1.  

    Don’t all VCSs have tools to modify history? I think svnadmin does: http://oliverguenther.de/2016/01/rewriting-subversion-history/ (assuming there aren’t any blockchain-based VCSs. I daren’t look)

    If the distinction being drawn is ‘admin’ vs ‘user’ tooling, I guess - like workflow - git punts that to the surrounding culture and environment (as it does “which version is the ‘master’” - which is the same feature/bug of any DVCS).

    I admit I like being able to say “v234” but really, what that means is “v234 of the (single) upstream repo which can change any time the upstream repo manager runs svnadmin”.

    There’s nothing to stop github putting a sequential “v1, v2, v3, …” on commits to master or otherwise blessing some workflow.

    I think the differences aren’t so much about features + capability and tooling as culture.

    1.  

      git is a merkle-tree-based system, which is what I assume you meant by “blockchain-based” in this context

      1.  

        Yes it is, but no - that’s not what I meant. I mean that I expect every VCS to be able to rewrite history since the data files are under control of the admin. git can do it, svn can do it. You can edit RCS files by hand if you want to (unsure if there is tooling to do it).

        i.e. linus can rewrite his git history. It will be out of sync with other people, but that is then a social issue, not a technical one (I admit this is a fine point).

        The only time you can’t rewrite history is in the “public immutable” world of blockchain - since the data files aren’t under your control. I don’t know if someone has built a vcs like that and my comment was really just a side swipe at blockchain hype.

    1. 3

      Wonder what he thinks of fossil and mercurial. The fossil author deliberately disallowed rewriting history; he makes a good case for it. At one time, Mercurial history was immutable too, but I believe this has changed.

      I guess my point is that there are DVCS out there that satisfy his criteria; they’re just not git.

      1. 5

        History can never be truly immutable so long as the data is stored on mutable media like a hard disk. Refusing to package tools that do it just makes people who need the feature find/build 3rd party tools

        1. 4

          Do you see people doing that? I mostly see people just accepting the limitations and dealing with it.

        2. 1

          The site seems down now :(

          About Mercurial, I believe it has always allowed rewriting history, but not by default — you have to change your configuration files to opt-in to all the “dangerous/advanced” features.

        1. -5

          It is only a disaster if your business relies on making use of other people work, in which they own the copyright.

          Not everybody can afford to create stuff and give it away for free, and there are plenty of people who want to earn money from there creative work.

          Those who have made a living from steeling other peoples’ material are up in arms that their free lunch not going to be free anymore.

          1. 17

            Or you run any kind of site where users can input anything that another visitor can see. Not just video and file sharing sites; Lobsters users could paste copyrighted content into a comment/PM and I’d be liable for not having a system implementing some kind of copyright controls.

            (To say nothing of Article 11 wanting us to start paying the news sites we link to for privilege of sending them traffic.)

            1. -2

              If somebody posted something here that I owned the copyright to, and I asked Lobsters admin to remove the material, then I imagine they would. If somebody kept posting this material they could be banned.

              Or are you saying that the Lobsters’ site should be a place where anybody can post copyright material, without any recourse by the copyright holder?

              1. 13

                The new law changes this standard safe harbor behavior. Lobsters (me) is presumptively at fault for copyright infringement for not proactively checking for possibly-copyrighted material before posting. So yes, your scenario is the current, reasonable law and accurately describes why everyone is concerned about this change.

                1. -2

                  Lots of FUD being generated by those who will lose out. Copyright holders not making much noise about the fact they will probably make some money (or rather lose less).

                  Some good points about what is going on.

                2. 4

                  The law isn’t about that, though. The new law doesn’t say admins must take-down on request (that’s already the case under existing law) but rather that they must have an AI system that prevents any infringing uploads from happening in the first place.

                  The link tax is a much bigger problem, especially lobsters, but both articles are very bad.

                  1. 1

                    AI system that prevents any infringing uploads from happening in the first place.

                    How is that any different from what @pushcx said? As the owner/operator of lobste.rs he would have to abide by this law and produce, or buy access to some sort of copyrighted work database in order to test for it for all content that is created on lobsters.

                    That’s not going to make it easy for startups. That’s not going to make it easy for privately owned, independent side projects. That’s just going to hurt.

                    1. 2

                      ALSO, you’d better not quote any part of my message if you reply, because I could, apparently, legitimately sue lobsters for not enforcing my copyright. e.g. there’s no such thing as fair use anymore.

                      (yes, that’s a stretch, but that seems to be the basic threat)

                      1. 1

                        I replied before @pushcx and yes, it seems we agree on how bad it is :)

                        1. 2

                          Blargh! I am sorry. I misread the thread and thought you were replying to pushcx.

                3. 6

                  Or lobster gets a fine when you submit a link to any European news sites.

                  1. 1

                    What’s worse is that people will devise a way to signal what content is linkable and what only with license. This will limit quality news dissemination and strengthen fake news position. This will help to kill EU. Sad, right?

                  2. 1

                    most probably that lobster will be not able to post most of the links

                  1. 5

                    I must be the only person ever who would want the reverse: C for C++ users. I honestly find C a lot weirder than C++.

                    Due to a curious historical accident, in 1998 the AP Board (a US high school educational thing) decided to use C++ for a single year to teach AP Computer Science. Normally they go with Pascal, Java and I think right now it’s Python. But for one glorious year, they decided to go with C++. So that was my first “real” programming language, i.e. the first I learned in a classroom setting. This means I really did learn C++ without knowing C.

                    This makes me a feel a bit different from nearly everyone else who considers C to be the foundation and is baffled by C++.

                    1. 5

                      Really to get to C from C++ you mostly just have to remove features. I’m curious what specific confusions you’ve run into that such a guide could cover?

                      1. 1

                        I don’t understand memcpy, malloc, free, strcpy, strncpy.These are not functions you use in C++. Why do I have to do struct foo x; if foo is a struct type instead of just doing foo x;?.The general syntax for structs is really weird in C. You have to typedef, you can’t just declare new structs? And I can’t declare looping variables, I have to instead declare it outside the loop. Ah, and no single-line coments, // is not a valid comment starter. What’s with all the pointers? We don’t use nearly that many pointers in C++. Arrays are confusing as shit. I always forget when do arrays become pointers and when do they not. Why is there no actual array type?

                        I think newer versions of C have made some of these things more like C++, but you still run into a lot of C that has to be written in an older way. C is just very foreign if you use C++.

                        1. [Comment removed by author]

                          1. 1

                            I think I already understand most of these things, but what I was trying to convey was that C is foreign, not so much looking for an explanation.

                            It is entirely possible to know C++ and find C to be weird and foreign.

                          2. 1

                            I’ll try to summarize these.

                            memcpy, malloc, free, strcpy – the best source for these is their manpages, which are generally well-written

                            You do not use typedef to define structs in C (though some people confusingly choose to add a typedef as well). The name of the type is struct foo so that’s why you say struct foo x to declare variable.

