be able to say whatever comes to their minds, disregarding how other people are going to take what they say?
I think that people should not be expected to self-censor on the basis that people might get offended on behalf of others.
This is not someone pondering whether a bear shits in the woods, this is someone defending a 74 year man having sex with people in the age range of his students in front of his students.
Society decided a long time ago - and has not changed its decision since then - that once you’re over the age of consent there’s nothing wrong with relationships with anyone of any age also above the age of consent.
You can advocate for change to that or that you think that’s wrong, but given that the primary basis for LGB rights advocacy I’ve seen is ‘consenting adults in private should be able to do what they like’ I think you should think carefully about what you’re implying.
-
I think that people should not be expected to self-censor on the basis that people might get offended on behalf of others.
So, is there any situation at all where you think people should self-censor? Say, for example, is sexual harassment appropriate? After all sexual harassment is just one person being offended about how someone else treats them.
Society decided a long time ago - and has not changed its decision since then - that once you’re over the age of consent there’s nothing wrong with relationships with anyone of any age also above the age of consent.
This is definitely not true. Society frowns upon all kinds of relationships where the age disparity is incongruous with the situation. For example, the terms ‘gold digger’, ‘crate robber’ and ‘cougar’ come to mind. Legality doesn’t equal acceptance.
You can advocate for change to that or that you think that’s wrong, but given that the primary basis for LGB rights advocacy I’ve seen is ‘consenting adults in private should be able to do what they like’ I think you should think carefully about what you’re implying.
If you can’t see the difference between two adults in a loving relationship wanting to be accepted by society vs. someone abusing a power imbalance to take advantage of people, then I don’t know what I can do to explain it to you.
-
-
-
Young women as a demographic, or even actual victims of sexual assault, have no particular right to never see someone argue that a specific sort of sexual encounter wasn’t actually a sexual assault.
Conversely, Stallman has no particular right to an office provided as a courtesy by a private university, nor does he have a particular right to a leadership position in a privately-held non-profit advocacy group.
-
Imagine someone who pretend to be very nice and morally virtuous to a crowd that’s obsessed with this, which can easily be any crowd when carefully herded the right way (most people will agree with superficial statements that sound “morally good”) and gains influence in this crowd.
Then, using this leverage (the belief this person is definitely a good person) and some character assassination material (an article, twits, whatever claiming a person is terrible; truth here is irrelevant, the holding of controversial opinions at any point in time, even the distant past, is often used as material), on someone (thereon subject), written by themselves or some convenient third party, calls on the mob to take on actions to try and destroy the subject’s life. Actions including online bullying and organized harassment of the subject’s employer, family and friends. This isn’t an exhaustive list.
There’s a name for a person who does this. It’s Sociopath, or as it used to be called, Psychopath. They are the actual monsters. Whereas the subject is actually nothing else than a victim. If you still have doubts, digging a little on the perpetrator will typically reveal they have had other targets. Yes, they do it, enjoy it, realize they can get away with it and then do it again.
It helps when in the mob there’s other monsters which enjoy doing this. They willingly help the mob leader, as in exchange they also get their help with other targets. There’s literally entire communities built around doing this.
This is getting out of control and it needs to stop. Awareness of how these monsters operate helps. At some point, however, instigators will hopefully have to start answering to Justice. The official sort, with trials, evidence, presumption of innocence and all these steps and safeguards which separate Justice from Mob Justice.
-
-
-
Imagine someone who pretend to be very nice and morally virtuous to a crowd that’s obsessed with this, which can easily be any crowd when carefully herded the right way (most people will agree with superficial statements that sound “morally good”) and gains influence in this crowd.
This is a straw man.
-
This is a straw man.
No, it is not. My comment is about a dark pattern I have noticed in recent years, nothing else than that. The intended audience is pretty much everybody reading the thread. The intended effect is to raise awareness of this dark pattern, and to promote critical thought (there’s never enough of this).
The poster I was replying to isn’t being targeted by me in any other way than being the post that incited my reply, and is absolutely not being pinpointed as the instigator. Thus, I am not making them into some strawman.
Instead, they are kindly and indirectly being nudged into considering the possibility that they might be participating in such a scenario, and into reflecting into whether what they’re doing is positive.
-
Can you cite an example of that ‘dark pattern’ you’ve noticed? Can you cite two examples? Can you cite examples where both sides of the political spectrum used that dark pattern to their advantage?
