1. 1

    Playing around with this declarative ui thing using v9 ideas/the One Name Rule:

    let mut window = Window::new("Hi");
    
    // Window holds the app's state.
    // You want as many discrete objects as possible.
    struct Count {
        n: i32,
    }
    window.register(Count { n: 0 });
    
    let button = window.add::<Button>();
    let label: Id<Label> = window.add::<Label>();
    // Same as (PhantomData<W>, u64)
    
    window.on(event::Press(button), |count: &mut Count| {
        count.n += 1
        // The mutable reference means that the Count object may have changed.
        // So any dependencies will need to be updated.
    });
    window.set0(label, |widget: &mut Label, count: &Count| {
        // This closure uses &Count, so we infer `label` to be a dependency.
        widget.text = format!("Count: {}", count.n);
    });
    window.set1(label, |count: &Count| -> String {
        // We can do this better.
        // &mut Label is very broad, so instead of modifying the entire object,
        // we could modify just one particular sub-object.
        // `Label` implements a trait that allows it to handle `String` objects being thrown at it.
        format!("Count: {}", count.n)
    });
    window.set2(label, |text: &mut String, count: &Count| {
        // We could modify the sub-object by reference; not allocating is nice.
        text.clear();
        write!(text, "Count: {}", count.n);
    });
    // It's also acceptable to have a 0-argument closure.
    window.set3(button, || String::from("Increment"));
    // It doesn't need to be a closure, and it doesn't need to be a String.
    // (These sorts of niceties would be specially provided by Widgets.)
    window.set4(button, "Increment");
    // (These set functions could all be overloaded to just `set`, but maybe not both set0 and set2.)
    
    window.run();
    
    1. 1

      Interesting ideas, I want to look into this more closely. How would you describe the advantages and disadvantages of this approach as opposed to what druid does?

      1. 1

        IIUC druid must diff everything. This could be pretty bad for something like MS Word, where you’ve got a lot of state on screen, and the user is typing events at a rapid pace. With this other approach, the system can see more specifically what you’re changing. It could still run a diff, on a much smaller state, or just not bother & update always. With this setup the flow of control becomes less obvious, and there’s the possibility of an endless loop if diffing isn’t done.

        1. 2

          It diffs from the top of the tree, but absolutely doesn’t need to touch all state while diffing. This is what the lenses and immutable data structures are about - they should be able to deliver a fine grained delta (at modest cost, usually O(log n)) when not much has changed. But we don’t know yet just how well this will work.

          In any case, I think it’s possible to build a UI more along the lines you suggest, and I would like to understand better how that would work.

    1. 9

      Yes, this is also a good page about the issue, and related issues:

      https://dwheeler.com/essays/filenames-in-shell.html

      As some might know, https://www.oilshell.org/ is very much about proper parsing and string safety.

      Code and data are kept separate. For example:

      • Shell arithmetic expansion conflates data and code, but Oil statically parses arithmetic expressions instead.
      • Shellshock was also about the conflation of data and code, with the export -f misfeature that serialized a function to a string!

      However I don’t really have answer to this flag vs. arg issue (flag being code, and arg being data), other than “use -- everywhere”.

      Relatedly, in Oil, echo is no longer a special case because it supports -- (if you use bin/oil rather than bin/osh). So you can do echo -- $x, which is a safe version of echo $x.

      • In POSIX shell you have to use printf to echo an arbitrary string, although not many shell scripts follow that discipline!
      • You can’t use echo -- $x in POSIX shell because that would output 2 dashes also :)

      If anyone has a better idea than “use -- everywhere”, let me know :)

      I guess you write shell in two modes: the quick and dirty throwaway, and then Oil is supposed to allow you to upgrade that to a “real” program. So there could be a lint tool that warns about -- or just auto-refactors the script for you. Or maybe there is some option that breaks with shell more radically.

      1. 4

        If you ever write a script that operates on untrusted files, always make sure the command will do exactly the thing you wanted it to do.

        The problem is that when you ask yourself “does this do exactly what I want it to?”, you don’t have the imagination to come up with something like “filenames that look like flags will be interpreted as one.”

        Someone who would make a safer, saner shell to write programs with would be a hero.

        1. 3

          I started some work on a safer, more explicit shell, realizing that the fundamental offering of any shell is the ability to just type the name of a function and arguments unadorned. I called this “quotation”.

          However, after thinking about it more, I realized that no solution will solve the dissonance inherent to any language like that. You will always be tripping up and compromising over where something is or is not quoted. All templating languages have this problem.

