1. 1

      I expected some blog about allowing the failure crate as return type.. (like in futures stuff, web frameworks etc)

      1. 5

        Among other things

        • Gogs as a git endpoint (and I sometimes evaluate switching to gitea)
        • Syncthing relay I don’t use it myself but I like contributing back
        • Various MC servers (and my custom management system for it)
        • VoIP server
        • Lychee for online photo sharing
        1. 3

          As someone who switched from gogs to gitea, it’s very worth it.

          1. 1

            Is the transition painless ? As AFAIK you can’t just switch anymore and I don’t want to break stuff again for people (after switching from gitlab around 2 years back.) Or can you list some really big features you’d recommend, that are not commercial nature (LDAP..).

            1. 2

              No :(

              I set it up from scratch on a new machine (actually on Kubernetes). It’s been worth it though. The wiki support is just like Github’s wikis.

          2. 2

            As a syncthing user… thanks for running a relay! <3

            1. 1

              thanks :)

          1. 2

            Why is the response to the Rust community slut shaming a developer into abandoning their project a dress code instead of making clear that en-masse harassment is not ok?

            1. 3

              Because its better to address the root cause? I’d prefer the Rust community remains positive and constructive. The childhood lesson can be left for the developers that misbehaved.

              1. 3

                This already happened enough in other threads. For example https://words.steveklabnik.com/a-sad-day-for-rust And it is very reasonable to decide on how we can handle safety expectations like these, which fuel the mob.

              1. 9

                A BIG oof about this. I really loved actix for what it was doing for the rust community. But I also shaked my head about how ignorant some of the creators replies seemed to be, when people tried their hardest to point out why a specific usage of unsafe wasn’t right. Still I always kept using actix, because I think that in itself it was a nice project and improving it will eventually remove all its UB. This reminds me of systemd for some reason.

                Obviously there was also too much shitstorm about actix itself, so I can’t blame them for complaining about how people started to treat actix.

                I’ll have to transition some projects. Guess I won’t have to do the async/await switch for the actix code anymore.

                1. 3

                  Even if the code was unsafe and the author impermeable to the remarks, it’s his code and therefore his right. Users of his code are not entitled to anything. If the users don’t like it, they can fork it and do as they please. Expecting anything more is preposterous.

                  1. 2

                    Are there actual exploits for any the unsafe code? Or is it the usual Rust cargo cult over reaction?

                    1. 5

                      Both. Issues got proven to be exploitable from userland.

                      1. 9

                        I wouldn’t go as far. It was proven that there’s a usage pattern that would trigger UB if the user used it this way. The pattern in itself is unlikely and probably not present in any application out there.

                        So there’s no general path to exploiting actix-based applications in general.

                        It’s basically equivalent to the openssl side of heartbleed: if you use openssl wrong, it is exploitable, you are still using it wrong. Given that the actix-web API didn’t seem to be intended for library clients use, it’s even less likely.

                        Not arguing that it shouldn’t be fixed, but let’s be realistic about the impact.

                        1. 4

                          It was proven that there’s a usage pattern that would trigger UB if the user used it this way. The pattern in itself is unlikely and probably not present in any application out there

                          From a security engineer’s point of view, doesn’t that constitute “completely broken”?

                          1. 5

                            No. You are literally flying planes or driving cars based on systems with potentials for such bugs. There’s usually expensive tooling around the “don’t do this, then” (linters and such).

                            1. 3

                              User here refers to the developer using the library, not the user interfacing with the resulting web service. Under normal circumstances (that is, not a contrived example code snippet) it’s not broken, but it requires some amount of care that the problematic pattern wasn’t used somewhere in spite of it being unusual.

                              strcpy isn’t “completely broken” and for a given use of it it’s possible to reason that it is safe (if it is). Still, a security engineer would recommend (and at some point: demand) not to use it to reduce the amount of reasoning required (and remove the code smell). The issue at hand in actix is much less worrisome than strcpy in terms of being able to shoot yourself in the foot.

                              AIUI the author was interested in handling this, but on their own terms. Apparently that wasn’t enough for some and so they cranked up the internet rage engines.

