1. 1

    The user still has to allow the website USB access to the device and if they are one of the people who own these USB calls they are probably smart enough not to allow it.

    1. 12

      This comment contains content of such life-changing awesomeness that we must request your permission before revealing it to you. If you dare, click “Accept” in the dialog now displayed at the top of the window.

      I’ve been interested in all things infosec for around 20 years at this point, and I /still/ regularly get those permission dialogs wrong, and the problem isn’t me, the problem is that the dialogs exist at all. Nobody can be expected to get them right, and even when present the behaviour they gate should never be game-ending as in WebUSB

      1. 11

        Unless:

        • There’s some other vulnerability that combines with this
        • Some killer consumer device uses WebUSB, dramatically increasing the number of users
        • You’re drunk or sleep deprived or distracted
        • The malware exploits a dark pattern
        1. 9

          they are probably smart enough not to allow it.

          Such users empirically do not exist.

          1.  

            [citation needed]

            At quick glance, I found this study: https://pdfs.semanticscholar.org/4c40/c0ea6b02630839658ba7939dd609c621bf17.pdf

            Popular opinion holds that browser security warnings are ineffective. However, our study demonstrates that browser security warnings can be highly effective at preventing users from visiting websites: as few as a tenth of users click through Firefox’s malware and phishing warnings. We consider these warnings very successful.

            People do react to unknown notifications. (The study goes on and talks about the efficiency of such notifications related to their design)

            Sure, at enterprise scale, that still means something is going through, so you might want to deploy your browser with appropriate policies which deny such request every time if you want.

            1.  

              Oh, neat link!

              That said, with a million users only a tenth is still a hundred thousand.

              1.  

                Sure, but that problem we have on so many levels.

                For individuals, it’s protection, for cohorts, less so.

        1. 5

          What I don’t really understand is how Andrew has a comfortable standard of living in NYC on $600 per/month.

          https://www.patreon.com/andrewrk/overview

          I’m guessing that there must be another source of Zig donations aside from Patreon?

          1. 7

            Savings?

            1. 2

              Oh woops, I misread the first paragraph, I thought it stated that Zig was supporting him entirely, when it’s actually about his programming supporting him.

              1. 3

                Note that this isn’t his first attempt at doing this. But the project he was working on before Genesis didn’t find the same traction as Zig has. BUT, if I recall correctly, he also didn’t live in NYC the last time… Anyway, he’s got experience with living frugally, so I’m sure he knows what he’s doing here.

                1. 2

                  he extrapolated the donations growth versus his savings.

              2. 2

                What I don’t understand is if you are not working in NYC anymore, and only working on your own and getting donation, why doesn’t he move to anywhere but NYC to minimise his personal expense?

                I’m sure there are cities in the US with 80% the fun of NYC at lower than 80% of the cost.

                1. 17

                  I work remote, and there are places I could move that are < 20% of the cost.

                  My friends aren’t going to move with me, and I have enough money to live where I am. Why be wealthy and lonely?

                  1. -10

                    Didn’t know your city is the only source of friends in the world. That must be good for the economy.

                    1. 32

                      I know that this is very hard for some people to believe (seems to be harder the more western the society is), but some people don’t consider their friends a replaceable commodity. Not that I don’t want to make new friends, but these are my friends right now and I am more loyal to them than I am to a meaningless job or to money.

                      1. 4

                        Maybe because your partner has a job he/she really enjoys in this city? I mean, we’re lucky in our field to have a lot of different possibilities, in remote or not, mostly well paid. Let’s not forget that it’s a chance and not something everybody has.

                    2. 2

                      The usual reason is the significant other.

                      1. 1

                        There’s a shit-ton of them. Even Memphis TN that’s close to me with all its problems is low cost of living with all kinds of fun stuff to do. Just don’t live in or shop around the hood. Solves most of problems if you don’t have kids going to school or college.

                        There’s plenty of cities in the US that similarly have low cost of living with plenty going on. One can also live in areas 30-40 min from cities to substantially reduce their rent. The fun stuff still isn’t that far away. The slight inconvenience just knocks quite a bit off the price.

                        1. 4

                          I don’t remember the details, and I can’t find the link, but a few years ago someone did some research here in Berlin where they compared the cost of rent in more-or-less the city proper, and the cost of rent + public transportation tickets when you lived in the outskirts. It ended up being not much of a difference.

                          1. 2

                            Well, if you don’t workin in the city and need to commute then you spend even less. Though OTOH, you get tax returns for commutes in Germany so probably the commute is not that expensive to begin with.

                            1. 2

                              Berlin is currently the city with the highest increase in rent world-wide and a few years ago, it was unusually low.

                              Also, Berlin is hard to compare in many aspects, possibly because of a very unique city history.

                      1. 2

                        Interestingly, the original GH workflow was not that different from mailing lists. It had the Fork Queue: https://blog.github.com/2008-12-16-the-fork-queue/

                        It would be a list of all patches on all forks which you could pick. You would inform the maintainer that you have a patch ready and where it was.

                        What I find amazing is that none of the competing products to GH came up with a different workflow then GH style PRs. It’s definitely one of their most opinionated pieces and I see a lot of room there (even for lightweight workflows!).

                        1. 4

                          Here is another prediction … Currently Gitlab can seemlessly “import” your project for Github by a simple OAuth authorization. If the already reported volume of projects being imported continues unabated Github will sever this capability overnight. If you are comfortable with the MS acquisition then fine, if not, I would import off of Github now while it is still a painless click operation.

                          1. 3

                            Eh. No. This is factored in and taking such a step would just kill their public image. And Microsoft is very careful (and good at that) about their image in the OSS communities now.

                            https://monitor.gitlab.net/dashboard/db/github-importer?orgId=1&from=now-2d&to=now

                            If you look closely at the numbers, they only surge because they were low to begin with. Also, those seem to be mostly small repos with roughly ~2 issues per repos. It’s probably single-maintainer repos.

                            Those aren’t terribly interesting for GitHub anyways (they give no visibility) and also very easy to migrate, as you don’t need to migrate a team along with it.

                          1. 8

                            Contrary to most opinions I think that acquisition might be a good thing:

                            • Microsoft is a different company now their open source strategy recently is quite good.
                            • Github seems in decline for some time, the inability to lock a permanent CEO, low number of new features
                            • MS has all the resources to put Github on the next level if they don’t screw it up.

                            What could be bad is if MS buys Gitlab, then they would control that space. Gitlab is also a heavily VC backed so investors will seek for an exit at some point.

                            1. 10

                              Honestly, my hope is that the fear factor of this, convinces more people to consider alternatives.

                              I’ve setup gitlab (a few years ago) for a client, and it was a fucking pig. I’ve looked at your solution too, and wasn’t completely sold on some aspects of it (sorry, dont remember what right now) - but these things obviously work for some people, and getting out of this mindset that “GitHub is just what all developer use” is crucial to me.

                              Monoculture should scare people a lot more than the boogey man from Redmond.

                              This line from the Bloomberg article sums up the issue:

                              San Francisco-based GitHub is an essential tool for coders.

                              This is honestly like claiming “Windows is essential for technology companies”.

                              1. 13

                                Microsoft is a different company now their open source strategy recently is quite good.

                                I’m getting awfully tired of people saying there’s nothing to worry about because they’ve been nicer for the past handful of years. They have been antagonistic to free software for decades.

                                Microsoft changed their tune because it became profitable to do so. If it becomes profitable to be dicks again, they will be dicks again.

                                I’m glad we have a kinder, gentler Microsoft. Don’t kid yourself about their motivations.

                                1. 10

                                  Also good to remember: they still routinely attack Linux and related free software by threatening with their patents, and extract patent royalties from many terrified companies who use Linux

                                  1. 4

                                    They’ve collected over a billion dollars on Android alone.

                                  2. 1

                                    I never said to not worry about. I’m writing this based on a feeling MSFT will do good with Github. Time will show, and their motivation is quite simple, buy more power and make more money.