I’ll be happy to discuss them.
-
Here’s an example: there is a transgender YouTuber whose channel is called ‘ContraPoints’. Her name is Natalie Wynn. She makes videos about a variety of different topics. She’s clearly left-wing and has stated openly and frequently that she is not a transmedicalist (essentially someone with a very narrow view of what constitutes a ‘valid’ transgender person).
She was essentially ‘cancelled’ on Twitter, and left Twitter as a result, because she made a video where she used a particular transgender activist as a voice actor for all of 6 seconds in an hour long video. What this activist actually said had nothing to do with transmedicalism, he was there to be the voiceover for a particular quote.
However, because said activist is alleged (without any basis that I’ve seen) to have transmedicalist views, not only did ContraPoints get ostracised from Twitter and harassed so badly she deleted her account and left the platform, but anyone that expressed any support for her (her friends, etc.) were harassed, even if they didn’t actually say anything beyond ‘she’s my friend’.
So to be clear, people get harassed (death threats, other violent threats, spammed with abusive imagery, told to kill themselves, etc.) not just for being a transmedicalist, not just for allegedly being a transmedicalist, not just for collaborating in an unrelated way with someone that they did not know allegedly is a transmedicalist, inhales but for being friends with someone that collaborated with someone that they did not know allegedly is a transmedicalist.
But no you’re right I’m sure that cancel culture isn’t a problem.
-
Can you cite an example of that ‘dark pattern’ you’ve noticed? Can you cite two examples? Can you cite examples where both sides of the political spectrum used that dark pattern to their advantage?
The answer to all your questions is: I don’t need to.
I’ll be happy to discuss them.
I do not have the time nor the inclination to humor you any further than I have.
-
The answer to all your questions is: I don’t need to.
So… it was a straw man. You were just pushing the whole ‘virtue signaling’/‘conservative oppression’ talking point on a conversation that had literally nothing to do with that.
I do not have the time nor the inclination to humor you any further than I have.
I have a feeling that you are one of those people who thinks he’s right even when proven wrong, and has been proven wrong enough times he’s learned not to push the envelope when things aren’t going his way. Can’t say I’m surprised.
-
-
-
-
-
-
-
-
-
-
-
I especially recommend reading the “Low grade “journalists” and internet mob attack RMS with lies.”, article, perhaps more for it’s content than it’s choice of words.
The upside to this whole debacle is that RMS will probably have more tile to work on the GNU project. IMO the role of president of the FSF wasn’t ever the best for him – even if I disagree with they way they amputated him. I’ve been following the Emacs mailing list in more detail recently, and maybe I have a wrong impression, but I see him taking part in the discussions more than at least over the last few years.
-
I remember that article. It had some weird phrasings, since edited:
https://twitter.com/gerikson/status/1176211260142231552
RMS’ more ardent defenders are in general a bit outside the mainstream.
-
This is known as ad-hominem. The author’s personal views (or what kind of person they are) are irrelevant to the validity of arguments presented.
The linked twit is a good reminder of why I avoid twitter. It is a community full of hate and destructive energy, not one of reasoning and respect for difference of opinions.
If someone cannot tolerate the existence of human beings who hold opinions different than theirs, then they’re toxic. Twitter is toxic, as it’s full of this sort of people, to the point it hosts mobs that attack people they disagree with, with the full intent of destroying their lives. This is called mob justice (I believe those involved tend to use euphenisms for this), as opposed to justice. Basically a mob, typically herded by a sociopath, playing judge and executor. It isn’t just in any way.
Twitter tolerates this behaviour and thrives on it. Twitter is a platform for organized hate. It is literally the platform where most of this is conducted. If Twitter went away overnight, the world would be better for it.
-
-
-
-
Hm, that article doesn’t do a great job of proving Stallman’s supposed innocence.
His argument that Minsky having sex with Virginia Giuffre is not a crime even though she was a minor because she was coerced by someone else is ludicrous. By that argument, having sex with a victim of sexual trafficking Is acceptable. Minsky was a grown-ass man that should be responsible - and accountable - for his decisions, including deciding to have sex with a minor in very weird and strange circumstances.
