1. 1

    Very informative article. I have a question about this though!

    + ?Sized - The size of B can be unknown at compile time. This isn’t relevant for our use case, but it means that trait objects may be used with the Cow type.

    But isn’t B a str which doesn’t have a size known at compile time?

    1. 2

      Yep.

      1.  

        str doesn’t have a known size, but &str does: it’s the size of a (ptr, len) pair.

        1.  

          Yes, but that’s &B. The statement quoted is that the “B: ?Sized” bound doesn’t matter for the thing described. It does, as B is str.

      1. 8

        Glad to see Hanami still kicking, but this kind of benchmark is not super useful. The vast majority of time spent in Ruby web apps is on business logic and not web framework code (except for Rails, maybe). So at the end of the day, running your custom, heavy code on any framework is likely to yield the same result because >90% of your time will be in your code.

        1. 2

          Hm, in API use, your framework can actually add substantial overhead, especially if you rely on caching.

          I haven’t been writing a Ruby framework for a while, but quite some time in the request/response cycle is spent in the security stack (cookie encryption/parsing, CORS mitigations, etc.) and having frameworks that provide faster API throughput by having some tuned stack helps. Comparing this stack to others is certainly not without use.

        1. 0

          Suggest rust tag.

          1. 2

            Why? It talks about multiple languages.

            1. 1

              Only because it seems to be causing the most outrage.

          1. 9

            This is just strange. Why do they fail to mention the most damning flaw of C++: unbridled, unmanageable complexity? Why don’t they mention the churn the languages is undergoing now with major new language features in every new language standard that drastically change how idiomatic c++ is written?

            Why is it claimed that you can write ‘straight line concurrent code’ in Rust but not C? You can write a fully functional fibre system for C that is essentially transparent for code using it (doesn’t need to know it is running in a fibre except that you can’t block) in less than a thousand lines of code. You don’t need async/await nonsense plastered over your code and to duplicate every bit of code into async and normal functions. That seems just as “straight line” than Rust to me.

            1. 9

              This is just strange. Why do they fail to mention the most damning flaw of C++: unbridled, unmanageable complexity? Why don’t they mention the churn the languages is undergoing now with major new language features in every new language standard that drastically change how idiomatic c++ is written?

              “C++ at Google” is generally considered different from “C++ in the wild”. They have a rather strict coding standard, with tooling to enforce it, plus a huge toolstack and practice built around it.

              You don’t need async/await nonsense plastered over your code and to duplicate every bit of code into async and normal functions. That seems just as “straight line” than Rust to me.

              You do know that fuchsia engineers were a huge driver behind the actual async/.await implementation? They have need for it.

              1. 1

                That’s something I didn’t consider actually. Google C++ is a pretty small subset of C++. That also explains why they ignored C++‘s co_await stuff but mentioned Rust’s: they don’t use new C++ features and they helped drive the implementation of Rust’s.

                1. 1
                  1. 1

                    C++: “Con: Support for asynchronous programming is weak.”

                    Rust: “Pro: Asynchronous programs can be written using straight-line code.”

                    Even though C++ obviously has much more mature support for a hugely wide variety of asynchronous programming models, as well as supporting co_await, while Rust only supports the equivalent of co_await (and not very well yet, as it was basically just introduced recently, though that should improve over time).

                    That looks like ignoring it to me.

              2. 7

                This is just strange. Why do they fail to mention the most damning flaw of C++: unbridled, unmanageable complexity? Why don’t they mention the churn the languages is undergoing now with major new language features in every new language standard that drastically change how idiomatic c++ is written?

                Do they just understand and accept this complexity? Large C++ projects are not new to Google, just look at Chrome. From their perspective it’s more likely to be considered the norm and necessary complexity.

                It seems strange to outsiders, but culturally it is probably the most palatable option with known results. Choosing the known thing is probably much safer. I’m sure lots of the developers have probably had the same thoughts as you, but they feel that this approach has the impact they desire.

                1. 4

                  You can write a fully functional fibre system for C that is essentially transparent for code using it (doesn’t need to know it is running in a fibre except that you can’t block) in less than a thousand lines of code.

                  I’m curious what that would look like. Do you have any resources on hand?

                1. 4

                  Always wondered who it was named after.

                  https://en.wikipedia.org/wiki/Hans_Reiser

                  Hans Thomas Reiser (born December 19, 1963) is an American computer programmer, entrepreneur, and convicted murderer.

                  Cancel my meetings I’ve got some reading to do

                  1. 12

                    Yep. Perfect example of “well that escalated quickly.”

                    I remember when it was in the news. I was sure Hans was innocent, given that one of his victim’s ex-boyfriends had already been in jail for murdering someone. I was genuinely shocked when he was found guilty and took the police to where he buried the body.

                    Wired did a really good write up of it at the time.

                    1. 7

                      I actually had dinner with him a few months before the murder & I remember him ranting about his wife a lot at the time so I wasn’t that surprised.

                      1. 10

                        Also one of the early attempts the “geek defense” by framing himself as Asperger’s, throwing other autists under the bus with it. :/

                        1. 4

                          I was working at a startup that was using ReiserFS at the time, and he was doing contract work for us. I never met the dude, but it was very unsettling to be that close to the story.

                        2. 1

                          Yup! Kinda bizarre. I posted this excerpt several years ago:

                          Reiser4 has a somewhat uncertain future. It has not yet been accepted into the main line Linux kernel, the lead designer is in prison, and the company developing it is not currently in business.

                          https://tbolt.space/2013/12/03/the-future-of-reiserfs/

                          1. 1

                            There are a number of crime dramas about this as well.

                            https://www.youtube.com/watch?v=A2Spetgu3tY

                            1. 1

                              Oh you need to catch up to the Reiser4 FS story as well. Good readings.

                            1. 3

                              NAN tagging is a bit of a step further, but this post reminds me of the table in the ruby interpreter here, listing everything that may be encoded in a pointer.

                              https://github.com/ruby/ruby/blob/master/gc.c#L3939-L3945

                              Famously, nil, true and false had to move one bit up with ruby 2.0, when they introduced a new numeric encoding that needed the rightmost bit. As the object_id is the pointer value in Ruby, that was an observable behaviour change.

                              1. 4

                                While Mattermost was proposed as a Slack alternative, I think Zulip is worth mentioning as well. I haven’t used it in a while (providing no means to install it on an existing server is extremely off-putting to me), but I can say I found the UX very nice, with their somewhat daring “threaded” model.

                                1. 2

                                  Zulip is great, we use it at my company, the Rust project and Ferrous Systems. Definitely consider it.

                                  I’m confused by “no means to install it on an existing server”? There’s installation instructions here? https://zulip.readthedocs.io/en/stable/production/install.html

                                  1. 1

                                    https://zulip.readthedocs.io/en/stable/production/requirements.html

                                    To run a Zulip server, you will need:

                                    • A dedicated machine or VM

                                    The installer expects Zulip to be the only thing running on the system; it will install system packages with apt (like nginx, postgresql, and redis) and configure them for its own use. We strongly recommend using either a fresh machine instance in a cloud provider, a fresh VM, or a dedicated machine. If you decide to disregard our advice and use a server that hosts other services, we can’t support you

                                    So, as I said: the development team has simply decided that figuring out how to play nice on servers with other things on it is not a priority. That’s their prerogative, but it doesn’t mesh with the infrastructure I’ve already got.

                                    Another caveat I found: If you eschew your own installation, and use their free, public server, note that I was dismayed to discover that the email addresses of all users on that server are publicly accessible. That was very disappointing.

                                    But anyway, other than these major CX problems, I found Zulip to be pretty good.

