1. 2

    Julia will do this. One can specialize or outright override existing function methods. Julia’s JIT compiler will even go back and recompile any code that may have depended on the old method to use the new.

    Note of course this is dangerous when used carelessly - the system is intended for extending or specializing functions for new input types, rather than replacing methods. One fun thing to do is replace something fundamental like integer addition and watch everything immediately break, via e.g. Base.:+(a::Int64, b::Int64) = 0.

    (While much of Julia’s compiler is written in Julia, it is itself is “immune” to such redefinitions because it lives in it’s own fixed “world”, but so much of the system depends on the standard libary that this instantly destroys any REPL session).

    1. 1

      Julia is actually at the top of my list! I just finished reading the manual, and I find it a bit unclear about this. It seems to indicate that sometimes an already-compiled expression or incrementally-compiled module won’t see overrides that come later?

    1. 1

      Clojure does as well, as probably most lisps.

      1. 2

        Yup, Scheme allows it too

        1. 1

          I’m curious about this now. I had thought from my research that Scheme would not allow this in the presence of modules. If I have a Scheme module that defines a and exports b which calls a and c which calls a and b, can I overwrite a from outside the module so that b’s behaviour changes? Or b so that c’s behaviour changes?

          1. 1

            If the procedure is not exported, you can’t access it from the outside, which means you can’t change the value of the identifier. However, from inside the module you can change it. If it is exported, it’s undefined behaviour if you may change it or not. CHICKEN allows redefinition of exported identifiers though.

        2. 1

          Correct, with the exception of special forms (for example, you can’t re-def let).

          1. 1

            That’s something I’ve never actually tried, but makes sense.

            I did at some point realise that python allows you to override the __plus__ method, which can lead to… interesting results.

        1. 2

          Erlang, to some extent. There is also Prolog.

          1. 5

            I’m not sure why you would say “to some extent” here. Erlang takes the art of redefinition to a whole new level that no other runtime in the world even comes close to.

            When you want to reload a module in Erlang, the VM keeps both the old and the new modules in memory at the same time so as not to interrupt currently-running processes using the old module. When a given process makes a call that the VM can determine makes it safe to do so, it swaps out the module with the new one. But since the definitions of records, etc, may have changed in the new module, every new module can provide an “upgrade” function which takes values in the format of the old version and allows them to be converted into the new version, for instance by adding new fields that previously didn’t exist.

            This is how you get continuously-evolving systems that have been running without a restart for years and years. As far as I know, no other system offers reloading like this outside academia.

            1. 2

              That Erlang feature sounds very cool, and very in line with my discovery direction! Does it always require full module replacements, though? Or can I overwrite a single member of a module without editing the original source and reloading the whole thing?

              1. 1

                The bit where it keeps both versions intact and intelligently hot-swaps specifically requires module-level granularity. It’s been a while since I’ve done Erlang; there may be other forms of reloading which don’t have that safety built-in.

              2. 1

                Well it depends on the meaning of “overriding any existing definition”. Modules are mutable in some languages (the OP mentioned Ruby) so it’s really easy to monkey patch functions for testing. For example, it’s a common pattern to mock like this the function that returns the current timestamp, run some automated tests and revert the default implementation.

                I don’t know if it’s possible to do this with Erlang’s hot code reloading but in anyway it works very differently than monkey patching in Ruby/Python/JavaScript, so there are probably different limitations.

                PS: It seems that it is possible: https://github.com/eproxus/meck

            1. 3

              On the JVM you can override anything on the classpath really. The simplest method is just overriding it using another file. If you have a library that exposes a class with a namespace com.foo.bar.Frob you can place a file with that namespace and your application will see that one first, since it will look first at the immediate classpath and only then the libraries. So you can just make a src/main/java/com/foo/bar/Frob.java and put whatever you want there. I have patched multiple libraries this way in order to fix things quickly before upstreaming them.

              1. 2

                Not for JDK libraries, and not for modules anymore. :-)

                1. 1

                  This lets your override entire packages or classes, but not individual methods on a class, I think?

                1. 14

                  I’d say the term you look for is late binding. The bad thing is it violates the Open-closed principle.

                  Unix shells also qualify. You can replace binaries in /bin and the behavior of lots of shell scripts changes.

                  Dynamic libraries allow monkeypatching for C (and whatever). You can override any libc function with LD_PRELOAD, for example.

                  1. 1

                    Shell (especially using functions) and LD_PRELOAD are excellent examples I hadn’t considered, thanks!

                    1. 1

                      But LD_PRELOAD is only used to select which function definition is used at startup. Lisps, Smalltalk, etc. allow redefining functions in a running program.

                      Depending on what you mean by “in the program”, code from dynamic libraries may not count.

                    2. 1

                      Do you know if some sort of dynamic scoping is required to implement this?

                      1. 1

                        Yes, you could say shells and dynamic libraries use dynamic scoping.

                        No, it is not required in general. Smalltalk, Python, Ruby, and others allow you to modify lexically scoped namespaces by monkeypatching.

                    1. 11

                      I feel like this is a false comparison. sed, awk, and m4 are partly overlapping tools none of which is suited to producing an ebook. curl, pandoc, and calibre are big suites of stuff that don’t conform to Unix philosophy at all. Ruby and Perl are programming languages for building whole new programs, such as one that produces an ebook.

                      Maybe I shouldn’t write an ebook suite using only sed, but I’m not convinced I should replace sed with ruby.

                      1. 8

                        I agree with you completely. But wait, replacing sed with ruby is easier than you think! Did you know ruby has the flags -p, -n, -a, and -F to make it act like sed / awk?

                        $ echo -e 'lots of words\nacross multiple lines' | awk '{print $2}'
                        of
                        multiple
                        
                        $ echo -e 'lots of words\nacross multiple lines' | ruby -nae 'puts $F[1]'
                        of
                        multiple
                        
                        $ echo 'look,a,csv,file' | awk -F, '{print $1 " " $3 "!"}'
                        look csv!
                        