          Instead, I’m currently of the opinion that an approach more like PowerShell, in which you call functions, not write the names of programs and arguments as text, is the right way forward. This removes the problem of quotation. The downside to this approach is that it requires work to produce the APIs. It’s fine if you have a large standard library, as PowerShell does, but being able to pull a binary off the shelf e.g. one written in e.g. Python or C should still be natural.

          The missing part therefore, in my opinion, is that programs (in any system be it Linux, OS X, Windows, BSD), ought to be accompanied by a schema (could be in JSON, doesn’t matter), let’s say git and git.schema, which can be interpreted offline or “cold” – without running the program (very important) –in order to know (1) arguments/flags the program accepts (as commands or switches), (2) the types/formats of those inputs, (3) possibly list the side-effects of those commands.

          This allows a shell or IDE to provide a very strong completion and type-checking checking story, and to provide it out of the box. A projectional editor would be satisfying here, too (even something as simple as CLIM’s listener).

          When downloading a random binary online, you could additionally download the schema for it. The schema file itself can contain a SHA256 of the binary that it’s talking about, to avoid accidental misuse. Currently if you want completion for an exe, you have to generate some bash. So it’s clear that the need is already there, it’s just implemented in a poorly done way.

          The upside to this approach is that it’s additive, no one has to change their existing software. Additionally, it’s easy to produce for old software; You can make a parser for --help or man pages to generate a “best guess” schema for a program. The reason you wouldn’t put this into a shell by default would be because some programs don’t accept --help and/or they run side effects and delete things. Existing opt parser libraries can generate such schemas, just like some of them can generate bash at the moment.

          Another upside is that it can simply be a standard/RFC published freely, just like JSON.

          I haven’t moved forward on this schema idea yet, because it’s hard to research existing solutions (hard to google for). It would be an FFI standard but instead of calling C functions you’re calling processes.

          1. 2

            Yeah I agree with your diagnosis of the issue. You need a schema and a parser to go along with every command.

            I say a parser because in general every command has its own syntax, in addition to semantics (the types of the arguments). Some commands recognize fully recursive languages in their args like find, test, and expr. (Although of course there are common conventions.)

            It relates pretty strongly to this idea about shell-agnostic autocompletion we’ve been kicking around. Every command needs a parser and a schema there too.

            https://github.com/oilshell/oil/wiki/Shellac-Protocol-Proposal

            And yes it’s nice to have the property that it’s a pure addition. It’s basically like TypeScript or MyPy (which I’m using in Oil). They handle a lot of messiness to provide you with a smooth upgrade path.

            If you’d like to pursue these ideas I think Oil will help because it has an accurate and flexible shell parser :) I break shell completion into two parts: (1) completing the shell language, then (2) completing the language of each individual tool. That’s the only way to do it correctly AFAICT. bash conflates the two problems which leads to a lot of upstream hacks.

          2. 1

            That’s really interesting, especially thanks for the dwheeler page.

            I solve shell problems by using shellcheck all the time, it catches most mistakes one can make and it itegrates nicely into existing editors.

            Oil looks really interesting and is certainly better than the shell+shellcheck combo, but I don’t think I want to write everything in new syntax that is not universal and might mean I’ll have to rewrite it in bash later anyway.

            1. 3

              Well Oil is very bash compatible – it runs your existing shell/bash scripts. You can use it as another correctness tool on top of ShellCheck. It catches problems at runtime in addition at parse time.

              Example: Oil’s Stricter Semantics Solve Real Problems

              There are a bunch of other examples I should write about too.

              If your shell scripts are used for years, and keep getting enhanced, chances are that you will run into the limitations of bash. And you won’t want to rewrite the whole thing in another language. That’s what Oil is for :) It’s fine to stick with bash now, but as you use shell more and more, you will run into a lot of limitations.

            2. 1

              Yes, this is also a good page about the issue, and related issues:

              I disagree with all items marked as “#WRONG” in this site. Clean globbing is too powerful and beautiful to complexify with these mundane problems. Filenames are variable names, not data, and you get to chose them. What is actually wrong is the existence of files with crazy names. This should be solved at the filesystem level by disallowing e.g. the space character on a filename (no need to bother the user, it could be translated simply into a non-breaking space character, and nobody would notice except shell scripts).

              1. 3

                Filenames are variable names, not data, and you get to chose them

                The problem is you don’t always; if I write a script and you run it, then the author of the script didn’t choose the filenames.

                What is actually wrong is the existence of files with crazy names. This should be solved at the filesystem level

                That is more or less the same conclusion the author makes: https://dwheeler.com/essays/fixing-unix-linux-filenames.html

              2. 1

                a better idea than “use – everywhere”

                An environment variable indicating the providence of each argument, and sending patches to getopt, argp, coreutils, bash, and your favorite unix programs.