Besides the potential legality based on jurisdiction, the very obvious lack of morality of the act should make anyone take a step back. One can’t equate a 17 year old having sex with a partner of similar age as part of a normal love relationship with a full-grown adult taking advantage of someone barely able to make a decision about their sexuality… and yet, the author of that article seems to think that because Stallman somehow has been consistent about that misrepresentation, that must mean he’s been wronged by someone pointing out it’s wrong.
-
He’s not arguing that it wouldn’t be a crime. I don’t know how you read that from the very clear, incredibly specific text.
-
Did you read the mail thread linked in that article? The whole point of the thread is pondering if they should be calling this sexual assault or not, because to Minsky’s knowledge she could’ve just been a really keen very young woman. For context, they are talking about a 74 year old thinking that a teenager is coming on to him.
-
I know two women who in their teens were gerontophiles.
-
Ah, I see. So that makes it OK, I guess.
-
It makes it believable that an old man could think a teenager is coming onto him, at the least.
-
-
-
The structure of your post throws around some ideas, but doesn’t construct any arguments. It reads as an appeal to emotions.
The whole point of the thread is pondering if they should be calling this sexual assault or not, because to Minsky’s knowledge she could’ve just been a really keen very young woman. For context, they are talking about a 74 year old thinking that a teenager is coming on to him.
Your point being? Be very specific, because through your roundabout strategy, you come out to me as pushing the idea that some topics should never be discussed, that some ideas should be never expressed, and that people who dare do so should be executed by mob. Or that it is alright if this is what happens.
Please correct me if I am wrong. By all means, please tell me this isn’t what you’re trying to push.
-
-
-
Virginia Giuffre
Being born in 1983, she couldn’t have been a minor in 2001 when she alleged this trafficking took place. Assuming that it happened, that Minsky was involved, and that Minsky had sex with her, the crime would not be having sex with a minor.
His argument that Minsky having sex with Virginia Giuffre is not a crime even though she was a minor because she was coerced by someone else is ludicrous. By that argument, having sex with a victim of sexual trafficking Is acceptable.
If you don’t know that someone is a victim of sexual trafficking then it isn’t wrong. Obviously.
-
That depends on the definition of ‘minor’. In most places that means ‘under 18’, and last time I checked, if she was born in - say - September 1983 and the sexual encounter happened in January 2001, that’d make her a minor. In fact, being that both of them are American, and considering that Americans aren’t exempt from crimes committed against other Americans abroad, the statue is even less clear.
If you don’t know that someone is a victim of sexual trafficking then it isn’t wrong. Obviously.
Millions of Johns that got thrown in jail would like to disagree with you.
-
-
-
-
-
10+ years ago, I blocked ads because I didn’t like them. Now I block them for security and privacy purposes. I think “ad blocker” is an outdated term. We should start calling them “browser firewalls.”
-
-
This is actually a hard term to define! You’re right, it’s gone from blocking ads to blocking trackers and other forms of telemetry. “browser firewalls” is good, but even that is slightly out of date - what about all the IoT devices that are sending your usage data over to some third party? That’s become a pretty big concern for a lot of people these days. I honestly don’t have a good answer to this that covers everything.
-
-
-
The reference to inversion of control toward the end is confusing to me. IoC != Inheritance. While I generally agree that inheritance is often not the way to go, IoC as a concept is vital to any large codebase where long-term maintainability is a priority.
-
You are right, these are two different tools, but IoC makes stuff convoluted and should be used very sporadically. There are similarities between them in regards of indirection of code evaluation.
In the end inheritance is worse because it makes it easy to make wrong thing, and IoC is a lot of friction and because of that is used rarely.
-
-
One can no more dissuade a visionary of this kind than one can dissuade a member of the Fabian Society from the virtues of global humanitarian government, but then neither will the vox populi of provincial yokels be of any use in countering it. One can only stoically resign to the pull of inexorable necessity.
With the help of an Internet search query or two, and a good deal of re-reading, I could probably figure out what this means. But I am le tired. And I haven’t even gotten through the first chapter.
This brings up a different controversy: Is writing like this useful to stretch peoples minds, help them grow? Or does it just discourage people and make them feel dumb? Is writing a form of art, or a means of communication, or both?
From my perspective, it looks more focused on artistry than actually communicating and transferring knowledge. Which isn’t necessarily a bad thing.
-
-
-
From my perspective, it looks more focused on artistry than actually communicating and transferring knowledge.
Your perspective may change if you finish reading the document before dashing off to post a comment about the style instead of the substance of the source material. :)
It goes on to give a lot of historical context on previous attempts and on systems issues.
