1. 5

    Meanwhile, PyPy is around 4x faster than CPython.

    1. 5

      Annecdote ain’t data, but I’ve never been successful at getting PyPy to provide improved performance. My use cases have been things like running tooling (Pylint is extremely slow under PyPy, much moreso than CPython), just running web apps, and a lot of other things that aren’t benchmarks.

      I don’t want to be too critical of PyPy, I imagine it gets a lot of what a lot of people want. But I don’t know what real workloads end up benefiting from it.

      1. 4

        PyPy upstream generally treats slowness as a bug and is willing to expend resources to fix it, if you’re willing to file issues with minimal test cases. (Here is a recent example bug about slowness.)

        Anecdotes aren’t data, but about a decade ago, I ported a Minecraft server from Numpy and CPython to array.array and PyPy, and at the time, I recorded a 60x speedup on a microbenchmark, and around a 20x speedup for typical gameplay interactions, resulting in a backend that spent most of its time sleeping and waiting for I/O.

        As long as we’re on the topic, it’s worth knowing that PyPy comes with a toolkit, RPython, which allows folks to generate their own JITs from Python. So, if one wanted more speed than was available with Python’s language design, then PyPy provides a route for forking the interpreter and standard library, and making arbitrarily distant departures from Python while still having high performance. For example, if we can agree that Dolphin implements “real workloads”, then PyGirl (code, paper) probably does as well.

        1. 3

          pypy is 4x faster…. for long-running tasks that allow the jit to warm up. Lots of python workloads (e.g. pylint) run the interpreter as a one-off so pypy won’t help there. Interpreter startup speed is also critical for one-off workflows and pypy isn’t optimized for that either.

          1. 3

            I think it’s more like 10x-100x faster OR 10% slower for different workloads – “4x” doesn’t really capture it. See my sibling comment about string/hash/object vs. numeric workloads.

          2. 2

            Yeah to me it helps to think of workloads in these categories (even if there are obviously way more than this, and way more dimensions)

            1. String / hash / object workloads (similar to web apps. Similar to a linter, and similar to Oil’s parser)
            2. Numeric workloads (what people write Cython extensions for; note that NumPy is written largely in Cython.)

            JITs are a lot better at the second type of workload than the first. My experience matches yours – when I tried running Oil with PyPy, it was slower and used more memory, not faster.

            Also, I think that workload 1 is the more important one for Python. If I want to write fast numeric code, it’s not painful to do in C++. On the other hand, doing string/hash/object graph workloads in C++ is very painful. It’s also less-than-great in Rust, particularly graphs.

            So while I think PyPy is an astonishing project (and that impression grows after learning more about how it works), I also think it doesn’t speed up the most important workloads in Python. Not that I think any other effort will do so – the problems are pretty fundamental and there have been a couple decades of attempts.

            (In contrast I got much better performance results adding static types manually, and semi-automatically translating Oil to C++. This is not a general solution as its labor intensive and restricts the language, although there are some other benefits to that.)

            1. 1

              I see the outline of your point, but I’m not sure on the specifics. In particular, a mechanism is missing: What makes strings, dictionaries, and user-customized classes inherently hard to JIT, particularly with a PyPy-style tracing metainterpreter?

              Edit: Discussion in #pypy on Freenode yielded the insight that CPUs have trouble with anything which is not in their own list of primitive types, requiring composite operations for composite types. Since JITs compile to CPU instructions, they must struggle with instruction selection for composite types. A lesson for language designers is to look for opportunities to provide new primitive object implementations, using the CPU’s existing types in novel ways.

              Our experience in the Monte world is that our RPython-generated JIT successfully speeds up workloads like parsing and compiling Monte modules to bytecode, a task which is string- and map-heavy. Our string and map objects are immutable, and this helps the JIT remove work.

              1.  

                Yes the JITs do a lot better on integers and floats because they’re machine types.

                The performance of strings and hash tables is sort of “one level up”, and the JITs don’t seem to help much at that level (and for some reason lots of people seem to misunderstand this.)

                As an anecdote, when Go was released, there were some benchmarks where it was slower than Python, just because Python’s hash tables were more optimized. And obviously Go is compiled and Python is interpreted, but that was still true. So that is a similar issue.

                So there are many dimensions to performance, and many workloads. Saying “4x faster” is doing violence to reality. In some cases it’s the difference between being able to use PyPy and not being able to use it.

              2. 1

                SciPy has some cython code along with a bunch of fortran code but NumPy is all C.

                1. 1

                  Ah sorry you are right, I think I was remembering Pandas, which has a lot of Cython in its core:

                  https://github.com/pandas-dev/pandas/tree/master/pandas/_libs

                2. 1

                  cython is also a translator to C. why didn’t you use cython for oil?

                  1. 1

                    It generates code that depends on the Python runtime, and Cython is a different language than statically-typed Python. I don’t want to be locked into the former, and translating the code is probably even more labor intensive than what I’m doing (I leveraged MyPy team work on automatic type annotation etc.). It also wouldn’t be fast enough as far as I can tell.

                3. 2

                  I used PyPy recently, for the first time and I had a nice experience. I am experimenting with SQLite and trying to figure out the fast ways to insert 1B rows. My CPython version was able to insert 100M rows in 500 is seconds, same in PyPy took 150 seconds.

                  The best part was, I did not have to change anything in my original code. It was just drop in, as advertised. Ran it with PyPy and got the speed bumps.

                4. 2

                  Specifically, we want to achieve these performance goals with CPython to benefit all users of Python including those unable to use PyPy or other alternative virtual machines.

                  1. 1

                    Apparently the goal is a 2x speed up by 3.11 and a 5x speed up in 4 years.

                    1. 4

                      Yes. Assuming that those numbers are not exaggerated, I expect that PyPy will still be faster than CPython year after year. The reasoning is due to the underlying principle that most improvements to CPython can be ported to PyPy since they have similar internal structure.

                      In GvR’s slides, they say that they “can’t change base layout, object layout”. This is the only part of PyPy’s interpreter which is structurally different from CPython. The same slide lists components which PyPy derived directly from CPython: the bytecode, the stack frames, the bytecode compiler, and bytecode interpreter.

                      Specializing bytecode has been tried for Python before; I recall a paper which monomorphized integers and other common builtin types. These approaches tend to fail unless they can remove some interpretative overhead. I expect that a more useful product of this effort will be a better memory model and simpler bytecodes, rather than Shannon’s grand explosion of possible bytecode arrangements.

                      1. 1

                        I’m curious about mypyc personally. Seems to me like (c)python is just hard to optimize and depends too much on implementation details (the C API) to be changed; to get a significant leap in performance it seems like using a statically typed, less dynamic subset, would give significantly higher speedups. Of course the downside is that it doesn’t work for old code (unless it happens to be in this fragment).

                        1. 1

                          Monomorphizing code does not always speed it up. There are times when tags/types can be checked for free, thanks to the dominating effects of cache thrashing, and so the cost of dynamically-typed and statically-typed traversals ends up being similar.

                          It’s not an accident that some half-dozen attempts to monomorphize CPython internals have failed, while PyPy’s tracing JIT is generally effective. Monomorphization can remove inner-interpreter work, but not interpretative overhead.

                          1. 2

                            Well by “less dynamic” I also mean not having a dictionary per class and this kind of stuff :-). I should have been clearer. tag checks is one thing, but performing dictionary lookups all the time to resolve identifiers or fields is also very heavy. The statically typed aspect, I have no idea if it’s truly necessary, but it’d make it easier to implement, right?

                  1. 2

                    I appreciate his point about “keep the web open”, but I think it’s inherently misguided.

                    You wouldn’t argue for ads in every home, in exchange for a free house, so that everyone can have a house. Because the result would be terrible housing for everyone.

                    While free markets are also imperfect, they are a much better mechanism for improving the overall quality of life for everyone than government-funded solutions. Or in this case, solutions funded by our Ad-overlords.

                    If someone wants to charge 100$ a year for their website, and some people can’t afford it, that’s fine. Someone else will find a cheaper way to provide the same service, and capitalize on the unattended market.

                    Ads are ruining the internet. Give us a real alternative, and let’s see what the people choose.

                    By real alternative, I mean convenient micropayments, or something of the sort.

                    1. 2

                      While free markets are also imperfect, they are a much better mechanism for improving the overall quality of life for everyone than government-funded solutions. Or in this case, solutions funded by our Ad-overlords.

                      Um the “Ad overlords” are some of the largest corporations on planet earth. They are the very definition of “the market”. Seems like you’ve already gotten what you want.

                      1. 2

                        No, imho a healthy market is one where monopolies are prevented, competition is possible, and new & upcoming players have a chance to grow. It’s not the case right now. Don’t mistake me for a libertarian just because I speak about free markets, which are an amazing invention that we should take more advantage of, but in a controlled manner.

                        1. 2

                          As the term “Free Markets” is widely misunderstood, I feel it’s appropriate to correct the record: it was coined to describe markets which were free of rentiers preventing new entrants from competing.

                    1. 2

                      Working on a Minecraft bot in python. After a lot of work I’ve finally got it mining at a cobble generator (sort of).