              1. 2

                Thank you for sharing this again; I couldn’t remember the name.

                Distinguishing input and outputs of an opcode might be done with a merely decorative sigil, just like the opcode names.

                I allocate local variables on the stack but forget to clean them up before returning.

                You don’t need this problem. If none of your functions are reentrant then you can use static local variables instead. Reentrancy was not the default in the ancient tongues.

                I have what is probably a simple plan for memory safety: divide the program into an upper imperative layer and a lower functional layer. Functions in the functional layer can only return copies. In the imperative layer everything is reference-counted (Rc<RefCell<_>>). With additional complication you could allow the functional layer to modify owned values & mutable references. (This model is unfortunately incompatible with OOP.)

                I’ve been finding good error messages to be more valuable than syntactic conveniences.

                Perhaps “design by error quality” should be a thing.

                1. 3

                  Thank you, yes “design by error quality” feels like a movement I can get behind.

                  But I’m still too much of a lisper to give up recursive functions :)

                1. 5

                  A more natural metric for “Isolation”: expression, method, class, file, package, library, application, container (or machine/OS/box), cluster (or intranet), internet. A sort of generalization of lexical scope, or global variables. You might also split it up by mutability; testing your application’s installer might need ‘read’ access all the way up to the internet for downloading dependencies, but require write access only up to the container.

                  1. 4

                    Thanks for the ideas, I’ve added them to the post.

                  1. 2

                    This, the the bottom half, may be more informative. Looks like freeze takes an LLVM SSA register and returns a value whose contents are not undefined. So this should allow you to change a radioactive go-back-in-time-and-shoot-your-dog undefined value into harmless garbage.

                    1. 5
                      $640.00/mo  Philadelphia datacenter lease
                      $129/qtr    San Francisco datacenter lease
                      

                      @SirCmpwn What sort of hardware is Sourcehut running on? Quite a difference between the two leases; the SF lease is just for offsite backup?

                      1. 6

                        The SF lease is just a single backup server, yeah. In Philadelphia I have a 2/3rds full half rack which runs most of Sourcehut.

                      1. 2

                        Could benefit from sound.

                        1. 1

                          I was following it up until the linear logic part; I think the first principles of LL could be explained better here.

                          1. 1

                            Same. I’m also not understanding how the two parts are supposed to relate. But the first part seems very good. The WP article is giving me the impression that it’s like boolean logic with an imaginary unit??? (You might recall from general Rust exposure that conservation of mass should somehow play a role as well.) Wikipedia, and Girard’s paper, have proven unhelpful to me; I am hoping that the lecture notes of this course will get me somewhere.

                            1. 1

                              While ago I learnt from Pfenning’s course notes. There’s this constructive logic course.

                              In intuitionistic logic you describe propositions as what is a proof for a proposition. We can apply this to type theory. For example: proof for proposition ‘Nat’ would be 0, or 1, or 2. Linear logic further distinguishes propositions by describing what is a refutation for a proposition.

                            2. 1

                              A better explanation for LL might deserve its own post. Still I improved the example proof a bit. I even found a bug in the definition of the palindrome.

                            1. 5

                              Well. I propose making pipes multi-channel & segmented, and using that to write metadata/attributes without inline escaping. stdout.channel("color").write("red"); stdout.write("Hello"). Drag Unix kicking and screaming into the Year of the Justifiably Defensive Lobster!

                              1. 8

                                Having inline escape codes might not seem pretty, but it’s good for the same reason UTF-8 is good:

                                • anything will accept it, even if it doesn’t understand colour.
                                • programmers can put a lot less effort in, especially initially, if they don’t care about all of the features.

                                Or: don’t add more dimensions to a problem that can already be serialised into 1D, if you start solving problems by adding dimensions then you will end up with a hypercube.

                                Drag Unix kicking and screaming into the Year of the Justifiably Defensive Lobster!

                                Slippery sidenote: I’m not a fan of using the word ‘modern’ to describe software in a good light, or saying something is bad because it’s “not modern”.

                                If there’s is one lesson that we should have learned from the past few decades of software development it’s that you should not assume that current fashions, expectations or trends in programming are in any way better than prior ones. Most of them are just as bad (in different ways), and this is only properly realised years later.

                                EDIT: If you’re writing something to be useful, then stick to tried and true development & design practices. Don’t equate “modern” to mean “tried and true”.

                                1. 3

                                  I’m not a fan of using the word ‘modern’ to describe software in a good light

                                  Same. I roll my eyes whenever I read the phrase “modern programming language”.