                                  3. 1

                                    That would be very cool that as @nickpsecurity mentioned, RedHat take a shot at gitlab.

                                    1. 3

                                      Given the high performance has for on-premise installations, that would be a great addition for RedHat, TBH.

                                      (I see GitLab, even paid, everywhere at clients and I have yet to see a GH Enterprise installation in the wild)

                                      1. 3

                                        Riot games had GH enterprise a few years ago, just for their web team. The rest of the company was using perforce.

                                        1. 2

                                          I’ve got the opposite experience. I’m seeing big installations/companies use GHE all the time, and none of them Gitlab.

                                    1. 12

                                      Ha, nice to see that here. By the way, here’s the full playlist for RustFest, which I have run over the last 4 days (there was only 1 talk day):

                                      https://www.youtube.com/watch?v=23lRkdDXqY0&list=PL85XCvVPmGQgdqz9kz6qH3SI_hp7Zb4s1

                                      For those interested: next RustFest is in September/October.

                                      1. 3

                                        For those interested: next RustFest is in September/October.

                                        Has the location been decided yet?

                                        1. 4

                                          Rome. We’re currently searching for venues, expect a date announcement in June (or later, depending on how well the venue search goes).

                                          1. 2

                                            It was announced to be Rome at RustFest Paris, not sure if there has been some official announcement on the internet yet.

                                            1. 3

                                              We can’t get much more official: https://twitter.com/RustFest/status/1000403458212671488

                                            2. 1

                                              Thanks all. I’ll keep an eye out for the dates and see if I can schedule a little trip from AU to Italy later in the year.

                                          1. 9

                                            I’m a time/date nerd so didn’t expect to read anything new, but was pleasantly surprised.

                                            It’s clearly adapted from a talk though.

                                            Although I have one nit for this pun-laden infodump - no mention of week numbering? I’m sorry, but that’s just … week-sauce.

                                            1. 5

                                              Did it leave you yearning for more?

                                              1. 0

                                                I find an intake of info like biannually quite satisfactory, but sometimes a biennial schedule is sufficient.

                                              2. 3

                                                It’s clearly adapted from a talk though.

                                                It even says so:

                                                I’ve given this talk three times: at RubyConfIndia, RubyConf Australia, and Balkan Ruby. (Don’t worry, non-Rubyists; there’s no Ruby in this post. The conference topics were just happenstance. Also I love the word “happenstance”.)

                                                1. 0

                                                  So it does… I read it over breakfast and spent way too much time constructing the we[e|a]k pun.

                                                  1. 4

                                                    Much to hour disappointment.

                                              1. 4

                                                It seems to me like the problems with null all stem from the fact that it is implemented as a bottom type, not the fact that it exists at all. Are there languages that implement null as a separate type, and not a subtype of all types? Is there a good reason why most languages don’t do this?

                                                1. 12

                                                  Are there languages that implement null as a separate type, and not a subtype of all types?

                                                  At this point you’ve got option, because it’s no longer legal for a variable with type T to contain a null. Instead, to contain a null that variable must be of a union type T|Null, a.k.a. option a.k.a. maybe. There are lots of languages that do this (Kotlin, Swift, Haskell, Scala, Rust).

                                                  1. 3

                                                    Ruby, but that’s probably not what you mean.

                                                    1. 3

                                                      TypeScript does this with the strict null checks flag on.

                                                      1. 2

                                                        Yes, in .NET F# is a good example of this if you’re not interoping with C#. In C# we’re finally reaching a point where nullable reference types will no longer be the default and must be explicitly declared and will have proper compile time checking. It will be a warning by default for new projects, and you can also choose to make it a compile time error if you want.

                                                      1. 2

                                                        I’m curious what other lobsters think Facebook should be doing?

                                                        Let’s assume that it’s not profitable for them to offer their service to the EU if they can’t track their users, since that’s the basis of their business. Should they offer “opt in to tracking or pay a yearly fee”? Should they just leave the EU completely?

                                                        1. 14

                                                          The “what should Facebook do if this isn’t profitable” question reminds me of the response to Taxi company’s being upset at Uber/Lyft cannibalizing their business: you don’t have a moral right to your business model, if it’s not profitable, do something else. We shouldn’t reduce quality of medical care because it victimizes undertakes.

                                                          If it’s not profitable, either don’t operate that service, or find some alternate business model that is profitable.

                                                          (FTR, I’m pretty dubious of the benefits of GDPR, but I think the “what about their business models” is one of the worst arguments against it)

                                                          1. 3

                                                            The “what should Facebook do if this isn’t profitable” question reminds me of the response to Taxi company’s being upset at Uber/Lyft cannibalizing their business: you don’t have a moral right to your business model, if it’s not profitable, do something else. We shouldn’t reduce quality of medical care because it victimizes undertakes.

                                                            I think the Uber comparison isn’t half bad.

                                                            For example, in Europe, a frequent problem was that Uber tried to undercut reasonable regulations (like having proper insurance for passenger transport and adhering to service standards like having to take any passengers). Here, Ubers approach was morally problematic (“moral” being local and all), and they tried to spin it as a moral issue and users choice.

                                                            1. 2

                                                              I’m not in the EU and don’t know enough about GDPR to make a comment on it specifically. I just asked what others thought Facebook should do if we assume that the restrictions placed on the by GDPR make their fundamental business model nonviable.

                                                              1. 2

                                                                Well, they should do as any other large company that suddenly found their business model regulated :). It’s not the first time this happens and not the last.

                                                                It’s their job to figure out, as much as it had been in their hands to avoid the discontent that lead to the GDPR from growing.

                                                                I’m not precisely enjoying GDPR either (I think it has vast flaws and actually plays into Facebooks hands), but Facebook is a billion-dollar company. “What shall we do now that winds are changing?” is really their question to answer.

                                                            2. 3

                                                              I’m curious what other lobsters think Facebook should be doing?

                                                              I can think of a few things, but monkeys will fly out of my butt before any of them happen. They could, for example…

                                                              • Mail everybody a copy of their data on solid-state storage.
                                                              • Destroy their databases.
                                                              • Shut down their data centers.
                                                              • Release all of their code into the public domain.
                                                              • Fire everybody with severance pay.
                                                              • Dissolve the corporation.
                                                              • Send Mark Zuckerberg back to his home planet.

                                                              Facebook is one of the cancers killing the internet, and should be treated like the disease that it is.

                                                              1. 2

                                                                Second option would be great, but enough of daydreaming :)

                                                                1. 1

                                                                  You’re asking the wrong question.

                                                                  1. 3

                                                                    What ls the right question?

                                                                    1. 3

                                                                      @alex_gaynor has the right idea above: https://lobste.rs/s/krca7n/facebook_now_denying_access_unless_eu#c_si5pn0

                                                                      The question “well what do you suggest then?” posed to people arguing against Facebook’s business practises implies some kind of self-evident virtuous right Facebook has to exist at the expense of all humanity’s effort.

                                                                      I do not agree with this position. The world was fine before Facebook came along, for many people is fine without it, and will be fine if Facebook disappears. Facebook is a leech on people’s private lives, minds, and mental health.

                                                                      It is not up to the common person to provide Facebook with a position. It is up to Facebook to provide a position for itself by virtue of being wholesome and useful to society. If they cannot, then that’s the end of it. I owe them nothing, no-one does.

                                                                      1. 2

                                                                        It is not up to the common person to provide Facebook with a position. It is up to Facebook to provide a position for itself by virtue of being wholesome and useful to society. If they cannot, then that’s the end of it. I owe them nothing, no-one does.

                                                                        I agree, but if people continue to choose to use Facebook in the wake of the numerous controversies, then perhaps people just don’t value their privacy more than the services that sites like FB provide. FB is only as big as it is today because people use it.

                                                                        1. 1

                                                                          I implied no such thing, and haven’t made a value judgement on Facebook or GDPR anywhere here. I simply asked what others here think that Facebook should do given the changed situation; I’m just curious as to what Facebook’s next moves could be.