                              1. 2

                                from a security engineer’s perspective we would talk about Likelihood or Difficulty (both of Discovery and of Exploitation) as well as Impact; you may see other metrics thrown in like Confidentiality, Integrity, and Availability.

                                If the user must use a specific library in a problematic way, that usually constitutes a Likelihood of Very Low/Low or a Difficulty of High; basically, yes, this could be bad (Impact of High), but the Likelihood of a user doing that may be very low. Security people who speak in absolutes are usually trying to sell you something or not very effective at their jobs.

                      1. 1

                        Project drama, flagged.

                        Alternately, maybe a release tag would be appropriate.

                        1. 13

                          This is a really big project, used by a lot of people, was the flagship in terms of performance for rust webservers.

                          1. 13

                            And it is being removed nominally due to drama and armchair quarterbacking. There is already at least one comment here already doing the same stuff the author cites as why they’re shutting down the project.

                            That’s why I believe it is worth flagging–is it more likely something constructive is going to happen in the comments, or just that people will dump on the project and navelgaze about the Rust ecosystem and software at large?

                            1. 3

                              I hadn’t heard about this at all until today. I think this can still be constructive by looking at all sides of it.

                              1. 2

                                A constructive thing that might happen is that people may trust each other enough here that an opposing opinion is taken seriously instead of immediately discarded and argued against without listening?

                            2. 7

                              Agreed. After some time an article or two will emerge about it. Those are more appropriate for lobste.rs.

                              1. 8

                                I disagree if only because Klabnik is one of the dwindling number of programming thought-leaders that should command deep respect. Even if the post itself isn’t everyone’s cup of tea (it certainly is mine FWIW), I think that we should always welcome articles from people like Klabnik on lobste.rs and let The Great Arrows of Up and Down decide.

                                1. 6

                                  and let The Great Arrows of Up and Down decide.

                                  I disagree with this position. Klabnik mentioned how reddit’s degradation is built into reddit itself, and IMO he’s right and this is exactly why.

                                  I think this kind of drama is inherently poisonous for communities like lobste.rs (and reddit), because it attracts a lot of attention (and thus upvotes) and because of the kind of discussion that it generates, which only leads to more drama. It’s a vicious cycle.

                                  A little bit is fine every now and then, but too much of it will kill the community. So just be careful :)

                                  1. 4

                                    Funny you say that since he left Lobsters after declaring it a toxic community. I did read his article on HN, though.

                                    1. 1

                                      If I recall correctly, this comment was regarding the github link, before the Klabnik article was merged with it(?*)

                                      • I’m unfamiliar with this feature of lobste.rs
                                      1. 1

                                        Entries that cover the same “topic” can be merged together.

                                    2. 1

                                      Calling this drama is extremely dismissive. Someone got hurt to the point of quitting and you’re just being needlessly mean.

                                      1. 6

                                        People get hurt during drama all the time, that’s rather what makes it drama. It is precisely because somebody got hurt that I don’t think rehashing it here is something we should normalize.

                                        I don’t believe Lobsters should be a secondary attack vector.

                                        1. 1

                                          It’s not a value judgement on what happened, it’s just an observation that this entry isn’t on-topic for this site.

                                          It was also referring to the original github submission, before the Klabnik piece was merged into the discussion.

                                          1. -1

                                            I understand what you were referring to. Calling something drama is a value judgment. It’s possible your intention wasn’t to judge but your statements are judging by nature and mean in effect.

                                            1. 2

                                              I have not been mean or judging in this thread, and I try very hard not to be in others. I resent your accusation.

                                      1. 12

                                        And thus the commons become more tragic.

                                        I’ve wondered, since we rely so much on the whim of others, if, say, Google were just to completely vanish overnight (say, the CEOs think it was an incredible journey, but it’s time to shut off the company, beginning with google.com)… does society have any recourse? I mean, legally, is there any way we can say, no, you can’t shut down google.com because it’s now ingrained into the fabric of our society?

                                        Or does Google not owe us anything? What about Twitter, Facebook, or Youtube, which drive so much of the worldwide economy and politics? How different is this from one small unpaid maintainer of an obscure package closing up shop?

                                        1. 7

                                          Isn’t that logic not really applicable here, since Actix is open source? Someone can just fork it. You can’t fork Google’s entire business and infrastructure.