                                  As for UTF-8: it can have just as graceful a fallback. Suppose we want to port ls -l. We’ll start by writing the same bytes as before, but they’ll be annotated by channel. For -rw-rw-r--, we could write that to mode. The next field is the number of hard links. But first comes a space, and there might be multiple spaces to pad out the field. They can be written into tab. Eventually we’ll reach a filename that we might want to color, so we’ll write the whole escape code to escape, and when we get to the \n, we’ll write it to “record-separator”.

                                  This gets us some slight benefit. You can use ≈jq instead of cut/sed, and feel less nervous about filenames with funny characters. There isn’t a whole lot of benefit until further incremental steps are taken:

                                  1. Annotate existing output.
                                  2. Write extra data to channels that are hidden by default. The writer must know if the read end is naive, or only interested in particular subset of channels.
                                  3. Separate data from presentation. A library can handle rendering to the naive format.
                                  4. The shell & terminal become type-aware. Their capabilities increase over time. Short filenames hide a full path, and your SSH client sticks the hostname in front. The output of ls doubles as a filemanager. wget & wget no longer makes a mess because each command requests a separate output pane. You can run find ~/Pictures/ | grep cat, pass the output to ImageMagick to make a collage, display it inline, and right click -> rerun on input change. Running program --help attaches a typed grammar for tab-completion. The shell is merely twice as terrifying as a spreadsheet.

                                  Each step can be reached from the previous. No worlds need to be rewritten. All that’s required is implementing a few syscalls and kickstarting some coreutils.

                                  1. 1

                                    nushell has thought about some of this a bit: https://book.nushell.sh/en/working_with_tables

                                2. 3

                                  If you’re modernizing, why not just drop curses for drawing and just use a graphics library?

                                  1. 2

                                    How would you read this multi-channel pipe? Color channels must stay synchronized with data but it should be possible to read data without reading color channels. I’m afraid that this is a dilemma.

                                    1. 1

                                      “Channels” might be a bad name. When reading, the *buf is filled just like the usual read, but there is a second buffer that contains channel span information. Perhaps “labels” would be a better name. A high-level wrapper for this syscall in Rust might return a Vec<(ChannelName, Vec<u8>)>.

                                  1. 6

                                    Unclear what problem you’re solving. Firefox shouldn’t write anywhere else than the profile directory (see @jefftk’s comment). If you don’t want it to access your user configs in ~/. config. you can redirect $HOME though. But maybe you also want to chroot then?

                                    If you want to separate all sorts of history and site data and settings and extensions and password storage etc, use different profiles. If you want separate cookie jars (e.g. online identifies) to work in parallel, use the Multi Account Containers Extension.

                                    1. 8

                                      The problem this solves is that some websites are now detecting private mode browsing, and using it as an opportunity to be a dick.

                                      1. 6

                                        Ugh, that’s bad. Can you give an example of those?

                                        1. 10

                                          Nytimes does private mode detection as part of their paywall.

                                        2. 4

                                          How do they detect it, and how are they being a dick? I’ve honestly never noticed anything weird in private browsing mode, but I don’t use it all that often either.

                                      1. 4

                                        Is there a way in Rust to create a type that blows up if it gets released by falling out of scope?

                                        I ask this because I wonder if you could do some type trickery to ensure that (for example) a file was explicitly closed at one moment (instead of relying on implicit closing from falling out of scope)

                                        In any case this is really neat stuff.

                                        1. 5

                                          Implement a destructor that panics. It’s called a “drop bomb”.

                                          The static version of it is analyzing of the destructor got linked.

                                          1. 3

                                            Clever. I’d hate to have to decrypt that error message tho.

                                            1. 4

                                              I appreciate that! For the reasoning why Rust doesn’t (currently?) have full linear types, see https://gankro.github.io/blah/linear-rust/

                                              It’s a surprisingly huge design space once you get into the details.

                                        1. 3

                                          ELF magic is more trouble than it’s worth. If you port, or get involved with dlopen, something’s gonna break. It’s the wrong abstraction level, better to use ordinary code. Ideally languages would allow appending to a global static variable at compile time.

                                          1. 3

                                            This’d be great with one of those keyboards that has a little LED screen on each key.

                                            1. 7

                                              I was able to get them back by disabling xpinstall.signatures.required. It might require a nightly version to actually work? Of course, you’d want to turn it back on once it’s fixed…

                                              1. 6

                                                As you say, it only seems to work on nightly, unfortunately. Most vexing!

                                                1. 3

                                                  i don’t get why on earth these switches aren’t present in the release versions. this feels like the “caution, hot contents!” prints on takeout cups -.-

                                                  edit: it works on 60.6.1esr (64-bit) though..

                                                  1. 4

                                                    because the lambda person is taught to go around this warinings to install bad extension.