                            The reason C89 doesn’t allow variable declaration in for loop is for consistency (new things can only be added to the stack after an open brace) – there was no one “right way” semantic for the special case – however C99 dispensed with this so it’s the same as C++ now.

                            Single line comments weren’t in C89 probably because no one thought having two comment syntaxes would be easier than just having one. C99 added the second one if you prefer it.

                            All the C++ I’ve ever seen is still full of pointers – do you routinely pass full object instances on the stack? Anytime you say new in C++ you have created a pointer.

                            Arrays in C are always “converted” to pointers when used in a value context. Declared arrays have their own semantics for sizeof, etc (since they are of “array type”). In arguments, int x[] is just sugar for int *x

                            Hopefully those are helpful.

                            1. 1

                              Arrays are confusing as shit. I always forget when do arrays become pointers and when do they not. Why is there no actual array type?

                              http://www.torek.net/torek/c/pa.html

                              1. 1

                                That still confuses me. I always need to refer to this document which I always forget.

                                http://c-faq.com/aryptr/index.html

                                Btw, I wasn’t looking for an explanation. I was trying to impress upon you how weird and foreign C is for a C++ person. I can look up these explanations, but C will always be weird and foreign to me because I was raised on C++.

                          3. 2

                            I went from Pascal straight to C++. My parents happened to buy me Stroustrup’s C++ book. I only had to learn to read C later as I started encountering C libraries.

                          1. 2

                            If you only do it for money and are good at it, then more power to you. Rake in the money as fast as you can so you can move on to something you enjoy in retirement :)

                            I, personally, have always enjoyed coding from a very early age. I sometimes don’t enjoy what the people who pay me have me working on, or other things about them, but when I get to actual coding I love it.

                            There’s a growing meme that we should all “have other interests” and I suppose that I do. I love my family, my Free Culture advocacy, bicycling and motorcycling. But I spend more time coding than doing any other thing, and I don’t see any problem with that.

                            1. 1

                              Rake in the money as fast as you can so you can move on to something you enjoy in retirement :)

                              Hah, I wish. My pay is pretty close to my means. I don’t have much pedigree, university, google, or otherwise.

                              There’s a growing meme that we should all “have other interests” and I suppose that I do.

                              I think that “meme” is just not being a workaholic 🙂

                            1. 8

                              It’s worth noting that static sites and CMSs are not mutually incompatible - I work on one, Netlify CMS, which connects to a hosted Git repo and edits the content within it, which triggers a rebuild of the site if you have a CI pipeline set up. There’s other ways to do it as well, such as using a CMS which serves content through an API API (GraphQL is typical for this kind of CMS) which your static site generator pulls from to build the site, and having the CMS ping a service which rebuilds the site when changes are made. The term for these kind of CMSs is “headless CMS” - it’s only involved in editing your content, and the actual building, deployment, and hosting of the site is totally orthogonal. There’s a list of headless CMSs at https://headlesscms.org/ (disclaimer: this site is run by Netlify, though it’s an open-source project with a repo at https://github.com/netlify/headlesscms.org/).

                              1. 1

                                Awesome! I didn’t know this existed. I’m a huge fan of Netlify and use it for a lot of projects. Didn’t realize y’all have a CMS that works like that – I will investigate this fully.

                                Your service is fantastic. Super clean + useful.

                                1. 2

                                  There are a couple CMS options around. I’ve also been working on one: https://github.com/usetint

                                  1. 2

                                    Hey that looks sweet, and I was quite happy to see you support indieauth for sign in!

                                2. 1

                                  I’ve believe Gatsby also supports this via its WordPress plugin. I don’t know how well it works, but lot of people (especially non-developers) are comfortable with the WordPress UI, so it could be a nice combo.

                                1. 7

                                  Do not top-post.

                                  Keep quoted text small and relevant

                                  Sadly, this advice is just not followed most of the time on the mailing lists I follow. As much as top-posting bothers me, I have to resign myself to the fact that demanding it is basically me becoming the old man who yells at clouds. All attempts to stop it by others have not worked. I don’t think it’s going away.

                                  1. 1

                                    List managers could stop it by bouncing top-posts.

                                    1. 1

                                      I still reply to e-mails with top posts (although I’m on very few mailing lists these days and contribute to nearly zero).

                                      At least with personal e-mails, it makes more sense for your reply to be at the top and not have to scroll all the way to the bottom.

                                      But whatevs. It’s tabs vs spaces at this point.

                                      1. 3

                                        You shouldn’t have to scroll far - you only quote enough to make it clear what you are talking about, then you talk about it. If you want to see the whole message, you can just go back to the other email.

                                        1. 2

                                          An apt comparison, just like so-called “tabs-vs-spaces” the claim that there are two equivalent options misses the point entirely.

                                          The point is not to uselessly quote everything and put your post at the bottom instead of uselessly quoting everything and putting your post at the top. The point is to stop uselessly quoting everything.

                                        2. 1

                                          This particular battle is lost. I doubt there is any mail client with more than 3% marketshare that does not use top-posting as standard.

                                          In the business world, where clients like Outlook hold sway, someone who doesn’t top post and doesn’t drag along the entire previous conversation (including disclaimer signatures, cutesy “consider the environment before printing this email” PNGs, and potentially embarrassing discussions of someone who was just added as a CC by a 3rd party) is seen as a weirdo.

                                        1. 42

                                          GitLab is really worth a look as an alternative. One big advantage of GitLab is that the core technology is open source. This means that anybody can run their own instance. If the company ends up moving in a direction that the community isn’t comfortable with, then it’s always possible to fork it.

                                          There’s also a proposal to support federation between GitLab instances. With this approach there wouldn’t even be a need for a single central hub. One of the main advantages of Git is that it’s a decentralized system, and it’s somewhat ironic that GitHub constitutes a single point of failure.

                                          1. 17

                                            Federated GitLabs sound interesting. The thing I’ve always wanted though is a standardised way to send pull requests/equivalent to any provider, so that I can self-host with Gitea or whatever but easily contribute back and receive contributions.

                                            1. 7

                                              git has built-in pull requests They go to the project mailing list, people code review via normal inline replies Glorious

                                              1. 27

                                                It’s really not glorious. It’s a severely inaccessible UX, with basically no affordances for tracking that review comments are resolved, for viewing different slices of commits from a patchset, or integrating with things like CI.

                                                1. 7

                                                  I couldn’t tell if singpolyma was serious or not, but I agree, and I think GitHub and the like have made it clear what the majority of devs prefer. Even if it was good UX, if I self-host, setting up a mail server and getting people to participate that way isn’t exactly low-friction. Maybe it’s against the UNIX philosophy, but I’d like every part of the patchset/contribution lifecycle to be first-class concepts in git. If not in git core, then in a “blessed” extension, à la hub.