                                    1. 2

                                      So, as I said: the development team has simply decided that figuring out how to play nice on servers with other things on it is not a priority. That’s their prerogative, but it doesn’t mesh with the infrastructure I’ve already got.

                                      I find that a reasonable constraint and am happy that they are upfront about it. You practically can’t support arbitrary systems. That indicates that it still runs on such systems, but they don’t provide support for it. A classic case there would be a distribution taking over the integration work.

                                      Especially Redis has nasty habits if you try to run multiple services on it.

                                      Finally, I would never consider running a communication product without a thick wall to all other services.

                                      1. 1

                                        I understand your points, but I am a bit saddened that the software development world has evolved so that I can’t buy a “toaster” and put it to use in my kitchen without requiring there to be no stove, rice cooker or microwave in the same kitchen, and without having the toaster rewire the electrical system of my house to match the wiring in the houses of the developers of the “toaster”. There were days when this was not so.

                                        1. 1

                                          For me, it’s more akin to not being able to use the one drum in two washing machines, even if its the same model. It doesn’t make me sad at all. Systems come in components, the ability to isolate groups of components is a win.

                                1. 23

                                  I’ve got to say. This article is so well written. In depth and entertaining. I do kind of feel like I learned more about how much work goes into making strings work in C than about Rust strings though, but I’m not complaining about it.

                                  Is there a down side to Rust having so many more built in methods for handling strings? Or does the strict compiler make it not an issue?

                                  1. 7

                                    Is there a down side to Rust having so many more built in methods for handling strings?

                                    Do you mean methods (functions) or methods (types)? If the latter, the main issue I see is the learning curve. Having 2 main string types (&str and String) is confusing at first but it’s consistent with the rest of the lang/standard library. Once you get more comfortable with the language it’s fine. Also there is some language machinery (perhaps the AsRef<str> impl for String) that lets you supply a String reference to functions that take &str, which makes them fairly painless to use in practice.

                                    1. 2

                                      Yeah, sorry, “methods” was the wrong word to use. I meant more like, is there overhead for the Rust language to handle all the UTF-8 string stuff internally by default? In contrast to C which doesn’t .

                                      1. 5

                                        There’s some overhead whenever you’re forced to deal with potentially non-UTF-8 strings which tends to happens with IO. That’s a mental and performance penalty. And obviously there’s a slight space/performance penalty in comparison to C strings. But then again, if you need that sorta performance, you can use those too.

                                        Your valid Strings always being good Unicode is pretty great.

                                        1. 6

                                          For the non-UTF-8 case, all of my string libraries (bstr, regex, aho-corasick, csv) handle them fine without any overhead. :-) As a bonus, they all support Unicode to some degree and will mostly just ignore invalid UTF-8, dependending on what you’re doing. The bstr docs go into a bit more detail.

                                          1. 4

                                            I have yet to find a codebase where UTF-8 validation was a substantial overhead.

                                            1. 1

                                              Validation isn’t the only overhead though. Indexing is another. But I agree with your sentiment: worrying about this is 99% a premature optimization.

                                              1. 2

                                                Indexing of textual values is even more fringe, unless you use strings for (sub)-keys. In that case, I recommend a byte field in Rust.

                                      2. 2

                                        Nitpick (rightfully alluded to by the author):

                                        That last one is particularly cool - in German, “ß” (eszett) is indeed a ligature for “ss”. Well, it’s complicated, but that’s the gist.

                                        These days ß is a ligature for ss as much as w is a ligature for vv. Best to leave that sentence out, as it only distracts from the topic of the article.

                                        For extra points, a good string library would convert heinz große to HEINZ GROẞE.

                                        But because Unicode never had the possibility of updating casing rules, we might be stuck with ß → SS forever, short of adding a German2 locale to Unicode.

                                        The use of two letters for a single phoneme is makeshift, to be abandoned as soon as a suitable type for the capital ß has been developed. (Duden 1925)

                                        It will probably take more than 100 years to resolve, better to start working on it now.

                                      1. 38

                                        I sent the link to this post, via DM only, to three of the admins with a short note. Not 10, not 100, not a random project: three of the admins of a project in which I am already a participant.

                                        Within 60 seconds of linking these users to my own webpage, Discord deleted my account.

                                        No third-party service should be in a position to be deciding for you what your group membership should be allowed to communicate with each other.

                                        According to the message, people flagged your DMs. That’s not really “censorship”, that’s removing a member considered disruptive by the community. Frankly, I’d do the same if random strangers started DMing me with “this service sucks, you should use something else”.

                                        Regardless of whatever merit your points against Discord may have, it seems you don’t realize just how disruptive your “advocacy” is perceived by many. Going around telling other people what they “should” do is what people mean with “Open Source entitlement” and quite literally why people get burnt out by being an Open Source maintainer.

                                        I strongly urge you to reconsider your approach. It will benefit everyone, including yourself since it will be much more effective. It’s a win-win.

                                        free software-adjacent teams and groups, such as hackerspaces, art camps, and other DIY undertakings should always question falling by default onto the “buy” side of “build vs. buy”. DIY or die! Run your own!

                                        Are you doing to do the legwork and front the server costs, too? “DIY” isn’t about telling what other people should do, it’s about … doing it yourself.

                                        If I was unhappy with the communication platform of a project, I’d compile a list of advantages switching would have and offer to help and/or pay. I don’t want to gatekeep “DIY” here, but in my view that’s the “true” DIY way.

                                        1. 12

                                          According to the message, people flagged your DMs. That’s not really “censorship”, that’s removing a member considered disruptive by the community. Frankly, I’d do the same if random strangers started DMing me with “this service sucks, you should use something else”.

                                          Nothing in that email from Discord says people flagged my DMs. I’m also not a random stranger—I am an active participant in that project. I didn’t disrupt anyone or anything.

                                          If you read the suspension message carefully, it claims that my account violated the ToS—it did not. It was not the result of messages being flagged. They are using the term “the Discord community” as a stand in for Discord’s automated spam detection, which no-questions-asked censors young/new Tor-created accounts that send three similar messages containing the same link in a short period of time.

                                          Regardless, it’s still censorship when Alice tries to privately message Bob and Mallory decides “Bob isn’t allowed to see this message” and prevents it from reaching its destination, leaving Bob in the dark. That’s pretty much the dictionary definition of censorship. It’s my opinion that Alice and Bob should seriously reconsider their choice of association with Mallory in that instance.

                                          Regardless of whatever merit your points against Discord may have, it seems you don’t realize just how disruptive your “advocacy” is perceived by many. Going around telling other people what they “should” do is what people mean with “Open Source entitlement” and quite literally why people get burnt out by being an Open Source maintainer.

                                          I think perhaps the first line of my post was garbled in transmission. I’m not telling anyone to do anything.

                                          I’m telling people what they should not do: that is, don’t discriminate against people who insist on privacy.

                                          Choosing to use Discord does that, so people who don’t want to discriminate should not choose to use Discord.

                                          I’m also offering them alternatives that don’t discriminate against those people, so that they can make better choices if they decide that they don’t want to be the kinds of projects that discriminate against segments of their userbase.

                                          I feel like it’s a little bit of a stretch to go from “please don’t discriminate against and exclude me and others like me from participating”, which is basically the message in my post, to “open source entitlement”.

                                          Are you doing to do the legwork and front the server costs, too?

                                          I mention on the page that the server costs for such things are on the order of $5 per month for most teams.

                                          I’d compile a list of advantages switching would have and offer to help and/or pay

                                          There is an explicit offer of expert help at the bottom of the post, including my direct email address and telephone number, and it has been sitting there on the page since before you left your comment. :)

                                          I have also donated approximately 5-6 years worth of server hosting expenses, anonymously and in cash, to a local nonprofit I am attempting to convince to switch away from Discord, and have offered to personally manage and document 100% of their migration for free—time for which I would bill a theoretical customer in the mid to high five figures.