                                                                          I find that question much more interesting than your condescending replies and tired opinions about Facebook, a service that I don’t particularly like and am not trying to defend.

                                                                  1. 20

                                                                    sigh

                                                                    So, this has already sparked a discussion about taste, freedom of speech, the whole thing.

                                                                    The joke in question is bad, very bad. It’s plain unfitting, and it isn’t even remotely funny. It’s US-centric. RMS, the person making and subsequently claiming it, has a history of making sexual and other inappropriate commentary (e.g. arguing eugenics). His quoted comment about child birth is another example of RMS speaking about things he probably doesn’t have a very qualified opinion on. Most (all?) of the people mentioned in the article discussing the issue will never be affected by this in the real world. Seriously, I expect one of those people to stand up and say “You know what? We aren’t even the right group to discuss that in!”.

                                                                    And this is the issue he pulls his authority card? Seriously? For a bad joke that was already shit in the 90s? That - even ignoring the punchline being terrible - just plain isn’t funny? Which boundary does that cross? Probably his egos.

                                                                    Seriously, this is a tech manual. This is the place where you can finally have your “let’s just talk tech her”. And there, this discussion comes up?

                                                                    1. 17

                                                                      The thing I find weird is the clear generational gap in Internet users that mean that people end up talking past each other.

                                                                      For older people who grew up thinking that Sendmail m4 macros were somehow intuitive, and that C was the new hotness, this is not a joke about abortion. It’s about censorship. That’s the hill RMS thinks he’s dying on. Removing the joke is at the risk of putting words in his mouth, censoring the manual.

                                                                      Of course, the younger people who live in a world where Javascript isn’t ridiculous to use on a server, where everything-as-a-service is the norm demand takedowns of things outside of their overton window. To them, it’s a matter of not having a frankly disgusting joke about the very real problems of abortion in the US in a technical manual that has nothing to do with those problems. They don’t understand the culture in which GNU was founded, they believe that it is RMS’ job to change to fit with their culture.

                                                                      This is what happens when an unstoppable force meets an immovable object. I’m just not sure who plays which part here. There is a reasonable answer, and the good news for the kids is that this has happened before several times: fork glibc. Fork it to remove RMS’ influence from the project and fork it to remove the offending text (for people that want it removed).

                                                                      1. 17

                                                                        Even as a commentary about censorship, it’s pretty freaking oblique. It should be removed on the technical grounds that it’s inefficient GNU crap.

                                                                        1. 2

                                                                          Stallman is pretty freaking oblique at the best of times when it comes to his sense of humour. Saying that GNU is full of inefficient crap is like saying that water is wet, or that the Linux kernel is a bug-ridden dumpster fire.

                                                                          If every GNU inefficiency was removed, it’d be BSD.

                                                                          1. -1

                                                                            It should be removed on the technical grounds that it’s inefficient GNU crap.

                                                                            Nobody force you to use GNU crap.

                                                                            But GNU is and have always been openly political.

                                                                            You are free to use software that is apparently neutral. if you don’t like it.
                                                                            And you have plenty of choice on the market: Microsoft, Apple, Google… all are pretty ready to serve your needs (and collect your data for whatever purpose, and lobbying for DRM and so on../)

                                                                            But “as a commentary about censorship”, that joke is perfectly fine.

                                                                            1. 6

                                                                              Nobody force you to use GNU crap.

                                                                              The fact that you are saying this to tedu (an OpenBSD developer) is kind of funny.

                                                                              1. 5

                                                                                I’m fine with GNU being a political project. Indeed, I actively advocate for projects to make their mind up.

                                                                                But “as a commentary about censorship”, that joke is perfectly fine.

                                                                                A lot of the project itself does not seem to agree, especially in the context of having it in the documentation. Except RMS, who pulls rank over a joke that he himself made. Which makes the GNU project his personal opinion/joke vehicle.

                                                                                1. 3

                                                                                  Except RMS, who pulls rank over a joke that he himself made. Which makes the GNU project his personal opinion/joke vehicle.

                                                                                  I don’t see the point you’re making here? The GNU project was always an expression of political views that were, originally, personal to RMS. If the project ran by majority consensus it would have given up on the whole free software thing a long time ago.

                                                                                  1. -3

                                                                                    Using your “Rust Community Team” hat here is crass, and only reinforces some people’s beliefs (myself included) about these types of thought police organizations.

                                                                                    I sure hope the non-“Rust Community Team” people show less virtue signalling. It puts your project under a terrible spotlight.

                                                                                    1. 5

                                                                                      FWIW, I find the use of the hat inappropriate here as well.

                                                                                      That being said, as discussed below, I think it depends on what you think the hat means, exactly. It seems Florian uses the hat differently than many here might expect.

                                                                            2. 7
                                                                              1. I think the joke is funny. It’s even more funny now.
                                                                              2. RMS’s character has no bearing on the legitimacy of the joke.
                                                                              3. You don’t need to be qualified to have an opinion.
                                                                              4. Any group can discuss any topic, there is no “right” group.
                                                                              5. RMS is the benevolent dictator of GNU, and as such has the authority to veto decisions in rare situations like these.
                                                                              1. 10

                                                                                Be that as it may, when the people who have written the code (glibc was originally written by someone else (not RMS), and Ulrich Drepper is now responsible for something like 70% of the code) and make it all work ask you to back off, it’s a stupid hill to die on. Yeah, you might win the battle, but you’ll lose the war.

                                                                                Last time something like this happened, everyone switched to using eglibc and it wasn’t until the RMS-mandated steering committee was dissolved that people switched back to glibc. If RMS decides to be a jerk about things, watch everyone fork it again or sink their resources into musl.

                                                                                There’s being right, and there’s being so egotistical that you burn down the house because you didn’t get your way.

                                                                                1. 4

                                                                                  He has veto power for precisely these cases where “everyone else” disagrees, so I don’t think it’s a stupid hill to die on. In any case, I agree with you, RMS will lose this war, this is just the beginning.

                                                                                  1. 15

                                                                                    Vetoing the removal of a little-used architecture with heavy maintenance burden because they want to support those few users is a good hill to die on. Vetoing the removal of a joke that everyone else wants to remove from the manual and doesn’t in any way affect the operation of the library is a stupid hill to die on.

                                                                                    1. 3

                                                                                      That’s in your opinion. If you care the culture of your project not taking itself so seriously, I think it’s a good hill to die on.

                                                                              2. 5

                                                                                As a participant in Rust Community and a proponent of eugenics, your use of Rust Community Team hat makes me uncomfortable. Was it necessary? Are you really speaking for Rust Community Team here? I hope my eugenics advocacy won’t affect my Rust participation.

                                                                                As for the joke, the joke is clearly about censorship and not about abortion. I think attempt to censor the joke makes it more relevant.

                                                                                1. 2

                                                                                  As for the joke, the joke is clearly about censorship and not about abortion.

                                                                                  Jokes, by their nature, are not clear and subject to cultural background and education. In my opinion, it’s a bit condescending to claim that it has universal understanding and appeal.

                                                                                  I think attempt to censor the joke makes it more relevant.

                                                                                  The origin of the patch seems to be the person just didn’t think it relayed any meaningful information to a user of the function. I don’t think that falls into common usage of “censorship”.

                                                                                  1. -2

                                                                                    I don’t think that falls into common usage of “censorship”.

                                                                                    Yes, and I have yet to see a documentation patch forced on a project by a state.

                                                                                    1. 2

                                                                                      Censorship exists only when done by the state??

                                                                                  2. 1

                                                                                    On FOSS social issues, I generally put the hat on here. As my work for the Rust project is social, judging which of these issues I should put the hat on would only lead to problems. I’m fine with people knowing my affiliation and I think it’s more honest for people to know it. I don’t speak for the team, but I am a member of the team.