                        $ echo 'look,a,csv,file' | ruby -na -F, -e 'puts "#{$F[0]} #{$F[2]}!"'
                        look csv!
                        

                        It even supports BEGIN { ... } and END { ... } blocks like awk does.

                        While -n acts most like awk, -p gets you the full sed experience:

                        $ echo 'some string' | sed 's/s/z/g'
                        zome ztring
                        
                        $ echo 'some string' | ruby -pe '$_.gsub!("s", "z")'
                        zome ztring
                        

                        Just like -n, but it causes ruby to print $_ (the magic global for “last line read by gets”) after every iteration!

                        Full disclosure: I have never actually used this. I like awk.

                        1. 2

                          Yes this is a bit of a strange comparison, but while we are at: anyone who wants to do digital publishing beyond compiling templates with pandoc should take a look at Pollen

                        1. 0

                          I really like sourcehut simplicity. But i wonder why wouldn’t they use Javascript in the frontend.

                          1. 14

                            Simplicity.

                            1. 1

                              Agreed

                              1. 0

                                Agreed how can you add interactivity to the site without js Just curious to know

                                1. 9

                                  The site’s already interactive. You click on things, and stuff happens. What more would you add?

                                  1. 6

                                    It depends on the definition of interactivity. HTML has buttons to start with.

                                2. 10

                                  Not using JS on the frontend is my #1 favorite feature about sourcehut. It is one or two orders of magnitude faster than GitLab on my old laptop.

                                  1. 4

                                    There is actually JS is some parts of sourcehut. It’s just optional (as all JS was always meant to be)

                                    1. 1

                                      I see it’s pretty surprising to see a full fledged application without js where as nowadays js is known to be the universal language of the web

                                      1. 3

                                        it’s just a different way of building web applications, with server-rendered templates instead of a single page javascript-powered app that queries an API. both can coexist and learn from each other

                                        1. 1

                                          Agreed Each one has there pros and cons

                                  1. 3

                                    What really disappoints me about IPFS is that, without Filecoin, it really isn’t that big of an improvement on BitTorrent. And Filecoin is both an unsolved problem and a cryptocurrency, neither of which are good for selling me on it.

                                    1. 1

                                      Interesting. The fact that IPFS is basically just bittorrent with the swarm problem fixed is exactly what attracted me to it.

                                      1. 2

                                        What’s the swarm problem?

                                        1. 2

                                          The easiest way to describe it in Bittorrent terms is to think about torrents for TV. Think about torrents for single episodes and season packs. If I grab a single-episode torrent, and it has no seeders, but then I grab a full-season torrent and choose only the file for that episode and it works, this is (IMHO) a serious flaw.

                                          Bittorrent swarms form around “a torrent” as described by an infohash, and so having more data even if you also have the same data as another torrent breaks you into two swarms.

                                          IPFS is just one swarm. So if my website has the CC-BY-SA icon, and so does your website, then even if every single other part of the site is different visitors to your site will help seed the content for that icon to visitors to my website.

                                    1. 7

                                      I really would like to have a use case for ipfs, but I seem to never have one.

                                      What are you using it for?

                                      1. 3

                                        Personally, I am compiling an archive of old gold questions from askscience subreddit ( and other nice sources)

                                        When I’m done, I’m going to host those in IPFS, once I have some presentable content of course ;-)

                                        1. 2

                                          So basically as a static site?

                                        2. 2

                                          I’m in the same boat, I’d love to find a reason to use it since it seems so neato conceptually.

                                          1. 2

                                            I don’t use it personally, but I think a good use case is to host packages for language/distro package managers. Clearly, if you use a language at your job, there’s incentive for its ecosystem’s packages to be well duplicated and not be hostages to github’s outages. And the content addressing means packages can’t get maliciously corrupted.

                                            1. 1

                                              I‘m mostly keeping an eye on it, because it seems to be one of the contenders for a content addressable web.

                                              1. 1

                                                I think a good use would be hosting mirrors of open source software code archives.

                                                1. 2

                                                  If I have to keep the node running, I can also just set up an nginx mirror. I do not see how ipfs helps here.

                                                  1. 1

                                                    It is about the trustworthiness of mirrors. The current mirror system is pretty broken when many people don’t check shasums.

                                                2. 1

                                                  It’s great any time you want to host a static website, basically. I use it all the time, for example for my podcast website

                                                  1. 3

                                                    Okay, but why on ipfs and not on a good old vps box or even a cloud storage bucket? If you have to have your node running anyway, what’s the point of using ipfs here besides it being a cool technical concept?

                                                    1. 1

                                                      You should run your IPFS server on a “good old vps box” just like you do with your web server currently. The point is that everyone who visits your site now caches parts of your site locally, and can share that cache with others. This reduces your bandwidth usage (since other visitors will get some or all of their data from not-you) and also increases your resiliency (since some or all of your site can still be loaded even when your server is temporarily down).

                                                1. 9

                                                  I was really interested in IPFS a few years ago, but ultimately was disappointed that there seemed to be no passive way to host content. I’d like to have had the option to say along the lines o “I’m going to donate 5GB for hosting IPFS data, and the software will take care of the rest”.

                                                  My understanding was that, one has to explicitly mark some file as something you’d like to serve too, and only then will be really be permanent. Unless it got integrated into a browser-like boomark system, I have the feeling that most content will be lost because. Can anyone who has been following their developments tell me if they have improved on this situation?

                                                  1. 3

                                                    I thought they were planning to use a cryptocurrency (“Filecoin”) to incentivize hosting. I’m not really sure how that works though. I guess you “mine” Filecoins by hosting other people’s files, and then spend Filecoins to get other people to host your files.

                                                    1. 2

                                                      This is a hard problem to solve, because you want to prevent people from flooding all hosters; so there has to be either some kind of PoW or money involved. And with money involved, there’s now an incentive for hosters to misbehave, so you have to deal with them, and this is hard; there are some failed projects that tried to address it.

                                                      IPFS’ authors’ solution to this is Filecoin which, afaik, they had in mind since the beginning of IPFS, but it’s not complete yet.