                                                  1. 2

                                                    You can sort of get a tracking UI via Patchwork. It’s… not great.

                                                    1. 1

                                                      The only one of those Github us better at is integration with CI. They also have an inaccessible UX (doesn’t even work on my mobile devices, can’t imagine if I had accessibility needs…), doesn’t track when review comments are resolved, and there’s no UX facility for viewing different slices, you have to know git stuff to know the links

                                                    2. 3

                                                      I’ve wondered about a server-side process (either listen on http, poll a mailbox, etc) that could parse the format generated by git request-pull, and create a new ‘merge request’ that can then be reviewed by collaborators.

                                                      1. 2

                                                        I always find funny that usually, the same people advocating that emails are a technology with many inherent flaws that cannot be fixed, are the same people that advocate using the built in fit feature using emails…

                                                    3. 6

                                                      Just re: running your own instance, gogs is pretty good too. I haven’t used it with a big team so I don’t know how it stacks up there, but I set it up on a VPS to replace a paid Github account for private repos, where it seems fast, lightweight and does everything I need just fine.

                                                      1. 20

                                                        Gitea is a better maintained Gogs fork. I run both Gogs on an internal server and Gitea on the Internet.

                                                        1. 9

                                                          Yeah, stuff like gogs works well for private instances. I do find the idea of having public federated GitLab instances pretty exciting as an alternative to GitHub for open source projects though. In theory this could work similarly to the way Mastodon works currently. Individuals and organizations could setup GitLab servers that would federate between each other. This could allow searching for repos across the federation, tagging issues across projects on different instances, and potentially fail over if instances mirror content. With this approach you wouldn’t be relying on a single provider to host everybody’s projects in one place.

                                                        2. 1

                                                          Has GitLab’s LFS support improved? I’ve been a huge fan of theirs for a long time, and I don’t really have an intense workflow so I wouldn’t notice edge cases, but I’ve heard there are some corners that are lacking in terms of performance.

                                                          1. 4

                                                            GitLab has first-class support for git-annex which I’ve used to great success

                                                        1. 8

                                                          Contrary to most opinions I think that acquisition might be a good thing:

                                                          • Microsoft is a different company now their open source strategy recently is quite good.
                                                          • Github seems in decline for some time, the inability to lock a permanent CEO, low number of new features
                                                          • MS has all the resources to put Github on the next level if they don’t screw it up.

                                                          What could be bad is if MS buys Gitlab, then they would control that space. Gitlab is also a heavily VC backed so investors will seek for an exit at some point.

                                                          1. 10

                                                            Honestly, my hope is that the fear factor of this, convinces more people to consider alternatives.

                                                            I’ve setup gitlab (a few years ago) for a client, and it was a fucking pig. I’ve looked at your solution too, and wasn’t completely sold on some aspects of it (sorry, dont remember what right now) - but these things obviously work for some people, and getting out of this mindset that “GitHub is just what all developer use” is crucial to me.

                                                            Monoculture should scare people a lot more than the boogey man from Redmond.

                                                            This line from the Bloomberg article sums up the issue:

                                                            San Francisco-based GitHub is an essential tool for coders.

                                                            This is honestly like claiming “Windows is essential for technology companies”.

                                                            1. 13

                                                              Microsoft is a different company now their open source strategy recently is quite good.

                                                              I’m getting awfully tired of people saying there’s nothing to worry about because they’ve been nicer for the past handful of years. They have been antagonistic to free software for decades.

                                                              Microsoft changed their tune because it became profitable to do so. If it becomes profitable to be dicks again, they will be dicks again.

                                                              I’m glad we have a kinder, gentler Microsoft. Don’t kid yourself about their motivations.

                                                              1. 10

                                                                Also good to remember: they still routinely attack Linux and related free software by threatening with their patents, and extract patent royalties from many terrified companies who use Linux

                                                                1. 4

                                                                  They’ve collected over a billion dollars on Android alone.

                                                                2. 1

                                                                  I never said to not worry about. I’m writing this based on a feeling MSFT will do good with Github. Time will show, and their motivation is quite simple, buy more power and make more money.

                                                                3. 1

                                                                  That would be very cool that as @nickpsecurity mentioned, RedHat take a shot at gitlab.

                                                                  1. 3

                                                                    Given the high performance has for on-premise installations, that would be a great addition for RedHat, TBH.

                                                                    (I see GitLab, even paid, everywhere at clients and I have yet to see a GH Enterprise installation in the wild)

                                                                    1. 3

                                                                      Riot games had GH enterprise a few years ago, just for their web team. The rest of the company was using perforce.

                                                                      1. 2

                                                                        I’ve got the opposite experience. I’m seeing big installations/companies use GHE all the time, and none of them Gitlab.

                                                                  1. [Comment removed by author]

                                                                    1. 11

                                                                      [X] Do not share even bit of valuable open source (*do not count azure toolkits)

                                                                      Sure, I’ll bite: P, Dafny, F*, Lean, Z3, TLA+, Boogie. Those are just their formal methods open source projects, and just the major ones at that!

                                                                      1. 4

                                                                        Linux Foundation isn’t really an “open source community” nor does it represent the interests of one. It’s an industry group of companies that rely on one.

                                                                        1. 0

                                                                          Yeah, you’re completly right, but due to its scale (Linux Foundation) has the impact on the open soruce projects beacuse a lot of them are “sponsored” by this companies. This is not the age of geeks working “after hours”

                                                                      1. 6

                                                                        I loved QBasic and it’s where I started too… but I don’t see how it is any easier than, say, ruby or python for the same tasks being done in this post. No need to introduce advanced concepts just because a language has them.

                                                                        1. 9

                                                                          He double clicked the icon on his desktop and in a split second, we were in the IDE..

                                                                          Ruby and Python can’t do that.

                                                                          Also, OP doesn’t mention it, but: graphics. In Ruby or Python if you want graphics you end up having to deal with gem and rvm and pip and virtualenv and on and on and on and fucking on. In QBasic you type CIRCLE and hit F5.

                                                                          I’ve written about these issues before. You have to try teaching programming for yourself to see the tiny things that trip noobs up.

                                                                          1. 3

                                                                            I expected graphics to be the reason OP thought QBasic was the way to go, but then it was never mentioned so it seemed like a much less compelling argument.

                                                                            1. 3

                                                                              you end up having to deal with gem and rvm and pip and virtualenv and on and on and on and fucking on. In QBasic you type CIRCLE and hit F5.

                                                                              Racket can do just that.

                                                                              You have to try teaching programming for yourself to see the tiny things that trip noobs up.

                                                                              Racket is also made specifically for teaching.

                                                                              1. 2

                                                                                True. The drawback of Racket: much as I hate people harping on lisp parentheses, they do hinder noobs. Also mentioned in my post linked above.