                                          1. 13

                                            My guess is no-one forks it and it dies. I don’t know what drives anyone to write open source code, I simply can’t fathom the mental health hit it would take to manage a community. People filing bugs on my code in my own company makes me anxious. People filing bugs in public? People shittalking me in public and filing angry bugs on me? Forget it. No way.

                                            The word I am looking for about open source maintainers isn’t hero exactly, but something like that. You have to have a certain stuff that most of us don’t. I would hazard none of those in the peanut gallery who were throwing shells are not the same people who have that stuff.

                                            1. 3

                                              Sadder and confirming your point is that we just had the article on Actix’s optimizations showing the maintainer was ahead of the curve.

                                              1. 2

                                                If not hero, how about martyr?

                                                1. 1

                                                  I used to maintain a large open source project with a friend. Our community is mostly very supportive and when some people aren’t we feel very comfortable telling them that we don’t owe them squat.

                                                2. 4

                                                  Also, what logic? I’m just wondering what happens when we rely on someone’s good will and that good will goes away. People were obviously relying on this guy for something, or otherwise wouldn’t be upset that he’s no longer providing it.

                                                  1. 6

                                                    What you’re saying now, about someone’s good will, is totally disjoint from what you were saying in your other comment: Google, Twitter, Facebook owing us anything.

                                                    I’m just pointing out your statement is not really comparable to what has happened.

                                                    My opinion on all this is… the community killed the project. There are approaches to things, and harassment is not one of them.

                                                    Know what would’ve been super effective?

                                                    Fork the project, make the SAFE changes, show the performance impacts, and if they are marginal, and people like it, then they will use the fork. This introduces a game theory approach: if more people use the fork, the original will fade unless it adapts the changes. And we know this model works - it’s been done many times.

                                                  2. 2

                                                    Being free software doesn’t mean that the original author is required to keep distributing it. If people had neglected to keep copies of the original (which isn’t the case here, granted) the original author has no obligation to make sure you can keep receiving those copies.

                                                    But sometimes, depending on the terms that you received something, free licenses can be revoked. The GPL has an irrevocability clause, but weaker licenses don’t.

                                                    1. 1

                                                      Also crates.io will maintain the current state, so your builds won’t fail from today to tomorrow*

                                                      *(Yes there is still DMCA but that’s a complete different situation.)

                                                    2. 5

                                                      We could charge them for securities fraud. Everything Everywhere Is Securities Fraud!

                                                      1. 2

                                                        Oh, interesting. So, right, shareholders could sue. But can a judge order, bring google.com back up or go to jail or something like that?

                                                      2. 4

                                                        I’ve wondered, since we rely so much on the whim of others, if, say, Google were just to completely vanish overnight (say, the CEOs think it was an incredible journey, but it’s time to shut off the company, beginning with google.com)… does society have any recourse? I mean, legally, is there any way we can say, no, you can’t shut down google.com because it’s now ingrained into the fabric of our society?

                                                        i’d say we would end up with a positive outcome medium-term. short-term it would be “interesting” i guess.

                                                      1. 5

                                                        Why is the whole site blank without JS?!

                                                        1. 2

                                                          Websites showing blank screen without ES3000 in bleeding edge browser and ubiquity of cable modems (I thought it’s weird 1990s tech, isn’t it dialup over TV coax cable multiplexed with actual analog TV?) — that’s real cyberpunk.

                                                          (Now I’m going to detach hard disk from my computer to go to neighbor to copy their NPM cache)

                                                          1. 3

                                                            Cable modems encode the data into MPEG

                                                            https://computer.howstuffworks.com/cable-modem5.htm

                                                            1. 1

                                                              When I learned about this (last year), I definitely felt more surprised and fascinated at this approach than I thought I should have been.

                                                          2. 1

                                                            Welcome to the modern web ;)

                                                          1. 3

                                                            It’d be sad to see wire go. Their UI and some features were better than signal for everday users, also they did stuff like opensource their server software and experiment with a rust client. (And I know people were verifying their crypto core.) Really wasted potential, and I’ll have to move part of my family to another client again.