                                                                                    On Eugenics: it’s, in my view, an only thinly veiled form of Ableism, and as such opposed to the goal of being inclusive, especially also to people with disability. Many forms fundamentally attack the right to live of people with disabilities, for example by arguing for their abortion.

                                                                                    Just to be clear on which comment by RMS I’m referring to (on people with Trisomy 21):

                                                                                    If you’d like to love and care for a pet that doesn’t have normal human mental capacity, don’t create a handicapped human being to be your pet. Get a dog or a parrot…

                                                                                    If you want to support that comment, go ahead.

                                                                                    1. 3

                                                                                      I support the idea behind the comment. Given medical acceptance of prenatal screening of trisomy 21, this is one of less extreme among RMS’s positions.

                                                                                      I agree the expression of the idea in the comment you quoted leaves a lot to be desired.

                                                                                      1. -1

                                                                                        Prenatal screening of trisomy 21 are generally accepted as a way to increase survival chances for the fetus.
                                                                                        Trisomy 21 increases the risk of heart issues at birth, that can be handled in the proper structure, but would lead to secure death if not addressed promptly.

                                                                                        Some people use it for eugenetics (usually with amniocentesis, that kills 1 healthy children out of 200 if I remember correctly).

                                                                                        Now, IMO what RMS means is horrible, disgusting and plain dangerous.
                                                                                        But it’s not related to freedom. And he has the right to think (and say) it.

                                                                                        1. 1

                                                                                          Prenatal screening of trisomy 21 are generally accepted as a way to increase survival chances for the fetus.

                                                                                          Do you have a citation for your “generally accepted” claim? There appears to be at least some evidence to the contrary:

                                                                                          About 92% of pregnancies in Europe with a diagnosis of Down syndrome are terminated.[14] In the United States, termination rates are around 67%, but this rate varied from 61% to 93% among different populations.[13] Rates are lower among women who are younger and have decreased over time.[13] When nonpregnant people are asked if they would have a termination if their fetus tested positive, 23–33% said yes, when high-risk pregnant women were asked, 46–86% said yes, and when women who screened positive are asked, 89–97% say yes.[75]

                                                                                          https://en.wikipedia.org/wiki/Down_syndrome#Abortion_rates

                                                                                          1. 0

                                                                                            This is entirely offtopic here, but I don’t want to flee the question.

                                                                                            My source is my doctor, that incidentally is also my wife.
                                                                                            When the prenatal screening of our second daughter established 1/350 probability of a Down syndrome, she explained me about amniocentesis, about the risks for the fetus and about the implications and the medical reasoning beyond it. It’s a complex topic and I’m not competent enough to expose it here deeply, but the relevant point was that, while several doctors object to abortion as a murder in contrast with their oath and ethics, prenatal screening is designed to increase the survival of the fetus, so every doctor is fine with it.

                                                                                      2. 1

                                                                                        On FOSS social issues, I generally put the hat on here. As my work for the Rust project is social, judging which of these issues I should put the hat on would only lead to problems. I’m fine with people knowing my affiliation and I think it’s more honest for people to know it. I don’t speak for the team, but I am a member of the team.

                                                                                        While I do not agree with you on the “joke on documentation” issue, I really support this approach.

                                                                                        Hacking is a ethical and political action.

                                                                                      3. -1

                                                                                        I hope my eugenics advocacy won’t affect my Rust participation.

                                                                                        If that’s what you think that means, and you advocate for any intelligence-based eugenics, you might want to reconsider your position on eugenics.

                                                                                        This obviously would only affect you if you attempted to add eugenics commentary to the Rust project itself in some way. Same as if you attempted to add any other irrelevant polarizing commentary.

                                                                                        1. 1

                                                                                          I don’t talk eugenics on Rust space. Not because eugenics is wrong (it isn’t), but because it’s off-topic.

                                                                                          1. 2

                                                                                            it’s off-topic

                                                                                            Yes. And it’s also off-topic for glibc.

                                                                                            1. 0

                                                                                              No, it isn’t. By definition.

                                                                                              You might not agree with GNU or with rms here, or you might prefer that glibc would not be a GNU project, but it is.

                                                                                              1. 2

                                                                                                Fine. But the consensus of the primary maintainers is that it’s off-topic. Therefore it’s off-topic for whatever fork of glibc everyone ends up using. Because if we get another eglibc situation, everyone will use the fork maintained by the maintainers, and no one will use the fork “maintained” by rms.

                                                                                                It’s de facto off-topic for those who accept reality.

                                                                                                1. 0

                                                                                                  Anyone who “accepts reality” in that sense wouldn’t be contributing to GNU in the first place. The project has always been about RMS telling the rest of the world they’re wrong.

                                                                                                  1. 1

                                                                                                    See eglibc. A non-GNU fork already happened, and was reintegrated when the issue was dropped.

                                                                                                    I don’t see how you can say that those kind of people wouldn’t be contributing to GNU, when they clearly are and that’s what this is all about. If those kind of people wouldn’t be contributing to GNU, then why is there any debate?

                                                                                                    1. 1

                                                                                                      There is debate precisely because the people contributing don’t subscribe to your notion that the primary maintainer consensus is all that matters. glibc contributors do care about GNU and RMS, otherwise the eglibc-style fork would already have happened and the project would now be being maintained outside the GNU umbrella.

                                                                                    1. 11

                                                                                      If we followed all of these things:

                                                                                      • Don’t write your own encryption
                                                                                      • Don’t write your own database
                                                                                      • Don’t write your own math functions
                                                                                      • Don’t write your own data structures
                                                                                      • Don’t write your own web framework
                                                                                      • Don’t write your own drivers
                                                                                      • Don’t write your own operating system
                                                                                      • Don’t write your own graphics routines
                                                                                      • Don’t write your own …

                                                                                      I think we’d all be pretty damn bored.

                                                                                      1. 8

                                                                                        I’ve always thought that “advice” was insulting, condescending, and wrong. Obviously someone needs to write all those things, and that someone better had the experience which only comes after doing all those things for a while.

                                                                                        We need to encourage better understanding of tricky fields, and we need to encourage software diversity and fight against software monocultures.

                                                                                        1. 2

                                                                                          we need to encourage software diversity and fight against software monocultures

                                                                                          Not trolling…but why?

                                                                                          1. 3

                                                                                            Any monopoly or oligopoly is usually bad for the customer. Things stagnate at best or get destructive to customers at worst. Even when they’re good, attempts at reinventing the wheel slightly can be a lot better. For a recent example, VMS-style clusters with a database were pretty bullet-proof at high-availability within a few hundred miles at decent performance. I’m still glad people worked on alternatives necessary to build Spanner and FoundationDB, though. That’s why we get even higher performance on cheaper boxes at a global level with similar level of consistency. It didn’t happen overnight either: people stayed trying to reinvent databases and distributed services for a while before things lined up right.

                                                                                            4ad’s OpenSSL example is a good one. iOS vs Android for mobile apps is another.

                                                                                            1. 1

                                                                                              Doesn’t your argument mostly apply to closed source software in a commercial setting? I think it’s possible Linux wouldn’t stagnate even if there were no alternative OSes.

                                                                                              1. 3

                                                                                                Linux, as a product people consume, has a lot of diversity in it, from Ubuntu to Arch, to Slackware. As a kernel, no, Linus is pretty heavy handed on what the kernel cannot do these days, so we’re stuck with things like epoll until Linus changes his mind or moves on to another project.

                                                                                                But lets flip this on me and have me using an OS that I quite like and thinks makes a lot of right decisions: FreeBSD. Do I think stagnation would be a problem if FreeBSD was the only operating system? Definitely. FreeBSD has ended up steeling good ideas from other operating systems that were very unlikely to arise within FreeBSD. The security conscious programmers at OpenBSD might have a kinship to FreeBSD, but the values of FreeBSD to align enough with them to be able to innovate in the ways that interest them.

                                                                                                1. 1

                                                                                                  That’s a good counterpoint, thanks.