                                                                                But Racket also has Pyret. Which seems pretty nice, though I haven’t tried it.

                                                                              2. 2

                                                                                And then VB6 made GUI’s about as easy. And like you said about QBasic, I’d click VB6, IDE loaded in a second, start project, type some code for the console thing if I wanted, press run, wait one second, results. Rinse repeat. The concept that mattered aside from speed is flow: the BASIC’s have a development flow that maximizes mental flow to keep people constantly moving. Pascal’s can do it, too, since they compile fast. Smalltalks and LISP on extreme end of it.

                                                                                The other advantage of BASIC’s are that they look like pseudocode people write down before actually coding. BASIC is so close to pseudocode that they can do the pseudocode in BASIC itself or barely do a translation step. In the Slashdot and other comments, I see the “it looks just like pseudocode!” response show up constantly among people that started with BASIC. Something that shouldn’t be ignored in language design at least for beginners. Probably also DSL or HLL designers, too, trying to keep things closer to the problem statement.

                                                                            1. 11

                                                                              I think that Javascript is part of the problem. It lacks a large standard library so people are out there reinventing the wheel. It would be nice if browsers created a better base for people to work with.

                                                                              1. 2

                                                                                Isn’t that basically what JQuery is?

                                                                                1. 2

                                                                                  Exactly. If a library became so universal as to nearly be default, why not elevate the most imporant parts of it into a standard library that is preloaded on all browsers?

                                                                                  Since JavaScript is sent over the wire with each invocation it cares more about “binary” size than the average language.

                                                                                  1. 2

                                                                                    FWIW this seems to have happened with some ideas from jQuery. See e.g. document.querySelectorAll.

                                                                                    1. 1

                                                                                      What I think JS and the HTTP in general needs is fetching content from hashes instead of URLs. That way if everyone uses the same library it may as well be preloaded because the browser will be able to identify that it already has the same resource without having to centralize files on a CDN

                                                                                      1. 3

                                                                                        Cue IPFS

                                                                                        1. 1

                                                                                          I’ve had the same thought - turns out this is non-trivial to tack on to HTTP after the fact. See w3c/webappsec-subresource-integrity#22 and https://hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html (I haven’t read either of them in a while, but there you go).

                                                                                    2. 1

                                                                                      I do think that there’s space for a JS standard library

                                                                                      The big difficulty is that front-end development is still looking for what “the wheel” is. And there are different paradigms depending on what kind of system you’re building and the resource constraints.

                                                                                      To be honest I think a lot of the glibness for web UIs ignores that many web UIs are miles more complex than what most native GUIs accomplish. Very few native apps have the variety involved in a facebook-style “stream of events” UI. And a lot of web UIs are these kinds of streams of events.

                                                                                      1. 2

                                                                                        There is a lot of room at the framework level for various different solutions. I was thinking of really basic utilities. Solutions to the “left-pad” problem. I think JavaScript didn’t have a function for properly checking if an object was an array until ECMAScript 5.1. It’s hard to build on top of shaky fundamentals.

                                                                                        A lack of history with modules and some notion of compilation (bundling) also hurts JavaScript. The tool chain exists now, but it has felt a bit uninviting in my limited experience.

                                                                                        So we’ve ended up with a small standard library and primitive ways of combining scripts. It’s no wonder that things are so chaotic.

                                                                                        1. 1

                                                                                          FWIW, left-pad-like functionality has been in the standard library since ES2017: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/padStart

                                                                                          Tiny stuff like that isn’t too hard to put in the standard library. But the stuff that frameworks do is too high-level, abstract, and opinionated.

                                                                                    1. 2

                                                                                      Unfortunately, my employer routinely hires people who don’t fit everything on that list. Or even more than one of them. It’s baffling. Many times these people even feel like they shouldn’t have to learn other things in the list. I just… what? Why would I want an employee who sits around waiting until the CSS needs changing or we’re building something that affects the JS? Yes, we do everything on that list often, but on any given project certainly not every day! I’ve actually seen managers trying to gin up busywork for the “front end” or “back end” or “mobile” developers to have something to do.

                                                                                      I refuse to say “full stack developer” because I think a better term is “software developer”.

                                                                                      1. 9

                                                                                        Normally, I’d say this is off-topic for lobste.rs but the writer IS pretty entertaining and I LOL-ed at

                                                                                        Sure, Google and Facebook and Apple do have to worry about this, because they’ve domiciled their foreign HQ’s in Ireland so that they can shelter all that foreign revenue from US taxation. Karma’s a bitch.

                                                                                        Also, way to go to break that stereotype about Canadians being polite doormats.

                                                                                        But for those of us here who are lawyers (or are close to the law, preferably not on the broke-the-law side) how accurate is this position?

                                                                                        The thing with collecting the taxes reminded me that Amazon now collects state taxes. I’m totally ok with this, but it is a state law Amazon is having to comply with, without which they would have to cease operations in that state. So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?

                                                                                        I also see, in principle, how this translates to having to start obeying contradictory laws. Say the Saudis say women can’t access the internet and all internet providers now have to track gender of the user. What happens to a US based company that is prohibited from denying services on the basis of gender. I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.

                                                                                        Ah the joys of being one big happy planet.

                                                                                        1. 9

                                                                                          I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.

                                                                                          Or they just don’t trade in Saudi Arabia.

                                                                                          That’s an option for many people dealing with the GDPR: If you don’t have a website in Europe, or a business in Europe, and you don’t trade in European data, then the GDPR doesn’t apply to you. However Facebook – even if they weren’t in Ireland does trade in European data by selling advertisements to European businesses.

                                                                                          They could choose not to- they could refuse to do any business with any company in Europe. This kind of structuring would probably make them safe, but it’s not realistic: There’s simply too much money in Europe.

                                                                                          1. 1

                                                                                            They would have to cease trading with any company AND not have any European “customers” (users). Having the data of any entity (person or company) that resides in a European country makes you liable according to GDPR.

                                                                                            Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.

                                                                                            1. 2

                                                                                              I think the point is that if you have no company footprint in EU, not business partners there, etc, then the GDPR is unenforceable against you. Yes, they can sue you in an EU court and bring a judgement against your corporation, but if your corporation will never have any footprint there then there is no power to enforce the judgement.

                                                                                              1. -1

                                                                                                This is true. You can violate any law, until you get catched.

                                                                                                However I wonder what’s the impact of such approach on the value of a company.

                                                                                              2. 1

                                                                                                Having the data of any entity (person or company) that resides in a European country makes you liable according to GDPR.

                                                                                                Ehm… no.

                                                                                                The “data subject” is always a European citizen, a person, not a company.

                                                                                                Can you point me to the GDPR article that lead you to this conclusion?