                      1. 2

                        Working on a Minecraft bot in python

                        Very cool! Do you recommend any resources for this?

                        1. 2

                          Well if you are interested in writing it in python, I have been using pyCraft as a library/reference. It does not implement the entire Minecraft protocol though, so you’ll have to add to it/write your own.

                          More generally, https://wiki.vg is the place for Minecraft protocol information. There is no better resource besides working at Mojang AFAIK.

                      1. 17

                        Unfortunately, OpenRC maintenance has stagnated: the last release was over a year ago.

                        I don’t really see this as a bad thing.

                        1. 12

                          Also, wouldn’t the obvious choice be to pick up maintenance of OpenRC rather than writing something brand new that will need to be maintained?

                          1. 10

                            There is nothing really desirable about openrc and it simply does not support the required features like supervision. Sometimes its better to start fresh, or in this case with the already existing s6/s6-rc which is build on a better design.

                            1. 3

                              There is nothing really desirable about openrc

                              I’d say this is a matter of opinion, because there’s inherent value in simplicity and systemd isn’t simple.

                              1. 5

                                But why compare the “simplicity” to systemd instead of something actually simple, openrcs design choices with its shell wrapping instead of a simple supervision design and a way to express dependencies outside of the shell script is a lot simpler. The daemontool like supervision systems simply have no boilerplate in shell scripts and provide good features like tracking pids without pid files and therefor reliably signaling the right processes, they are able to restart services if they get down and they provide a nice and reliable way to collect stdout/stderr logs of those services.

                                Edit: this is really what the post is about, taking the better design and making it more user friendly and implementing the missing parts.

                            2. 3

                              the 4th paragraph

                              This work will also build on the work we’ve done with ifupdown-ng, as ifupdown-ng will be able to reflect its own state into the service manager allowing it to start services or stop them as the network state changes. OpenRC does not support reacting to arbitrary events, which is why this functionality is not yet available.

                              also, the second to last graf

                              Alpine has gotten a lot of mileage out of OpenRC, and we are open to contributing to its future maintenance while Alpine releases still include it as part of the base system, but our long-term goal is to adopt the s6-based solution.

                              so, they are continuing to maintain OpenRC while alpine still requires it, but it doesn’t meet their needs, hence they are designing something new

                            3. 3

                              I was thinking the same thing.

                              I have no sources, but when was the last time OpenBSD or FreeBSD had a substantial change to their init systems?

                              I don’t know enough to know why there’s a need to iterate so I won’t comment on the quality of the changes or existing system.

                              1. 12

                                To my knowledge, there’s serious discussion in the FreeBSD community about replacing their init system (for example, see this talk from FreeBSD contributor and previous Core Team member Benno Rice: The Tragedy of systemd).

                                And then there’s the FreeBSD-based Darwin, whose launchd is much more similar to systemd than to either BSD init or SysVinit to my knowledge.

                                1. 4

                                  this talk from FreeBSD Core Team member Benno Rice: The Tragedy of systemd).

                                  This was well worth the watch/listen. Thanks for the link.

                                2. 8

                                  I believe the last major change on FreeBSD was adding the rc-order stuff (from NetBSD?) that allowed expressing dependencies between services and sorting their launch order so that dependencies were fulfilled.

                                  That said, writing a replacement for the FreeBSD service manager infrastructure is something I’d really, really like to do. Currently devd, inetd, and cron are completely separate things and so you have different (but similar) infrastructure for running a service:

                                  • At system start / shutdown
                                  • At a specific time
                                  • In response to a kernel-generated event
                                  • In response to a network connection

                                  I really like the way that Launchd unifies these (though I hate the fact that it uses XML property lists, which are fine as a human-readable serialisation of a machine format, but are not very human-writeable). I’d love to have something that uses libucl to provide a nice composable configuration for all of these. I’d also like an init system that plays nicely with the sandboxing infrastructure on FreeBSD. In particular, I’d like to be able to manage services that run inside a jail, without needing to run a service manager inside the jail. I’d also like something that can set up services in Capsicum sandboxes with libpreopen-style behaviour.

                                  1. 1

                                    I believe the last major change on FreeBSD was adding the rc-order stuff (from NetBSD?) that allowed expressing dependencies between services and sorting their launch order so that dependencies were fulfilled.

                                    Yep, The Design and Implementation of the NetBSD rc.d system, Luke Mewburn, 2000. One of the earlier designs of a post-sysvinit dependency based init for Unix.

                                    1. 1

                                      I’ve been able to manage standalone services to run inside a jail, but it’s more than a little hacky. For fun a while back, I wrote a finger daemon in Go, so I could keep my PGP keys available without needing to run something written in C. This runs inside a bare-jail with a RO mount of the homedirs and not much else and lots of FS restrictions. So jail.conf ended up with this in the stanza:

                                      finger {
                                              # ip4.addr, ip6.addr go here; also mount and allow overrides
                                              exec.start = "";
                                              exec.stop = "";
                                              persist;
                                              exec.poststart = "service fingerd start";
                                              exec.prestop = "service fingerd stop";
                                      }
                                      

                                      and then the service file does daemon -c jexec -u ${runtime_user_nonjail} ${jail_name} ${jail_fingerd} ...; the tricky bit was messing inside the internals of rc.subr to make sure that pidfile management worked correctly, with the process finding handling that the jail is not “our” jail:

                                      jail_name="finger"
                                      jail_root="$(jls -j "${jail_name}" path)"
                                      JID=$(jls -j ${jail_name} jid)
                                      jailed_pidfile="/log/pids/fingerd.pid"
                                      pidfile="${jail_root}${jailed_pidfile}"
                                      

                                      It works, but I suspect that stuff like $JID can change without notice to me as an implementation detail of rc.subr. Something properly supported would be nice.

                                    2. 2

                                      I think the core issue is that desktops have very different requirements than servers. Servers generally have fixed hardware, and thus a hard-coded boot order can be sufficient.

                                      Modern desktops have to deal with many changes like: USB disks being plugged in (mounting and unmounting), Wi-Fi going in and out, changing networks, multiple networks, Bluetooth audio, etc. It’s a very different problem

                                      I do think there should be some “server only” init systems, and I think there are a few meant for containers but I haven’t looked into them. If anyone has pointers I’d be interested. Desktop is a complex space but I don’t think that it needs to infect the design for servers (or maybe I’m wrong).

                                      Alpine has a mix of requirements I imagine. I would only use it for servers, and its original use case was routers, but I’m guessing the core devs also use it as their desktops.

                                  1. 20

                                    Here’s what I’m doing to adjust to the new era of dystopian surveillance capitalism:

                                    • Replaced my old MacBook Air with a Thinkpad T14 running Linux (currently Fedora, which has less spyware and advertising than Ubuntu)
                                    • Firefox + UBlock Origin is my primary web browser. Configured so it mostly doesn’t “phone home” to Mozilla.
                                    • Ungoogled Chromium (from the flatpak store at flatpak.org) is my backup browser, for web sites where Firefox has issues. Guaranteed never to phone home to Google.
                                    1. 6

                                      I’m interested in why you installed “ungoogled chromium” from the flatpack store?

                                      I personally install it from RPM fusion. (Which you might wanna install if you want to watch any video/listen to any music on fedora)

                                      $ sudo dnf info chromium-browser-privacy
                                      Installed Packages
                                      Name         : chromium-browser-privacy
                                      Version      : 88.0.4324.150
                                      […]
                                      Source       : chromium-browser-privacy-88.0.4324.150-1.fc33.src.rpm
                                      Repository   : @System
                                      From repo    : rpmfusion-free-updates
                                      Summary      : Chromium, sans integration with Google
                                      URL          : https://github.com/Eloston/ungoogled-chromium
                                      License      : BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC
                                                   : and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2)
                                      Description  : chromium-browser-privacy is a distribution of ungoogled-chromium.
                                      […]
                                      
                                      1. 3

                                        No good reason, I think it was recommended as an installation method by the blog post where i read about the browser. Thanks for the information. I am still getting used to Fedora.

                                        1. 2

                                          What kind of sandboxing does the flatpak-ed package get you? It’s a useful point to remember – a while back (I’m not on Linux anymore so I don’t have a more recent data point) a lot of applications from flathub were packaged without much sandboxing at all, e.g. they still had full access to the user’s home folder.

                                          1. 2

                                            Fedora has an “app store” GUI called Software. It is far more user friendly than using the “dnf” command in bash, at least if you are coming from MacOS. On my laptop, since I installed it, UnGoogled Chromium shows up as an installed application in Software, together with a lot of useful information, including an indication that it is sandboxed, with the following permissions: Network, Devices, Home Folder, Legacy Display System.

                                            1. 1

                                              Oh, thanks! I couldn’t find an explanation of what the “friendly” names mean but assuming the most obvious mapping to Flatpak permissions (here) I think it would go something like this:

                                              • Home Folder means it has unrestricted access to the home folder (which is slightly better than --filesystem=host but, as XKCD famously put it, not that good…)
                                              • Devices means it has unrestricted access to things like webcams
                                              • I’ve no idea what Legacy Display System maps to – presumably either --socket=x11 or --socket=fallback-x11?
                                              • Network is obvious, I guess :-)

                                              This is actually a little better than I expected, I think?