                                          1. 36

                                            Although I’ve been working as a programmer now for many, many years, prior to that I studied, and received a degree in, philosophy.

                                            The chair of my department was a Kant scholar, and taught many of the courses in ethics and moral philosophy, and there was a saying he was fond of, to the effect that there are two great traps, or errors, in moral philosophy, which are easy to fall into and difficult to climb back out of. The first trap is concluding that there is no correct moral system. The second trap is concluding that there is, and that you have found it.

                                            You appear to have fallen into the second trap, and this has had a negative impact on your interactions with other people. For example, prior to falling into the trap, you likely would have recognized that sending unsolicited messages to multiple people promoting your blog post is behavior that those people – and probably most neutral observers – would consider spamming. After falling into the trap, you are unable to see this. After all, you are bringing them the truth and the light and the good word! You are like Moses, descending from the mountain bearing the commandments: how could it be incorrect to share such an important message with others? Surely it must be the other people who are at fault if they react negatively.

                                            My suggestion to you would be to spend some time working on trying to see this situation from the perspectives of other people, rather than only from your own perspective. To help with that, perhaps consider Kant’s categorical imperative, and consider what the world would be like if your approach were to be made universal. Would you enjoy living in such a world, constantly being bombarded by others’ unsolicited manifestos, constantly being ordered by others to stop doing things they consider immoral, and, if you objected, being told that you are the one who is acting wrongly? I do not think you would find such a world to be pleasant, nor would you find it moral. Think on the lesson that example offers.

                                            1. 10

                                              I’m reasonably sure that I just did read an unsolicited manifesto on morals, when I read your post. It is all too easy to stand on a soapbox and become morally superior to others. And if Moses did exist, and if he really did receive instructions from Jehovah, then we must keep in mind that immediately upon coming down from the mountain, he had a fight with his brother over morals and ethics. (We must also keep in mind that evidence suggests that Moses is mythical and that the Exodus did not really happen. It is all too easy to draw moral lessons from myths.)

                                              On Freenode, if I attempt to privately message somebody, and they are not interested in receiving private messages from me, then I am not instantly banned upon my attempt, but instead notified that the recipient has caller ID enabled and will not be receiving my message.

                                              In a world where it is universally recognized that Discord is actively interfering with and shaping its user base, perhaps people would not use Discord as often. And that’s all that’s really been asked for.

                                              Finally, on morality, let us not forget Pirsig. Pirsig morality is the fact that atoms obey the laws of chemistry. It is the Kochen-Specker theorem and the Free Will Theorem. Pirsig said that humans are morally free to do what they want/will/desire, but that humans are inherently not as moral as the ideas which they espouse. At the low level, there are few degrees of freedom, but they are clear and easy to see; when we get up to the level of humans and ideas, there are so many degrees of freedom that the possible moral actions of humans become a continuous spectral palette of moral positions. The typical moral action of a human is to think, and in thinking, be acted upon by ideas, in order to create an emotional context for spurring physical actions.

                                              Why do I mention Pirsig? Because of this Pirsig quote (from memory):

                                              It is more moral to kill a man than an idea.

                                              On one hand, Discord is moral in their choice to be heavy-handed on reputation and moderation, and even moral in their choice to deliberately delegate moderation so as to make each Discord “server” a small fiefdom ruled by jealous gamer overlords. On the other hand, the author, myself, and others are moral in our choice to speak out against and criticize Discord’s design and actions. I think that we value the idea of not living in a police state and not having our mail read, and this idea contrasts sharply and precisely with what Discord’s tools and staff appear to be doing here.

                                              1. 16

                                                In a world where it is universally recognized that Discord is actively interfering with and shaping its user base, perhaps people would not use Discord as often. And that’s all that’s really been asked for.

                                                OP has admitted now that what actually happened was connecting via a service designed to hide the origin of traffic, and immediately firing off multiple DMs containing links to different users. I would actively refuse to use any service that didn’t at least treat that as highly suspect – the odds of that behavior indicating a spambot are ludicrously high.

                                                Unless you and OP truly believe that it is deeply and reprehensibly morally evil – so evil that you yourself suggest homicide as a preferable alternative – to have systems in place which automatically detect and act on patterns of behavior that are overwhelmingly like to be spam, I’m not sure there’s even a case left to make here. All that’s really left of OP’s argument is a set of desired stances for Free software projects, which would inevitably exclude certain segments of the population (but, notably, not the segment OP belongs to, which apparently makes it acceptable).

                                                1. 1

                                                  desired stances for Free software projects, which would inevitably exclude certain segments of the population

                                                  Which segments do those desired stances exclude? Are you saying that the communication systems that adhere to these desired stances are inherently user-hostile compared to proprietary, more restrictive systems like Discord?

                                                  1. 1

                                                    Some of the proposed alternatives (specifically IRC) are much less user-friendly than Discord.

                                                    To get a feature like chat persistance, the user will have to either

                                                    • set up a bouncer (usually requires access to a server)
                                                    • use WeeChat/Glowing-Bear (ditto)
                                                    • pay for IRCCloud
                                                2. 7

                                                  I’m reasonably sure that I just did read an unsolicited manifesto on morals, when I read your post.

                                                  Maybe I’m picking nits… but I do believe I’d consider clicking through to a discussion thread about whether a tool is acceptable for those who value freedom and privacy tantamount to soliciting a manifesto on morals.

                                                  “X is not acceptable for free software” is something that makes me expect that some moralizing and probably at least one manifesto lies on the other side of a link, anyway.

                                                3. 5

                                                  For example, prior to falling into the trap, you likely would have recognized that sending unsolicited messages to multiple people promoting your blog post is behavior that those people – and probably most neutral observers – would consider spamming.

                                                  Well, it turns out I have an existing relationship with these people. I wasn’t spamming anyone.

                                                  The people to whom I sent the messages never had an opportunity to object to them. They didn’t flag them. They didn’t even see them. Discord’s software decided that because I was a new user, and I was connecting via tor, and I sent the same link to three different people within five minutes of signing in, I must be a spammer and be silenced.

                                                  That’s called censorship.

                                                  Regardless, this is a red herring. The main issue is that choosing to use Discord is exclusionary and discriminatory, regardless of whether they censor messages or not.

                                                  1. 33

                                                    Discord’s software decided that because I was a new user, and I was connecting via tor, and I sent the same link to three different people within five minutes of signing in, I must be a spammer and be silenced.

                                                    That seems like a perfectly reasonable conclusion for their software to draw.

                                                    1. 25

                                                      That’s called censorship.

                                                      It really, really isn’t.

                                                      1. 1

                                                        It absolutely is. Most censorship is not government censorship. It’s also not universally bad: for example, we self-censor to avoid being unkind to others.

                                                        1. 15

                                                          If your working definition of censorship is so broad as to encompass anti-spam measures like rate limit violations, then let me suggest that it is not a useful definition in this conversation.

                                                          1. 2

                                                            On the contrary, the fact that legitimate anti-spam measures can be used to block the legitimate sending of messages by people seeking to keep their physical and network location private means that the definition of censorship should definitely include anti-spam measures.

                                                            1. 7

                                                              Let me make my point in a different way:

                                                              because I was a new user, and I was connecting via tor, and I sent the same link to three different people within five minutes of signing in, I must be a spammer

                                                              This isn’t “legitimate sending of messages” — it is actually spamming.