                                                    1. 3

                                                      then they are entirely responsible for their misery. i never got the trend of making everything.. more proof than fool proof.

                                                      displaying a warning which can’t be deactivated would be fine.

                                                      1. 3

                                                        No, users are not responsible for products having footguns. It’s unfair to expect non-technical users to understand technical issues, especially when these issues may be misrepresented in a hostile context (e.g. “You have a virus! It’ll murder your googles unless you tick this checkbox and click OK”).

                                                        Most people don’t need to know what a certificate is. They just want to get on with their life, and not have their entire digital life destroyed, because a product had a “harm me” checkbox.

                                                        1. 5

                                                          No, users are not responsible for products having footguns. It’s unfair to expect non-technical users to understand technical issues, especially when these issues may be misrepresented in a hostile context (e.g. “You have a virus! It’ll murder your googles unless you tick this checkbox and click OK”).

                                                          Is it really a footgun when it’s hidden somewhere in about:config where the first thing you see is a warning about not to touch this? Is it a footgun if I staple my toes with a nail gun, or was I too dumb by not wearing the right shoes?

                                                          Most people don’t need to know what a certificate is. They just want to get on with their life, and not have their entire digital life destroyed, because a product had a “harm me” checkbox.

                                                          I seem to be rather alone with this, but I expect some basic knowledge and common sense from people using tools. You need a drivers license, you are supposed to read the manual. These things should be taught in school. Alas, they aren’t, but that doesn’t absolve one from knowing about the technology one is using.

                                                          1. 2

                                                            Is it really a footgun when it’s hidden somewhere in about:config where the first thing you see is a warning about not to touch this?

                                                            Yes. “You have a virus! It’ll murder your googles unless you go to about://config, click OK to all the scary warnings (they’re there because of the virus) and then install this.”

                                                            These things should be taught in school.

                                                            People are culturally trained to not care about school, so even if it was somehow taught it there it wouldn’t have too much of an effect.

                                                            Also, where is the manual? How does one even teach people to recognize scams, and then keep them continually up to date on the latest scams for their entire lives? You can’t. The scam that worked in 1999 is nothing like the scams that exist today. The reason that you or I can tell these things is because we do work related to computers and stay up to date on the latest happenings (as evidenced by the fact that we’re on Lobsters). One can’t reasonably expect any “normal” person to do the same.

                                                            1. 4

                                                              Yes. “You have a virus! It’ll murder your googles unless you go to about://config, click OK to all the scary warnings (they’re there because of the virus) and then install this.”

                                                              There are already a plethora of ways to do this. The people that can be manipulated to disable random settings in about:config can just as easily be manipulated to run random code in the console, or install random .exe files from haxx0r.ru

                                                              1. 1

                                                                So why add one more? The browser is a really lucrative thing to pwn. Lots of accounts can be exploited for profit in easier ways than anything else that could be on the system.

                                                              2. 3

                                                                i just have a problem with dumbed down versions of everything. it teaches people that they are too stupid, and cannot be trusted with anything. things break and you learn from it. the internet isn’t disneyland, every of these measures to “protect” people from themselves can be worked around. just look at the myriad of shady apps for mobile platforms. additionally: maybe people who believe win-xp themed fake popups telling about a virus should just not use the internet, it will never be safe enough.

                                                                tinfoil mode: making the internet feel cozy and safe is to protect business interests, as it is easier to sell things in a walled garden where people aren’t expected to think.

                                                                1. 4

                                                                  Civilization advances by extending the number of important operations which we can perform without thinking about them.

                                                                  It’s not about stupidity, it’s about ignorance. I can use a light switch without knowing how the electricity was generated, the the glass was blown (let alone the LED manufactured), etc. I can make dinner without knowing how the knife was forged, the grain was harvested, the pasta was shipped, etc. The difference between the browser and all the rest of these household objects is that criminals can become millionaires by hijacking them at scale. I earn my paycheck by understanding browsers and how to make things that go in them so, yeah, for myself I want a browser with lots of places I can tinker with them and break things because sometimes I need to break things to make them work. I love that the web is mutable and weird and it’s easy to shift from consumption to production, to peel back the layers and see how everything works. But I also know that very few users come to the web like a developer does, or have any interest in becoming one. They’ve got a lot of other important, private, or sensitive things to do that insecure systems put in jeopardy. If my light flickers, my power is out, my knife breaks, my pasta is spoiled, my dinner is ruined - none of these things happen because I’m immorally ignorant of how they work.

                                                                  1. 1

                                                                    I can make dinner without knowing how the knife was forged, the grain was harvested, the pasta was shipped, etc.