                                                      1. 2

                                                        My understanding was that, one has to explicitly mark some file as something you’d like to serve too,

                                                        Sort of… my recollection is that when you run an IPFS node (which is just another peer on the network), you can host content on IPFS via your node, or you can pull content from the network through your node. If you publish content to your node, the content will always be available as long as your node is online. If another node on the network fetches your content, it will only be cached on the other node for some arbitrary length of time. So the only way to host something permanently on IPFS is to either run a node yourself or arrange for someone else’s node to keep your content in their cache (probably by paying them). It’s a novel protocol with interesting technology but from a practical standpoint, doesn’t seem to have much benefit over the traditional Internet in terms of content publishing and distribution, except for the fact that everything can be massively (and securely) cached.

                                                        There are networks where you hand over a certain amount of disk space to the network and are then supposedly able to store your content (distributed, replicated) on other nodes around the Internet. But IPFS isn’t one of those.

                                                        1. 1

                                                          There are networks where you hand over a certain amount of disk space to the network and are then supposedly able to store your content (distributed, replicated) on other nodes around the Internet.

                                                          What are some of them? Is Storj one of those?

                                                          1. 3

                                                            Freenet is one. You set aside an amount of disk space and encrypted chunks of files will be stored on your node. Another difference from IPFS is that when you add content to Freenet it pushes it out to other nodes immediately, so you can turn your node off and the content remains in the network through the other nodes.

                                                            1. 2

                                                              VP Eng of Storj here! Yes, Storj is (kinda) one of them, with money as an intermediary. Without getting into details, if you give data to Storj, as long as you have enough STORJ token escrowed (or a credit card on file), you and your computers could walk away and the network will keep your data alive. You can earn STORJ tokens by sharing your hard drive space.

                                                              The user experience actually mimics AWS much more than you’d guess for a decentralized cryptocurrency storage product. Feel free to email me (jt@storj.io) if some lobste.rs community members want some free storage to try it out: https://tardigrade.io/satellites/

                                                              1. 1

                                                                Friend, I’ve been following your work for ages and have had no real incentive to try it. As a distributed systems nerd, I love what you’ve come up with. The thing which worries me is this bit:

                                                                decentralized cryptocurrency storage product.

                                                                I’m actually really worried about the cryptocurrency part of this, since it imbues an otherwise-interesting product with a high degree of sketchiness. Considering that cryptocurrency puts you in the same boat as Bitcoin (and the now-defunct art project Ponzicoin), why should I rethink things? Eager to learn more facts in this case. Thanks for taking the time to comment in the first place!

                                                                1. 4

                                                                  Hi!

                                                                  I guess there’s a couple of things you might be saying here, and I’m not sure which, so I’ll respond to all of them!

                                                                  On the technical side:

                                                                  One thing that separates Storj (v3) from Sia, Maidsafe, Filecoin, etc, is that there really is no blockchain element whatsoever in the actual storage platform itself. The whitepaper I linked above is much more akin to a straight distributed systems pedigree sans blockchain than you’d imagine. Cryptocurrency is not used in the object storage hotpath at all (which I continue to maintain would be latency madness) - it’s only used for the economic system of background settlement. The architecture of the storage platform itself would continue to work fine (albeit less conveniently) if we swapped cryptocurrency for live goats.

                                                                  That said, it’s hard to subdivide goats in a way that retain many of the valuable properties of live goats. I think live goats make for a good example of why we went with cryptocurrency for the economic side of storage node operation - it’s really much more convenient to automate.

                                                                  As a user, though, our primary “Satellite” nodes will absolutely just take credit cards. If you look up “Tardigrade Cloud Storage”, you will be able to sign up and use the platform without learning one thing about cryptocurrency. In fact, that’s the very reason for the dual brands (tardigrade.io vs storj.io)

                                                                  On the adoption side:

                                                                  At a past cloud storage company I worked at before AWS existed, we spent a long time trying to convince companies it was okay to back up their most sensitive data offsite. It was a challenge! Now everyone takes it for granted. I think we are in a similar position at Storj, except now the challenge is decentralization and cryptocurrency.

                                                                  On the legal/compliance side:

                                                                  Yeah, cryptocurrency definitely has the feeling of a wild west saloon in both some good ways and bad. To that end, Storj has spent a significant investment in corporate governance. There’s definitely a lot of bad or shady actors in the ecosystem, and it’s painfully obvious that by choosing cryptocurrency we exist within that ecosystem and are often judged by the actions of neighbors. We’re not only doing everything we can to follow existing regulations with cryptocurrency tokens, we’re doing our best to follow the laws we think the puck could move towards, and follow those non-existent laws as well. Not that it makes a difference to you if you’re averse to the ecosystem in general, but Storj has been cited as an example of how to deal with cryptocurrency compliance the right way. There’s definitely a lot of uncertainty in the ecosystem, but our legal and compliance team are some of the best in the business, and we’re making sure to not only walk on the right side of the line, but stay far away from lines entirely.

                                                                  Without going into details I admit that’s a bit vague.

                                                                  Anyway, given the length of my response you can tell your point is something I think a lot about too. I think the cryptocurrency ecosystem desperately needs a complete shaking out of unscrupulous folks, and it seems like that’s about as unlikely to happen as a complete shaking out of unscrupulous folks from tons of other money-adjacent industries, but perhaps the bar doesn’t have to be raised very far to make things better.

                                                                  1. 2

                                                                    The lack of a blockchain is a selling point. Thanks for taking the time to respond. I’ll check out the whitepaper ASAP!

                                                                    1. 1

                                                                      if we swapped cryptocurrency for live goats.

                                                                      … I kinda want to live in this world

                                                            2. 1

                                                              You might want to check out Arweave.org.

                                                              1. 1

                                                                I have the feeling that most content will be lost

                                                                Only if the person hosting it turns off their server? IPFS isn’t a storage system, like freenet, but a protocol that allows you to fetch data from anywhere it is stored on the network (for CDN, bandwidth, and harder-to-block). The person making the content available is still expected to bother storing/serving it somewhere themselves, just like with the normal web.