-
-
The point that you mentioned is a local maximum in terms of hard-to-read prose, and (from my reading up to section 2.3) I believe it is a global maximum too - the text is much nicer almost from that passage onward and I only found one other spot that I believe to be particularly egregious. I encourage you to keep going! I very much dislike the Unix culture and tooling in general, but found this article to be fascinating anyway.
-
-
-
-
-
You make the mistake of implying that there’s an objective way to communicate clearly and it’s not instead dependent on the listeners.
Most tech documentations, even when assuming no previous knowledge from the reader, would be unreadable for most people for the sole reason of their structure and dryness.
You’re witnessing something written by a person that is on the boundary between different worlds and can merge them into a single piece of writing and this confuses you. It’s normal and probably the author did it deliberately.
Lot of us programmers on the left are keen in rupturing the cultural and social bubble in which the tech sector is entrenched and I wouldn’t be surprised if the author wrote the piece in this way to deliberately challenge the stylistic elements of engineer-oriented writing.
-
I agree, but I think it’s just interesting that the author seems to have raised the educational bar, not lowered it. Now you have to be an engineer AND a literary genius to understand what’s being written.
And I’m not saying this is necessarily a bad thing. I’m just noting that it’s unapproachable for people like me. I’m sure after a bit more education and time, I’ll appreciate it too.
-
You don’t have to be a genius to understand that paragraph, just literate. I understood it just fine and the highest formal education I’ve received is community college.
Anyone who works in software is accustomed to googling tech jargon they’re unfamiliar with and learning as they go. I think it is interesting that you balk at doing this in a humanities context and perhaps that was the point.
-
I think you hit the nail on the head. It sounds to me like you’ve put in the hard work to understand and appreciate this kind of writing, and that is truly awesome (no sarcasm there). For me, I could totally figure this out, no doubt about it. But it would still be quite the slog, because I haven’t invested quite as much hard work as you have into the humanities yet. And that’s ok.
That’s why I say this “isn’t necessarily a bad thing.” I could use some more development in my humanities skills! But if the goal is to communicate ideas, then writing like this will only communicate ideas to a gifted few who are good at both engineering and humanities. Again: Not necessarily a bad thing.
-
-
-
-
Lot of us programmers on the left are keen in rupturing the cultural and social bubble in which the tech sector is entrenched
And yet you at the same time alienate readers who’ve never studied literature in English, nor English literature. More often than not from second and third world countries.
-
We write in different ways to reach different audiences in different ways. I never said everything should be written this way. There’s a growing idea of writing more propaganda disguised as tech opinion pieces using a language that programmers like. I mean, the far-right has been doing that for three decades now, it’s time for the left to react.
The “poking” at the bubble is complementary and clearly doesn’t aim at reaching the masses, but just at bringing out those that have the potential to connect with those readings.
Also I’m not American, I’m not an English native speaker and in “second and third world countries” humanities are usually valued a lot more than in the protestant anglosphere, so I don’t get your point.
-
-
-
This is the “English (Literary)” locale where it is assumed you know your leftist lore (and French philosophy). Not my thing but sometimes the references lead to interesting wikipedia pages.
-
This brings up a different controversy: Is writing like this useful to stretch peoples minds, help them grow? Or does it just discourage people and make them feel dumb? Is writing a form of art, or a means of communication, or both?
When I was younger I thought that impressing people with my vocabulary is the utmost purpose of my writing, but as years have gone on I have realized that this is just mental peacocking (to use a friendly term). The real greatness is to convey information (or even humor) using simple language while staying informative and engaging. I have been way more impressed with authors being able to write like this than people who just show they own a thesaurus.
-
This brings up a different controversy: Is writing like this useful to stretch peoples minds, help them grow? Or does it just discourage people and make them feel dumb? Is writing a form of art, or a means of communication, or both?
I would argue the former. You’ve learned a little more about the world by virtue of looking up a literary or cultural reference you didn’t previously understand. I’ve done this with plenty of texts I’ve read, in English and particularly in other languages (English is my cradletongue). Of course you weren’t obligated to do so - you could’ve decided that this article about systemd written using these kinds of literary references wasn’t worth your time to understand, and if enough people thought similarly, it would lose a substantial portion of its potential audience. But using literary and cultural references is something that writers and speakers do in pretty much every genre of human communication; and it’s only because this author happened to choose ones that you were unfamiliar with, that you found it something worth remarking on.