                                            2. 1

                                              This page is a little clickbait-y but still somewhat true: https://flatkill.org/2020/

                                              Long story short, yes isolation is still an issue on flatpak

                                        2. 4

                                          Can you clarify the first point of replacing MacBook and its impact on privacy as you see it?

                                          1. 31

                                            MacOS has telemetry that cannot be disabled. You cannot modify the System folder. Apple wants to be an intermediary in everything you do, they want to see all your data. You are encouraged to store your data on the Apple cloud, which is not end-to-end encrypted, so that they can hand your data over to the government without your knowledge(*). You are encouraged to download apps from Apple’s app store, and even if you don’t, MacOS phones home about apps not installed from the store. I don’t want to use these services, but the UI has built in advertising for these unwanted services that I can’t disable.

                                            (*) https://www.theverge.com/2020/1/21/21075033/apple-icloud-end-to-end-encryption-scrapped-fbi-reuters-report

                                            Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit. Here’s an experiment that you can try. Go to an apple store and buy something using cash (so that Apple doesn’t know your identity). When they ask for your email address, refuse to give it to them. See how that goes for you. My experience is that they try to inflict as much pain as possible, but with negotiations, it is possible to leave the store with your merchandise and a receipt. But it is not easy. I try to use cash for everything (although I’ve made exceptions during the pandemic), and the apple store has by far the worst experience.

                                            We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about. The pandemic, of course, but now that we are getting vaccinated, instead of that being a reason to be less anxious, you are now supposed to be anxious about getting and protecting your vaccine passport, without which you will be denied access to services. And of course we are supposed to be anxious about surveillance capitalism. This all sucks. I want to minimize the number of things in my life that generate anxiety: deal with the problem once, then stop thinking about it. The rational thing is to get rid of all my computers and phones, and unplug from the internet. I’m not ready for that yet, so I’m replacing my gear with new gear that doesn’t surveil me. Hopefully that will allow me to stop thinking about those particular issues.

                                            1. 12

                                              Great answer, especially this parts resonates with me:

                                              I want to minimize the number of things in my life that generate anxiety

                                              1. 15

                                                I recently got sent a mac by my employer for compliance reasons, and the process of setting it up was quite a trip. I felt like I spent twenty minutes answering “no” to various forms of “OK but can we collect this piece of personal information? How about if we phrase it slightly differently?” before I could even use the machine at all.

                                                In the end they refused to take no for an answer re: my mobile phone number, and after an experience like that I don’t actually have much confidence that they take my consent very seriously for the other pieces of information that I did not agree to.

                                                Luckily in my case the compliance concerns can be addressed by simply doing my development inside a virtualbox VM running on that machine over SSH.

                                              2. 8

                                                You are encouraged to store your data on the Apple cloud[…] You are encouraged to download apps from Apple’s app store, […] Apple has been very successful at branding themselves as pro privacy. A lot of people believe their bullshit.

                                                Also, you are encouraged to buy into the non-Mac hardware ecosystem (iPhone, Watch, etc.) with their own app store “soft” lock-in (using Things/OmniFocus on Mac? Why not buy the iPhone version!?).

                                                Technically, one can use a Mac and avoid the rest of Apple’s ecosystem (by running Chrome, Thunderbird, open source apps, etc.) - but most people will eventually get sucked into Apple’s marketing vortex. I know because I did; which is why I avoid touching anything Apple with a ten foot pole.

                                                1. 7

                                                  This is every business’ strategy. One man’s lock in is another man’s products that work together well.

                                                  1. 2

                                                    Does only sound like purchase realization when you’ve locked yourself into that ecosystem.

                                                    1. 1

                                                      realization

                                                      Can’t edit anymore, but that was meant to be rationalization.

                                                2. 13

                                                  if you don’t like the telemetry done by MacOS, that’s totally fine, but there is no need for the hyperboles, like “they try to inflict as much pain as possible”. them knowing your email address is better for their business. of course, it is worse for your privacy. but it’s just a business decision that you can dislike, not them trying to inflict you pain like some james bond villain with a lake with sharks :-)

                                                  also, in general, you will have to trust the company that makes your operating system. not because they are trustworthy, but because if they were evil, they could just read everything you do on your computer and you would never know. so simply pick one that you can trust the most. (and it applies to linux distros too. i don’t think anyone is reading and understanding every fedora patch).

                                                  1. 13

                                                    not them trying to inflict you pain like some james bond villain with a lake with sharks

                                                    It’s a figure of speech

                                                    you will have to trust the company that makes your operating system

                                                    A company doesn’t make my operating system, but even if one did it’s open source, which MacOS is not

                                                    1. 1

                                                      Shell and coca cola are exemplars of making the world a better place.

                                                      Mind explaining? Was this an irony?

                                                      1. 1

                                                        I think you replied to the wrong comment.

                                                    2. 1

                                                      james bond villain

                                                      I think this reasoning is problematic and completely ignores wolves in sheep’s clothing. How many James bond villains have ever really existed ? We agree that sharks exist but what about the following

                                                      1. The nigerian prince scammers don’t really say hey want your money for personal benefit, but dress up the message in the language of victimhood.
                                                      2. Sexual predators feign weakness, especially if they are older men before making the victim unconscious.
                                                      3. Pedophiles work in charities or armed forces but present themselves as pillars of community.
                                                      4. Religious people commit evil on completely innocent people but dress it up in the language of love, justice and purity. You don’t think of nuns who steal babies as human traffickers.
                                                      5. Communists preach egalitarianism but practice slavery under the guise of enemies of egalitarianism.
                                                      6. Pharma companies preach healing but sell addictions.
                                                      7. Under the guise of freedom of speech, pornographers exploit people from towns.
                                                      8. Shell and coca cola are exemplars of making the world a better place.

                                                      The list goes on and on. Almost every idea which seems innocent enough is abused by wolves in sheep’s clothing and not james bond antagonists. Maybe there is no such thing as sheep and we are all wolves. Heck even the open source contributors are abused under the guise of openness and community, while the parent company seeks funding.

                                                      Social media companies, including Google, claim they are making the world a better and connected place while allowing sexualisation of pre-teens and enabling predators on their platforms. They are selling private user data, allow non-state actors to influence elections, let unverified stories to run amok, abuse copyright protections and run behavioral experiments on users. How difficult is it to enable age verification ? You can always store sha(government-id) or use credit cards to verify age.

                                                      We merely have to ask the question are Google and Apple, wolves in sheep’s clothing ? The answer is obviously yes. Apple is a tobacco company. In what ways can they be stopped ? I don’t think limited liability is the answer.

                                                      1. 3

                                                        It’d probably be a good idea to strip out some of the more, um, controversial items from your comment to avoid a hellthread here litigating offtopic matters.

                                                    3. 7

                                                      We live in an age of anxiety, where there is an ever increasing number of things that you are supposed to be anxious about.

                                                      No offense, and I honestly mean that, but it feels as though you’ve got a little more anxiety going on than most of us. One valid way to deal with anxiety is to accept that some things are just facts of life in the modern world. For example, I use an ad-blocker, I don’t use Chrome, and I choose devices and services that are at least reasonably secure, but I gave up trying to control every piece of data I own because the attempt was causing me much more anxiety than just going with the (admittedly unfortunate) flow.

                                                      Just a thought.

                                                      1. 4

                                                        “Don’t worry, be happy” is not a serious answer to anxiety. If you decide to surrender that’s your choice, but that doesn’t mean people preferring to fight a managed retreat and prevent a total rout are wrong to do so. At a minimum they will preserve their freedom longer than you and possibly even retake ground that you have ceded.

                                                        https://www.history.com/news/7-brilliant-military-retreats

                                                  2. 2

                                                    How does the T14 compare to other ThinkPads you have used (eg the X1 carbon)?

                                                    1. 9

                                                      I chose the T14 AMD w. Ryzen 4750 (8 cores, decent GPU) because I’m doing open source development and 3D graphics (not gaming), and I wanted this much power. Thicker than my old MacBook, but same mass. Easy to disassemble, lots of upgradeable components. The T14s is too thin, cooling system is inadequate for the 4750 CPU (according to notebookcheck): it runs too hot and throttles. Ryzen uses more energy but performance is comparable to an Apple M1 (faster on some benchmarks, slower on others). Fan noise hasn’t bothered me.

                                                      According to reviews, T14 has a better keyboard than X1 carbon. X1 carbon has a better trackpad, but this trackpad can be ordered and installed in a T14 (many people on Reddit have done this). The X1 is limited to gen 10 intel + UHD graphics, too slow for my requirements. It maxes out at 16GB soldered RAM (not upgradeable), too small for my future requirements. Probably too thin to support the Ryzen 4750 with adequate cooling. The display options are better than the T14 AMD, that’s my one regret.

                                                      1. 3

                                                        I replaced my MacBook Air M1 by a T14 AMD a few months ago and like it very much as well!

                                                        Fan noise hasn’t bothered me.

                                                        Me neither. The fan is not very loud, definitely much more quiet than Intel MacBooks.