                                                                1. 1

                                                                  If you want to donate some disk space you can start following some of the clusters here: https://collab.ipfscluster.io .

                                                                1. 1

                                                                  I did try this anonymous room but it fails on Firefox on Linux. Example: https://anonymous.cheogram.com/prosody@conference.prosody.im?nick=erwanguorg

                                                                  1. 1

                                                                    The anonymous stuff only works for chatrooms hosted on our server, such as: https://anonymous.cheogram.com/discuss@conference.soprani.ca

                                                                    If we allowed anonymous users out into the federation, we could become quite the source for SPAM unless additional measures were taken.

                                                                    1. 1

                                                                      Thanks for the info! Maybe it could be better to spell it out explicitly either on welcome screen or when the connection fails? Because it looks quite broken from the initial impression.

                                                                  1. 2

                                                                    This bit:

                                                                    Users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular.

                                                                    really doesn’t resonate with me. I assume the author of the post knows what they are talking about, and take it for granted that they are correct in their assertion about what users do or don’t want. But I still don’t understand why anyone cares about chat message history. I view chat as a very ephemeral thing… anything I want to save gets saved elsewhere. I think I prefer the tradeoff of needing to decide what to save over that of abandoning end-to-end encryption.

                                                                    1. 1

                                                                      You’re not the average non-technical user though.

                                                                      Also I have my iMessage and other chat history for years. IRC logs back to early 00s…

                                                                      1. 1

                                                                        This is a reason I’ve been so against perfect-forward secrecy in the context of messaging for years. I have every email I have ever received in my life, and I would like to have chat logs as far back (though for various bad technical reasons I don’t) – end-to-end encryption is good and useful, but logs are (for me and many other) more useful.

                                                                      1. 3

                                                                        “I don’t want this phone and I don’t think anyone else does either, despite all the people who are lining up to buy it.”

                                                                        1. 61

                                                                          In a world where there is a serious shortage of volunteers to do all of this, it seems to me that a small army of “packagers” all doing duplicate work is perhaps not necessarily the best way to distribute the available manpower.

                                                                          Obviously there are also upsides to package mangers, but it’s not all roses and sunshine. I use the system’s package manger for some things, and don’t use it for others. It works better that way.

                                                                          Some developers may complain that distros ship their software too slowly, but you shouldn’t sweat it [..] You should use a distro that ships updates to you at the pace you wish, and let your users do the same.

                                                                          Make a vaguely popular Vim plugin and I will guarantee you that will get bug reports that it doesn’t work because people are using a Vim version that’s more than 2 years old, because that’s the version their Ubuntu ships with. I appreciate there are conflicting interest here and that there is no simple solution here, but handwaving away real problems isn’t helping.

                                                                          examine the software being packaged for anti-features like telemetry or advertisements, patching it out as necessary

                                                                          I would be rather annoyed if someone packaged my software “Example” as “Example” but with alleged “anti-features” removed, especially if those features allow me to actually pay my rent and food. You could also just choose to not package/use/install software if you don’t like it, instead of shipping it to users in a modified state (user who don’t really have a choice in the matter, by the way; who says all users share your values?)

                                                                          Patching software in general has its own risk; see the Debian OpenSSL incident for an extreme example, but generally “Example 1.0” is tested by those who know the most about it as released, not “as released with a bunch of modifications from a random Debian packager”.

                                                                          The “This article presumes that proprietary/nonfree software is irrelevant, and so should you” line is unbelievable pompous; who the hell are you to tell me what I should do? I think I will start replacing this sort of free software absolutism with similar lines about veganism: “This article presumes that a non-vegan diet is irrelevant, and so should you”. Sounds pretty silly, ‘ey? (not taking the piss at vegans; I am vegan; can also use religion or something else). It’s just arrogantly trying to impose your own preferences and set of morals on other as some sort of absolute truth, nothing more.

                                                                          Footnote: In general I am getting rather exasperated by Drew’s “this is the one true way to do it, or else you’re a bloody stupid[1]”-attitude that I’ve seen on several occasions. I already knew it was going to be an article like this based purely on the title and author.

                                                                          [1]: “bloody stupid” taken from HN comment, which seems to have inspired at least parts of this article.

                                                                          1. 15

                                                                            You should use a distro that ships updates to you at the pace you wish, and let your users do the same.

                                                                            That line is one of those that sound great and makes democracy seem perfect but actually glosses over the fundamental problem that people will solve their pains in order from greatest to least. I can vote for the politician that promises improvements to (for example) net neutrality, but if that same candidate wants to cut a government service I rely on, I’m going to vote for someone else regardless of their stance on net neutrality. Likewise, if my choice is between a distro that is fundamentally broken but provides quick updates to software packages versus a distro that’s well supported, stable, and functions for my job, I’m going to pick support and stability over broken with fast updates. I’m not going to switch my daily driver from (for example) Ubuntu to Kali because of their software update policy because Kali is fundamentally broken as a daily driver OS. Update policy has nothing to do with it.

                                                                            The #1 biggest problem in the Linux world is “if you don’t like it there’s a million choices to switch to” and the #2 biggest problem is “if you don’t like it, build your own”. That’s fine if your only target is the developer community, but end users won’t put up with that.

                                                                            1. 2

                                                                              Likewise, if my choice is between a distro that is fundamentally broken but provides quick updates to software packages versus a distro that’s well supported, stable, and functions for my job, I’m going to pick support and stability over broken with fast updates.

                                                                              I mean… having quick updates and being stable are basically opposing forces. So if you want stable normally you don’t want updates anyway, which is why you pick a stable OS…

                                                                              1. 1

                                                                                There are strategies though, as usually it’s not that black and white. For example, I like my base system to be stable, but the user-space tools (that mostly run without elevated permissions) to be reasonably up to date. I can deal with my editor or somesuch crashing every now and then (although, in reality that doesn’t really happen much anyway), but I want my ssh daemon to be well vetted, and new features are not important there (security updates are, but those are usually pushed out by the Distribution maintainers fairly quickly). So I’m running the nix package manager on top of Debian stable. There are other options, but I guess my point is that it does not have to be an ‘either/or’-situation…

                                                                            2. 5

                                                                              I would be rather annoyed if someone packaged my software “Example” as “Example” but with alleged “anti-features” removed, especially if those features allow me to actually pay my rent and food.