                                                                                                1. 1

                                                                                                  You are completely right in that sense. However, companies who are handling personal EU data will make any company, that they in turn hand (parts of) that data to, liable (and require a data processor / data manager agreement). As you say, handling data for a EU company that has no personal data is not liable to GDPR, but it is a slippery slope because handling pay slips, staff management, etc. will very often have personal data.

                                                                                                2. 0

                                                                                                  Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.

                                                                                                  An IP Address isn’t “personal data”, a name isn’t “personal data”, even a login name isn’t “personal data”. What exactly are the circumstances that you believe you would be “slipped” some personal data without realising it?

                                                                                                  1. 1

                                                                                                    Problem is, without perfect geo-blocking and more, users will “slip” through and then they are in the same situation.

                                                                                                    What exactly are the circumstances that you believe you would be “slipped” some personal data without realising it?

                                                                                                    Frankly, that sentence sounds a lot like FUD, but IP addresses and names are personal data according to GDPR.

                                                                                                    1. 1

                                                                                                      Frankly, that sentence sounds a lot like FUD,

                                                                                                      “FUD” means “fear, uncertainty and doubt” and refers to a specific kind of marketing campaign where the goal is to spread enough misinformation about a subject so that people are afraid of engaging further with a subject.

                                                                                                      Telling people they’re going to be accidentally breaking the law for being connected to the Internet is FUD. Please stop spreading it.

                                                                                                      but IP addresses and names are personal data according to GDPR.

                                                                                                      False.

                                                                                                      The GDPR doesn’t mention IP addresses at all. It never once says that a “name” is personal data.

                                                                                                      The ICO (GDPR Regulator in the UK) even gives the example of Names not being personal data:

                                                                                                      By itself the name John Smith may not always be personal data because there are many individuals with that name.

                                                                                                      1. 1

                                                                                                        It never once says that a “name” is personal data.

                                                                                                        Dude, you really need to read the law:

                                                                                                        (1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

                                                                                                        I urge anyone using your consulting to hire a competent European lawyer instead.

                                                                                                        1. 1

                                                                                                          That doesn’t disagree with what the ICO said.

                                                                                                          The key language is an “identified or identifiable natural person”.

                                                                                                          If you can’t identify a natural person with it, and you have no normal business practice that would enable you to do so, it’s not personal data.

                                                                                                          For a consistent ruling of this, see opinion 4 which teaches that a dynamic IP address cannot identify a person. Why would anyone think a name would?

                                                                                                          I urge anyone using your consulting to hire a competent European lawyer instead.

                                                                                                          I do the same. I’m not a lawyer. I’m an SME who tells companies what they can do, and then invites outside legal to review my advice. I’m significantly more expensive than a European lawyer (in billings), but companies who want to understand what exactly can they do need someone like me instead of some guy on the Internet.

                                                                                                          1. 0

                                                                                                            If you can’t identify a natural person with it, and you have no normal business practice that would enable you to do so, it’s not personal data.

                                                                                                            For a consistent ruling of this, see opinion 4 which teaches that a dynamic IP address cannot identify a person. Why would anyone think a name would?

                                                                                                            Because you cannot know if a specific name can be used to identify the user.

                                                                                                            You just need one identificable name to violate the GDPR for that user.

                                                                                                            Your “normal business” practices means nothing in this regards.
                                                                                                            Article 33 explicitly states that:

                                                                                                            The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.

                                                                                                            This means that a company is accountable for any personal data leak, be it due to a bad employee or a smart hackers crew using a zero day.

                                                                                                            The law says that any information that can be used to identify a user directly or indirectly is personal data. And it includes data related to “one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

                                                                                                            So if a company holds my dynamic ip address with the time of my connection in its database and a third party can use these informations together to learn my identity (as the ISP that assigned me the IP could do) these information are personal data.

                                                                                                            Same for a login name, if somebody can identify my identity with the couple username + host, that username is personal data per GDPR.

                                                                                                            I’m not a lawyer.

                                                                                                            Neither do I.

                                                                                                            But I can read a law as any other European citizen can do.

                                                                                                            What you said about name and IP is simply misleading.

                                                                                                            I’m significantly more expensive than a European lawyer

                                                                                                            Really, I have no doubt.

                                                                                                            If that is the problem I can suggest pretty expensive and competent European lawyers.

                                                                                                            But while I have no economic interest in this, as an European whose personal data are protected by the GDPR, I’m not happy to read you give technical advises without a minimal understanding of the law.

                                                                                                            I’d like to have a list of the companies taking your advices, to avoid using their services.

                                                                                                            1. -1

                                                                                                              What you said about name and IP is simply misleading.

                                                                                                              The court decision you’re referring to (and you should read it, since it’s clear you haven’t) considers an IP Address and timestamp identifying to the ISP, since they can look up their customer’s name.

                                                                                                              You just need one identificable name to violate the GDPR for that user.

                                                                                                              That is nonsense.

                                                                                                              Go away troll.

                                                                                                              1. 0

                                                                                                                You just need one identificable name to violate the GDPR for that user.

                                                                                                                That is nonsense.

                                                                                                                That is the GDPR law. Literally. Article 4.

                                                                                                                If my name is unique, and your db store my name, you are holding my personal data.

                                                                                                                The court decision you’re referring to considers an IP Address and timestamp identifying to the ISP, since they can look up their customer’s name.

                                                                                                                And if an ISP employee breach into a system and get the IP Address and timestamp of the users, she will be able to identify such people and gain sensible informations about them from the system.

                                                                                                                Now, if the system’s controller don’t notify the European users about the data breach, thinking he is not collecting personal data subject to the GDPR, he will violate the Article 33.

                                                                                                                Go away troll.

                                                                                                                Fine, I guess I can not convince you to admit a mistake on this topic as it seems a good source of revenue.

                                                                                                                But please, try to read and understand the law. It’s pretty simple and clear.

                                                                                                                1. 0

                                                                                                                  You just need one identificable name to violate the GDPR for that user.

                                                                                                                  That is nonsense.

                                                                                                                  That is the GDPR law. Literally. Article 4.

                                                                                                                  Stop trolling. The GDPR never uses the string “identificable”

                                                                                                                  If my name is unique, and your db store my name, you are holding my personal data.

                                                                                                                  The ICO disagrees. They’re the one responsible for regulating me (I’m in the UK) and they’ve given no further guidance on the subject. It is however consistent with their other positions on identifying personal data.

                                                                                                                  And if an ISP employee breach into a system…

                                                                                                                  What exactly do you think the normal person should think the risk is of someone who works at an ISP breaking into their website? You’re being absurd.

                                                                                                                  Stop trolling.

                                                                                                                  1. 2

                                                                                                                    Stop trolling. The GDPR never uses the string “identificable”

                                                                                                                    However, correcting the obvious typo shows the word “identifiable” appears eight times in that article.

                                                                                                                    1. 1

                                                                                                                      Nowhere does it say “one identifiable” or a “single identifiable” or anything related to that.