                                                        lots of upgradeable components

                                                        Love this aspect as well. I added an additional 16GB RAM (for 32GB RAM) and replaced the 512GB NVMe SSD by a 1TB NVMe SSD. There is still room for one more upgrade, since the WWAN slot can be used for some SSDs.

                                                        The display options are better than the T14 AMD, that’s my one regret.

                                                        Especially in Linux. On Windows the screen is quite acceptable with 150% scaling. Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                                                        1. 1

                                                          Unfortunately, when enabling fractional scaling in GNOME, most X11 applications break (blurry upscaling).

                                                          I remember this problem with the X1 Gen3 which couldn’t scale 2x properly, so I could chose between things looking way too tiny or things looking way too large (and very little screen real estate). The 4K screen in the T14s is much better in that regard.

                                                          But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                                                          1. 1

                                                            But really the problem is that GTK+ 3 (at least) doesn’t support fractional scaling so things are just a complete mess.

                                                            For me on Wayland, GTK 3 applications work fine. AFAIK, they are rendered at a larger integer scale and then Mutter (?) downscales to whatever fractional scaling you use. This is pretty much the same approach as macOS uses.

                                                            It’s XWayland where it goes wrong, though I think it was with an external screen hooked up, since XWayland does not support mixed DPI.

                                                        2. 2

                                                          The AMD variation is near perfect - but there is one downside to anyone, like me, who owns a Thunderbolt device (eg: LG Ultrafine 5k; I cannot go back to non-retina monitors having used this). It has no support for TB3 even with a dock.

                                                          1. 3

                                                            It sucks if you already have a Thunderbolt display, but it does drive 5k@60Hz over USB-C with DP-Alt (according to PSRef).

                                                            1. 1

                                                              Is there a demonstration of this actually working with any particular 5k monitor (of which there aren’t many)?

                                                          2. 1

                                                            The T14s is too thin, cooling system is inadequate for the 4750 CPU

                                                            I own a T14s, and I can confirm the cooling system is absolutely inadequate.

                                                            1. 1

                                                              The fact that the 4K screen is only available in the T14(s) with Intel is the sole reason I got the Intel T14s (which apparently does not run crazy hot as the Intel T14). Also oddly the T14s can be ordered with 32 GB RAM unlike the X1, so you get a rather similar device with better specs and keyboard and a worse (non-replaceable) touchpad.

                                                        1. 5

                                                          Safari is conspicuously absent.

                                                          1. 5

                                                            From reading different reviews on the website it seems to me that the author uses Windows and so probably cannot test Safari. That being said, given Apple’s status as a trillion dollar corporation I wouldn’t be shocked if they didn’t have the end user’s best interest in mind.

                                                            1. 2

                                                              I’d say that for Edge, which I also don’t see on this list. But given Apple’s stated focus on privacy, I was hoping to see how Safari stacks up in a detailed evaluation.

                                                          1. 6

                                                            While its certainly not usable for daily to day activities, I still think NetSurf is a cool browser. It would probably end up in the mid tier, as it doesn’t have any tracking but it also doesn’t have any privacy protecting features.

                                                            1. 5

                                                              The same author did indeed post a review of NetSurf

                                                              Upon launch Netsurf makes a request to get the default search engine’s icon, that default search engine is Google. […] Other than that, there are no unsolicited requests.

                                                            1. 11

                                                              And? I don’t see anyone complaining that most desktop applications use mostly the menu layouts and keyboard shortcuts. Why is uniformity and not surprising the user suddenly a bad thing when its the web?

                                                              1. 6

                                                                most desktop applications use mostly the [same?] menu layouts and keyboard shortcuts

                                                                I’m not sure that is true anymore. I don’t at all intend to argue against your point about uniformity and not surprising the user. But the desktop applications I’ve seen lately do not have a menu bar, they do not use standard window decorations and they seemingly do not have any common keybindings apart from Ctrl-c, Ctrl-x, Ctrl-v and Alt-F4. They render as borderless windows and implement their own minimize, maximize and close buttons. If there’s a menu it’s some custom stuff behind a button that looks either like a hamburger(‽), a gear or three vertical dots. The selected desktop theme has very little effect on their looks. They might as well be web pages, and many of them probably are.

                                                                1. 6

                                                                  Exactly. I think what we are losing are the crazy homebrewed websites of the 90s/00s.

                                                                  Now even the most modest and beginner website will be using one of the libraries used by everyone else.

                                                                  This is both good, as it means that more people can finally access this technology (ss a developer), and bad, since we lose a bit of quirkiness.

                                                                  The thing to think though is: was that crazy internet we had in the past due to creative people being creative or simply because everyone didn’t know anything and didn’t have tools to do better? I remember being 12 and struggling to make a background static, my first website wasn’t “different” out of creativity but out of lack of knowledge and patience.

                                                                  1. 4

                                                                    I think that uniformity is a benefit, but only if the standard that has been settled on is good. For example, I think that hamburger menus, which are everywhere today, are clearly inferior to horizontal menus, which were everywhere fifteen years ago.

                                                                    1. 2

                                                                      Horizontal menus are great on desktop, but don’t work in mobile. That’s why we got hamburger menus.

                                                                      1. 3

                                                                        The problem is that website developers force that compromise on everyone, rather than just on mobile device users.

                                                                        If a hamburger menu really is the best solution for a certain website when it’s viewed from a mobile device, I really would like the website to degrade to a hamburger menu when I visit it from a phone, and display a normal, non-horrible menu on desktop. It’s not even that hard anymore, now that pointer media query is supported by everything.

                                                                    2. 1

                                                                      The entire last section of the article is dedicated to addressing this.

                                                                      1. 4

                                                                        No, it is not. The last section’s TLDR is: Conformity through libraries brings greater accessibility, Mozilla says its bad, and appeal to nostalgia. It does not at all address that the exact opposite attitude is generally held for most of the rest of computing.

                                                                    1. 2

                                                                      Personally I don’t understand why people are always trying to replicate social media but make it “good” this time. Based on real life experience of how 10+ major social media platforms have influenced people’s lives, I’m starting to get the idea that maybe the entire concept is toxic. That being said I don’t have much experience with social media outside the realm of surveillance capitalism (if that’s even possible).

                                                                      1. 3

                                                                        The original social media was email. Before that, usenet. Before that, meatspace had alternatives.

                                                                        The idea is not toxic. People need to connect to people, it’s just our nature. Implementations that reward living and bragging about a lavish lifestyle can be toxic. Implementations that inspire the belief that every human who matters uses thar platform can be toxic. But the raw idea? No.

                                                                        1. 1

                                                                          It might be that this is something like turing completness: If you replicate the whole thing, you get all the problems, but if you limit it too much, you loose its power. I think that social media, in some form or another, is useful, and most people agree (but don’t necessarily agree what they agree about). The degradation of a network seems to more often than not be non-technical. Google+ lost corprate interest, Twitter became increasingly toxic, others were just deserted. I don’t think there is any harm to experiment, and engage with these experiments. If anything, we just stand to learn more about the potential digital social networks give us, and their limitations.

                                                                          1. 1

                                                                            The toxic parts are global broadcast (think Twitter), automated recommendations to anywhere in the network (all but esp. YT), and centralization with an ad-driven business model.

                                                                            The first leads to harassment and spamming; the second feeds extremist content to vulnerable people; and the third leads to psy-ops dirty tricks to keep people’s eyeballs on the site at all costs.

                                                                            This protocol, like Scuttlebutt and (mostly) Mastodon, doesn’t have those problems. I think nostr is too simple to be good (there’s no privacy, and the feed mechanism is naive and broken) but it’s kind of interesting.

                                                                          1. 1

                                                                            The page doesn’t load at all without javascript enabled. If I can’t even view their mostly text homepage without that bloat, I wonder what the language is like…..

                                                                            edit: Documentation doesn’t load without it either.

                                                                            1. 1

                                                                              You talk about simplicity alot in this article, but to load it I had to download 12.9 MB worth of stuff. Surely a blog with a few screenshots does not need to consume that much bandwidth.

                                                                              1. 5

                                                                                It’s images. It’s all images. There’s a 3MiB gif and a bunch of smaller PNGs that add up to that much data. A 1200x848 gif of that many frames is apparently 3MiB.

                                                                              1. 37

                                                                                It sucks for offline apps, but there is a sad rational explanation: in reality there are very few real offline webapps that rely on it, and lots and lots of trackers that abuse it.

                                                                                Any bit of persistent state will be abused for tracking, so sadly everything has to be blocked for as long as surveillance-based adtech thrives.

                                                                                1. 5

                                                                                  Then we should block native apps that can communicate over the network from saving files to disk. ;)

                                                                                  1. 15

                                                                                    I get your point, but I think there’s a difference in user expectations between an app and a website. If I just visit a site to read one or two pages, that feels like it should be anonymous, whereas an app I use to do stuff feels more stateful.

                                                                                    1. 6

                                                                                      If browsers can require explicit permissions for accessing the webcam etc., why can’t they do the same for local storage? I think they can and should, and it would be way better than wiping the local storage after $num days.

                                                                                      1. 7

                                                                                        It will be another popup where 99% of the userbase shrugs and goes “yeah, I guess”.