                                                                                                2. 1

                                                                                                  That you went right to Linux shows that it’s an outlier. The last time someone dug up data, Nadia Eghbal, most of the FOSS projects were in bad shape financially. Things like Linux are rare. Situation is opposite for proprietary software.

                                                                                                  1. 2

                                                                                                    I’m aware of the funding issues with open source, but I think that’s a separate issue from what I’m trying to say. My point is: a monopoly or oligopoly of open source software wouldn’t be bad for the users of that software, because development would still continue due to the different incentive structure. Do you think that’s not true?

                                                                                                    1. 2

                                                                                                      I think there’s at least two concerns: development drops off due to incentives not holding up (happens a lot); incentives, esp if corporate, can push the FOSS in directions people dont want. Red Hat and systemd is the first example coming to mind for Linux. Another was a scheduler I read about that improved things on desktop workloads that was rejected or pulled due to server focus of many stakeholders.

                                                                                                      Good for users is relative. That there’s often competing interests means ability to diverge on some points is valuable. Whether you need it or not, who knows. Someone might.

                                                                                              2. 3

                                                                                                When the alternative is OpenSSL, I think the answer is self-evident.

                                                                                                1. 1

                                                                                                  Were the problems with OpenSSL really driven by the lack of competition, or by the lack of funding?

                                                                                                  1. 2

                                                                                                    OpenSSL has many problems but no matter how well funded OpenSSL could be it will have a security hole in it because it’s software. Having some competition at least means not all of the software on ones stack would have the security hole.

                                                                                                2. 2

                                                                                                  The common, concrete, argument given is usually security. A hole found in Linux probably does not affect BSD. VeriSign runs (at least?) three operating systems in their infrastructure for this reason. There is a push to support Tor better in BSD for this as well. It’s possible if x86 didn’t dominate our servers, Meltdown and Specter could have been less problematic (tangentially, I hope something comes of POWER9).

                                                                                                  For more hand wavy arguments, the different project cultures has allows for different ideas to flourish with other systems picking up the things that win. Despite not being an OpenBSD user, I support it with my money because I want it to survive because I think the world is a better place with the ideas that bubble up to the top making it elsewhere. I think it would be challenging for someone with an OpenBSD ethos to participate in Linux.

                                                                                              3. 7

                                                                                                Might also get something done. :)

                                                                                                1. 2

                                                                                                  Or… adapting existing solutions to fit our problems might lead to vulnerabilities, additional cost, additional resource requirements, etc.

                                                                                                  But, yeah, you might go faster. You might not. As always, it depends.

                                                                                                2. 3

                                                                                                  I don’t do any of this and pump terabytes of data through infrastructures and networks using stock software. It’s pretty pleasing.

                                                                                                  1. 5

                                                                                                    My job involves pumping lots of bytes through kafka, doing some computations on said data, and then writing them to cassandra.

                                                                                                    With more specialized tooling, this could be done far simpler, and cost a fraction of what the whole thing costs to run right now. Of course, at the expense of engineering resources to design, build, test, and operate it all. And, not to mention the time it’d take to do it.

                                                                                                    I’m all for composable solutions from well tested components, but let’s be honest—composing infrastructure requires you to make a lot of compromises…like wasting CPU cores by adopting redis…, etc.

                                                                                                  2. 2

                                                                                                    IMO, we still haven’t nailed some of those, esp web frameworks and OSes.

                                                                                                    Don’t read the comments.

                                                                                                    1. 1

                                                                                                      Don’t read the comments.

                                                                                                      That’s actually the best advice. Adding it to the list. :)

                                                                                                  1. 3

                                                                                                    Don’t get your hopes up. Also, don’t get them too down.

                                                                                                    Here’s a thing: https://github.com/skade/multi_def

                                                                                                    That is more then 10 years old and was given as a lightning talk for illustration purposes in 2008 at EuRuKo. I wasn’t the first to come up with the subject of pattern matching and certainly not the last :). Matz was very clear that he didn’t feel pattern matching fits Ruby. Nowadays, I actually agree with him, mostly.

                                                                                                    On the other hand, it’s been 10 years, people’s opinions change :).

                                                                                                    1. 8

                                                                                                      For me, as a browser security engineer, it’s striking that security is only mentioned once, and it’s about the server-side not the client. Rust shows its benefits just in the amount of time not wasted debugging C++’s various forms of unsafety.

                                                                                                      I wonder if this is quantifiable, conventional wisdom is that Rust can be relatively difficult to learn, compared to other languages, but if you can demonstrate that you save the time on debugging and not dealing with security issues, that’d be a powerful argument.

                                                                                                      1. 9

                                                                                                        It’s a whitepaper, so it isn’t intended to highlight the whole gamut. I’m giving a talk on security aspects of Rust next week though, which will be taped, I may ping you if the recording is up and I remember.

                                                                                                        conventional wisdom is that Rust can be relatively difficult to learn

                                                                                                        Depends on what your baseline and your goal is. It’s a language built for a medium pace, resulting in stable software.

                                                                                                        I teach Rust professional and at a learners group. The general takeway from it is that strict enforcement of single ownership is something people really have to get used, although it’s often a line of thinking in general programming, too. I don’t find Rust hard, but it took some time for the community go get used to. It isn’t Go, which is completely built around being easy to pick up. For example, a lot of early Rust 1.0 code had a lot of emphasis on borrowing, now, three years in, people move away towards ownership everywhere and things get a lot easier. There’s now a lot of code to look at which can be considered idiomatic. We have a lot of people around who are competent with the language and can steer people the right way. People became so hyper-focused on having to understand lifetimes, now, I give a 30 minutes lecture in my courses how you are often semantically and computationally better of with avoiding them. That makes the whole language much easier.

                                                                                                        Sooo, the whole thing became kind of a meme and its foundation are questionable. People learn hard languages all the time, especially in a space where C++ is dominant.

                                                                                                        1. 2

                                                                                                          Do you have a link handy for your lecture about how it’s better to avoid lifetimes? I’m interested to know since the borrow checker is one of Rust’s most famous capabilities.

                                                                                                          1. 2

                                                                                                            Id be interested in that, too, given I looked at it when people were talking about borrowing and lifetimes a lot.

                                                                                                        2. 3

                                                                                                          They’re doing game development, which means most of the time security is their last priority.

                                                                                                          1. 2

                                                                                                            Well, crashes often were how consoles got rooted in the end. The game developers might not care, though perhaps the companies making the consoles do.

                                                                                                            1. 14

                                                                                                              In that case, we should encourage them all to use C/C++ to ensure eventual freedom of our devices. Good news is they all switched to the very CPU’s that have the most attacks and experienced attackers. Probably not going to be necessary. ;)

                                                                                                              1. 3

                                                                                                                Yeah, I for one hope that we continue to write games in unsafe languages so that consoles can be rooted with Long Horse Names

                                                                                                          2. 2

                                                                                                            “ but if you can demonstrate that you save the time on debugging and not dealing with security issues, that’d be a powerful argument.”

                                                                                                            That’s the exact argument used by the quality- or correctness-improving methodologies I often mention like Cleanroom. The older ones like Fagan Inspection Process said same thing. The reason is that problems are easier and cheaper to prevent or fix earlier in the lifecycle in most cases. They can actually be several times cheaper to prevent than fix. There’s usually an upfront cost that comes with it but the savings in debugging or maintenance often wiped it out in industry usage. Not always, though, where the quality did cost something extra by end of project. That came with other benefits, though, making it an investment with ROI rather than just a pure cost.

                                                                                                            So, there’s a lot of evidence to support your argument.

                                                                                                          1. 2

                                                                                                            Wkhtmltopdf is a thing, do rails people not know about it?

                                                                                                            1. 1

                                                                                                              Yes, they do, wkhtmltopdf is also a pain.

                                                                                                              1. 1

                                                                                                                I’m not sure I understand how it’s “painful”?