                                                                                                                      What is your point?

                                                                                                                    2. 0

                                                                                                                      Both texts you refer to predate GDPR. And the GDPR never refer to them.

                                                                                                                      So they are both off-topic in this thread.

                                                                                                                      But, actually, I think that everyone can compare your statements with the GDPR text and can easily see how rooted are your advises.

                                                                                                                      1. 1

                                                                                                                        So they are both off-topic in this thread.

                                                                                                                        The ICO’s opinion is all that matters.

                                                                                                                        Not yours.

                                                                                                                        But, actually, I think that everyone can compare your statements with the GDPR text and can easily see how rooted are your advises.

                                                                                                                        Yes. I’m telling people don’t panic, and you’re shouting panic; pointing to articles you haven’t read with interpretations that isn’t shared by the regulators even most professionals working in this space.

                                                                                                                        Then there’s that weird thing you’re saying about ISP employees breaching people’s sites…

                                                                                                                        Go away.

                                                                                                      2. 1

                                                                                                        I might not have been clear, my point is that a company/website/service cannot reliably avoid european users (by geo-blocking, asking them to swear that they are not from EU, etc.) and once those users are on the platform their data is subject to the GDPR.

                                                                                                        1. 0

                                                                                                          You’re not.

                                                                                                          Having a European visit your website doesn’t necessarily mean you have any extra burdens.

                                                                                                          If you don’t trade with Europeans and aren’t trading data specifically about Europeans[2], then you aren’t in-territory.

                                                                                                          If you don’t know who they are, cannot find out who they are, and the information you have doesn’t through your normal business practices identify a natural person[2], then your data is not material.

                                                                                                          I still cannot see how you can collect personal data accidentally if you know what personal data means, or what the GDPR is attempting to accomplish. The law doesn’t talk about “users” or “platform” in this way, and the regulators do not provide guidance in ethereal cases like yours.

                                                                                                          [1]: For example, if you sell targeted advertising on your website and allow your buyers to break down by Geography, then you’re in-territory.

                                                                                                          [2]: That last one might seem tricky, but it’s designed to catch companies who make behavioural profiles of people using cookies and IP addresses. If you’re not doing anything like that, then you’re probably fine, but I’d need a specific example to say.

                                                                                                          1. 0

                                                                                                            through your normal business practices

                                                                                                            Please @cpnielsen, compare this to the definitions for “personal data breach” in Article 4 of GDPR:

                                                                                                            ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

                                                                                                            and to the definition of “personal data” in the same article:

                                                                                                            ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

                                                                                                            Neither definitions cite in any way the use you do of the personal data in your business practices.

                                                                                                            A certain set of data is personal indipendently from the use or the inferences that you can do about them.

                                                                                                            Any information relating to an identified or identifiable natural person is personal data.

                                                                                                            1. 1

                                                                                                              Did you mean to tag me or was that meant for @geocar? Either way, I think we agree.

                                                                                                              To examplify my point: Let us pretend you are Bookface. You explicitly block any European user from signing up for your site (and since you opened on the day of the GDPR launch there are no users already signed up). Because your blocking is not perfect, Gerard from France stumbles across Bookface.com, signs up and gives you his full name, e-mail, date of birth and street address. You are now subject to GDPR as you are holding personal information about him. You can try to ignore it, and actual enforcement might be difficult (especially for individual cases), but the EU is very clear on this: You are subject to GDPR.

                                                                                                              Depending on how you use this data and whether it is required for your platform to operate, you may have to ask Gerard to explicitly opt-in (or not use the service at all, if presented at sign-up).

                                                                                                              1. 2

                                                                                                                Did you mean to tag me or was that meant for geocar?

                                                                                                                Comment was for both of you.

                                                                                                                But I realized by his last answer, that @geocar is not talking about GDPR as generally applied in Europe for European citizens, but about the UK reception that protect UK citizens only.
                                                                                                                This explains his lack of understanding of the GDPR, but it also means that you can (probably, IANAL) safely take his advices for data relating UK citizens. Not for data relating to other Europeans.

                                                                                                                A relevant example is the name of a user (or her IP Address) that are notoriously personal data according to the European GDPR, but that, according to geocar, are not to be consider as such in UK.

                                                                                                                To examplify my point […]

                                                                                                                Yes, we agree.

                                                                                                                In your example, once the data of Gerard are in your system, you are subject to GDPR. Even if Gerard agrees on the processing you do, you have several obligations in his regards, such as assuming proper security measure to protect his data and informing him if his data get disclosed by an accidental data breach. You should read the law for a full list of the obligations.

                                                                                                                And, AFAIK, you can only avoid such obligations by completely removing Gerard’s data from your system (including from logs and backups).

                                                                                                                I encourage you and everybody else to read the law. It is really clear and well written.

                                                                                                                And while a competent European lawyer might help, anybody in good faith can easily understand it.

                                                                                                  2. 4

                                                                                                    So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?

                                                                                                    I would imagine there is an amount of “Okay, so come and get it” involved with the VAT taxes and other laws. There’s no mechanism for enforcement of that decision if you hold no assets within EU member states. Now, the EU could attempt to block access to that website, but we all know how effective that is.

                                                                                                    If you can’t hit someone with a stick what incentive do they have to follow your orders? Especially if there is no reward for doing so other than a pat on the head? Doubly so if following those orders is a pain in the butt.

                                                                                                    1. 1

                                                                                                      If you can’t hit someone with a stick what incentive do they have to follow your orders?

                                                                                                      Can you elaborate?

                                                                                                      Are you saying people can violate US laws (eg a US company copyrights) till they stay outside the USA?

                                                                                                    2. 2

                                                                                                      Normally, I’d say this is off-topic for lobste.rs

                                                                                                      This is something I sincerely do not understand.

                                                                                                      Why it’s off-topic if its tags are [law] and [privacy]?

                                                                                                      1. 3

                                                                                                        The way to detect a true lobste.rs topic is to find one whose title you barely understand, which has one upvote and which has few replies. The replies, however, are substantial, mind opening and mind blowing. After reading the comments you can go back to the article and perhaps understand the title. To understand the article you might have to write some code yourself.

                                                                                                        That’s how we started out.

                                                                                                        I’m not that much of an old grouch to deny people their party line talk, but frankly, there’s still that YCombinator powered bar fight site, right? Why clone it here?

                                                                                                        That said, I’m okay with a writeup like this appearing once in a blue moon. But I do find myself aggressively hiding stories more and more.

                                                                                                        1. 0

                                                                                                          The way to detect a true lobste.rs topic is to find one whose title you barely understand… To understand the article you might have to write some code yourself.

                                                                                                          It’s an amazing high standard.

                                                                                                          But I’d say it would exclude 99% of the posts here and anything related to law, privacy, practices and culture.