-
-
-
I think the article would be much longer if it wasn’t for the use of various literary devices for compression.
Maybe that would be for the better as more people would benefit from reading it.
On the other hand, it’s useful to have someone shine a light on gaps in your knowledge of things which used to be well known. Certainly I don’t think that a lot of the things referred to in the writing should be particularly exotic, yet sadly they are.
Finally, I personally get some enjoyment from reading things like these. It’s the kind of enjoyment I get from reading old books. Difficult to read but full of very interesting ideas.
-
Is writing like this useful to stretch peoples minds
While I do not particularly like the style of this text, I appreciate any kind of writing style that does not resemble the current “ted-talk” style uncultured vomit that is becoming the style of almost everybody today.
-
I”m less offended by the use of some obscure terms and references than by the implicit comparison of a Gnome maintainer to a follower of Stalin:
And if we are to take the “revolution OS” metaphor further, then Bassi’s position is not unlike Stalin’s defense of the need of a vanguard party in The Foundations of Leninism (1924), with those opposed consequently in the role of Trotskyites, Zinovievites and ultra-leftists: “The theory of worshipping spontaneity is decidedly opposed to giving the spontaneous movement a politically conscious, planned character. It is opposed to the Party marching at the head of the working class, to the Party raising the masses to the level of political consciousness, to the Party leading the movement; it is in favour of the politically conscious elements of the movement not hindering the movement from taking its own course; it is in favour of the Party only heeding the spontaneous movement and dragging at the tail of it.”
-
Arguably, in many historical cases, such ways of expression were used to hide the real meaning, a sort of emphemization. It was especially used when it came to criticizing a point of view, to filter out as many people as possible to not bear the consequences of saying clearly what you intended to say. The more fluff and ambiguity the more you can hide behind it.
EDIT as this comment says, it’s called “purple prose”.
-
FWIW, here’s my translation:
You can’t dissuade visionaries like this, and the popular bloggers won’t help you counter them either. All you can do is give in [and use the visionaries’ stuff?]
Without the context of the surrounding paras I don’t really know what they were getting at.
I think people write like this because it’s fun for the writer, not necessarily for the reader ;)
Edit: the context is:
-
The Fabian Society is a British internationalist lefty think tank. Because they’re internationalist and lefty (but not anarchists), they’d probably really like a global humanitarian government.
-
“vox populi” is latin for “voice of the people” and sometimes means the “opinion of the people”, but that bit is a bit clumsy anyway.
-
-
-
valpackett
2 years ago
|
link
| on:
Linux phones such as the Librem 5 are a major degradation from Android or iOS
full system MAC policies
Overrated. A phone is not a government server with lots of actual human users with different secret access clearances, why would you need MAC? App isolation can be done in simpler better ways.
verified boot
Not doing it makes user control easier, screw fiddling with signatures :) But an option to have it would be nice.
app sandboxing
Much less necessary when the apps are FOSS from a trusted repo, instead of ad-ridden proprietary store apps. Firefox sandboxes its own content processes pretty well.
Modem isolation isn’t anything special. Qualcomm SoCs have isolated the modem via an IOMMU for years.
Well, I’d trust good old USB way more than Qualcomm’s piles of custom stuff.
-
Much less necessary when the apps are FOSS from a trusted repo, instead of ad-ridden proprietary store apps. Firefox sandboxes its own content processes pretty well.
You are only one Geary, KMail, Evince, or Okular vulnerability away from a full user account compromise. Sandboxing does not only protect against untrusted applications, but also against vulnerabilities in trusted applications. At least the OpenBSD folks understood this and made pledge, etc and introduced it across the base system. But the larger Linux/FLOSS Unix ecosystem does not seem to get this yet.
The reason why the lack of a proper security model isn’t actively exploited yet, is that the Linux desktop is such a small blip on the radar that it is not a worthwhile target yet. But if you want to compete in the smart phone or desktop markets, you should address such issues.
-
I’m certainly not a security professional, and I don’t want to twist your words, however it sounds to me like you’re advocating “security by not making mistakes.” As if it doesn’t matter how technically easy it is to compromise the whole system, because you’re always only running software written by trustworthy people.