                                                              1. 3

                                                                I don’t think these measures “are being used to block legit sending of messages”, rather, these algorithms block you because your behaviour is virtually indistinguishable from someone sending illicit and abusive messages. Lots of legit email is being blocked by spam filters because the sender lacks DKIM and Reverse DNS, but it’s simply because people not having those is a very sure sign that someone is spamming so you block them without wasting additional CPU on it.

                                                                If your behaviour is identical to abusive behaviour then I don’t see why you get a free pass for your behaviour relating to a “righteous cause” like free software.

                                                        2. 10

                                                          Seems like their spam detection algos are pretty good. Spam detection and prevention (actual spam, not false flags) is one of the shortcomings of IRC and other “anonymous” platforms.

                                                          1. 0

                                                            If they were pretty good, they would not get such an obvious false positive.

                                                            The point was that you should use tools that do not give third parties the ability to read your private messages at all.

                                                            1. 7

                                                              So, I don’t like when foss communities use discord (or slack for that matter) either. However, what you’re describing - creating a new account via tor and then immediately sending the same message with a link to three people - sounds like exactly what most spammers I’ve seen will do. What makes you say it’s an obvious false positive (from the perspective of spam detection software)?

                                                      2. 13

                                                        Are you doing to do the legwork and front the server costs, too?

                                                        I mention on the page that the server costs for such things are on the order of $5 per month for most teams.

                                                        I help run a hackerspace. It has about 75 members and they are all volunteers. We do not have the money for real employees, we do not have on-call support, and it is not uncommon for people to get busy with Real Life Stuff and just disappear for a month or three at a time. If the floor gets swept, it’s because someone decided to pick up a broom and help out.

                                                        At a guess, members are about 30% professional techies of various types (engineers, academics, technicians, mostly in non-computer fields), about 40% interesting but non-tech people (that hippie who makes cool laser cut art, the cosplay guy who builds a full Iron Man suit, etc), and the rest are interested amateurs who just like playing with different stuff. There are a grand total of three people there who I would actually trust to run a server people rely on, I’m one of them, and I go there to get away from that shit. We can and do run several servers, but they’re all things like an internal NAS or shop IoT system that are toys to play around with and not essential services. We have a VPS that runs our website and a couple other mission critical things, but only a few people have access to it and working with it is not much fun so usually we don’t touch it.

                                                        Chat is an essential communication medium for this place. There was a fire on our block last year and chat was how we notified people and coordinated stuff. For chat we use Slack. Slack is free, it never breaks, and if it does break we don’t have to fix it. It has an interface a child can set up and use, the client never breaks either, and it takes a new member who isn’t a computer guru about 2 minutes to set up an account.

                                                        I would love to be able to point people at a Matrix server instead, but last I checked it can’t do all the things Slack can and all the clients I tried were buggy, slow, incomplete, or otherwise unpleasant to use – though this was a year or two ago now, maybe it’s better now. That was the time at which we looked at various chat services and chose Slack though. If we ran a server ourselves, we would need to have someone responsible for babysitting it. I don’t see any commercial services we can buy Matrix hosting from, and a custom managed services setup would probably run $hundreds/month. And even then, we’d have to redo a dozen channels, a couple bots, Google Calendar integration, and get 75 people to switch chat programs.

                                                        Maybe we can do this someday. Maybe even someday soon. But the costs are far greater than the $5/month for hosting.

                                                        1. 2

                                                          I believe Slack can be used easily via Tor, and does not demand a phone number to join a group, so users who need privacy of their personal data (IP/location) would not be excluded from participating in your group.

                                                          The risk of logged DMs remains, but that is a smaller risk. Discord is much more censorship-heavy.

                                                          Look into Mattermost and a hidden service.

                                                          1. 6

                                                            Slack includes your email address in the profile, forcibly.

                                                            1. 1

                                                              You can generate new emails that are not linked to anybody’s account. The article wasn’t about don’t use slack after all, just how it’s not as preferred.

                                                              1. 2

                                                                And how many users will do that? If privacy preservation is important to you and you want to be a trustable service provider, you can’t have any situation of “the user accidentally omitted that”. Especially as the user must be pre-informed of that behaviour and have the ability to draw this conclusion before using it.

                                                                Also, I’m replying to a comment on Slack, so I don’t know what the point about the article is.

                                                        2. 7

                                                          I have also donated approximately 5-6 years worth of server hosting expenses, anonymously and in cash, to a local nonprofit I am attempting to convince to switch away from Discord, and have offered to personally manage and document 100% of their migration for free—time for which I would bill a theoretical customer in the mid to high five figures.

                                                          From the view of a well-managed nonprofit, this reads as: if that person goes away or changes their view on things, there’s the risk of mid high five figures costs.

                                                          1. 3

                                                            Discord is not yet a profitable company with a sustainable revenue model.

                                                            GP has those risks presently, PLUS privacy/discrimination/censorship issues for all of GP’s users.

                                                            GP says it’s a volunteer organization. Then you say that someone volunteering to do the work is a risk.

                                                            Running communications tools is about 20-40 hours per year. Can management not extract redundant commitments from reliable members to serve as someone’s understudy in the case of disaster?

                                                            1. 3

                                                              GP says it’s a volunteer organization. Then you say that someone volunteering to do the work is a risk.

                                                              Is the mission of this organisation running a chat service? If not, even in a volunteer organisation, the prime goal is that volunteers can work on the mission.

                                                              Running communications tools is about 20-40 hours per year. Can management not extract redundant commitments from reliable members to serve as someone’s understudy in the case of disaster?

                                                              20-40 hours for a skilled person, especially if you have security standards. Finding someone to keep this server safe and secure and is on-call if it breaks is hard.

                                                              There’s a reasons why even collectives that focus on making communication their mission, like system.li shut down their service on major demonstrations to inform people that they cannot be trusted to not be compromised on some level.

                                                      1. 3

                                                        I should note that C11 did introduce a few limited functions to work with UTF-8 specifically; <uchar.h> defines char16_t and char32_t as well as mbrtoc16 (multibyte char to char16_t), c16rtomb (char16_t to multibyte char), mbrtoc32 (multibyte char to char32_t) and c32rtomb (char32_t to multibyte char). For the purposes of this specific article, however, this is not very helpful: toupper/towupper are only defined for char and wchar_t, respectively; however, you’re not guaranteed that wchar_t can actually represent a char32_t, so uppercasing remains very hard.

                                                        Grapheme clusters make this seemingly simple tasks even harder, and this is all before realizing that these functions are also locale-dependent (necessarily so, plus this also means they are OS-dependent) because of regional variations.

                                                        1. 4

                                                          I should note that C11 did introduce a few limited functions to work with UTF-8 specifically

                                                          How are any of the things you mention for UTF-8 specifically? C11 doesn’t guarantee UTF-8 interpretation for mb arguments. The interpretation depends on locale, AFAIK C11 doesn’t guarantee the availability of UTF-8 locales (and in practice, there exist Windows versions that don’t have UTF-8 locales), and changing the locale affects all threads, so you can’t change the locale from within a multithreaded program.

                                                          C11 doesn’t guarantee UTF-16 semantics for char16_t or UTF-32 semantics for char32_t. This is even less sensible than not guaranteeing two’s complement math. At least when C got the possibility of non-two’s complement math, non-two’s complement hardware existed. When char16_t and char32_t were introduced, there were no plausible alternatives for UTF-16 and UTF-32 semantics. C++20 guarantees UTF-16 and UTF-32 semantics for char16_t and char32_t.

                                                          1. 2

                                                            C11, § 7.28(1):

                                                            The header <uchar.h> declares types and functions for manipulating Unicode characters.

                                                            (emphasis mine) J.3.4 on undefined behavior:

                                                            The encoding of any of wchar_t, char16_t, and char32_t where the corresponding standard encoding macro (__STDC_ISO_10646__, __STDC_UTF_16__, or __STDC_UTF_32__) is not defined (6.10.8.2).