                                                            1. 5

                                                              and I’ll have to move part of my family to another client again.

                                                              any good alternatives?

                                                              1. 2

                                                                Out of the box it’d be signal if you want to stay in the same encryption/app scheme (desktop app,mobile clients, uses “the” signal protocol), but I’ll also take a look at matrix/riot.

                                                                1. 11

                                                                  Signal is effectively yet another walled garden, and moxie insists on keeping it that way. I would avoid it at this point.

                                                                  I recently set up my own XMPP server and successfully migrated friends and family to using it. Some even registered with other servers! We are all using OMEMO. There were a few hiccups but it has gone pretty well, and now we are using a federated protocol that has been around for ~20 years.

                                                                  1. 4

                                                                    I’ve seen some stuff regarding that, but, I’ll be honest: I’ve never tried XMPP and Matrix, I’ve only watched it from the outside. There still seem to be many hiccups, and I’m really keen on having a solution that works and where I don’t have to do the support from long distance when something breaks. In my experience you’ll otherwise loose people over to stuff where it’s “just working” and then you don’t have any saying in that decision anymore. (Friends moving to telegram/whatsapp, or people only being reachable there because all other systems just have a broken push notification system for them and/or won’t get re-installed next time the phone is wiped.)
                                                                    So I’m ok with signals walled garden if it’s working.
                                                                    Because the sad truth is that most people don’t have the time or nerves to get things working again, even though it may seem simple, but you’re also just used to that. It’s why google wins on android, everything else is subtle but annoyingly harder to maintain or set up.

                                                                    1. 3

                                                                      TLDR: signal just works currently and specifically moxies “walled garden” isn’t that of a problem from my perspective.

                                                                      1. 6

                                                                        Wire’s walled garden wasn’t a problem until now. I say it’s only a matter of time for Signal.

                                                                        1. 6

                                                                          Wire is a venture-funded for-profit corporation. Signal Foundation is a 501c3 non-profit.

                                                                        2. 3

                                                                          I like signal, but I’ve been hesitant to hand out my phone number to “unvetted acquaintances” online, mostly due to the fact that many companies (like banks!) wrongly rely on sms based auth mechanisms. If signal allowed the use of email as a “contact” instead of a phone number, I would find it usable for many additional use-cases.

                                                                          1. 2

                                                                            Depending on your use case you might want to check out telegram with correctly set privacy settings, if you’re not talking about sensitive data but want a simple way to contact people without revealing your phone number.

                                                                            1. 2

                                                                              I have a dedicated, 2eur/month contract, dumb phone which I use only for these kind of things.

                                                                    2. 2

                                                                      Depends on what you need.

                                                                      If you can live with the security of Telegram that is an excellent option ux-wise. Excellent clients for Android, iOS, Linux, Windows and I guess Mac as well (I haven’t tested it but AFAIK it is not just another Electron wrapper.)

                                                                      It is however not e2e-encrypted though. Client to server is encrypted like gmail and my bank and they seem to care a lot even if some of the things they say or do doesn’t make sense to me.

                                                                      I use it for a lot of my messaging.

                                                                      1. 2

                                                                        It is however not e2e-encrypted though

                                                                        Secret chats are.

                                                                        The paranoid crowd likes to dunk on Telegram for not making secret the default/only way to chat, but I like the convenience of non-e2e chats (search all the history on any device without any problems and so on)

                                                                        1. 1

                                                                          Good point!

                                                                      2. 2

                                                                        I’m still rooting for Matrix because they’re completely open source, federated (I think this is a really important point many overlook) and end-to-end-encryption. The company behind Matrix has a good reputation and even created the Matrix foundation to prevent this kind of corporate takeover of the communication platform. Just be aware that while e2e-encryption was implemented from the start and you can use it today, there are finishing touches being done to the UI right now so that it gets more usable/practical (cross-signing of new devices you log in to). The encryption stuff is a little harder to implement because Matrix is federated but there is a clear plan of how to solve all the issues and I hope they are finished soon :)

                                                                      3. 2

                                                                        They couldn’t fix a 100% CPU bug on iOS that has been plaguing anyone who uses it for VOIP calls over the last 2+ years. I lost faith in their talent a long time ago.