                                                                    still, you’ll have some sensible ideas of how each of these things are done :)

                                                                    The difference between the browser and all the rest of these household objects is that criminals can become millionaires by hijacking them at scale.

                                                                    well.. :P

                                                                    […] But I also know that very few users come to the web like a developer does, or have any interest in becoming one. They’ve got a lot of other important, private, or sensitive things to do that insecure systems put in jeopardy.

                                                                    yes. i still don’t see a problem with allowing users to flip switches in about:config after displaying them a warning sign. if they ignore the warning and get bitten it’s on their account.

                                                                  2. 2

                                                                    i just have a problem with dumbed down versions of everything. it teaches people that they are too stupid, and cannot be trusted with anything.

                                                                    If the observed fact that warnings get routinely ignored means that users are stupid to you, then I guess users are stupid (or that software, not even necessarily Firefox, pops up far too many warnings that are too complicated for them to understand or even flat-out false alarms).

                                                                    1. 1

                                                                      the too many warnings problem is clearly a software problem, but if i “click them away” and something bad happens, i’m still the reason that it happened. nobody else to blame.

                                                                      imho unsafe settings could be displayed in firefox a bit like private mode (maybe a little bit redder or something), so that one knows this is not safe. i have no clue about the psychological effects, but know from myself that modal popups are pissing me off, and in “pissed off mode” the warning itself is brushed off as bs, because the modal making my life unreasonably worse.

                                                              3. 3

                                                                I have very mixed feelings about this. On one hand, I agree with you. On the other hand, I feel like a considerable group of more advanced “power users” is consistently left out in the cold because ever user is always treated like my grandmother.

                                                                I wonder if we can’t come up with something better than a yes/no dialog for these sort of things. Like allowing users to continue only after typing the text “dangerous”, sort-of similar to GitHub’s repo delete feature. Or perhaps something else entirely which satisfies both demands.

                                                                1. 1

                                                                  We (power users) need to remember that compared to literally billions of web users, we’re a tiny tiny minority.

                                                                  In case of Firefox, the Nightly build is the solution for power users (plus, it has much cooler icon).

                                                                  1. 4

                                                                    A nightly build is also less stable. Power users deserve a stable browser too. And normal users deserve the opportunity to become power users.

                                                                    Software should treat adults … like adults.

                                                                    1. 3

                                                                      I don’t know if it’s such a “tiny tiny minority”. I suspect there are a lot of people who aren’t IT professionals for a living, but are certainly more clued up than your grandmother on these matters. I will admit I don’t have any hard data to back this up, just an observation from the people around me.

                                                                      And even for non-technical users there can be good reasons to bypass these sort of warnings, as this current Firefox problem demonstrates.

                                                                2. 1

                                                                  Allowing the average user to kneecap themselves is not productive behaviour for widely installed software. That’s how you get people to install 20 toolbars which slow down everything.

                                                                  If you want to live without the warning, there is the Beta, Developer and Nightly editions of firefox, which come with the switch to disable signature verification.

                                                                  1. 2

                                                                    Allowing the average user to kneecap themselves is not productive behaviour for widely installed software. That’s how you get people to install 20 toolbars which slow down everything.

                                                                    the problem with this approach is that this way people will never learn. about:config says “warranty void”, so i don’t see a problem.

                                                                    If you want to live without the warning, there is the Beta, Developer and Nightly editions of firefox, which come with the switch to disable signature verification.

                                                                    which has more telemetry built in, afaik. this is fine for development and debugging, but i don’t want that for my day-to-day use :)

                                                                    1. 1

                                                                      You can also disable more of the telemetry via about:config, though you’d void your warranty.

                                                              4. 2

                                                                Confirmed working also on 60.6.1esr (64-bit), which is the Debian default version in the apt repos

                                                              5. 1

                                                                While the switch is present in the version Debian has in the repositories, toggling it doesn’t fix the problem. It allows to install AddOns again, but they are dysfunctional, e.g. NoScript and uBlock Origin have buttons in the menu bar that have no icon and do nothing when clicked.

                                                                1. 1

                                                                  I think you’re right it requires nightly. Not working for me on FF 66.0.3 release (installed from the Arch Linux package).

                                                                  In fact, I was a bit embarrassed to find I already had signature verification disabled (I was doing some WebExtension development ~18 months ago…)

                                                                  1. 1

                                                                    After getting a error message and seeing my addons disabled I tried to set it to true on Android phone and there it seemed to have worked. My installed addons are enabled again. Firefox 66.0.2 on Android.