                                                                                                                1. 1

                                                                                                                  wkhtmltopdf is basd on QtWebKit, which regularly has its own share of (mostly rendering) bugs. It’s hard to upgrade if you hit any of these and those bugs get no preference when they occur. If you hit them, you are pretty much on your own.

                                                                                                            1. 10

                                                                                                              Why a service instead of a library?

                                                                                                              1. 4

                                                                                                                money

                                                                                                                1. 1

                                                                                                                  If you want to spend money, use pdflib locally. A bit antique, but reliable and comes with Ruby bindings.

                                                                                                                2. 2

                                                                                                                  Because developers should be compensated for their time, unless they’re in the business of charity.

                                                                                                                1. 8

                                                                                                                  What was the reason behind the 600MB tracking pixel?

                                                                                                                  1. 5

                                                                                                                    Protest against lobste.rs april fools theme, intentionally abusing the new functionality.

                                                                                                                    Somehow nobody is bothered that i shouldn’t have been able to get the visitor information in the first place.

                                                                                                                    1. 8

                                                                                                                      I hated the AF joke too, but now I’m more irritated at you for taking it out on us other victims though cell fees instead of directing your lack of gruntle at the admins.

                                                                                                                      1. 7

                                                                                                                        Protesting by harming the visitors of the page is very odd. You are not abusing new functionality, you are abusing peoples trust into the website. Also, you haven’t harmed lobste.rs, but its visitors.

                                                                                                                        Maybe people protest because tracking doesn’t make lobste.rs worse then any other page they visit, but burning mobile bandwidth of that size is rather unusual? That’s a direct economic damage and people on visit outside of their country might suddenly be caught with no data. Just sayin’.

                                                                                                                        1. 0

                                                                                                                          Honestly, i thought mobile users were a small minority. So, the data plan drain wasn’t intended.

                                                                                                                          1. 6

                                                                                                                            Intention is an very bad defense. Maybe think stuff through next time.

                                                                                                                            A “sorry”, for example, would go a long way.

                                                                                                                        2. 6

                                                                                                                          Embedding a big hotlinked animated gif in your sig, which you then grep Apache logs for to get traffic info, does feel very 2002.

                                                                                                                          1. 3

                                                                                                                            Somehow nobody is bothered that i shouldn’t have been able to get the visitor information in the first place.

                                                                                                                            I’m very surprised at the lack of reaction about this, too. This was my first thought when I realized you weren’t an admin.

                                                                                                                            1. 2

                                                                                                                              I added an clarification note to the top of the post… i think people did miss im just a regular user.

                                                                                                                            2. 2

                                                                                                                              Gotcha, I thought you were an admin/mod when I read the blog entry.

                                                                                                                              How did you get the visitor information? Was that from requests to pull your tracking pixel?

                                                                                                                              1. 2

                                                                                                                                The AF joke enabled a privacy vulnerability via hotlinked images which allows for third-party tracking.

                                                                                                                                1. 2

                                                                                                                                  Exactly. All pictures in the signatures caused GET requests to user-chosen urls.

                                                                                                                                2. [Comment removed by author]

                                                                                                                                  1. 1

                                                                                                                                    Context you are missing: It was him who removed it.

                                                                                                                                    1. [Comment removed by author]

                                                                                                                                      1. 1

                                                                                                                                        And that changes things? It’s an obvious and reasonable first response, not precluding anything else.

                                                                                                                                      2. 1

                                                                                                                                        I’d agree 100% – the fact that it’s an abuse of trust makes me vote for a perma-ban.

                                                                                                                                  1. 22

                                                                                                                                    I’ll make a counter-point: it’s more subtle then that. I highly recommend reading Roads and Bridges for a lot of background why and how people maintain FOSS and the issues. It casts are far wider net and models far more cases then this post, which only assumes one.

                                                                                                                                    Most maintainers start working on open source software because it’s fun and solves a problem they have.

                                                                                                                                    I would like to see a statistic for that. If you start “maintaining”, you either picked maintenance for fun or you should have thought about that for a night or seven.

                                                                                                                                    The license has nothing to do with all that. It’s the legal disclaimer.

                                                                                                                                    There’s obviously multiple groups here. There’s a non-negligible group of people that just wanted to build a cool thing for themselves, hit a nerve and suddenly, there’s a rush of users. Yes, for them, all of this is true. You never encouraged, you should plainly state that you have no intention of structured maintenance. The study quoted above documents a group that maintains software out of guilt, to avoid letting adopters down. This is far from “every maintainer”, though.

                                                                                                                                    But it’s hard to find maintainers of larger projects that not at least at some point have said “I want people to use that”.

                                                                                                                                    Let’s talk about projects that do set out to change the world and get adopted. Say, your bug number 1 is killing the Microsoft mono-culture. Or you want to make sure we have a JS base library doesn’t break the Array.prototype.flatten. Or you build a JS framework within a large enterprise that they want to push to the masses. Or you want a free desktop. If adoption is in any way your goal, adopters directly work on the goals of your project. They bet on you and rely on you. Everyone who introduces your project at their workplace, family or even personal computer makes a bet on your reliability and help. At the beginning of a project people literally put their careers at risk for that. They might not always be able to fix issues and they might not always be able to even competently do so. Their work and effort for the project lies elsewhere.

                                                                                                                                    I’m selling a niche programming language. Adopters are our most important human factor! We owe them a lot.

                                                                                                                                    This doesn’t mean you have to fulfill every wish, but you owe them a response, and explanation and a roadmap. You owe them at least to own your mistakes and to communicate plainly about the state of things. This also yields great results.

                                                                                                                                    Seeing this whole meme about maintainers owing their users nothing is the saddest take FOSS currently has to offer. Your reliability and willingness to solve problems (or assisting in solving problems) is your largest credit.

                                                                                                                                    I’d say a much larger part of the issue stems from the fact that people start projects without thinking about what it means to have a project and not a bunch of characters in a file structure.

                                                                                                                                    People have expectations, and reasonably so.

                                                                                                                                    1. 9

                                                                                                                                      Nicely said. In general, I basically agree with you! I want to lend one teeny piece of perspective to one part:

                                                                                                                                      Seeing this whole meme about maintainers owing their users nothing is the saddest take FOSS currently has to offer. Your reliability and willingness to solve problems (or assisting in solving problems) is your largest credit.

                                                                                                                                      I somewhat agree, but there’s another take here. I don’t think the OP is looking outward, but rather, looking inward. In particular, the opening is crucial to setting the context here:

                                                                                                                                      Burnout is a big problem for open source software maintainers. This is avoidable; maintainers can have fun, keep healthy and be productive working long-term on open source projects. How? By realising they have zero obligations to any other maintainers, contributors or users of their software even if they have personally benefited from the project (e.g. through self-promotion or donations).

                                                                                                                                      The language here is maybe a bit too generalized for my taste, but overlooking that, it seems like the OP is trying to describe their own personal coping strategy. It’s hard to take issue with things like that, because each individual deals with their own shit in their own way. Some coping strategies might be more popular than others, but I definitely identify with the OP here on this point. It is critically important for my own state of well being that I not allow myself to feel obligated to the projects I work on in my spare time. It’s the only way I know how to make the process sustainable. I maintain so many projects that there’s almost always something going on, and if I felt beholden to them every minute of the day, I’d be an emotional wreck. When I see an email for a project pop up on my phone, I don’t feel guilty when I dismiss it, only to check on it a week later. If I did feel guilty, then I’d wind up feeling shitty several times every single day. It ain’t sustainable.

                                                                                                                                      With that said, yeah, there are definitely weird parts of this post that I have trouble identifying with (I don’t understand the appeal to the warranty disclaimer, and perhaps suggests that my interpretation here is actually wrong!), and it probably could have been communicated better overall. But I think coping strategies are a totally legitimate angle to take on this problem. It doesn’t always need to about The FOSS Community. It can be about the individual too.

                                                                                                                                      1. 2

                                                                                                                                        I agree with your points! This is one of the reasons I don’t maintain Rust projects in my spare time next to my community work. I wouldn’t be able to fulfill any request proper.