                                                                                        1. 3

                                                                                          How do you know that’s what people do? :) I have no pity for people who choose the wrong option. But I must pity those who aren’t even given the option.

                                                                                          1. 1

                                                                                            I mean you do have the option of just not using Apple products. Seems like the best option imo.

                                                                                            1. 2

                                                                                              Apparently Chrome is going down this route too on 2022.

                                                                                              1. 1

                                                                                                It boggles my mind how in-step Apple and Google are. One is always following the other when it comes to eroding our options and privacy online. Really makes me feel like a sucker for actually believing that a company the size of Apple could “care” about privacy any more than Google could. I guess we imagine the world as we’d like it to be…

                                                                                        2. 1

                                                                                          If browsers can require explicit permissions for accessing the webcam etc., why can’t they do the same for local storage? I think they can and should, and it would be way better than wiping the local storage after $num days.

                                                                                          There’s a Firefox plugin that does something similar, but with a much better UI (ask forgiveness, not permission). The Self Destructing Cookies plugin moves any per-site storage to a separate location as soon as you navigate away. If you go back to a site and realise that functionality that you care about is broken then you can restore the state, but otherwise you just leave it and it’s eventually deleted in the background. I’d love to see that UI adopted more widely for cookies and local storage. 99% of the time, I’m happy for things to silently become session cookies. Having that as the default, with a working undo for when it isn’t, is a lot more user-friendly than asking people to allow or deny (which is the right UI for the microphone and camera, where you are likely to know if the site really needs these).

                                                                                      2. 9

                                                                                        Native apps are definitely full of trackers. They’re probably even worse than websites due to elevated privileges, easily obfuscated SDKs, and no origin separation.

                                                                                        But the difference is in user expectations. Users freely jump from site to site, and can be visiting hundreds of sites. Many users hardly install any native apps.

                                                                                        1. 7

                                                                                          One interesting difference is that I firewall all my native apps’ outbound connections. So I’m acutely aware every time one of them phones home to report my activity to their overlords, or it’s simply blocked.

                                                                                          I have to let my browser talk to arbitrary hosts on the internet for it to do its job. It doesn’t currently let me specify that an offline web site shouldn’t be able to do that.

                                                                                          My outgoing connection firewall thus amounts to a more effective form of origin separation than I get from a browser.

                                                                                          1. 6

                                                                                            They’re probably even worse than websites due to elevated privileges, easily obfuscated SDKs, and no origin separation.

                                                                                            I think the most prominent privacy issue is services tracking you across the web, which ads network do. Native apps [should] live in their own little world. Unless they abuse privileged access, which in most legit case they don’t. I consider Facebook and Google tracking my browsing habits much worse privacy-wise than Apple tracking which news I look at in the Apple News app.

                                                                                            Native app are also getting better at letting users control access and I don’t get any surprise about random apps reading my contact list. I can easily review which app has access to what. This is in no way obfuscated, at least on OSX/iOS.

                                                                                            1. 4

                                                                                              I hadn’t realized how bad the trackers were until I sent my iPhone’s/iPad’s traffic to my Pi-hole. It’s incredible how bad it has become.

                                                                                            2. 6

                                                                                              The difference is that downloading a native app has a very different experience than just visiting a website. You know you’re downloading a thing that will store data on your device.

                                                                                              Ideally, the technical differences in implementation would be divorced from the UI differences, so that you could write an offline web app, make it jump through an equivalent set of hoops to authorize the use of local storage, and then it has privileges equivalent to native apps, but it’s not trivial to do something like that. As it stands, letting apps have free rein to store persistent tracking information isn’t a good policy.

                                                                                              1. 5

                                                                                                Ideally, the technical differences in implementation would be divorced from the UI differences, so that you could write an offline web app, make it jump through an equivalent set of hoops to authorize the use of local storage, and then it has privileges equivalent to native apps, but it’s not trivial to do something like that

                                                                                                It may not be trivial, but it does have a name – “electron”.

                                                                                                1. 1

                                                                                                  It’s close to what I described, and worth mentioning, but there are still tradeoffs. At a minimum, Electron requires you to do go through the app store on iOS, right?

                                                                                                  1. 1

                                                                                                    You can download and install it as you can with any other native appliication, which is the point: it behaves like a native program, so you install it like a native program.

                                                                                              2. 2

                                                                                                iOS apps are already heavily sandboxed, have heavy restrictions based upon what they can use for persistent identifiers, etc,.

                                                                                                The web, by necessity, requires an overly permissive model first and foremost. This is where advertisers are most sticky.

                                                                                                1. 1

                                                                                                  If you just prevent the user from unlocking their device they don’t risk entering and personal information that could be leaked.

                                                                                                  1. 1

                                                                                                    What we spoiled block is the cause, not the symptom. We should block trackers. Make them illegal. Yes, it would be impossible to enforce. But at first, we kill off Google’s and Facebook’s ability to do this (and they couldn’t get away with it, they’re to big).

                                                                                                    Then the small ones wont matter any more and within a few years, that particular problem is gone.

                                                                                                  2. 2

                                                                                                    I’m using this functionality to improve accessibility to slow connections.

                                                                                                    Seven days is quite a short window.

                                                                                                    1. 7

                                                                                                      Saying “seven days” is incomplete enough to be effectively inaccurate. The more accurate statement is:

                                                                                                      • For sites using local storage, it’s deleted if the user goes seven days without visiting your site in Safari
                                                                                                      • For web apps installed to the home screen, it’s deleted if the user goes seven days without opening your app

                                                                                                      These seem to be reasonable if you’re using local storage as a temporary cache, since every time the user visits your site or opens your app resets the counter for you (and also gives you a chance to make sure your locally-cached data is up to date).

                                                                                                      1. 2

                                                                                                        I don’t think it’s reasonable if you’re using localStorage to store a user’s private key for your site.

                                                                                                        I think this is a valid use case, and the user will be severly disappointed if their key is lost after just 7 days of inactivity.

                                                                                                        1. 5

                                                                                                          Lots of sites would log me out if I didn’t visit for a while. And client-side storage has always been volatile and intended to support short periods of offline work, rather than an ad-hoc guaranteed-permanent filesystem substitute. The fact that a lot of people assumed it could be used as a permanent filesystem seems like an error on their part.

                                                                                                  1. 1

                                                                                                    Who is more trustworthy: the people who spent years getting their paper through peer review, or a random internet commenter who probably stopped at the abstract?

                                                                                                    Really good point, one that is certainly worth considering more often.

                                                                                                    1. 9

                                                                                                      The way you quoted it is liable to be misunderstood by others.

                                                                                                      1. 4

                                                                                                        That quote is misleading without the context, which is that even if the premise of a published article is nonsense (and should make reviewers think twice before passing peer review), the way science/publishing is structured, it’s not enough to merely point out that the premise is nonsense, and therefore the entire article is not worth your time. You actually have to make the effort to write a good rebuttal and publish it, too.

                                                                                                      1. 38

                                                                                                        Are people really still whining about this?!?

                                                                                                        Python 2 is open source free software and you’re a software developer. Grab the code, build it yourself, and keep running Python 2 as long as you want. Nobody is stopping you.

                                                                                                        This is even more silly because Python2 was ALREADY DEPRECATED in 2011 when the author started his project.

                                                                                                        1. 5

                                                                                                          /Are people really still using this argument?!?/ Just because software, packages and distributions don’t cost money doesn’t mean that people don’t use them and have expectations from them. In fact, that is exactly why they were provided in the first place. This “you should have known better” attitude is totally counterproductive because it implies that if you want any kind of stability or support with some QoS you should not use free/open-source software. I don’t think any of us want to suggest that. It would certainly not do most open source software justice.

                                                                                                          1. 9

                                                                                                            This “you should have known better” attitude is totally counterproductive because it implies that if you want any kind of stability or support with some QoS you should not use free/open-source software.

                                                                                                            My comment doesn’t imply that, though. In fact, as I pointed out, the author can still download Python2 and use it if he wants to. Free to use does not imply free support, and I think it’s a good thing for people to keep in mind.

                                                                                                            Furthermore, I don’t think a “you should have known better” attitude is out of line towards somebody who ignored 10 years of deprecation warnings. What did he think was going to happen? He had 10 years of warning - he really should have known better…

                                                                                                            1. 1

                                                                                                              if you argue with the 10 years of warning you’re missing the point.

                                                                                                              The point is not that there was no time to change it. The point is that it shouldn’t need change at all.

                                                                                                            2. 13

                                                                                                              Just because software, packages and distributions don’t cost money doesn’t mean that people don’t use them and have expectations from them

                                                                                                              Haven’t there been a few articles recently about people being burt out from maintaining open source projects? This seems like the exact kind of entitled attitude that I think many of the authors were complaining about. I’m sure there would be plenty of people to maintain it for you if you paid them, but these people are donaiting their time. Expecting some developer to maintain software depreciated in 2011 for you is absurd.

                                                                                                              1. 1

                                                                                                                Yeah, I’ve read a few of those articles, too. And don’t get me wrong I’m not trying to say that things should be this way. A lot of open source work deserves to be paid work!