                                                                              Note that free software licenses must allow derived works per the FSF four freedoms, and the OSI’s open source definition. The OSI does allow use of licenses that require the modified software to carry a different name or version, although most open source licenses do not have this requirement. Given that the article is in the context of packaging open source software, isn’t this just saying that you’d rather not be writing open source software, thus meaning the article is talking about problem domain that you’re choosing to not be a part of?

                                                                              1. 4

                                                                                Sounds to me like they are saying “I should choose an open-source license which requires rebranding of modifications for my work”.

                                                                                1. 5

                                                                                  I wasn’t really considering the legal aspects, more the moral ones. Let’s say I spend 6 months developing a Banana app, and then release it with ads to support myself and the first thing people do is patch out the ad support. This strikes me as … not great. I appreciate people can do this, but just because you can doesn’t mean you should.

                                                                                  I think open source is the right way to make most software, but it does require some form of cooperation from the community as a whole to work well, especially with regards to the whole financial question. I’m not saying that ads are great, but an absolute “it’s an anti-feature we need to patch out” stance strikes me as rather unempathetic with the needs of the developers at best.

                                                                                  1. 11

                                                                                    I support this viewpoint. In my experience, some people just can’t grasp that one can or should draw a distinction between morals and laws. I don’t want to use laws to enforce certain things, but that doesn’t mean that following the law ensures I won’t think you’re a jerk. For example, almost all my software is released under a public-domain-like license. This technically permits folks to legally plagiarize my software. I support their legal right to do that. But I will think you’re an asshole and potentially use non-legal means to fix the situation.

                                                                                    I see this as the same principle you’re eapousing with your ad example. Your example is just more inflammatory, as can be seen by some of the responses. But that doesn’t change the validity of your point.

                                                                                    (I also agree with your perspective on the OP. He has always been this way, as far as I can remember. Whether intentional or not, it is extremely effective at driving traffic to his blog because virtually every post inspires controversy. And not the good kind, IMO.)

                                                                                    1. 0

                                                                                      If by “plagarize” you mean “not attribute to me” then I would point out that the right to be identified with a work is actually somewhat rarely conferred by law anyway. Copyright is (in many jurisdictions) concerned with copying (and copying-like things, such as performance) not with attribution.

                                                                                      1. 0

                                                                                        Licenses like MIT require attribution by including the license: https://tldrlegal.com/license/mit-license

                                                                                        1. 0

                                                                                          Yes, but that is a special requirement the MIT license adds in order to be allowed to exercise rights under the license.

                                                                                          There is no such requirement under default copyright law, it’s just something that can be added (as can basically anything else that is tied to the use).

                                                                                          1. 2

                                                                                            I realize it’s a special requirement. But that’s immaterial to my point:

                                                                                            Me: Please don't plagiarize my software.
                                                                                            Person: But you used a license, like the public domain (or UNLICENSE) that said I could.
                                                                                            Person: If you don't want people plagiarizing your software, then use MIT.
                                                                                            Me: I don't believe in enforcing every moral value I hold with the weight of the legal system.
                                                                                            

                                                                                            Which is analogous to what’s happening in this conversation. Licenses define what is legal. Not necessarily what is moral. Some licenses combine these notions intentionally, but that is not a universal property of all software licenses.

                                                                                            Basically, you’re pointing out an interesting factoid, but it doesn’t negate my point.

                                                                                    2. 19

                                                                                      What’s the point oft free software if there are “moral obligations to not change it”? I use free software exactly because anti-features like ads can be patched out. I am not willing to be annoyed/manipulated by ads just so that the author of an application can get like 5 cents from it or so.

                                                                                      1. 4

                                                                                        Defaults matter in practice – to the tune of potentially lots. (Just ask all the folks who used to turn a profit selling freeware CDs for which the ISOs were already available, including basically all linux vendors – or the whole economy of subscription services, most of which survive simply because people are slow to cancel in a way that, at scale, makes money. Or consider the hexchat model – windows users can build xchat from source for free, or find a binary from somebody else who has, or they can pay for the official binary.)

                                                                                        In other words, the problem is not that someone has stripped whatever features, but that a centralized node in the distribution network has stripped those features such that most users, by default, never knew they existed.

                                                                                        1. 4

                                                                                          I agree. I think some open source developers just aren’t aware of, or don’t accept, the market that they’re participating in. If a developer’s work is so valuable, people will pay for changes. But it’s often not, because there’ll be other people who will publish competing software for no payment.

                                                                                          The reality of the free software situation is that you have to be lucky enough to make it big with a project e.g. curl (small scale), or build a company around an open source product e.g. Redhat (large scale), and in both cases get paid by companies for maintenance and consulting. New models like GitHub sponsorships, crowdfunding, subscriptions, are still finding their footing.

                                                                                          1. 2

                                                                                            What’s the point oft free software if there are “moral obligations to not change it”?

                                                                                            That’s not really what I said; your paraphrasing is an exaggeration which is indeed silly. All that I was trying to point out is that things are a bit more nuanced than “these anti-features should be patched out by distros”. I think my comment was phrased sufficiently nuanced to make that clear.

                                                                                          2. 10

                                                                                            and then release it with ads to support myself and the first thing people do is patch out the ad support.

                                                                                            It’s because you shouldn’t have chosen ads to support yourself in the first place. Your product will be worse because of it and users or packagers are right to remove them. Charge for it instead.

                                                                                            1. 2

                                                                                              It’s because you shouldn’t have chosen ads to support yourself in the first place. Your product will be worse because of it and users or packagers are right to remove them. Charge for it instead.