                                                                                                                                        If FOSS maintainership is seriously getting to you health over extended time and you can’t find an emotionally sustainable way to continue, by all means, quit. It’s perfectly fine to let people down. This is one of the reasons why I think “make yourself replaceable” is a very good strategy.

                                                                                                                                        I can only encourage people to not take a simple position and blame things on the users. Introspection and taking the right steps is helping there. If that right step might is “shut down earlier then later”, all power to you.

                                                                                                                                        By the way, if anyone here is running a conference concerned with FOSS: skip one of the “scale” talks, get a talk about these subjects.

                                                                                                                                    1. 3

                                                                                                                                      How does this interact with safe harbour law?

                                                                                                                                      1. 3

                                                                                                                                        OP_RETURN doesn’t have enough room for child porn, so all this is referring to is links to websites that host such things. The blockchain itself doesn’t contain CP.

                                                                                                                                        Actually, reading the paper more closely, it seems some amount of data (60kb worth?) might’ve been spread across multiple transactions. So yes, if you take enough pixels and stitch them together in the right order you might be able to create a picture of anything.

                                                                                                                                        Eventually someone sane will step in and point out that if you run the blockchain through a JPEG viewer you will not, in fact, get child porn, but a crashed computer.

                                                                                                                                        1. 3

                                                                                                                                          I thought this was already known; could have swore I heard about this before somewhere. Maybe people were just referring to the links/urls?

                                                                                                                                          I don’t see that as being a huge issue since storing large amounts of data in a blockchain doesn’t really scale. Just ask the guy who made BitMessage, but it does raise a lot of interesting questions about illegal content and distributed/decentralized content.

                                                                                                                                          A better example is FreeNet. If you run FreeNet, you may be distributing illegal content, but it’s impossible for you or anyone to know because of the way the data is encrypted, stored and transmitted.

                                                                                                                                          1. 7

                                                                                                                                            It’s 2020, an intrepid team of heroic researchers has convinced Germany to outlaw Bitcoin due to allegations that child pornography can be reconstructed by combining parts of its blockchain…

                                                                                                                                            As if on cue, a band of troublemakers calling themselves “Anonymous” realizes they can ban all Internet services through this newfound legal reasoning and begins sharing XOR’d images of cat pictures and anime avatars to targeted social networks.

                                                                                                                                            After waiting a few months for the viral images to proliferate across several prominent websites, Anonymous releases via pastebin a sequence of instructions revealing that if one is to XOR any of cat pictures 1 through 500 with anime avatars 1 through 2000, the resulting image will be illegal under German law.

                                                                                                                                            1. 1

                                                                                                                                              Then, the social network took the content down so fast that some blockchain advocates were still talking about what Anonymous did like it was still happening. The social media groups argued to lawmakers and courts that rapid response to such content is one of the strong points of their network design: centrally-controlled, mutable state in a distributed system that merely simulates immutability with high-integrity, high-availability services. They point out that Bitcoin moved much more slowly on their best day. They point out they had been handling problems like this a long time keeping ethics in mind.

                                                                                                                                              After being quickly defeated, Anonymous started on their next trolling operation designed to get publicity among a subset of the masses while not being noticed by elites who control the world. And changing nothing as usual since that kind of work can’t be done talking on 4chan all day. ;)

                                                                                                                                              1. -2

                                                                                                                                                while not being noticed by elites who control the world

                                                                                                                                                Yes, those elites who are too busy convincing you that the blockchain is a problem when many of them are actual child abusers.

                                                                                                                                                If you cared about child abuse, you should be going after child abusers, neh? Of course, you’re going to reply to this with some complete nonsense about how this has anything to do with blockchains, and we should get riled up about that. I would argue this makes you complicit in child abuse.

                                                                                                                                                Save your fake outrage, I’m not buying it. By ignoring real abuse you support it.

                                                                                                                                                1. 3

                                                                                                                                                  I have no outrage about fintech or risks. Child abuse is orthogonal to my point. The point is immutable stores with decentralized control make crime harder to fight when it invokves keeping something illegal in immutable storage. Centralized or non-immutable alternatives dont. Feel free to debate that point about the tech’s design instead of the tangents and rhetoric you were bringing into this.

                                                                                                                                                  1. -1

                                                                                                                                                    The point is immutable stores with decentralized control make crime harder to fight

                                                                                                                                                    “Of course, you’re going to reply to this with some complete nonsense about how this has anything to do with blockchains”

                                                                                                                                                    If anything, their reliable, immutable and transparent nature can aid in crime fighting.

                                                                                                                                                    tangents and rhetoric

                                                                                                                                                    And there you go immediately — calling real evidence of ongoing child abuse pointing to real people “tangents and rhetoric”. Get upset about chopped up data while ignoring and dismissing actual child abuse. Disgusting.

                                                                                                                                                    1. 1

                                                                                                                                                      You can have those traits with an audit trail with distributed checking. Those existed before blockchains. They were efficient and without blockchain drawbacks, too.

                                                                                                                                                      The reason child abuse is orthogonal is that we’re having a discussion about what tech protocols are good at or not in terms of blocking illegal content within the protocol. You bringing up who abuses children will not help anyone analyze the effectiveness of a protocol. Now you’re equating me focusing on the tech in a tech discussion with supporting that extra child abuse you brought up. A false equivalennce and disgusting example of sophistry.

                                                                                                                                                      1. -1

                                                                                                                                                        You can have those traits with an audit trail with distributed checking. Those existed before blockchains.

                                                                                                                                                        What didn’t exist was immutability.

                                                                                                                                                        How many times has the NSA/CIA/FBI tampered with and deleted evidence of corruption and various crimes? Too many to count.

                                                                                                                                                        we’re having a discussion about what tech protocols are good at or not in terms of blocking illegal content within the protocol

                                                                                                                                                        Please check the title of the OP. “Child abuse” is prominently featured.

                                                                                                                                                        You want to change the discussion from child abuse to vague, nebulous “illegal content within a protocol”, so that you can shift the discussion away from child abuse, to being a discussion about the inability of a protocol to censor transactions — Bitcoin’s greatest achievement.

                                                                                                                                                        This is not only borderline off-topic, it’s a weak argument, and it shows your inhumanity.

                                                                                                                                                        You don’t actually care about the crime being committed. You just want to be right in pointing out that Bitcoin is successful in being censorship-resistant. Well, congrats, you’re right about that.

                                                                                                                                            2. 3

                                                                                                                                              This doesn’t affect your point but BitMessage does not use a blockchain. It’s a common misconception, probably because of the “Bit” in the name.

                                                                                                                                              1. 4

                                                                                                                                                I thought this was already known; could have swore I heard about this before somewhere. Maybe people were just referring to the links/urls?

                                                                                                                                                There’s even a service for encoding images in the bitcoin. https://news.bitcoin.com/cryptograffiti-images-blockchain/ (this is an interview with the creator with… interesting… examples)

                                                                                                                                                https://lobste.rs/s/p2wc5y shows how to encode (17th century) nude paintings in the blockchain, along with discussion about takedowns.

                                                                                                                                                Arguing that the blockchain has components to stitch together anything is not a good way to talk about this: the blockchain has structure, it might not be the intended one and putting things in in a way that you can get it out again with reasonable work is distribution.

                                                                                                                                                Takedown instructions are a reasonable concern and IMHO also a reasonable action within bounds. I think the immutability of the chain is it’s biggest flaw if you don’t heavily constrain what it is used for.

                                                                                                                                              2. 2

                                                                                                                                                Eventually someone sane will step in and point out that if you run the blockchain through a JPEG viewer you will not, in fact, get child porn, but a crashed computer.

                                                                                                                                                If you apply any of the viewers/editors quoted into the paper to the blockchain, you get out what you put in. You can’t put the blockchain in a JPG viewer, but you also can’t pipe a .tar or a .zip to it.

                                                                                                                                                It can and has been done in practice.