                                                                  1. 13

                                                                    “Digitize books” was something I could get behind. “Train our self-driving cars”? Not so much. Bit of a trojan horse, innit? I prefer to solve the audio captchas, but am occasionally rebuked. Perhaps the scammers will eventually figure out how to automatically solve it. What’ll come next? “Select the members of al qaeda”? The format’s ripe for memeing on.

                                                                      1. 3

                                                                        Select all squares that match “Sarah Connor”.

                                                                        https://pbs.twimg.com/media/DJeAlYTVAAAk7Lp.jpg

                                                                      1. 0

                                                                        Try this….

                                                                        ruby -e 'IO.read( "/dev/zero")'
                                                                        

                                                                        If your system turns into treacle for several minutes….. turn swap off and try again.

                                                                        1. 4

                                                                          What point are you trying to make with this?

                                                                          1. 3

                                                                            I’m a Linux desktop user. With RAM being plentiful these days, a process using up all of it is overwhelmingly likely to be one that’s running out of control. Rather than spending 10 minutes bringing up top, I’d prefer to let it crash into the OOM-killer. ulimit might be a better way of going about that tho.

                                                                            1. 2

                                                                              This is what I do on Linux too. As you say, it’s just a case of how long you have to wait until you kill off a runaway process. Do I want it killed automatically or do I want to struggle for several minutes trying to find and kill it manually?

                                                                              1. 1

                                                                                Sadly ulimit is a borked design and is only partially implemented on linux anyway.

                                                                                You will note that no distro I know of sets ulimits for all users, because they cannot know the amount of ram and the load characteristics.

                                                                                cgroups are possibly the technology to use these days.

                                                                              2. 1

                                                                                Users should learn about ulimits I suppose.

                                                                                1. 3

                                                                                  I think its been replaced with k8s… :(

                                                                                  1. 1

                                                                                    Sadly ulimit’s are a broken design that is partially implemented and requires tweaking for every different system and load.

                                                                                  2. 1

                                                                                    ie. If you do the experiment, you will find if you have swap, your system will start swapping.

                                                                                    Since the cache hierarchy is so steep these days, your system will be utterly unusable, sometimes for as much as ten minutes or more.

                                                                                    If you don’t have swap, you may notice a small slow down in your system, and then the OOM killer wakes up and kills the guilty process and you can continue without impairment.

                                                                                  3. 1

                                                                                    … why?

                                                                                    1. 2

                                                                                      The Article said “Use Swap”, my one liner demonstrates that using swap enables any user to bring any system to it’s knees with a one liner.

                                                                                      Try my one liner without swap and the OOM killer just kills the culprit and nothing bad happens.

                                                                                      1. 1

                                                                                        Thanks for the explanation! It was really unclear what point you were making without actually going ahead and turning a system into treacle, which I wasn’t up for.

                                                                                  1. 2

                                                                                    Ah! I love it. |(•◡•)| And I’m glad to make the acquaintance with rofi.

                                                                                    There’s a project with similar goals, dotXCompose, that I’ve been using for ages. ♫*l is quicker to type than Super+Ilambda⮒, but charpicker has way better discoverability. Maybe it could pull stuff out of the xcompose file?

                                                                                    1. 2

                                                                                      Definitely! The real issue is having keywords for sequences, which either have to be pulled from the Unicode database (and are thus unintuitive and generally awful) or made by hand. Either way, it would be trivial to make a script to pull from .XCompose files and just ask the human to put in keywords.

                                                                                    1. 17

                                                                                      Another disadvantage of services is that you can’t do a database transaction that includes operations from more than one service.

                                                                                      Unrelated, I worked at a place a few years ago that built microservices because they wanted the various services to work concurrently, and they were using Ruby. Unfortunately, trying to boot all the services, the right order, ensuring a service didn’t come up unless one it depended on came up, was tough. It also forced me to switch from a spinning disk to a solid state one simply because of the number of files being loaded at once.

                                                                                      That experience was part of what motivated me to learn Elixir. Years later, I recently worked on an Elixir umbrella app. It was like microservices, but running the whole thing was easy. In production, they deployed one app to one server, one to another, and let both of them depend on a third app, which was deployed to both. All the apps that needed a database shared the same one.

                                                                                      1. 24

                                                                                        Unfortunately, trying to boot all the services, the right order, ensuring a service didn’t come up unless one it depended on came up, was tough.

                                                                                        Don’t do that. You need to deal with network issues anyways, so bring them all up and let your error handling take care of it.

                                                                                        1. 8

                                                                                          trying to boot all the services, the right order, ensuring a service didn’t come up unless one it depended on came up, was tough.

                                                                                          I don’t know you usecase, but that seems to be a complex thing to implement that probably shouldn’t be needed.