                                                                                              I appreciate that’s your opinion, and I even share it to some degree, but also appreciate there are others who make different choices. I think we should respect that, too.

                                                                                              1. -5

                                                                                                I will never pay for an app.

                                                                                                1. 9

                                                                                                  How do you think the creators of the apps should survive in the current scarcity-based society?

                                                                                                  1. 0

                                                                                                    Put in unintrusive ads, put in a donate button (I actually use those), put in a “pro mode” for extra functionality.

                                                                                                    1. 9

                                                                                                      put in a “pro mode” for extra functionality

                                                                                                      Does this mean that you would pay for pro functionality? Or do you leave that to others as well?

                                                                                                      In any case: you’re free to never pay for an application of course, but I for one am happy to support developers by actually paying for software I use and benefit from. Especially when they still release that work under an OS license.

                                                                                                      And I’m happy that my users have been paying me for the last 10 years so I can work on open-source full time. I like to think it’s a win-win situation.

                                                                                                      1. 2

                                                                                                        Does this mean that you would pay for pro functionality?

                                                                                                        Depends on the app and what pro features offer over regular features. If it’s a good app I’ll happily pay to remove even unintrusive ads.

                                                                                                        1. 3

                                                                                                          So you would pay for (good) software after all. Happy to hear it!

                                                                                                          1. 3

                                                                                                            Yeah, I just would never pay to install an app onto my phone

                                                                                              2. 4

                                                                                                It seems to me though that free software in particular was an attempt to give legal weight to a moral position, namely that users should be free to decide exactly what software they use. This is contrasted to the proprietary software world, which is built on the idea that producers deserve to be compensated for their work, and the means of doing so typically implies a vendor creating an unchangeable bundle where the user can decide whether to accept the entire bundle or none of it.

                                                                                                IMO, these are both valid moral positions. Morality is subjective. But I’m struggling to reconcile the idea that users shouldn’t patch out things they don’t like, but that they should have the ability to do so. There is a world that believes users shouldn’t be able to patch out things they don’t like, but it’s a world that Drew is explicitly ignoring, presumably because that world isn’t catering to his needs or wants.

                                                                                            2. 3

                                                                                              especially if those features allow me to actually pay my rent and food.

                                                                                              So, basically you’re implying that you would make your fine software a malware (let’s face it - ads, tracking and other unintended behavior in application is what makes it malware) just to exploit your target user and its machine to sustain your primary income, and then get angry at them for not complying to that terms and patching the code that runs on their own personal machines?

                                                                                              Crazy.

                                                                                              1. 10

                                                                                                Vim has an advert in its front page, and most people don’t consider it malware.

                                                                                                Because of course it’s not that simple. AdSense and its clones are malware, but advertising is not inherently so.

                                                                                              2. 1

                                                                                                In a world where there is a serious shortage of volunteers to do all of this, it seems to me that a small army of “packagers” all doing duplicate work is perhaps not necessarily the best way to distribute the available manpower.

                                                                                                I think this is actually the main problem. It shouldn’t take an army of packagers (in addition to arcane automation scripts no one understands, but everyone started to rely upon).

                                                                                                I’m really hoping that distributions can improve their approach to package management; distri is a breath of fresh air in that regard.

                                                                                                I’m hopeful that other issues than speed will also be tackled (like non-root/user-local package installs) by people who care about it, and that package managers can take the next step.

                                                                                                1. -1

                                                                                                  Who took your candy away? Your reply seems awfully negative, let people have their opinions…

                                                                                                1. 11

                                                                                                  Packaging can be very, very hard. Alpine and Arch may have fairly simple systems that make providing your own into a community repository easy, but other distributions may not.

                                                                                                  Debian, for example, not only has a very complex system, it also has byzantine policies: e.g. the wiki links to the new maintainer’s guide, which states in chapter 1 that it’s getting outdated, instead linking to the Guide for Debian Maintainers, which is supplemented by a policy manual and a developer’s reference, each having multiple pages of tables of contents alone.

                                                                                                  How you’re going to get anything into Red Hat Enterprise Linux is beyond me, since you’ve got no control about it and they’re notoriously picky.

                                                                                                  1. 2

                                                                                                    I’m curious: is it just the fragmentation of the documentation that makes Debian packaging feel complex?

                                                                                                    In general I find that sensible software can be packaged in minutes since it’s all automated.

                                                                                                    1. 5

                                                                                                      I’ll dig out the low-down from what I can tell and you be the judge if it feels complex (CC @federico3, who obviously may correct me if I’m wrong about any of this or have omitted something major):

                                                                                                      1. To contribute a package, you must become a “maintainer”, who is a person that maintains a package—which is either a “Debian Maintainer”, who is a person that can upload specific packages directly, or someone who is a “sponsored maintaner”, who needs a sponsor to upload packages. When you start out, you’ll be the latter, so you’ll need a sponsor. What nearly nobody tells you: You’re allowed to become a maintainer for your own software as well. But usually the follow-up objection to that is if nobody asked for it on WNPP, chances are it will just get rejected for having no demand.
                                                                                                      2. Try to generate most of the package automatically. If you’re lucky, you’re in one of the cases where it all works automatically and you “only” have the policy to worry about. If you’re unlucky, you first have to make it work.
                                                                                                      3. Fill in the policy-mandated fields: A description (note: RFC 822, so you can’t use empty lines, you’ll need empty lines with a leading space and then a single dot), dependencies, build-time dependencies.