                                                                                                          Also I’d have some issues at posting anything I wrote myself, because I only write about topics I understand myself.

                                                                                                          1. 2

                                                                                                            because I only write about topics I understand myself

                                                                                                            Beginner mistake;)

                                                                                                            1. -1

                                                                                                              because I only write about topics I understand myself

                                                                                                              Beginner mistake;)

                                                                                                              Beginning expert’s mistake… ;-)

                                                                                                    1. 6

                                                                                                      Noodling around in Haskell: https://github.com/singpolyma/raw-materials

                                                                                                      1. 2

                                                                                                        Thanks for trying it out! I think a couple of your snippets make good examples of the difference between code and specifications, and what makes specifications particularly nasty to write.

                                                                                                        The system is required to prevent two trains from occupying the same track segment at the same time.

                                                                                                        newtype Track = Track [TrackSegment]
                                                                                                        data Train = Train
                                                                                                        data TrackSegment = SegmentTrain Train | SegmentEmpty
                                                                                                        

                                                                                                        This type makes it impossible to have two trains in the track segment at the same time. I don’t think that’s our goal of this spec! When I see “the system is required to prevent X”, I infer two things:

                                                                                                        1. X is a possible state, in that it can happen
                                                                                                        2. X is an invalid state, in that it shouldn’t happen

                                                                                                        In other words, it is possible for two trains to be on the same track segment, but our system should guarantee that, if everything follows the specification, our system will never cause two trains to overlap.

                                                                                                        I don’t think Haskell’s type system is powerful enough to specify this, but you can probably do it in dependent types. Whether that’s the appropriate “raw material” for this specification is another question.

                                                                                                        (Another possible issue is that the current type spec prevents anything else from being on the tracks except a train, like people. But whether that’s an issue dependents on what it is we’re specifying.)

                                                                                                        The vending machine can prevent a coin-insertion event, but only the customer can cause it.

                                                                                                        allowCoinInsert :: Signal (Maybe CoinInsert) -> Signal VendingMachineState -> Signal (Maybe CoinInsert)
                                                                                                        allowCoinInsert coinInsertS stateS = runMaybeT $ do
                                                                                                        	CoinsNotBlocked <- lift stateS
                                                                                                        MaybeT coinInsertS
                                                                                                        

                                                                                                        We have here that the vending machine can prevent a coin-insert event, but we haven’t actually specified that only the customer can cause it. For all we know the vending machine spec is also allowed to trigger a CoinInsert.

                                                                                                        We could add vending machine code and not have any CoinInsert functions, but that doesn’t quite work, either. Upon seeing that, all we know is that the code doesn’t have a means for the vending machine to insert a coin. But we don’t know if that’s intended functionality (perhaps for the next sprint), unplanned-but-okay if it does happen, or expressly forbidden. Similarly, we don’t know if any other parts of the system, whether the customer, a bypasser, or the snack-filler, are allowed to insert coins.

                                                                                                        When a button is pressed, the machine should turn the lamp on within 250 milliseconds.

                                                                                                        -- Hmm... I could use `timeout` to *check* if this happened,
                                                                                                        -- but I don't think I could write anything that would
                                                                                                        -- *guarentee* it always did.  It's unclear what the goal of
                                                                                                        -- the expression is.
                                                                                                        

                                                                                                        It means that if you press the button, the light goes on within 250 milliseconds. :P

                                                                                                        This is an example of hard real-time specification: you specify that the system must do something within a given time range. If your system takes 255 ms to flip the light, then your system is wrong. Hard time specifications are something I have zero experience in, nor have I ever used any specification languages that can express those properties.

                                                                                                        The pipes and switches of the package routing machine form a binary tree.

                                                                                                        data Pipe = EndPipe | Pipe Switch Switch
                                                                                                        data Switch = EndSwitch | Switch Pipe Pipe
                                                                                                        

                                                                                                        This is a good example of how types can be used as a specification tool, which is something I tend to dismiss too easily.

                                                                                                        1. 2

                                                                                                          Hard time specifications are something I have zero experience in, nor have I ever used any specification languages that can express those properties.

                                                                                                          Always happy to fix a problem like that. I did save a lot of design and verification papers on hard-real-time systems. I can try to dig up some examples for you if you want. If you did, I’m curious if you want just the general stuff or also some examples of custom stuff. They do a lot of purpose-built formalisms in that niche. I’m still not sure if that’s a good idea or not since benefits of people being on same page often outweigh benefits of new formalisms.

                                                                                                          1. 2
                                                                                                            data Pipe = EndPipe | Pipe Switch Switch
                                                                                                            data Switch = EndSwitch | Switch Pipe Pipe
                                                                                                            

                                                                                                            My Haskell is rather poor but wouldn’t this also let you make cycles? What happens if you put the same value for both Pipes of a Switch?

                                                                                                            The pipes and switches of the package routing machine form a binary tree.

                                                                                                            From this description, I thought something like this would be valid? But how can it be expressed?

                                                                                                                S
                                                                                                               / \
                                                                                                              S   \
                                                                                                             /     \
                                                                                                            S       S
                                                                                                                   / \
                                                                                                                  S   \
                                                                                                                       S
                                                                                                            

                                                                                                            From this diagram, I’m also thinking that having two child switches for a pipe would be invalid.

                                                                                                            Although really, I’d ask for the statement to be clarified first. There are a few other questions here.

                                                                                                        1. 2

                                                                                                          Could someone enlighten me how do spamd and rspamd compare? AFAIKnew, Rspamd is the fancy new thing, and I see spamd is similarly aged, but I actually haven’t heard about spamd before.

                                                                                                          I’m kind of freshly into mailservers, doing some reading to set up or create my own mailserver (https://twitter.com/feilermichal/status/999724341611909120 — I tweeted this (“I really want to write my own mail server for myself.”) on May 24, before hearing about that effort (I only learned about it today from @romanzolotarev’s tweet))

                                                                                                          1. 4

                                                                                                            OpenBSD spamd is dead simple, it just whitelists servers that are good actors. It’s not like rspamd at all: rspamd is more like spamassassin, providing a suite of different spam detection strategies along with some end user tooling.

                                                                                                            OpenBSD spamd literally just rejects mail from a new IP for a period of time, and then whitelists the server if it properly handles delivery retry, assuming that spam servers won’t do that. The technique is called greylisting. It’s a fairly legitimate assumption, but it’s problematic for small deployments dealing with mainstream mail providers. How many gmails will spamd delay before it “learns” all the gmail IPs?

                                                                                                            It’s behavior is a tiny bit more sophisticated than that, but that’s the basic idea. It doesn’t provide anything like using external whitelists or blacklists, checking SPF or DKIM, statistical analyzers, or any of the normal features you might expect from a spam filter. It’s very much an 80/20 tool. Also, rspamd implements greylisting, so you don’t need spamd if you use rspamd.