                                                            I suppose you could read that as not necessarily meaning UTF-8 (or UTF-16 or UTF-32) if these specific macros are not defined, but at that point, an implementation is just so obviously insane that it’s no use trying to deal with it.

                                                            Incidentally, you may find it interesting that a recent draft of C2x has dropped two’s complement support, see the mention of N2412 on p. ii.

                                                            1. 4

                                                              dropped two’s complement support

                                                              You had me panicking for a moment, but looking at that PDF it looks like they’ve accepted N2412, which means they’ve guaranteed two’s complement support and dropped support for other sign representations.

                                                              1. 2

                                                                Right, I meant to say “dropped everything but two’s complement”, my bad. Not that I can edit it anymore.

                                                              2. 2

                                                                I suppose you could read that as not necessarily meaning UTF-8 (or UTF-16 or UTF-32) if these specific macros are not defined, but at that point, an implementation is just so obviously insane that it’s no use trying to deal with it.

                                                                Those macros being defined mean that wchar_t has UTF-32 semantics, char16_t has UTF-16 semantics, and char32_t has UTF-32 semantics. None of those are about UTF-8.

                                                                Incidentally, you may find it interesting that a recent draft of C2x has dropped two’s complement support, see the mention of N2412 on p. ii.

                                                                Fortunately, reasonable things flow from the C++ committee to the C committee.

                                                                1. 0

                                                                  C++ is a prescriptive standard. It describes what it wants the world to be, and then hopes the world catches up. You can do that when the entire language community is on board and the language is complex enough to only have a few implementations.

                                                                  C is a descriptive standard. C runs on a massive range of hardware. C cannot afford to exclude real existing hardware targets that work in weird ways. Ones complement and signed magnitude integers really do exist in hardware. It wasn’t unreasonable to support them.

                                                                  Now that C has threading and atomics and is ballooning in scope it’s probably not implementable on those computers anyway, and they can just stick with C89. Getting rid of that support today, now that those platforms are so insanely obscure, is probably fine. But it was not unreasonable to support them in 1989 or 1999.

                                                                  1. 4

                                                                    C++ and C are quite a bit closer together in this regard. z/OS and AIX character encoding issues show up frustratingly often on C++ standardization context.

                                                              3. 0

                                                                I wouldn’t expect C to guarantee UTF-8 for argv, if I’m understanding your comment correctly. C is a descriptive standard, and the world it’s describing is not universally UTF-8, even on the systems where it is most popular. Pathnames in Linux, for example, are not UTF-8, they are arbitrary null-terminated strings of bytes.

                                                                1. 2

                                                                  Short note: path names in Rust are of “OsStr/OsString” type, which “String” can be converted into, but the other way around is falliable.

                                                                  Both have mappings to “Path/PathBuf”.

                                                                  1. 0

                                                                    Yes path names are of type OsStr, but command line arguments as returned by std::env::args are Strings, which means that your code works fine until it panics in production one day because someone passed a non-UTF-8 path name and std::env::args tries to turn it into a String even though you’re just going to turn it back into an OsStr anyway.

                                                                  2. 2

                                                                    My point is that, AFAICT, contrary to your up-thread comment, C11 provides no facilities that you can actually trust to do UTF-8 processing in a cross-platform way. (If you know the program will run on macOS or OpenBSD, then you can rely on certain functions performing UTF-8 operations.)

                                                                    1. 1

                                                                      I have not made any comments suggesting that C11 provides UTF-8 support.

                                                                      C2x should have char8_t, however.

                                                                      1. 3

                                                                        Sorry, I meant xorhash’s comment upthread.

                                                              1. 15

                                                                I’m still seriously surprised that anyone thinks it is an acceptable option for free software projects.

                                                                For the VyOS project we are, sadly, using Slack as a primary communication channel. So does FreeRangeRouting. I’m very deeply unhappy to see that a proprietary walled garden is what the users want to use (we still have a channel on Freenode, but it’s almost dead compared to Slack). Still, between proprietary walled gardens, even Slack does a better job as a platform for technical communication than Discord does.

                                                                1. 11

                                                                  I’m still seriously surprised that anyone thinks it is an acceptable option for free software projects.

                                                                  It should not be forgotten that projects that are big on Discord now have made their decision in the past. First of all, please be aware that Rusts Discord is only one of the potential places where the Rust project chats, there’s also a Zulip instance. No member or working group is mandated to use one over the other, it’s a free choice.

                                                                  For the Rust project, we had 2 very important points:

                                                                  • Good mobile support (we use our chat e.g. for sync at events like our all-hands)
                                                                  • Good moderation support and documentation (and antispam-support)

                                                                  We tried almost all options under the sun. Slack is out, because it has no moderation support. Multiple products just didn’t deliver messages. Gitter has the tendency to just hang until you reload it. Matrix was unfinished, it has now gotten better.

                                                                  Discord has pretty good features for managing large communites, e.g. slow mode, where people are only allowed to send messages very slowly and are blocked for a certain time between messages. This is very nice when someone tries to brigade you.

                                                                  Still, if we were to decided today, the decision might be very different, but back then, practically speaking, Discord was far ahead of any other.

                                                                  1. 8

                                                                    I’m told that Gitea uses it, and so does the file archive the-eye.

                                                                    It’s growing in popularity, which is why I wrote this post.

                                                                    1. 5

                                                                      if you are participating in the use of slack for free software projects, you are accepting it and therefore acknowledging it as acceptable in a sense.

                                                                      1. 2

                                                                        I’m not defending our use of Slack. My point is that, a) with projects like ReasonML, FRR etc., as a user, my choice is use Discord or Slack or not participate in that community at all b) and worst of all, it’s not always evil/stupid maintainers forcing users to use those proprietary products, but users forcing them to move away from free and open options. The saddest part for me was to see people flock to the Slack channel, most of those were people who were never on the IRC.

                                                                        1. 3

                                                                          it looks like ReasonML has a discourse forum (shitty but at least it’s free software), and FRR has a mailing list.

                                                                        2. 2

                                                                          Wildly incorrect. If the choice is “participate in open software” versus “don’t participate in open software”, there is an obvious right answer even if it does not 100% match your ideals.

                                                                          1. 1

                                                                            is that the choice though?

                                                                            1. 4

                                                                              If there is an open source project that uses Discord, your choice is either use Discord or don’t participate in the community. Those are your only options.

                                                                              I guess after that choice you have a choice to just not participate at all or fork the project and hope enough people agree with you, but that’s a completely separate decision that still falls under the “don’t participate in the open source project” option.

                                                                              1. 3

                                                                                a project that uses Discord will also have a mailing list or some other more open platform, so i still think you are presenting a false choice.

                                                                                1. 1

                                                                                  The project that caused me to write TFA has a Google Groups mailing list (phone number required for Google Account to join) that ~none of the members are subscribed to.

                                                                                  These days, email has fallen out of fashion. I’m not sure why.

                                                                                  1. 1

                                                                                    which project?

                                                                      1. 66

                                                                        What should people use instead?

                                                                        Real secure messaging software. The standard and best answer here is Signal,

                                                                        Oh please. They aren’t even close to sharing the same level of functionality. If I want to use Signal, I have to commit to depending on essentially one person (moxie) who is hostile towards anyone who wants to fork his project, and who completely controls the server/infrastructure. And I’d have to severely limit the options I have for interfacing with this service (1 android app, 1 ios app, 1 electron [lol!] desktop app). None of those are problems/restrictions with email.

                                                                        I don’t know what the federated, encrypted ‘new’ email thing looks like, but it’s definitely not Signal. Signal is more a replacement for XMPP, if perhaps you wanted to restrict your freedom, give away a phone number, and rely on moxie.