                                                                                                      Now comply with the rest of the policy, such as:

                                                                                                      1. If the source package contains hard links, those needs to be removed or replaced.
                                                                                                      2. Split the package if necessary (always necessary for C/C++ libraries since you’ll need at least -dev and the main library).
                                                                                                      3. If you’re packaging a library, also maintain a separate, semi-automated account of all symbols and the associated version.
                                                                                                      4. If your package includes third-party code, remove that as well and instead patch it to use Debian’s copies of the third-party code if you have to.
                                                                                                      5. Fill in the debian/copyright file. If you’re lucky, every file has a header that identifies the license. If you aren’t, you’re off to checking every single file’s license and try to infer it from other files (namely the COPYING or LICENSE file).
                                                                                                      6. Write a package changelog, which is apparently a mix of changes made to packaging and upstream changes.
                                                                                                      7. If the program is not covered by man pages, you should write man pages yourself; you can get bugs filed against this and if upstream is not cooperative, you’ll be writing them yourself. Upstream refusing is not an excuse.
                                                                                                      8. A lot of mess regarding init systems, generally technically requiring you to still write init scripts in a systemd-centric distribution.
                                                                                                      9. If your package falls in the scope of a team, join that first and check their policies as well.
                                                                                                      10. Sign your package with GPG, so you also get all the extra fun of GPG key management.

                                                                                                      etc. etc. There’s almost no way you’ll get all of this right on your own and that you won’t have a special case, so you should join the debian-mentors mailing list, but that means you get all the overhead of the list and the usual caveats apply (lurk for a while and see what the usual tone is before you ask a question, search the archives, etc.).

                                                                                                      Now that you’re reasonably certain that you’ve handled all the corner cases in the documentation, which will usually get even the seemingly easiest of packages, you get to the fun part:

                                                                                                      1. Create an account on mentors.debian.net.
                                                                                                      2. Upload your signed package there.
                                                                                                      3. Find a sponsor by filing a bug against the sponsorship-requests pseudo-package. Since the ratio of Debian Developers that can and want to be sponsors to prospective sponsored maintainers is rather imbalanced, chances are you’ll just get ignored entirely unless you can make a good case that your package is both low-risk for them and already well-made. If your first language isn’t English, this necessarily becomes comparatively much harder for you.
                                                                                                      4. If you fail to find a sponsor, wait a few weeks, post a follow-up.
                                                                                                      5. If that still fails, either give up or start bothering sponsors that work on related packages.

                                                                                                      There is no equivalent to the Arch User Repository, so either your package eventually gets in, or it’s just in limbo forever if you can’t get anyone to bother sponsoring you.

                                                                                                  1. 11

                                                                                                    Note: This article presumes that proprietary/nonfree software is irrelevant, and so should you.

                                                                                                    This seems to me to be a hell of a presumption.

                                                                                                    1. 4

                                                                                                      There are several ways to read that presumption, here are two I think are both reasonable:

                                                                                                      1. Nonfree software cannot be included in a libre OS anyway, so it is out of the scope of this discussion
                                                                                                      2. Nonfree software is harmful to the user, and so should not be installed – thus the fact that it cannot be installed from the libre OS directly is not a “big problem”

                                                                                                      There are certainly other readings of the word “irrelevant” that would be much less reasonable. I cannot claim to know which combination of meanings Drew meant specifically.

                                                                                                    1. 20

                                                                                                      Distros are anything but guaranteed to ever get to including your package into the repos, even if you volunteer to maintain that package yourself. In case of LTS distros, they may not include completely new packages in older versions even if there’s no chance it will break anything. Thus your “time to market” can be years.

                                                                                                      It gets worse when libraries you are using are not in that distro either. Worse yet if you are using a language that distro maintainers don’t understand and their packaging is unidiomatic or ourgith broken.

                                                                                                      Don’t get me wrong, I do think distro maintainers are doing a great and important work. I have most of my software installed from distro repos, and I try to contribute to packaging when I can. But sometimes as a developer you have no choice but to distribute your own software, and as a user you have to turn to out of distro packages.That’s just reality.

                                                                                                      One annoying example offhand: Fedora 30 still ships MuseScore 2.x in its repos. The 3.x line has been stable for a long time, it’s perfectly compatible with old files, and it’s a huge improvement over 2.x By huge I mean huge. Still not there. Luckily, its maintainers make an AppImage, so I can just get it in one wget command. When distro maintainers update it to 3.x, I’ll switch immediately, but it should happen first.

                                                                                                      1. 1

                                                                                                        Distros are anything but guaranteed to ever get to including your package into the repos, even if you volunteer to maintain that package yourself

                                                                                                        This is honestly my main tension these days. Of course one should never (or, advanced users only: rarely) install software that does not come from their OS. However… how does one become popular enough to be included in an OS without first getting installs via some other channel? It’s a bit chicken-and-egg.

                                                                                                        Of course, that only matters to the upstream if the goal of writing your software is getting people to use it, which for FLOSS is often not the case at all (people being able to use it is a happy side effect of it being written unless you’re selling it).

                                                                                                      1. 1

                                                                                                        Most people hailed the introduction of the and tags as positive due to the fact that browser support for these did not require codec plugins of questionable quality and reliability, but was instead built-in to the browser

                                                                                                        This has always been the most confusing part of HTML5 to me, as though we needed new tags to get off of plugins when, in fact, you could implement and just fine with plugins even today (though no one does) and, as the article points out, you could implement without a plugin (as at least Firefox does today for supported mime types).

                                                                                                        1. 1

                                                                                                          As far as I can tell, I was approximately the only person saddened by this

                                                                                                          I there there were a few of us :)

                                                                                                          1. 3

                                                                                                            Sometimes, when creating software, it is best to just not care about others. This is counter-intuitive, but the less you care who is going to use your software, the more you will empower everyone with your software. For example, choosing licenses like GPL, you care who is going to use it, but you also filter out others that cannot. Businesses have difficulty in using GPL software, which some think is empowering people instead of businesses, but it is not. Businesses empower people that are unable to use the software without them. And without giving your software to businesses you limit your giving your software to people. Developers often forget that people need businesses to put that software in their hands, and I don’t see that changing in upcoming 50 years. Putting your software into hands of business is putting it in the hands of the people. And we should encourage the businesses to release the software that they can into free software world. Saying that businesses are not invited to sponsor free software events is counter-productive to free software goals. Free software activists alone cannot put free software into peoples hand. You need businesses to help you. And if you want businesses to use your software, you need to not care about who is going to use them. Who uses it, good, bad, it is not important. It is important that the software is used.