                                                                                                                But I also don’t think there is anything entitled about this point of view. It’s simply pragmatic: people make open source software, want others to use it, and that is why they support and maintain it. Then the users become dependent. Trouble ensues when visions diverge or no more time can be allocated for maintenance.

                                                                                                                1. 9

                                                                                                                  At the same time, it’s not like a proprietary software vendor that you staked your entire business on. The source code to Python 2 isn’t going anywhere. Just because the PSF and your Linux distribution decided to stop maintaining and packaging an ancient version doesn’t mean you can’t continue to rely on some company (or yourself!) to maintain it for you. For instance, Red Hat will keep updating Python 2 for RHEL until June 2024.

                                                                                                                  And as crazy as it might seem to have to support software yourself, consider that the FreeBSD people kept a 2007 version of GCC in their build process until literally this week. That’s 13 years where they kept it working themselves. It’s not like it’s hard to build and package obsolete userspace software; nothing is going to change in the way Linux works that would prevent you from running Python 2 on it in five years (unlike most system software which might make more assumptions about the system it’s running on).

                                                                                                                  Some amount of gratuitous change is worth getting worked up about. For example, it’s a well-known issue in fast-moving ecosystems like JavaScript that you might not be able to get your old project to build with new dependency versions if you step away for a year. That’s a problem.

                                                                                                                  I, for one, am extremely glad that it’s now okay for library authors to stop maintaining Python 2 compatibility. The alternative would have been maintaining backwards compatibility using something like a strict mode (JavaScript, Perl) or heavily encouraging only using a modern subset of the language (C++). The clean break that Python made may have alienated some people with legacy software to keep running, but it moved the entire ecosystem forwards.

                                                                                                                  1. 1

                                                                                                                    The source code to Python 2 isn’t going anywhere. Just because the PSF and your Linux distribution decided to stop maintaining and packaging an ancient version doesn’t mean you can’t continue to rely on some company (or yourself!) to maintain it for you.

                                                                                                                    1. Some distros are eager to make python launch python3. This action is vanity-based hostile to having Python 2 and 3 side-by-side (with 2 coming from a non-distro source).
                                                                                                                    2. By not keeping Python 2 open to maintainance by willing parties in the obvious place (at the PSF) and by being naming-hostile to people doing it elsewhere in a way that not only maintains but adds features, the PSF is making pooling effort for continued maintenance of Python 2 harder than it has to be.
                                                                                                                    1. 2

                                                                                                                      It’s arguably more irresponsible to continue to implicitly pushing Python 2.x as the “default” python by continuing to be refer to it by the python name out of deference to “not breaking things” when it is explicitly unmaintained.

                                                                                                              2. 7

                                                                                                                it implies that if you want any kind of stability or support with some QoS you should not use free/open-source software

                                                                                                                If you want support with guarantees attached you shouldn’t expect to get that for free. If you are fine with community/developer-provided support with no guarantees attached, then free software is fine.

                                                                                                                I think being deprecated for a decade before support being ended is pretty amazing for free community-provided support, to be honest.

                                                                                                            1. 2

                                                                                                              Page doesn’t load without javascript enabled it seems.

                                                                                                              1. 4

                                                                                                                A website that looks like it was made in the early 90s that somehow requires 3.8MiB of Javascript, including 1.1MiB for ‘fontawesome-all.min.js’ for a website that I would have guessed was using the default font with no CSS. Astonishing.

                                                                                                                1. 4

                                                                                                                  Fixed. There’s a noscript tag with a link to the source.

                                                                                                                  As far as the javascript, I spent time minimizing page load, which included dumping all of the js into one file which should be cached once for the site and never reloaded. The actual amount loaded on subsequent visits should be pretty near the size of the content.

                                                                                                                  I also stripped out everything but about 3 style rules, although I accidentally left in the font-awesome link. Nice catch. This is because when a lot of formatting was in the page, people complained about too much styling. This, I suppose, is what I get from listening to coders complain about things. I have learned.

                                                                                                                  I’m sticking with minimalist content and optimized page load. Sure sucks to have your chops busted by people you agree with, though.

                                                                                                              1. 49

                                                                                                                Kind of annoying that you have to read thru a third of the article to get to the important part:

                                                                                                                Is Flow open source?

                                                                                                                No. […]

                                                                                                                1. 19

                                                                                                                  It is this part of the answer that I find more interesting: “There’s no current plan for that as we don’t have a large corporation backing our development. “

                                                                                                                  It just makes me sad. Open source was supposed to destroy the corporations, not empower them! It was to bring freedom to the development world, not leave it at the mercy of big money operators.

                                                                                                                  Nothing new, no big comment. Just lamenting :( (though the khtml legacy may be interesting - and it is LGPL… perhaps we have that to thank for the openness we do still have at least)

                                                                                                                  BTW I also hate the name “Flow”. Gah I can’t wait for this era of names to come to an end.

                                                                                                                  1. 14

                                                                                                                    Open source was supposed to destroy the corporations, not empower them!

                                                                                                                    Was it? I always thought that free software was about empowering the users — raising then up, not dragging anyone down.

                                                                                                                    1. 9

                                                                                                                      Open source has always been about empowering the corporations from the beginning, and free software has always been about preventing corporations from exploiting users, which under the current capitalist system amounts to destroying or crippling them.

                                                                                                                      1. 1

                                                                                                                        yeah i was being kinda loose to fit the star wars meme.

                                                                                                                        But open source is basically corporations taking over the free software idea and twisting it for their own benefit. So I should have said “free software” of course but eh the article said “open source”.

                                                                                                                      2. 10

                                                                                                                        This is a weird attitude. I’m all for open source and have been working on open source full time for several years.

                                                                                                                        But just because someone starts an important/interesting project doesn’t mean anyone should demand it be open source.

                                                                                                                        The obvious response is: Start your own open source browser project, and recruit or pay the 100+ developers it will take over decades! If it were easy or cheap, we’d see a lot more of these types of projects.

                                                                                                                        1. 5

                                                                                                                          I don’t demand it, I just would prefer not to run some person’s code nobody can read.

                                                                                                                        2. 8
                                                                                                                          1. 4

                                                                                                                            It is this part of the answer that I find more interesting: “There’s no current plan for that as we don’t have a large corporation backing our development. “

                                                                                                                            Well, imagine they release it today: people will report issues, create PRs, ask for features, etc.

                                                                                                                            Responding to that in a vaguely timely fashion takes up a lot of time. If you’re a small company, you may not want to spend the time/money.

                                                                                                                            1. 15

                                                                                                                              You don’t have to have an issue tracker, or forums, or accept contributions, or even have source control.

                                                                                                                              It’s open source if you dump a tarball once per release.

                                                                                                                              1. 7

                                                                                                                                I’ve worked on open source without a public bugtracker. We were flamed for that. “Not really open source” etc.

                                                                                                                              2. 5

                                                                                                                                More than that, they want to sell it.

                                                                                                                                1. 2

                                                                                                                                  I would like Flow to be open source, but I don’t care enough to do anything about it. If I really wanted to make it happen, here’s how I’d go about it:

                                                                                                                                  1. Find enough developers who will commit to maintaining it properly
                                                                                                                                  2. Approach Ekioh and ask them to make a deal
                                                                                                                                    • They would benefit from additional contributors without paying maintenance costs
                                                                                                                                    • They will probably want some cash too
                                                                                                                                  3. Crowdfund to raise the cash

                                                                                                                                  That’s pretty simplistic, I realize. But my point is just that license problems are business problems, and can sometimes be solved.

                                                                                                                                2. 4

                                                                                                                                  I think it’s honestly a misdirection. There have been plenty of good open source projects with small businesses behind them. It’s like saying “Oh I can’t do the dishes tonight because I don’t have large corporation backing”.

                                                                                                                                  1. 12

                                                                                                                                    I’ve worked at one of those (one of the first to do it) and when I read that sentence it, I just nodded. “Yeah, can understand that.” What they mean is probably that they need income, every month, and they’re worried that by opening the source their existing business model is at risk and they don’t have an obvious replacement.

                                                                                                                                    The worst case is roughly: zero outside contributions, a wide user base that pays nothing and expects much, the user base does not contain prospective customers, and too many of the existing customers decide to stop paying and just use the free offering. With skill and luck it’s possible to devise a new business model and sales funnel that uses the width of the user base, but doing that takes time, and without a corporation backing it, how does one keep the lights on meanwhile?

                                                                                                                                    1. 4

                                                                                                                                      What they’re really saying is they don’t have the skill or finesse to pull it off. That’s fine, however plenty of small businesses have made great profits while open sourcing their products. You don’t “need” corporate backing, and I’d argue if anything it’s an obstacle rather than a benefit.

                                                                                                                                      1. 10

                                                                                                                                        The skill and finesse to pull it off is considerable, IMO it can be regarded as infinite unless you have two more things:

                                                                                                                                        • skill and finesse
                                                                                                                                        • luck
                                                                                                                                        • funds to last you through a period without income.

                                                                                                                                        Skill alone isn’t enough.

                                                                                                                                        A “large corporation” in this context is simply one that’s large enough to have one or more sources of income unaffected by the product being developed, and whose other income is large enough to carry a team through the product development phase.