                                                                        1. 2

                                                                          There are similar outstanding problems on (older?) android devices too. On my old Samsung S4 your UI would hang for up to three seconds upon sending an image or loading high-through chats. Signal catches up in some aspects but still feels much more MVP. (I’ve had huge issues with random message-timers going on/off in bigger groups and messages never getting delivered or only partially, as well as people getting personal notifications about failed message receiving, which never got existed. Stuff that never happened on wire.)

                                                                          Edit: Also signal really needs a progress-indicator which shows how many more messages to load, I sometime wait for ~800 upon opening the desktop app.

                                                                      1. 3

                                                                        Some of these “Make XX faster with Rust…” articles are really grasping at straws to make Rust look fast. If speed were a big issue here the code wouldn’t have been written in Python in the first place - it’s not exactly a fast language. Realistically, almost any native compiled language would’ve beaten Python.

                                                                        Calling Rust from Python through Vim is a neat idea on its own, why focus on performance if it’s not relevant?

                                                                        1. 10

                                                                          You should’ve read the article. It’s specifically mentioned that this was a performance (and async -> threaded) drop-in replacement for an existing part of the tool where the previous vimscript & python implementations failed. Furthermore it’s also said why, even today, the native & python variants are optional and this was written in scripts that, as you said, are known to be slow.

                                                                          1. 1

                                                                            100% agree. There is no longer a wow factor just because you used Rust. Unless it somehow drastically improves security or something then the fact you use rust is completely irrelevant. Otherwise, as you pointed out, you just replaced an interpreted language with a compiled one.

                                                                            1. 3

                                                                              This sounds like a “there’s already a song about love” criticism. It’s a good article that delivers what it promises.

                                                                              It shows yet another way to improve speed of Python code (and there are a few to choose from). It shows that it’s relatively easy to do it (FFI can be messy and not all languages work together well). It shows there already are Rust libraries to handle the hard parts (not everyone may be aware that the Rust ecosystem is big enough to have this). And it shows that it all works together and achieves the desired goal. Overall it’s a useful article even if it’s not groundbreaking.

                                                                              1. 1

                                                                                No one said the article wasn’t useful. And no one said it didn’t deliver what it promised. My gripe is that if you take “rust” out of the headline an article like this gets half the up votes and half the reads.

                                                                                There’s nothing here specific to rust. I’m sure common lisp has all the necessary plumbing to do the exact same thing. The only difference is less fan fare.

                                                                                I feel like a lot of the tech community is still riding that “rewrite everything in rust” wagon and I’m tired of it.

                                                                                1. 2

                                                                                  My gripe is that if you take “rust” out of the headline an article like this gets half the up votes and half the reads.

                                                                                  Definitely, but you’re justifying this with the wrong argument in my opinion. People will indeed click on the link because there’s Rust in it, but not because of the hype. They’ll click because they interested to see a concrete application of this with Rust (or at least that’s why I’ve clicked).

                                                                                  1. 1

                                                                                    People will indeed click on the link because there’s Rust in it, but not because of the hype.

                                                                                    I’m afraid neither of us prove this one way or the other.

                                                                                  2. 1

                                                                                    So it’s a useful article that delivers what it promised, but you don’t like it talks about Rust…

                                                                                    There’s nothing here specific to rust. I’m sure common lisp has all the necessary plumbing to do the exact same thing.

                                                                                    There are lots of languages that can do similar things. I don’t see anyone complaining about the Python part, even though Lisp and JavaScript have necessary plumbing for writing editor plugins, too.

                                                                                    Use of Rust in this article was technically justified. Someone can still write an article about doing the same with Lisp. I’d actually be interested to see how they compare.

                                                                                    1. 1

                                                                                      but you don’t like it talks about Rust…

                                                                                      I’m disappointed that, again IMO, the hype around rust still revolves around the “rewrite the world in rust” trope. I have no problem with rust, and I appreciate the drive it’s given to other languages to increase safety-by-default (e.g. the current work in D).

                                                                            1. 2

                                                                              Learning more kotlin & rust. And finally finishing that course about

                                                                              algebraic structures, RSA methods for data encryption finite-dimensional vector spaces, linear maps and matrices, Gaussian algorithm, determinants, eigenvalues, real and complex numbers, Consequences and convergence.