                                                                                                            1. 7

                                                                                                              The GPL isn’t anti business. Lots of businesses use and are built on top of GPL software. If your business can’t survive with copyleft, it’s probably not a very beneficial business for society.

                                                                                                              1. 0

                                                                                                                Lots of businesses are built on top of GPL, but not a lot of businesses can. For some reason some libraries have GPL as their license, and GPL calls linking as distributing. This means, that, for example, a business cannot make their own nice user interface to the functions the library offers, and charge for it, as it must be open source. That is ultimately detrimental to the library as it looses a lot of potential users that way.

                                                                                                                And businesses that are clearly detrimental for society are using GPL software - Ad networks do use Linux.

                                                                                                                1. 4

                                                                                                                  That is ultimately detrimental to the library as it looses a lot of potential users that way.

                                                                                                                  Library authors have a wide variety of objectives. If your objective is to increase the quality of the free software ecosystem, then loosing users who are making non-free software is no great loss unless those users would have contributed back improvements.

                                                                                                                  You’d have to balance the benefit of improvements from non-free projects against the number of projects that are encouraged to become free based on your work (or something).

                                                                                                                  1. 1

                                                                                                                    The library does not loose users that are making non-free software, the library looses mindshare because it disallows non-free software to use it. Having a good user interface is important for the library, and here the user isn’t a programmer, it is the one who utilizes the functions a library offers. Some such users just cannot use the library directly, and have to use some other user interface. And such interface might not exist if there cannot be a non-free software that does it, forcing the user to use another user interface for another underlying library, one, which might be entirely closed source, which is a detriment to free-software community over using a non-free interface for a free software library.

                                                                                                                    1. 2

                                                                                                                      The library does not loose users that are making non-free software, the library looses mindshare because it disallows non-free software to use it.

                                                                                                                      There is a hidden implicit point in your argument that the prior poster tried to point out. At the core of your argument is that companies are beneficial to the software that they use. But I haven’t seen proof of this outside GPL software. I mean, hell, even with GPL software I’ve noted a dozen or so violations by companies here and there, when I’ve really paid attention.

                                                                                                                  2. 4

                                                                                                                    Well, they can charge for it and make it open source.

                                                                                                                    Also, at least if we’re not talking about binary linking, generally you only have to distribute the modifications to the original GPL software, not whatever you built that interfaces with it. E.g. with Android vendors: they publish the source of their kernel fork, but they use proprietary blobs in userspace (/vendor partition) that talk to their kernel drivers.

                                                                                                                    1. 0

                                                                                                                      They can charge for it and have it open source in theory. In practice, there is no business sense in doing so, as then your business is basically getting donations. And last I checked, getting donations is not a business.

                                                                                                                2. 3

                                                                                                                  And we should encourage the businesses to release the software that they can into free software world.

                                                                                                                  Businesses involved with F/OSS mostly just freeload off of it with no contributions back. So, this quote highlights the problem, not one about GPL. As myfreeweb says, lots of stuff business make could either be released as GPL or integrated with it without releasing the proprietary stuff. Instead, they keep getting themselves stuck on proprietary solutions by abusive companies, reinventing the wheel in all kinds of ways instead of using/releasing F/OSS, not releasing parts of their internal applications that aren’t a competitive advantage, and so on.

                                                                                                                  Nobody developing software without payment owes businesses anything anyway. Doing for-profit work with obligations, but no payment, is called slavery. Sometimes it’s charity. That still should have no obligations from businesses if it’s personal projects. If they do charity that includes businesses, businesses’ current track-record indicates they should probably use dual-licensing with the strongest copyright available to force any wanting to benefit to share the benefits in some way. Businesses usually don’t do it unless forced (see Android). Some even try to obfuscate their products to block interoperability, sue over API’s, patent sue, and so on.

                                                                                                                  Then, there’s businesses that believe you get what you pay for that avoid good F/OSS in favor of lower-quality products from companies happy to rip them off. The lower-quality products often incorporate permissively-licensed code that they don’t send improvements back to. Those suppliers and their “smart buyers” at least have an amusing relationship that gets even less pity from me.

                                                                                                                  1. 2

                                                                                                                    Dunno. One can always dual-license, and businesses can purchase a commercial license. Sure, there’s a bit more friction, but businesses are used to spending money on things. And if a business can actually conform to the GPL (or other copyleft) license, and has their own software open, they have a small advantage over the business who does not (less cost). I think that’s a better (and fairer) strategy in the long run if the goal is to further free software.

                                                                                                                    As a developer, I don’t exclusively care about how much my software is used. There are other important factors. Personally, I’d prefer quality users over quantity. And I really couldn’t care less if a company would like to use my software but does not because they don’t want to pay for a license, and also don’t want to open up their own software and let me use it. I want people who respect and appreciate free software (and give back in some way) to have a leg up against those that don’t.

                                                                                                                    1. 0

                                                                                                                      One can always dual-license, and businesses can purchase a commercial license

                                                                                                                      Can I purchase a commercial license for linux? Or get it under some other license?

                                                                                                                      1. 4

                                                                                                                        No, because the authors of Linux are not interested in dual licensing it. Other authors and projects are.

                                                                                                                        1. 2

                                                                                                                          No, of course not. You were talking about ‘Sometimes, when creating software…’, so I assumed you meant a situation like creating a library and thinking about the right license to use. That’s when you, as a developer, can decide to go for a copyleft license and an accompanying commercial one.

                                                                                                                          And I think your example doesn’t make all that much sense if your argument is companies often shy away from GPL code, as a lot of companies use Linux without any issues (because the share-alike restrictions in the Kernel don’t usually get triggered by anything a company does, except they develop directly on the Kernel itself).

                                                                                                                      2. 1

                                                                                                                        For example, choosing licenses like GPL, you care who is going to use it

                                                                                                                        I think this is the crux of the misunderstanding here. The GPL explicitly does not care who is going to use it (which some recently think might be an issue, but that’s another debate…) – it only cares if the user is going to preserve the rights of their downstream users or not. All users are welcome, as are all uses, but not all possible abuses of others.