                                                                                                                                        (I’ve worked at three small opensource companies and spoken to my counterparts at others.)

                                                                                                                                        1. 1

                                                                                                                                          Not saying your concern is entirely invalid, I think those things DO matter. I just also think the reality is probably somewhere between “It can’t be done” and “It’s trivial to do”. The idea that you can’t run an OSS business without backing by a major corporation is probably untrue. The idea that you can run an OSS business without capital, luck, or skill is probably also untrue. I personally found it upsetting that he was attempting to put it all on a lack of corporate backing instead of just saying it was a strategic decision to keep an edge on competition or something. I often find when people deflect blame on to things they can’t control they are often trying to sidestep the extent they do have responsibility or control over the situation.

                                                                                                                                        2. 5

                                                                                                                                          What fields were they operating in? Are they still prominent or even around? Were they ever prominent?

                                                                                                                                          Where did they get money? Corporate customers, side gigs or a big inheritance? Did they detour from their core paying business to do open source?

                                                                                                                                          How long did it take for them to become sustainable? Did they?

                                                                                                                                          What’s the proportion of “plenty” in comparison to the competition that didn’t make it? To the corporate-backed competition? To the competition that’s still around with the same premises?

                                                                                                                                          Not to come off as too much of a duck here, but all these questions are very important when saying someones have generally made money. Surely the response might warrant more of a study than a reply, but seeing how under-staffed and -paid open source is, I’m a bit triggered by negating legit concerns with “others done it”.

                                                                                                                                          1. 2

                                                                                                                                            I’m a bit triggered by negating legit courses of action with “it can’t be done”, so… I doubt we’ll have a tremendously productive discussion. I think your questions around it are fair and reasonable but I think our stances and positions are too far apart to find the center in the comment thread. I’m not really interested in debating this out however I do appreciate that you took the time to come up with good challenges to my point.

                                                                                                                                    2. 1

                                                                                                                                      I’m curious about the name. What would have been your choice?

                                                                                                                                      1. 2

                                                                                                                                        Seeing as the company is named Ekioh, perhaps “Ekioh Browser Engine”, EkEng or EBE for short, or maybe a four letter word that isn’t already used by multiple software projects

                                                                                                                                        1. 2

                                                                                                                                          I probably would go Ekioh Browser - descriptive yet unique by including the existing company name. There’s just a trend right now to use fairly short, generic names. I imagine the marketers are like “we want to evoke a feeling” but I just want some decent idea of what it is and how it is distinct.

                                                                                                                                      2. 17

                                                                                                                                        Does the fact that the browser is not open-source mean that it is not bringing diversity to the market? I’d argue that browser diversity was in a healthier state when Opera had a proprietary engine than it is now that Opera uses Chromium and Blink.

                                                                                                                                        Don’t get me wrong, I’d much rather see this be open-source, but I don’t think the fact it’s closed source means it’s irrelevant.

                                                                                                                                        1. 40

                                                                                                                                          one thing to keep in mind is that privately controlled web engines can disappear without leaving a base for a community to develop, as with presto.

                                                                                                                                          1. 9

                                                                                                                                            That’s a fair argument.

                                                                                                                                            1. 3

                                                                                                                                              Open source software can disappear, too, when the entire development team goes away.

                                                                                                                                              I’m not aware of any open source that was

                                                                                                                                              • developed by a smallish company
                                                                                                                                              • opened
                                                                                                                                              • received substantial contributions from outside

                                                                                                                                              AFAICT, if something comes from a company and isn’t an obvious non-product like e.g. lepton, then outsiders regard it as that company’s product, and don’t spend their time developing that company’s product for free. A community does not develop.

                                                                                                                                              I’d be thrilled to learn otherwise. Particularly how small companies might get others to develop their product for them.

                                                                                                                                              1. 2

                                                                                                                                                IIRC even the Mozilla codebase languished for quite a while, long enough for the company to go under before it got really picked up by a community. It was a last-ditch desperate effort, but still…

                                                                                                                                                1. 2

                                                                                                                                                  Doesn’t Netscape/Mozilla/Firefox fit your criteria? Plan 9 also comes to mind.

                                                                                                                                                  1. 2

                                                                                                                                                    Wasn’t Plan 9 a Bell labs thing? That is to say, unless I misunderstand what you mean by “Plan 9” it was produced by one of the largest, most famous monopolies in US history. Or pretty much the opposite of a smallish company.

                                                                                                                                                    I would not call Netscape or AOL (depending on who you want to attribute the open source release to) smallish either… if memory serves they were worth $10 Billion or so at their peak. But that pales in comparison to Bell.

                                                                                                                                                    1. 2

                                                                                                                                                      Right. (The $10B is irrelevant IMO, the relevant number is about $2B according to Wikipedia.)

                                                                                                                                                      So from the point of view of the Flow people who might be considering going an open source route, there’s a distinct shortage of examples to learn from. A $2B company whose CEO regards as an “amalgamation of products and services” is hardly relevant.

                                                                                                                                                      Mozilla was founded with a ten-digit endowment from AOL. Fine for the users, but it makes Mozilla irrelevant as a case to learn from for teams without such fortune.

                                                                                                                                                      1. 1

                                                                                                                                                        (I was assuming that the poster I replied to was sincerely arguing that Netscape or Plan 9 would count as something from a small-ish company. If my sarcasm detector was miscalibrated, mea culpa.)

                                                                                                                                                        This is perhaps the only case in the world where I’d call a difference of $8B “splitting hairs” :)… I’m no more prepared to argue that a $2B company is small than I am to argue that a $10B company is.

                                                                                                                                                        1. 1

                                                                                                                                                          No, your rant detector was miscalibrated.

                                                                                                                                                          Some of these pseudo-arguments annoy me so very much. I wish opensource advocates would use real arguments, not shams that look good at first glance, but make open source look bad in the eyes of developers/teams that are considering going open source. 39 upvotes for something that silently implies that open source can’t/won’t disappear means 39 people who aren’t thinking as carefully as I wish opensource people would. It gets to me and I start posting rants instead of staying properly on-topic. Sorry about that.

                                                                                                                                                          1. 1

                                                                                                                                                            sorry; i missed that you asked about “smallish” companies and i misunderstood the thrust of your argument. i guess you were arguing that it would be a risk for flow to open source their browser? i don’t disagree, but that’s different from the question of how much we should care about or support this effort, as people who care about browser diversity.

                                                                                                                                                            are you trying to argue that free software can disappear without leaving a base for a community to develop? what line of careful thinking would lead you to that conclusion?

                                                                                                                                                            1. 2

                                                                                                                                                              The careful thinking is based on two things.

                                                                                                                                                              First, an observation that the number of outside committers to a conpany’s product is extremely small. People don’t choose to use their own time to work on someone’s product — they find something else to work on. Because of that, the development team for any opensource product is overwhelmingly in-company.

                                                                                                                                                              Second, source access is necessary but not sufficient for good software development. Much of what makes development practical is in the team. It’s drastically easier to develop software (both fixing bugs and developing new features) if you can speak to the people who’ve worked on it so far, ask questions, get answers.

                                                                                                                                                              Both of those are rules of thumb, not laws of physics. If you however assume both to be absolutely true, then there’s no difference between a single-product closed-source company doing an opensource dump when it’s acquihired and an opensource company with a single opensource product. If you (more realistically) assume both things to be true with exceptions, then the difference is as large as the exceptions permit.

                                                                                                                                                              You may compare threee scenarios for product/team/company closure, whether it’s an acquihire, bankruptcy, pivot or even things like the whole team going on a teambuilding exercise on a boat, and the boat sinking:

                                                                                                                                                              • Open source company closes (any reason): New team may form from volunteers, continuity is lost.

                                                                                                                                                              • Closed source company closes, dumps source on github: New team may form from volunteers, continuity is lost.

                                                                                                                                                              • Closed source company closes, does not dump source on github: End of story.

                                                                                                                                                              Ie. open source has advantages and some of them are IMO significant, but safety or continuity in the event of the team going away isn’t one of them. “Safety” and “continuity” are big words. A new team may spontaneously form, but that’s far from automatic, so there’s no safety, and and if it does form it hardly provides continuity.

                                                                                                                                                              1. 1

                                                                                                                                                                that all makes sense, and does not contradict the fact that open source products provide a base for community development, even if the base is just a source code dump. there may be a continuity barrier, but it can be overcome.

                                                                                                                                                                for a browser engine, it makes a difference whether it is released like gecko, allowing forks and community development, or released like presto, where a pivot by a private company ends the possibility of further development.

                                                                                                                                                                hopefully you see now that my argument was real and not a sham, and your wish for open source advocates to think carefully is fulfilled.

                                                                                                                                                                1. 1

                                                                                                                                                                  Well, it provides a base in almost exactly the same way as, say, Mitro’s code dump did when it was acquired. Mitro could have opened the source earlier (it actually did so on the day as part of its acquihiring process), and I don’t see any reason why an earlier open source process would have provided more of a base.

                                                                                                                                                                  1. 1

                                                                                                                                                                    sure, but before a company does a code dump there is no assurance that they will if the company pivots or goes bust.