                                                                                                            1. 1

                                                                                                              IME “learning” all the gmail IPs doesn’t take overly long. Just a minor annoyance when the server is new.

                                                                                                              Outlook360, though, does retries from a different IP every time, so greylisting basically blocks email from there (easy to special case in config) and first email from a new service can be a bit slow when making new accounts.

                                                                                                              1. 1

                                                                                                                Woah, I hope there will be a possibility to use rspamd with this new project.

                                                                                                            1. 5

                                                                                                              Meritocracy is like Communism: great in theory, but we’ve mostly only ever seen bad implementations.

                                                                                                              However, this manifesto seems mostly unrelated. It has all kinds of content about people’s worth as humans. Meritocracy (in both good and bad forms) isn’t about that at all. Of course the quality of your work doesn’t make you more or less valuable as a person! It might make your work more or less worth merging, though.

                                                                                                              1. 1

                                                                                                                Just a heads-up: the app doesn’t seem to be available outside of the US App Store.

                                                                                                                1. 1

                                                                                                                  IIRC this is temporary. Apple pulled a lot of apps from EU app store on GDPR day pending… something. I’m not an iOS developer, so no details

                                                                                                                1. 5

                                                                                                                  i didn’t see anything with noscript turned on, which unfortunately disqualifies the project from use.

                                                                                                                  some lightweight discourse alternatives which don’t require javascript are fluxbb, and mailing lists.

                                                                                                                  to not leave anything out, i should also say that nim-forum is using a fairly loose definition of “lightweight.” maybe compared to discourse it is. but fluxbb 1.2.24 is written in under 9000 lines of PHP, with the only other dependency being some database. nim has a longer list of dependencies, and the dependencies themselves are quite heavy.

                                                                                                                  1. 2

                                                                                                                    I’m genuinely curious why this disqualifies the project. Is it just a point of principle? Is it that you do not deem it safe to execute JS on websites?

                                                                                                                    I don’t consider fluxbb and mailing lists to be alternatives to be honest. The former is a classic forum and the latter is, well, a mailing list.

                                                                                                                    I just checked and the current codebase is 5300 lines of code. Which dependencies are heavy?

                                                                                                                    1. 4

                                                                                                                      One example of why SPAs cannot be used: if anything goes wrong, the whole site just breaks. On my phone (Blackberry Q10) https://forum.nim-lang.org/ just loads a blank white page and nothing more.

                                                                                                                      1. 1

                                                                                                                        That’s a good point. In the future it might be possible to pre-render the HTML on the server-side (it should be especially easy as the frontend is written in Nim too) and gracefully downgrade the experience (full page reloads on all links). I think for right now though, the current forum handles 90% of the use cases well, do remember that this is the initial version.

                                                                                                                        Btw I would appreciate any more information about the Q10 failure, is JS simply disabled there? or is it not handling the forum’s JS properly? If you could open an issue on GitHub that would be brilliant.

                                                                                                                        1. 2

                                                                                                                          I assume it’s not handling the forum’s JS properly. If I get some time I’ll try to figure out how to hook up the web inspector, see what the error is, and open an issue :)

                                                                                                                          1. 1

                                                                                                                            Thank you!

                                                                                                                      2. 3

                                                                                                                        ah, i was being an idiot w/r/t to the listed dependencies. none of those are all that heavy. sorry about that!

                                                                                                                        but there is one huge unlisted dependency: one of three major web engines. this is part of why i don’t support projects that don’t work without javascript. plenty of web forums are usable in dillo, netsurf, mothra, and lynx. people should not have to depend on the insane treadmill of ever-expanding web complexity for simple text-based communication.

                                                                                                                        the other part is that javascript can be used to track you. people cannot be expected to review all the javascript that their browser might run to ensure that it’s not doing something malicious, so they should be able to disable it and still function online.

                                                                                                                        why is a “classic” forum like fluxbb not considered an alternative to discourse/nimforum?

                                                                                                                        1. 2

                                                                                                                          Honestly, the only differences between classic forums and Discourse I’ve ever noticed are (1) the default Discourse theme is “modern looking” [meh] (2) Discourse integrates very well with email and is basically a fancy mailing list archive where you can choose to get only some threads or categories by email [very good]

                                                                                                                          1. 2

                                                                                                                            ah so you can post via email? that does seem useful.

                                                                                                                    1. 1

                                                                                                                      I don’t understand why everyone is so fond of duck typing. I have been programming in Ruby for 8 years and I feel I could easily live without duck typing. The vast majority of the functions I have written are only used with a single type of argument. In the rare cases where that is not so, it’s because there is regular class inheritance in play.

                                                                                                                      1. 3

                                                                                                                        Duck typing makes iteration & casual experimentation faster, since you don’t need to consider the structure of an object prior to first implementing it, & can change its implementation gradually without rewriting other parts of the code, even in a REPL. This makes a lot of sense for ‘small computing’ (i.e., where the goal is to prototype with as little pain as possible), but is less useful for ‘big computing’ (i.e., where the goal is solid performance and reliability even when millions of potentially-malicious users are throwing requests at you).

                                                                                                                        Type inference in general is great for ‘small computing’, and being able to combine type inference with duck typing means that you get all the reliability benefits of compile-time strong typing with all the developer-side flexibility and reduced cognitive load of being able to ignore types entirely.

                                                                                                                        Nominal types, when they are combined with type inference, can also be great for reducing cognitive load on developers. (See: your average haskell program, where almost no computation is actually being done because so much stuff is basically offloaded to the type system.) But, these strengths conflict with each other: each mostly benefits the developer by allowing them to forget or ignore the other.

                                                                                                                        1. 1

                                                                                                                          I’m not sure we’re on the same terminological page here. What you describe sounds to me like the advantage of dynamic typing in general. To me ducktyping means deliberately designing methods that take completely unrelated types that happen to share a method. Not changing what you pass to a method while developing and having it still work. That’s just the advantage of dynamic typing, which subsumes ducktyping in such cases.

                                                                                                                          1. 2

                                                                                                                            Only in nominal typing does the idea of types with shared members being ‘unrelated’ make sense. Outside of nominal typing, whether typing is static or dynamic, the shape of a type determines its compatibility while its name is just a convenience for documentation purposes.

                                                                                                                            Structural typing is static, in that type checking is performed at compile time, but it is non-nominal, in that types are determined at compile time to be equivalent if they have the same members. In other words, it’s as though we have type checking based on interfaces, but with the compiler defining the contents of those interfaces based on what members are used.

                                                                                                                        2. 3

                                                                                                                          Duck Typing or Typeclasses let you get the polimorphism benefits of class inheritance without needed classes or inheritance.

                                                                                                                          This is very useful, especially when extending something 3rd party. So long as I know what the 3rd party thing expects, I can build an interface to my stuff it can use. Without them having set up their classes to intentionally support this.