                                                                        1. 13

                                                                          I think Matrix is getting closer to being a technically plausible email and IM replacement.

                                                                          The clients don’t do anything like html mail, but I don’t think I’d miss that much, and the message format doesn’t forbid it either.

                                                                          1. 27

                                                                            If you can’t send patches to mailing lists with them then they’re not alternatives to email. Email isn’t just IM-with-lag.

                                                                            1. 5

                                                                              Email can be exported as text and re-parsed by Perl or a different email client.

                                                                              Until that functionality is available, I won’t consider something a replacement for email.

                                                                              1. 4

                                                                                In all fairness: cmcaine says “Matrix is getting closer”.

                                                                                1. 3

                                                                                  Matrix is a federated messaging platform, like XMPP or email. You could definitely support email-style use of the system it’s just that the current clients don’t support that. The protocol itself would be fine for email, mailing lists and git-send-email.

                                                                                  The protocol also gives you the benefits of good end-to-end encryption support without faff, which is exactly what general email use and PGP don’t give you.

                                                                                  1. 2

                                                                                    Adding patch workflow to Matrix is no different to adding it to XMPP or any other messaging solution. Yes, it is possible but why?

                                                                                    I can understand you like Matrix but it’s not clear how Matrix is getting closer to e-mail replacement with just one almost-stable server implementation and the spec that’s not an IETF standard. I’d say Matrix is more similar to “open Signal” than to e-mail.

                                                                                    1. 2

                                                                                      “Getting closer” is a statement towards the future, yet all of your counter arguments are about the current state.

                                                                                      1. 2

                                                                                        If I only knew the future I’d counter argument that but given that the future is unknown I can only extrapolate the current and the past. Otherwise Matrix may be “getting closer” to anything.

                                                                                        Do you have any signs that Matrix is getting e-mail patch workflow?

                                                                                  2. 2

                                                                                    Mailing lists could move to federated chatrooms. They moved from Usenet before, and in some communities moved to forums before the now common use of Slack.

                                                                                    I’m not saying it would be the best solution, but it’s our most likely trajectory.

                                                                                    1. 6

                                                                                      Mailing lists existed in parallel with Usenet.

                                                                                      1. 5

                                                                                        Both still exist :)

                                                                                        I do think, actually, that converting most public mailing lists to newsgroups would have a few benefits:

                                                                                        1. It’d make their nature explicit.
                                                                                        2. It’d let us stop derailing designs for end-to-end encryption with concerns that really apply only to public mailing lists.
                                                                                        3. I could go back to reading them using tin.

                                                                                        Snark aside, I do think the newsgroup model is a better fit for most asynchronous group messaging than email is, and think it’s dramatically better than chat apps. Whether you read that to mean slack or any of the myriad superior alternatives to slack. But that ship sailed a long time ago.

                                                                                        1. 4

                                                                                          Mailing lists are more useful than Usenet. If nothing else, you have access control to the list.

                                                                                          1. 2

                                                                                            Correct, and the younger generation unfamiliar with Usenet gravitated towards mailing lists. The cycle repeats.

                                                                                          2. 4

                                                                                            Mailing lists don’t use slack and slack isn’t a mailing list. Slack is an instant messaging service. It has almost nothing in common with mailing lists.

                                                                                            It’s really important to drive this point home. People critical of email have a lot of good points. Anyone that has set up a mail server in the last few years knows what a pain it is. But you will not succeed in replacing something you don’t understand.

                                                                                            1. 4

                                                                                              The world has moved on from asynchronous communication for organizing around free software projects. It sucks, I know.

                                                                                              1. 3

                                                                                                Yeah. Not everyone, though.

                                                                                                Personally I think that GitHub’s culture is incredibly toxic. Only recently have there been tools added to allow repository owners to control discussions in their own issues and pull requests. Before that, if your issue got deep linked from Reddit you’d get hundreds of drive by comments saying all sorts of horrible and misinformed things.

                                                                                                I think we’re starting to see a push back from this GitHub/Slack culture at last back to open, federated protocols like SMTP and plain git. Time will tell. Certainly there’s nothing stopping a project from moving to {git,lists}.sr.ht, mirroring their repo on GitHub, and accepting patches via mailing list. Eventually people will realise that this means a lower volume of contributions but with a much higher signal to noise ratio, which is a trade-off some will be happy to make.

                                                                                                1. 2

                                                                                                  Only recently have there been tools added to allow repository owners to control discussions in their own issues and pull requests. Before that, if your issue got deep linked from Reddit you’d get hundreds of drive by comments saying all sorts of horrible and misinformed things.

                                                                                                  It’s not like you used to have levers for mailing lists, though, that would stop marc.org from archiving them or stop people from linking those marc.org (or kernel.org) threads. And drive-bys happened from that, too. I don’t think I’m disputing your larger point. Just saying that it’s really not related to the message transfer medium, at least as regards toxicity.

                                                                                                  1. 3

                                                                                                    Sure, I totally agree with you! Drive-bys happen on any platform. The difference is that (at least until recently) on GitHub you had basically zero control. Most people aren’t going to sign up to a mailing list to send an email. The barrier to sending an email to a mailing list is higher than the barrier to leaving a comment on GitHub. That has advantages and disadvantages. Drive-by contributions and drive-by toxicity are both lessened. It’s a trade-off I think.

                                                                                                    1. 3

                                                                                                      I guess I wasn’t considering a mailing list subscription as being meaningfully different than registering for a github account. But if you’ve already got a github account, that makes sense as a lower barrier.

                                                                                        2. 5

                                                                                          Matrix allows sending in the clear, so I suppose this has the “eventually it will leak” property that the OP discussed?

                                                                                          (A separate issue: I gave up on Matrix because its e2e functionality was too hard to use with multiple clients)

                                                                                          1. 5

                                                                                            (A separate issue: I gave up on Matrix because its e2e functionality was too hard to use with multiple clients)

                                                                                            and across UA versions. When I still used it I got hit when I realized it derived the key using the browser user agent, so when OpenBSD changed how the browser presented itself I was suddenly not able to read old conversations :)

                                                                                            1. 2

                                                                                              Oh! I didn’t know that!

                                                                                        3. 5

                                                                                          Functionality is literally irrelevant, because the premise is that we’re talking about secure communications, in cases where the secrecy actually matters.

                                                                                          Of course if security doesn’t matter then Signal is a limited tool, you can communicate in Slack/a shared google doc or in a public Markdown document hosted on Cloudflare at that point.

                                                                                          Signal is the state of the art in secure communications, because even though the project is heavily driven by Moxie, you don’t actually need to trust him. The Signal protocol is open and it’s basically the only one on the planet that goes out of it’s way to minimize server-side information storage and metadata. The phone number requirement is also explicitly a good design choice in this case: as a consequence Signal does not store your contact graph - that is kept on your phone in your contact store. The alternative would be that either users can’t find each other (defeating the point of a secure messaging tool) or that Signal would have to store the contact graph of every user - which is a way more invasive step than learning your phone number.

                                                                                          1. 9

                                                                                            even though the project is heavily driven by Moxie, you don’t actually need to trust him

                                                                                            Of course you must trust Moxie. A lot of the Signal privacy features is that you trust them not to store certain data that they have access to. The protocol allows for the data not to be stored, but it gives no guarantees. Moxie also makes the only client you can use to communicate with his servers, and you can’t build them yourself, at least not without jumping hoops.

                                                                                            The phone number issue is what’s keeping me away from Signal. It’s viral, in that everyone who has Signal will start using Signal to communicate with me, since the app indicates that they can. That makes it difficult to get out of Signal when it becomes too popular. I know many people that cannot get rid of WhatsApp anymore, since they still need it for a small group, but cannot get rid of the larger group because their phone number is their ID, and you’re either on WhatsApp completely or you’re not. Signal is no different.