                                                                              I can spend days getting some futures 0.1 stuff in rust to work (or spend days in work), but I’m so bad at really investing time into that course. The moment I’ve understood how/why it works I’m already back thinking about rust.. Apparently people can’t understand how you can be bad at “Math” but good at this. Still I should at least finish that degree.

                                                                              1. 6

                                                                                I’ve got one in use since a year and its working pretty well so far.

                                                                                You can export as PDF etc, so it’s not like your stuff is lost forever, though I rarely need that.

                                                                                1. 2

                                                                                  Author is using a std::sync::Mutex, but I think should use a tokio::sync::Mutex, otherwise this can and eventually will lock up the runtime (-thread) and all other futures in the queue.

                                                                                  (And mentioning atomics could help some people here, as you get lock free shared state.) Otherwise this looks promising for my upcoming futures-0.1 to async/await transition.

                                                                                  1. 2

                                                                                    Good point. I wasn’t paying much attention to the Mutex bit, since it was an intermediate step towards my real goal of LocalSet. But the way I wrote it is definitely wrong. Thanks!

                                                                                  1. 1

                                                                                    Typical Rust + JS setup I’d guess ?

                                                                                    • Ansible
                                                                                    • Better Jinja
                                                                                    • crates
                                                                                    • IntelliJ IDEA Keybindings
                                                                                    • Rust (rls)
                                                                                    • SQLTools
                                                                                    • TOML Language Support
                                                                                    1. 32

                                                                                      So if you get caught pirating a movie/music/software for personal use, you could be fined between $750 and $30,000 in statuary damages. If the infringement is found to be willful, damages could be as much as $150,000. [1]

                                                                                      On the other hand, Tesla is willfully pirating various software, which it then resells for profit. Tesla knows it’s doing this. It has been documented for years.

                                                                                      Why hasn’t this gone to court? I must be missing something?

                                                                                      1: https://codes.findlaw.com/us/title-17-copyrights/17-usc-sect-504.html

                                                                                      1. 18

                                                                                        With a few notable exceptions, the copyright holders of GPL software haven’t chosen to take GPL violators to court. Lawsuits are expensive and stressful. The early/landmark GPL cases mostly happened in association with the Software Freedom Law Centre.

                                                                                        I’m not a lawyer or an expert on the details, but as far as I understand Software Freedom Conservancy was founded by ex-SFLC employees and has a different philosophy that is more along the lines of attempting to cooperate with companies and educate them in order to make complying with GPL easier and less confrontational. Although they’ve also supported litigation in the past.

                                                                                        The blog post suggests they are losing patience with Tesla as the “carrot” approach has stalled…

                                                                                        1. 23

                                                                                          Or more succinctly: your rights are only as strong as your ability and willingness to defend them.

                                                                                          1. 8

                                                                                            I guess. Ability, in a realpolitik sense, seems like a big limiting factor.

                                                                                            I am sympathetic to what I see SFC doing to change the narrative around GPL compliance from “if you don’t do this then angry nerds will post angry pseudo-legal rants on the internet and someone might actually choose to sue you” into “GPL compliance is not that hard, here’s how to do it correctly. Also, doing it correctly saves you from legal liabilities now and in the future.”

                                                                                            It seems more pragmatic, and it takes into account the massive power imbalance between most GPL copyright holders (even SFC/SFLC as power-aggregating entities are small by comparison) and many GPL violating companies.

                                                                                            Legitimately interested to see where this Tesla thing goes.

                                                                                        2. 1

                                                                                          There are still a bunch of companies out there that operate under the idea that any free software is a virus like the GPL.

                                                                                          They call it virus as due to various issues they are not prepared for disclosing any sourcecode or may not even be able to do so.

                                                                                          Why would you still want them to use the GPL ? Because you don’t want them to re-invent the wheel X times again (crypto here we come) and rather use software that is stable. Because you want them to start adopting free software that isn’t GPL licensed so they may get used to using the GPL and one day start contributing back and opensourcing own stuff. There are also just people working and they’d also like to use for example some bootstrap for the website instead of having to copy stuff over.