                                                                                                                                                                    1. 2

                                                                                                                                                                      True. However, do you think that’s a major aspect of uncertainty? I think the users you have in mind aren’t paying customers, right? Someone who isn’t a paying customer (who has no contractual relationship with the maintainers) can hope for continued development, support, years of unpaid service, but only hope, no more. There’s no assurance of bugfixes, of new features, of a port to the next OS version, of compliance with next years’s laws or the ability to read next year’s Microsoft Word files, or that the next version will be open source.

                                                                                                                                                                      It’s just one more item on the list of hopes.

                                                                                                                                                                      You’ve probably heard stories about companies who implement major new features and then leave them out of the open source tree? I heard about someone who did that with Catalina support recently. It was a tool often used by system integrators, can’t remember the name, but it’s said to be the only open alternative in its niche. For these system integrators, open source was basically a free trial. Once they had invested in that tool, deployed it widely, their customers upgraded to Catalina and they needed to react in a hurry.

                                                                                                                                                                      1. 1

                                                                                                                                                                        True. However, do you think that’s a major aspect of uncertainty? I think the users you have in mind aren’t paying customers, right? Someone who isn’t a paying customer (who has no contractual relationship with the maintainers) can hope for continued development, support, years of unpaid service, but only hope, no more. There’s no assurance of bugfixes, of new features, of a port to the next OS version, of compliance with next years’s laws or the ability to read next year’s Microsoft Word files, or that the next version will be open source.

                                                                                                                                                                        the same applies to proprietary projects so i’m not sure what you’re getting at.

                                                                                                                                                                        are you saying even corporate-led open source projects don’t provide a guarantee that the project will continue to be open source? that’s fine but again doesn’t contradict anything i’ve said. it’s still better than proprietary from the perspective of browser diversity because the latest open source release would still provide a base for community development.

                                                                                                                                                      2. 1

                                                                                                                                                        i must have missed the word “smallish,” whoops

                                                                                                                                                2. 2

                                                                                                                                                  Even Internet Explorer, shitty as it was, using its own engine made the web more diverse and forced developers to at least keep some semblance of portability. With the arrival of Edge, they also went the Blink/Webkit path.

                                                                                                                                                  There are basically only two (or three, if you count Blink and Webkit as distinct) rendering engines left which matter. That’s truly sad.

                                                                                                                                                  So yes, seeing a new browser emerge is actually something that I find hopeful.

                                                                                                                                                  1. 2

                                                                                                                                                    With the arrival of Edge, they also went the Blink/Webkit path.

                                                                                                                                                    They did not do that with the arrival of Edge. They started Edge on its own engine and only just recently released a blink-based version.

                                                                                                                                                    IE may have initially encouraged some portability, but its net effect was quite the opposite. There were a lot of IE-only products by the time we saw version 6 or so.

                                                                                                                                                    1. 2

                                                                                                                                                      IE may have initially encouraged some portability, but its net effect was quite the opposite. There were a lot of IE-only products by the time we saw version 6 or so.

                                                                                                                                                      That was when IE had “won” the browser wars and had added nonstandard features which other browsers didn’t support. Once they’d killed off Netscape people didn’t have any incentive to run other browsers, and those extra features got used by developers, entrenching it further because of these IE-only products you mention.

                                                                                                                                                3. 6

                                                                                                                                                  This is the only thing I was looking for too. Not sure how Flow is supposed to solve any of the problems posed by a lack of browser diversity if it isn’t open source.

                                                                                                                                                  1. 11

                                                                                                                                                    Any alternative implementation of web technologies that isn’t WebKit gaining a non-trivial market share is a positive for those of us concerned about browser diversity, regardless of whether that implementation is open-source or not.

                                                                                                                                                    1. 1

                                                                                                                                                      Android might be a point, but without Windows it will not get a non-trivial market share.

                                                                                                                                                  2. 3

                                                                                                                                                    Thank you, thats one of the first items I check

                                                                                                                                                    1. 4

                                                                                                                                                      Can you come up with a better way to sustain its development than “people paying for it”? Unfortunately, free software isn’t free to develop.

                                                                                                                                                      1. 1

                                                                                                                                                        I’m not complaining that they’re charging for it; I just wish the article was up-front about the licensing at the outset so I would know not to waste my time on it.

                                                                                                                                                    1. 12

                                                                                                                                                      https://tilde.team/~stilbruch/index.html - everything is static and (mostly) done by hand. someday I’ll write something to convert it to gopher

                                                                                                                                                      1. 4

                                                                                                                                                        I love the color-schemes, how do you pick them?

                                                                                                                                                        1. 3

                                                                                                                                                          Oh, the whole tildeverse is crazy fun in that regard. Check out some of the examples on tilde.town.

                                                                                                                                                      1. 2

                                                                                                                                                        Anyone know how to run this on my Desktop without installing Android Studio? I am not too familiar with how Android applications are structured.

                                                                                                                                                        1. 3

                                                                                                                                                          Reading https://github.com/yairm210/UnCiv#is-there-a-desktop-version it sounds like you don’t need Android Studio at all to just play the game

                                                                                                                                                          1. 2

                                                                                                                                                            Yup, I grabbed the jar from the releases and it worked out of the box with java -jar Unciv.jar.

                                                                                                                                                        1. 11

                                                                                                                                                          I run unbound and a three line bash cron-job to do the same thing. No complex untrusted install scripts, no web interface (why would you need one?) I have a recursive resolver instead of having to send everything to goog or cloudflare etc. I am pretty happy with it.

                                                                                                                                                          1. 11

                                                                                                                                                            why would you need one?

                                                                                                                                                            1. Graphs and other visualizations without having to write the software to process logs yourself. I use the graphs to identify devices that are accessing domains excessively and block that domain if I don’t like the behavior. I’ve done that several times in the last couple of years that I’ve been using Pihole.
                                                                                                                                                            2. Allowing other users without command line confidence in the home to block domains or temporarily or permanently allow domains.
                                                                                                                                                            3. Quicker temporary disabling of Pihole if I hit a strange domain behavior. There’s one site one of my family members uses frequently and I use infrequently that is poorly written and requires JS loads from a bunch of blocked domains in order to work. It’s easier for both of us to load Pihole in the browser and click “disable for 30 seconds” just long enough to get past the broken page. There are no alternatives to this site.
                                                                                                                                                            4. I’ve got seven blocklist sources. I could write something to handle pulling from each of these on their own schedules but Pihole covers that for me. I need only add a URL once in a while.
                                                                                                                                                            5. One less system to manage. I need only keep the Pi-powered and remember to run pihole -up once every couple of weeks. I’ve not touched the base installation in forever.

                                                                                                                                                            The big ones are any time a non-technical user has to use it. I’ve not set up Pihole at the coworking space I run only because having to log-in and temporarily disable it is still a PITA for some people.

                                                                                                                                                            1. 4

                                                                                                                                                              And what is that three line base cron-job? If there is a simple solution out there I’d love to use it.

                                                                                                                                                              1. 15

                                                                                                                                                                cat /etc/cron.weekly/ad-block

                                                                                                                                                                #!/bin/bash
                                                                                                                                                                set -e
                                                                                                                                                                
                                                                                                                                                                curl -s http://sbc.io/hosts/hosts | grep '^0.0.0.0' | awk '{printf "local-zone: \"%s\" refuse \n", $2}' > /etc/unbound/unbound.conf.d/adblock.conf
                                                                                                                                                                
                                                                                                                                                                service unbound reload
                                                                                                                                                                
                                                                                                                                                                  1. 1

                                                                                                                                                                    Oh nice

                                                                                                                                                                  2. 3

                                                                                                                                                                    Is there any particular reason you chose sbc.io instead of others, e.g. pgl.yoyo.org?

                                                                                                                                                                    1. 4

                                                                                                                                                                      It is a port of a previous dnsmaq setup I had for a while. I do not really remember why I chose that back then. Works pretty good given how little time it took to set up..

                                                                                                                                                                    2. 3

                                                                                                                                                                      If the hosting of that file ever throws a bad response you may break unbound. The reload might harmlessly fail but the next boot will fail to start unbound.

                                                                                                                                                                      Add some error handling to wipe the file if the reload throws a non-zero exit code

                                                                                                                                                                  3. 2

                                                                                                                                                                    I have a recursive resolver

                                                                                                                                                                    So this queries the root servers directly? I considered doing this with my unbound setup, but my ISP seems to like to poison/hijack DNS, and I couldn’t figure out a way to have this while also having something like DNS over TLS to keep them out.

                                                                                                                                                                    1. 5

                                                                                                                                                                      yes, I use the root.hints from here: https://www.iana.org/domains/root/files

                                                                                                                                                                  1. 1

                                                                                                                                                                    I would love to see this expanded to some more browsers such as surf, quotebrowser, and icefox. Browsers are one of the most frequently used peices of software, it’s a shame we have so few options.

                                                                                                                                                                    1. 2

                                                                                                                                                                      We don’t even have a good selection of browser engines anymore. I’d love to see NetSurf be a bigger thing outside RISCOS, for example, but try getting your grandma to use a browser that can’t access Faceblech.