I think the main point of the article is that Android and iOS, while certainly laden with junk and corporate interests, do indeed have a better sandboxing and overall security model than traditional desktop / server OSes like Linux. You need an IT professional to set up sandboxing on Linux. But a regular consumer can have sandboxing by default on Android and iOS.
So the author has a good point; I too am somewhat concerned that by discarding Android and iOS, we’re potentially throwing out the baby with the bath water.
-
You need an IT professional to set up sandboxing on Linux.
Most apps run fine with something like firejail. You don’t need to be an “IT professional” (however you quantify that..?) but I agree it’s not straight forward. The tools are there for someone (Purism?) to create something easier for folks to use out of the box.
-
A CPU developer put it better than I could have:
Security must be unobtrusive, unavoidable, and cheap.
Or it won’t get used.
If “most” applications work in Firejail, then most people (including me) won’t bother trying. It has to work with all of the applications that typical people want to try, and the best way to ensure that developers actually test their app with it is if it’s on by default and rarely turned off.
-
the best way to ensure that developers actually test their app with it is if it’s on by default and rarely turned off.
It’s best if security is at the core of the system. This is why investing in systems built around capabilities (not to be confused with POSIX capabilities) from the start is the only path going forward. seL4 is a good core to build such a system around.
-
-
As someone who has used firejail and bubblewrap, this is a who needs Dropbox, you can do this trivially with curlftpfs comment. There is no way a common user is going to set up firejail. And setting up firejail for them for every (GUI) application is going to be either: meaningless, because you have to expose large parts of a system to make an applications usable; or useless, because your application is contained to such an extend that you cannot open files, pass data between applications, etc. Most of the work in implementing proper sandboxing is in providing mechanisms to securely open files from different places, passing data between applications, etc.
-
Most of the work in implementing proper sandboxing is in providing mechanisms to securely open files from different places, passing data between applications, etc.
This is best achieved in a system that’s designed this way from the get-go. This is what capability-based microkernel multiserver systems such as Genode/seL4 are. Google is no stranger to this, thus Fuchsia. Huawei isn’t sleeping either, thus HarmonyOS.
-
-
-
-
-
-
-
-
But what does it even mean for the host to “decide” something if the USB device can hijack it via another vector and get it to “decide” something else? I’m sure it has some hardening, but I think even the designers of USB would have to agree it is poorly suited to this use case.
-
-
Any buffer overflow in the USB stack on the host OS, or any similar error in the USB controller firmware.
Does the USB controller on the librem 5 have DMA, or is it going through an IOMMU?
-
-
-
-
-
MAC has nothing to do with multi-users.
-
-
I personally can’t believe I’ve lived so long without mtr.
-
Haha, same here. Its basically traceroute on steroids. Colleague of mine showed it to me and I was really like you, …couldn’t believe I got here without. It didn’t solve the problem at hand back then but I was so glad that somebody showed it to me.
You can see in one column the package losses from one hop to the next. If the loss is only happening at one hop this is usually not a problem. Contrary so if the entire loss column would show high loss. My colleague also noted that when I want to see where a connection has problems, I need to run
mtron both ends of the connection.
-
-
pcrock
3 years ago
|
link
| on:
Linux maintains bugs: The real reason ifconfig on Linux is deprecated(2018)
Sounds like another one of those common software development tradeoffs. Building a system with several very disconnected building blocks gives you a certain kind of flexibility, and building a system where everything is developed together as an integrated whole gives you a different kind of flexibility. And they each have their constraints as well.
The Linux way allows you to mix and match building blocks however you want, hence the huge number of distros built for a wide variety of people with different preferences and needs. But that means you have to be careful and slow when making changes.
The BSD way allows you to change the whole system a lot easier because the building blocks aren’t scattered all over the place. You can move faster and easier, but you make it harder to mix and match, hence the relatively few different flavors of BSD.
Both ways make a ton of sense. I am personally glad both options exist.
I agree that with system fonts, few if any users will say, “I hate your font and it prevents me from doing what I want.” So I understand the argument that custom fonts are just frivolous waste.
However fonts are an important tool to affect your users’ subconscious emotional state / attitude toward your content. For example, some fonts nudge people toward a mental state of whimsy, while other fonts nudge users to feel like they’re cosying up with a book, and other fonts feel academic or technical.
Few users are aware that fonts have an effect on their state of mind, but that doesn’t mean the effect isn’t important.