                                                                                          Because you don’t want people to ditch things like linux in favour of some other big kernel which allows non GPL code, so you’re stuck again without any vendor support for hardware and such.

                                                                                          Making lawsuits here will scare away even more of these companies, showing them that apparently you should never use free or even worse GPL software (and here you already expect them to differentiate between GPL and other license, which they mostly don’t do).

                                                                                          This already starts with the question whether such companies will use GCC (and thus compatible code) or Rust as they are under a free license. So if you really try you will be able to damage things even here.

                                                                                          1. -3

                                                                                            Because no one cares about GPL and every time it took to the the court it was only to show off or to let FSF fsck off. No company has gotten into any sort of serious trouble due to that, except minor fatigue and additional paperwork for lawyers.

                                                                                            1. 14

                                                                                              It looks like it generally holds up in court: https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases

                                                                                              It doesn’t look like any of those cases have been so clearly willful, open, and as ongoing as Tesla’s case, either.

                                                                                          1. 8

                                                                                            I’m not sure what to make of it. On the one hand I think it’s great that GitLab chose to revert the announced changes, this means we don’t have to migrate our code on a really short notice. But on the other hand I am not sure if they can be trusted from now on. They deliberately wanted to use surveillance on their users and moved away from those so called ‘core values of their customers’. Who says they won’t try it again in the future? Or that they won’t try something more sneaky like using server log monitoring/analyses without people knowing instead of a third-party tracker.

                                                                                            The worst thing I guess is that they didn’t expect such backlash (or as GitLab frames it ‘considerable feedback’), but seriously how can you not expect that? Most companies I know that use GitLab use it for the simple fact that it isn’t GitHub/Microsoft and that it always seemed to have a moral compass. It just doesn’t make sense to me…

                                                                                            Migrating to another hosted git seems inevitable and I read a lot of positive things about sr.ht/sourcehut/sir hat lately here on Lobsters. Are there people here with first hand experience? Or is that considered too much offtopic?

                                                                                            1. 27

                                                                                              I never saw the move from GitHub -> GitLab as anything but a temporary measure to buy time while we waited for GitLab’s leadership to crank the dial from “happy users” to “happy investors”. This problem will continue for any investor-backed company; it’s just a matter of time.

                                                                                              1. 2

                                                                                                Get a VPS and install gitea/gogs or ask people for using theirs. At least I keep an installation around.

                                                                                              1. 1

                                                                                                I understand about the keyboard, but there is a workaround until Apple puts out models with solid keyboards again. I bought a perfect-condition used 15” 2015 model for €800 a couple of months back. I don’t understand sinking that much time into getting something kinda-working when you’re running a business.

                                                                                                1. 4

                                                                                                  Or, and stay with me here, Windows?

                                                                                                  1. 3

                                                                                                    If I was a rational being, yes : ) MS worked hard to alienate me in the Ballmer days tho. One day i’ll get over it. Hopefully by the time BashOnWindows (or however it is branded these days) supports GPU/Cuda, and similar not-quite-linux issues have been solved.

                                                                                                    BUT then there’s ads and surveillance? How are people okay paying for an OS but then later the company also squeezing even more money out of you after the transaction by selling your attention/screenestate/privacy?

                                                                                                    1. 1

                                                                                                      | How are people okay

                                                                                                      They don’t.. Or at least I’m not. I’ll have to see what my w7 desktop will become in the future. As of now I’ve moved myself and my family including grandparents completely to KUbuntu. This started when microsoft gave you the fear of upgrading to windows 10 over night. (So there was the possibility of getting calls from your parents that everything’s changed or worse broken..)

                                                                                                      They were used to firefox + thunderbird + libreoffice before, so it wasn’t that of a big jump, in terms of daily software.

                                                                                                      And I got away from any modern days scam mail software, as they tend to only work on windows. (and require things like hidden file extensions and auto-executing JS files on click..)

                                                                                                    2. 1

                                                                                                      Absolutely. Or Linux, but where there is less work required to get it running smoothly.

                                                                                                      I’ve been perfectly productive on Linux on a Thinkpad many times, with the tweaks required to get them running smoothly being fewer and easier over the years. My last one was a t450s with KDE Neon and the only tweak I needed was to make the fingerprint scanner work. I would have lived without it.