                                                                                            And how can you see that a phone number is able to receive your Signal messages? You have to ask the Signal server somehow, which means that Signal then is able to make the contact graph you’re telling me Signal doesn’t have. They can also add your non-Signal friends to the graph, since you ask about their numbers too. Maybe you’re right and Moxie does indeed not store this information, but you cannot know for sure.

                                                                                            What happens when Moxie ends up under a bus, and Signal is bought by Facebook/Google/Microsoft/Apple and they suddenly start storing all this metadata?

                                                                                            1. 5

                                                                                              Signal is a 501c3 non-profit foundation in the US, Moxie does not control it nor able to sell it. In theory every organization can turn evil but there is still a big difference between non-profits who are legally not allowed to do certain things vs corporations who are legally required to serve their shareholders, mostly by seeking to turn a profit.

                                                                                              And how can you see that a phone number is able to receive your Signal messages? You have to ask the Signal server somehow, which means that Signal then is able to make the contact graph you’re telling me Signal doesn’t have.

                                                                                              There are two points here that I’d like to make, one broader and one specific. In a general sense, Signal does not implement a feature until they can figure out how to do that securely and with leaking as little information as possible. This has been the pattern for basically almost every feature that Signal has. Specifically, phone numbers are the same: The Signal app just sends a cryptographically hashed, truncated version of phone numbers in your address book to the server, and the server responds with the list of hashes that are signal users. This means that Signal on the server side knows if any one person is a Signal user, but not their contact graph.

                                                                                              1. 3

                                                                                                In theory every organization can turn evil

                                                                                                Every organization can also be bought by an evil one. Facebook bought WhatsApp, remember?

                                                                                                The Signal app just sends a cryptographically hashed, truncated version of phone numbers in your address book

                                                                                                These truncated hashes can still be stored server-side, and be used to make graphs. With enough collected data, a lot of these truncated hashes can be reversed. Now I don’t think Signal currently stores this data, let alone do data analysis. But Facebook probably would, given the chance.

                                                                                                1. 6

                                                                                                  Every organization can also be bought by an evil one. Facebook bought WhatsApp, remember?

                                                                                                  WhatsApp was a for-profit company, 501(c)3 work under quite different conditions. Not saying they can’t be taken over, but this argument doesn’t cut it.

                                                                                            2. 3

                                                                                              The phone number requirement is also explicitly a good design choice

                                                                                              No, it’s an absolutely terrible choice, just like it is a terrible choice for ‘two factor authentication’

                                                                                              Oh but Signal users can always meet in person to re-verify keys, which would prevent any sim swap attack from working? No, this (overwhelmingly) doesn’t happen. In an era where lots of people change phones every ~1-2yr, it’s super easy to ignore the warning because 99% of the time it’s a false positive.

                                                                                              The alternative would be that either users can’t find each other (defeating the point of a secure messaging tool)

                                                                                              This is a solved problem. I mean, how do you think you got the phone numbers for your contacts in the first place? You probably asked them, and they probably gave it to you. Done.

                                                                                            3. -8

                                                                                              Careful there… you can’t say bad things about electron in here….

                                                                                            1. 4

                                                                                              This is a nice writeup! It’s a long game and it makes me happy that people care about playing it.

                                                                                              1. 3

                                                                                                He might be offering it at select places (Recon, …) but his training on safer C is quite interesting, especially some of the political commentary about how the power dynamics work within such a seemingly boring standards group.

                                                                                                1. 1

                                                                                                  Interesting, are they accessible to people with mediocre C experience? (or maybe even recommended?)

                                                                                                  1. 2

                                                                                                    intermediate to advanced - you get a lot of patterns to memorize / look out for auditing code - and enough self study to last for a while, also a fair bit of posix parts as well, it’s kindof necessary to combine the two. It is quite pricey though.

                                                                                              1. 4

                                                                                                Too colorful, they’ve completely lost the flair of Diablo. ;)

                                                                                                Joke aside, this is amazing!

                                                                                                1. 2

                                                                                                  Does that mean everybody who works there now has to join or quit? If not, what exactly is the vote for? Article assumes a familiarity with the details of US labour laws I don’t have.

                                                                                                  1. 10

                                                                                                    The vote allows the union to operate under the regulatory framework for unions, which gives it rights/protections that ordinary groups of employees do not have.

                                                                                                    1. 8

                                                                                                      In the US this depends on the state. States with so called ‘Right to Work’ laws do not require everyone to join the union, but the union still represents all eligible employees in the negotiation.

                                                                                                      1. 3

                                                                                                        Wow, interesting - it would never have occured to me that closed shops were legal in America.

                                                                                                        1. 10

                                                                                                          “Closed shops” – workplaces where it’s forbidden to hire non-union members – are generally illegal in the US.

                                                                                                          “Right to work” laws are misleadingly named. Since the work force may be a mix of members and non-members, there’s a potential free-rider problem where someone gets the benefits the union negotiated, but doesn’t pay dues to the union to support the union’s work. In some states it’s legal to have an “agency shop” or other similar arrangement, where employees are not required to join the union, but an employee who does not join the union still pays some type of “agency fee” or “fair share fee” to eliminate the free-ride problem.

                                                                                                          A “right to work” law is about outlawing that arrangement, and generally is meant to hurt or weaken the union by allowing employees to get the union’s benefits without paying its costs.

                                                                                                          1. 2

                                                                                                            Thanks for the explanation. I was curious about the legal status of the “agency shop” model here in the UK, and I happen to know an expert on employment law and they told me this is also illegal here and would be considered a closed shop.

                                                                                                            1. 2

                                                                                                              That is interesting. Is the right to negotiate collectively automatically part of collective representation? In Germany, a “unionised company” doesn’t really exist, it generally has a formalised employee representation with rights (e.g. block certain decisions), but not necessarily collectively negotiate. This is depending on company size, at larger companies, they can e.g. block firings or disagreeing about firing with cause. “The union” is not the representation, though, so in larger companies, there’s proper political union blocks within this committee. No one forces the company to use this committee to negotiate wages with, though.

                                                                                                              It is generally the employers right to decide to collectively negotiate wages or not and pick the partner for that. It even goes as far as employers forming associations that negotiate with larger unions, spanning many companies. There’s also the setup where a group within the company is part of the union and another not and collective negotiation only happen with the former. Employers often decide to extend the negotiations to non-unionised people, it’s more efficient. Yes, there’s a free-rider problem, but those people also have not representation at the table, then.

                                                                                                              In some areas of business, the collective negotiation model of Germany is even seen as a competitive advantage, as it removes a lot of bandwidth need from HR.

                                                                                                      1. 3

                                                                                                        I just started a new project in Go. Rust is interesting as well, but Go performance in adequate. Python (with typing) could be an option if the project never needed more than one core. Browser bits need to be javascript or something that compiles to javascript. I’m not convinced with WASM yet. It’s unfortunately a way to deliver “binary blobs” to the browser, on this I have to agree with FSF.

                                                                                                        1. 1

                                                                                                          What’s your opinion on obfuscated and minified JavaScript? That’s what most commercial web apps are. I’m not convinced that super-compact and difficult-to-understand JS is much better than a binary blob. Either way, it’s a ton of work to reverse-engineer.

                                                                                                          1. 1

                                                                                                            Nearly as bad. I think rms/fsf has a point here

                                                                                                          2. 1

                                                                                                            It’s unfortunately a way to deliver “binary blobs” to the browser, on this I have to agree with FSF.