                                                                                          1. 2

                                                                                            systemd has service dependencies and sd_notify built-in. Few people use it but it’s totally possible to start a web of services. Of course this doesn’t help with off-machine resources.

                                                                                            http://0pointer.de/public/systemd-man/systemd.service.html

                                                                                          2. 6

                                                                                            Another disadvantage of services is that you can’t do a database transaction that includes operations from more than one service.

                                                                                            You absolutely can; I do all the time. It may require fundamentally rethinking what we mean by “database” though.

                                                                                            Most people think a database is somewhere between “a black box that stores data” and “a black box of hard algorithms for data query” or something like that. To them, they conveniently ignore that the “database” is a service outside of their application, and “can’t transact” across that service boundary either. That’s part of why database migrations and schema changes are so hard: Version 2 and Version 3 of your application are potentially separate services – even in the monolith – and because you “can’t transact” between versions of your application (what does that even mean!?) you’re forced to put logic into your application to deal with both the old schema and the new schema, and you may even often have to do on-the-fly upgrades.

                                                                                            Or you just have downtime.

                                                                                            Or you have a whole separate system, and your “transaction switch” is on some kind of network load balancer. Blue/green or whatever you want to call it.

                                                                                            However there’s a very different way: If your application is the database (and this is easier than you probably think), your crud operations simply need to log their intentions, and then have something read the log which materialises the results into views you can use.

                                                                                            One way to do this is to go heavy on the stored procedures. I like this approach, but SQL is a really terrible application language, and many programmers are very bad at SQL. Many databases don’t have an audit table for the stored procedures – there isn’t very good version control for them, so that’s another reason people don’t like it. Maybe the tooling could be improved though.

                                                                                            Most people usually go the other way.

                                                                                            In Erlang/Elixir, I may (for persistence) use a disk_log to write out arbitrary terms, and have a subscriber pick them up – that is also a gen_server that you can query. At startup, I can read the logs. If the logs are big, my gen_server knows enough to checkpoint – just write out State to another file, and include the offset in the disk log.

                                                                                            In Go and Smalltalk you can do something similar.

                                                                                            In C, or lots of other languages that don’t have processes, you can still get this functionality with a little thought, because the operating system has processes and fifos/socketpairs for you to use! It feels very similar to writing microservices, which sucks for different reasons (notably the lack of good IPC, e.g. php has serialize), but it’s not the same as microservices: just mutually cooperating processes. Qmail is a great example of this architecture, that is probably just a bit more complex than it would need to be today since the whole world is Linux and iOS now.

                                                                                            In q I don’t even need to do that. I can just use the -l and -r options which give me logging/subscription built-in to the runtime. It’s also much more enjoyable because the language doesn’t suck as bad as SQL, and we have great IPC.

                                                                                            Putting your data responsibilities in your application isn’t popular though. People actually think redis or Postgresql are fast, and many programmers doubt themselves able to make something as fast (let alone faster). This kind of approach however, tends to be done well around 1000x faster than using “a database” (and maybe done poorly or naïvely only 10x faster), gets you 100% uptime even in the face of schema changes, all of the benefits of a distributed/multiservice application with none of the downsides.

                                                                                            This is, as I see it, a serious barrier: Programmers lack the confidence to build things outside of their specialisation (whether they call it “back end” or “front end”) and even terms like “full stack” seem to be (in their normal usage of the term) limited to “code” – very few “full stack” developers seriously consider rolling a new database for every application. And I think they should.

                                                                                            1. 1

                                                                                              What is q ?

                                                                                              1. 1
                                                                                            2. 3

                                                                                              Another disadvantage of services is that you can’t do a database transaction that includes operations from more than one service.

                                                                                              You can using distributed transactions, but that’s a whole other nightmare to contend with.

                                                                                              1. 2

                                                                                                Unfortunately, trying to boot all the services, the right order, ensuring a service didn’t come up unless one it depended on came up, was tough.

                                                                                                Topological sort?

                                                                                              1. 1

                                                                                                I’ve been using shadowing to deal with Arc and thread::spawn. No indentation or incrementing required:

                                                                                                let thing0 = Arc::new(thing);
                                                                                                
                                                                                                let thing = thing0.clone();
                                                                                                thread::spawn(move || …);
                                                                                                
                                                                                                let thing = thing0.clone();
                                                                                                thread::spawn(move || …);
                                                                                                
                                                                                                1. 1

                                                                                                  Has anyone tried switching vim up to support object-verb?

                                                                                                  1. 2

                                                                                                    Just use visual mode.

                                                                                                    1. 1

                                                                                                      This would make Vim’s . (dot) command a lot less powerful.

                                                                                                      1. 1

                                                                                                        Or evil-mode?