                                                                                                      Windows is fine if you don’t mind the amount of UI churn, the flow-breaking updates, the adverts(!) and the malware threat. I don’t mean this snidely - it really is fine.

                                                                                                    3. 2

                                                                                                      For my work I kinda need as much speed as I can get as it increases my productivity near-linearly for many jobs (like video encoding tests). So I’m kinda stuck on the (Apple) high end and who knows what Apple ships next and for how much. It felt like a liability. I feel I’m ensured of a fast machine forever now.

                                                                                                      1. 1

                                                                                                        I’m curious about the world of external GPUs. I don’t have a use for them myself, but they seem to be a thing now. Does your video encoding get a lot faster with a ‘proper’ desktop GPU with big fans?

                                                                                                      2. 1

                                                                                                        You may very well be buying a ultrabook if you’re already going for a specific vendor and a stable OS.

                                                                                                      1. 1

                                                                                                        I expected something like huge complaints but this is sensible. Regarding things like the clipboard: I’m surprised to see this problem as I specifically had to disable this clipboard manager from KDE on my KUbuntu due to password managers.. So if KDE already has this per default I’d expect Ubuntu to also have this. I wonder if the OEM installation really was a default one?

                                                                                                        Yes hardware can be a pain. I directly went to a linux-device-vendor and got my laptop there. Even running with an hybrid GPU stack (nvidia/intel) now, although nvidia can be a real pain to upgrade. For the audio stuff you may also try pavucontrol (and pavucontrol-qt here on KDE). I tend to enjoy its UI more for settings audio options.

                                                                                                        For email I switched to KMail when I left Windows 7, it has its quirks but support per-account profiles that set the email appendix, encryption (build in PGP) etc. But as most of my stuff it’s KDE software, which can be a no-go for some people.

                                                                                                        You didn’t list anything for backups so I’ll recommend one: BackInTime (with KDE; gnome, .. frontends)

                                                                                                        I’ve never got experience with apple because at the time I wanted a new laptop, apple started hard-soldering RAM/SSD.

                                                                                                        Since moving away from windows (7) for my work I’ve never looked back now and find my windows desktop to be annoying.

                                                                                                        1. 2

                                                                                                          With the risk of showing this too early: I’ll try to get out a 0.1 version of my service-daemon, so some friends can start crashing start/stopping their java service on the server. This will also be a nice study for using pretty edge-features in rust[1] for a quite simple service that ships with 2FA and a user system.

                                                                                                          I’d really like to get some possible input about some design decisions (local DB currently, configuration etc).

                                                                                                          [1] Actix-web 1.0, futures 0.1 with sled 0.24 and no framework on top.

                                                                                                          I’ll also have to attend a musical and a birthday party or I’ll get some angry looks, so let’s see how good my train connection is for this weekend :)

                                                                                                            1. 6

                                                                                                              Wow, this Github thread was painful to read. Thanks for the reference!

                                                                                                              1. 3

                                                                                                                We had the same issue with the palemoon author for publishing PKGBUILDs on the Arch User Repository (since it patched the build process in the PKGBUILD). I personally can’t take such a project serious and wouldn’t recommend anyone to use it.

                                                                                                                1. 1

                                                                                                                  As “upstream” I’d be happy if people came around and showed so much interest in my project that they’d start to package it on their own, even more when they’re more proficient on that platform..

                                                                                                                  1. 2

                                                                                                                    On the other hand you’ll get bug reports that you can’t reproduce because people will complain with upstream, not with the packager. And then you’ll need to go hunting for whoever messed up the binary with local patches.

                                                                                                                    So I can understand projects (which includes Mozilla) expecting such distributors to use a branding that is clearly different from theirs, but the attitude they demonstrated on that issue was completely out of line.

                                                                                                                2. 2

                                                                                                                  ok I was about to reply that we shouldn’t further stamp on somebodies project (see V), but this is painful..

                                                                                                                  I will not be as educational next time.

                                                                                                                  1. 2

                                                                                                                    I “”“love””” what they’ve done to about:mozilla (link to git). Not condescending at all!