                                                                                                            You can deliver WASM with source maps and debug symbols, which even gives users a convenient format to find out which part of the binary is which (if they trust you that the source files belong together).

                                                                                                            1. 1

                                                                                                              Yes, if you want to. But it’s also possible to not provide source maps or source

                                                                                                              1. 1

                                                                                                                As with every other binary, including the browser that you are running. Also, I’m confused why the form suddenly matters in the browser. Both minified and generated (readable!) JavaScript exist, but are also useless for inspecting. The general idea behind the GPL and software freedom is that you can ask for the source that is running and have a right to receive it. Independent of format: WASM, pure JS, or JS generated by the Typescript compiler.

                                                                                                                BTW, I have quite a while tried to find a stance of FSF/RMS on WASM or even minified binaries and have found none. Can you please point me to one?

                                                                                                                I know of the general stance that JavaScript is often poorly licensed and browser should include a mode that denies running non-free JavaScript, but that has nothing to do with any of the above problems.

                                                                                                                1. 1

                                                                                                                  I get your meaning. But it’s quite rare for javascript source to be available. And I don’t see why wasm source would be any better available.

                                                                                                                  1. 1

                                                                                                                    JS source is very often available for free software, it is is rarely available for non-FOSS.

                                                                                                                    The technology is just no part in this. WASM won’t change the needle in any way.

                                                                                                          1. 6

                                                                                                            Hey everyone, this is a very high-level post and it sums up a lot of conversations that we mostly had in private. If there’s any questions about specifics, we’re very happy to answer them and go in a little more detail!

                                                                                                            1. 6

                                                                                                              How is the FIPS problem addressed? That is, the problem that bugs get certified so fixing bugs would invalidate certification.

                                                                                                              1. 5

                                                                                                                I think the straight and upfront answer here is: currently not at all. We’re not at a stage where enough people sit at a table to competently discuss it and giving an answer would be hard for me individually.

                                                                                                              2. 1

                                                                                                                [getting contact with] Companies interested in using [sealed rust]

                                                                                                                I’d be curious how many companies have contacted you. My pessimistic view doesn’t expect many companies in that environment to be interested in adopting something new. Having to throw existing codebases away or investing into something when it’s at that of an early stage. So I’m curious about this.

                                                                                                                1. 7

                                                                                                                  I can only be hand-wavy around this, because most of these meetings are private. But we have talked to some companies in each industry except avionics, both suppliers and product companies, both on the hardware and software side.

                                                                                                                  Every larger tech company in that space plans from 5 to 50 years ahead (depending on their business and support cycles) and have specific departments responsible for that. The way they grade projects is where they move. Some have tracked Rust over the last years and gave good feedback that the project is moving in the right direction. One produced their evaluation and it turned out that they re-evaluated every year and figured out if Rust is moving their direction (it does).

                                                                                                                  Every company of a certain size is taking long bets and is aware that any technology that is going to feasibly replace their current stack will be in an early stage at some point. The Sealed Rust effort is a vehicle to convince people that this long bet is the right one.

                                                                                                                  Having to throw existing codebases away or investing into something when it’s at that of an early stage.

                                                                                                                  Indeed, the strong pitch of Rust is (contrary to public memes) is that you don’t have to rewrite everything in Rust, but that the language integrates well with existing projects and augments them. You can write Rust on C-based RTOS like RIOT today. And there’s good reasons you should! I was at the hackfest where they enabled that, it took them ~1.5 hours.

                                                                                                                  The possibility of gradual adoption and a track record of large projects that did that (e.g. Firefox) is a very strong argument for management.

                                                                                                                  Finally, there’s a wind shift: LLVM is becoming a considered alternative at many places and moving of vendor-locked in toolchains becomes less and less an interest of clients. Rust not being owned by a company is a strong sell.

                                                                                                                  1. 1

                                                                                                                    Who in these companies is interested?

                                                                                                                    I’m employed by large automotive company which (imho) should be interested in Sealed Rust but I have no clue how to push it. Should I contact some high-level manager? Researchers? People involved in standardization gremiums? Rust fans? Which kind of departments? Any other patterns?

                                                                                                                    1. 1

                                                                                                                      As above, I can only hand wave. This is a bit annoying to me, as I’m usually used to publicly communicate as much as possible. So these posts are our way of trying to at least transpire some of our learnings.

                                                                                                                      But on your topic: companies should be interested in Rust first, Sealed Rust comes after it - it’s the reassurance that their concerns have a place.

                                                                                                                      There’s multiple ways to start gathering interest, but there’s a prime directive: don’t annoy people and make sure that you always argue from a stance of companies best interest. There’s the marketing sentence “only speak to people in pain”. If someone is happy with something and it currently works for them, there’s no point in talking. Resarchers are no bad contact either, they should be curious at heart. Standardisation people are rarely interested professionally. I can’t give a good recommendation there, except that I would try a couple of people and ask questions like “would you know someone who might be interested in this?”. I always describe this process as “mapping out the space”. Done appropriately, it’s also a great way to get to know new parts of your company :).

                                                                                                                      But still be self-confident that the thing you are proposing is good. Generally: Making your interests known has never caused harm. That might make the conversation come to you - someone approaching you out of curiosity is a much better then trying to kickstart a conversation. For example, if you have an internal channel where people share general tech news, share news like the post above there. That’s has been a big driver for Rust and Sealed Rust in general, conversations in those general tech spaces.

                                                                                                                      On the Rust fans: seek them out and try engaging with them. Many companies that I know adopting Rust started out with an internal #rust channel on slack ;).

                                                                                                                      Finally: ignore the naysayers. They just waste your time and energy. Don’t get into fights. Speak to people that want to discuss the subject.

                                                                                                                      1. 1

                                                                                                                        There is a chicken and egg problem:

                                                                                                                        companies should be interested in Rust first, Sealed Rust comes after it

                                                                                                                        How can a company building safety critical stuff be interested in Rust without a Sealed Rust? Last week I saw a presentation where they dismissed Ada for lack of ASIL qualification.

                                                                                                                        1. 1

                                                                                                                          Because interest predates adoption. Sealed Rust not being implemented is not mandatory for interest. It is mandatory for adoption. Convinced companies are willing to invest in future solutions. And indeed, a lot of the discussions ran along those lines.

                                                                                                                          There are presentations around for every viewpoint, but these are just that: viewpoints. In a company of over 1000 employees, you’ll probably find all viewpoints.

                                                                                                                          The point here is: If Rust is not at all fitting the bill, there’s no amount of additional work that can help that. “Rust would be interesting if it provided $X” is the moment where Sealed Rust comes in.

                                                                                                                          Also, be aware that a lot of people, especially in IT, only conceptualise the present. You want to speak to people that conceptualise the future.

                                                                                                              1. 4

                                                                                                                I think the results in this thread really speak to the bias we have in the community here towards Rust. The social clout of the Rust community is really fascinating, it’s managed to become a very hype-driven social-media-driven language.

                                                                                                                1. 1

                                                                                                                  It’s been hard work :). Also 🦀❤️🦞

                                                                                                                  1. 1

                                                                                                                    I would say choosing a language that prioritizes what Rust prioritizes and, to some degree, differs itself from other languages ​​is a legitimate reason, not merely bias driven by social media.

                                                                                                                  1. 5

                                                                                                                    Markdown or Asciidoc.

                                                                                                                    Hire an initial team and let them find a vibe together, set a couple of boundaries and let them decide what’s best for them to work together with. But someone needs to not all that down.

                                                                                                                    I have a personal preference towards Rust or Ruby, but yeah, I’m biased.

                                                                                                                    1. 1

                                                                                                                      I dig this response. And to be honest, makes me think about my desire to do things my way and how that can get in the way of working together.