                                                                                                                                            1. 9

                                                                                                                                              If you are interested about D, I wrote d-idioms as a way to quickstart your understanding, starting with the edge cases :) => https://p0nce.github.io/d-idioms/

                                                                                                                                              I have built my company with this language and it’s picking up steam in my local area. Usually people dismiss D immediately when they first heard of it ; I find it nothing short of fascinating, and well usable since the last ten years.

                                                                                                                                              1. 1

                                                                                                                                                I’d be very interested in chatting about strategies. My company is pivoting towards Rust and while that might feel like competition, breaking the monoculture of C is to everyones gain in that area. (Same goes for, for example, Ada in the embedded space)

                                                                                                                                                (I’m based in Berlin)

                                                                                                                                                1. 1

                                                                                                                                                  strategies? What do you mean?

                                                                                                                                                2. 1

                                                                                                                                                  Are you in Germany? For some reason, it seems that Germany is the only place where D has really picked up.

                                                                                                                                                  1. 1

                                                                                                                                                    Not very far from Germany :)

                                                                                                                                                1. 14

                                                                                                                                                  I believe that OO affords building applications of anthropomorphic, polymorphic, loosely-coupled, role-playing, factory-created objects which communicate by sending messages.

                                                                                                                                                  It seems to me that we should just stop trying to model data structures and algorithms as real-world things. Like hammering a square peg into a round hole.

                                                                                                                                                  1. 3

                                                                                                                                                    Why does it seem that way to you?

                                                                                                                                                    1. 5

                                                                                                                                                      Most professional code bases I’ve come across are objects all the way down. I blame universities for teaching OO as the one true way. C# and java code bases are naturally the worst offenders.

                                                                                                                                                      1. 5

                                                                                                                                                        I mostly agree, but feel part of the trouble is that we have to work against language, to fight past the baggage inherent in the word “object”. Even Alan Kay regrets having chosen “object” and wishes he could have emphasized “messaging” instead. The phrase object-oriented leads people to first, as you point out, model physical things, as that is a natural linguistic analog to “object”.

                                                                                                                                                        In my undergraduate days, I encountered a required class with a project specifically intended to disavow students of that notion. The project specifically tempted you to model the world and go overboard with a needlessly deep inheritance hierarchy, whereas the problem was easily modeled with objects representing more intangible concepts or just directly naming classes after interactions.

                                                                                                                                                        I suppose I have taken that “Aha!” moment for granted and can see how, in the absence of such an explicit lesson, it might be hard to discover the notion on your own. It is definitely a problem if OO concepts are presented universally good or without pitfalls.

                                                                                                                                                        1. 4

                                                                                                                                                          I encountered a required class with a project specifically intended to disavow students of that notion. The project specifically tempted you to model the world and go overboard with a needlessly deep inheritance hierarchy, whereas the problem was easily modeled with objects representing more intangible concepts or just directly naming classes after interactions.

                                                                                                                                                          Can you remember some of the specifics of this? Sounds fascinating.

                                                                                                                                                          1. 3

                                                                                                                                                            My memory is a bit fuzzy on it, but the project was about simulating a bank. Your bank program would be initialized with N walk-in windows, M drive-through windows and T tellers working that day. There might’ve been a second type of employee? The bank would be subjected to a stream of customers wanting to do some heterogeneous varieties of transactions, taking differing amounts of time.

                                                                                                                                                            There did not need to be a teller at the drive-through window at all times if there was not a customer there, and there was some precedence rules about if a customer was at the drive-through and no teller was at the window, the next available teller had to go there.

                                                                                                                                                            The goal was to produce a correct order of customers served, and order of transactions made, across a day.

                                                                                                                                                            The neat part (pedagogically speaking) was the project description/spec. It went through so much effort to slowly describe and model the situation for you, full of distracting details (though very real-world ones), that it all-but-asked you to subclass things needlessly, much to your detriment. Are the multiple types of employees complete separate classes, or both sublcasses of an Employee? Should Customer and Employee both be subclasses of a Person class? After all, they share the properties of having a name to output later. What about DriveThroughWindow vs WalkInWindow? They share some behaviors, but aren’t quite the same.

                                                                                                                                                            Most people here would realize those are the wrong questions to be ask. Even for a new programmer, the true challenge was gaining your first understandings of concurrency and following a spec rules for resource allocation. But said new programmer had just gone through a week or two on interfaces, inheritance and composition, and oh look, now there’s this project spec begging you to use them!

                                                                                                                                                        2. 2

                                                                                                                                                          Java and C# are the worst offenders and, for the most part, are not object-oriented in the way you would infer that concept from, for example, the Xerox or ParcPlace use of the term. They are C in which you can call your C functions “methods”.

                                                                                                                                                          1. 4

                                                                                                                                                            At some point you have to just let go and accept the fact that the term has evolved into something different from the way it was originally intended. Language changes with time, and even Kay himself has said “message-oriented” is a better word for what he meant.

                                                                                                                                                            1. 2

                                                                                                                                                              Yeah, I’ve seen that argument used over the years. I might as well call it the no true Scotsman argument. Yes, they are multi-paradigm languages and I think that’s what made them more useful (my whole argument was that OOP isn’t for everything). Funnily enough, I’ve seen a lot of modern c# and java that decided message passing is the only way to do things and that multi-thread/process/service is the way to go for even simple problems.

                                                                                                                                                              1. 4

                                                                                                                                                                The opposite of No True Scotsman is Humpty-Dumptyism, you can always find a logical fallacy to discount an argument you want to ignore :)

                                                                                                                                                        3. 2
                                                                                                                                                          Square peg;  
                                                                                                                                                          Round hole;  
                                                                                                                                                          Hammer hammer;  
                                                                                                                                                          hammer.Hit(peg, hole);
                                                                                                                                                          
                                                                                                                                                          1. 4

                                                                                                                                                            A common mistake.

                                                                                                                                                            In object-orientation, an object knows how to do things itself. A peg knows how to be hit, i.e. peg.hit(…). In your example, your setting up your hammer, to be constantly changed and modified as it needs to be extended to handle different ways to hit new and different things. In other words, your breaking encapsulation by requiring your hammer to know about other objects internals.

                                                                                                                                                          2. 2

                                                                                                                                                            your use of a real world simile is hopefully intentionally funny. :)

                                                                                                                                                            1. 2

                                                                                                                                                              That sounds great, as an AbstractSingletonProxyFactoryBean is not a real-world thing, though if I can come up with a powerful and useful metaphor, like the “button” metaphor in UIs, then it may still be valuable to model the code-only abstraction on its metaphorical partner.

                                                                                                                                                              We need to be cautious that we don’t throw away the baby of modelling real world things as real world things at the same time that we throw away the bathwater.

                                                                                                                                                              1. 2

                                                                                                                                                                Factory

                                                                                                                                                                A factory is a real world thing. The rest of that nonsense is just abstraction disease which is either used to work around language expressiveness problems or people adding an abstraction for the sake of making patterns.

                                                                                                                                                                We need to be cautious that we don’t throw away the baby of modelling real world things as real world things at the same time that we throw away the bathwater.

                                                                                                                                                                I think OOP has its place in the world, but it is not for every (majority?) of problems.

                                                                                                                                                                1. 3

                                                                                                                                                                  A factory in this context is a metaphor, not a real world thing. I haven’t actually represented a real factory in my code.

                                                                                                                                                                  1. 2

                                                                                                                                                                    I know of one computer in a museum that if you boot it up, it complains about “Critical Error: Factory missing”.

                                                                                                                                                                    (It’s a control computer for a factory, it’s still working, and I found that someone modeled that case and show an appropriate error the most charming thing)

                                                                                                                                                                    1. 2

                                                                                                                                                                      But they didn’t handle the “I’m in a museum” case. Amateurs.

                                                                                                                                                              2. 1

                                                                                                                                                                You need to write say a new air traffic control system, or a complex hotel reservation system, using just the concepts of data structures and algorithms? Are you serious?