1. 17

    are there any explicit diversity / equity / inclusion goals here?

    1. 42

      I hope gender, skin color, sexual preference, etc have absolutely no bearing on who is/isn’t a mod here.

      1. 28

        I believe the only strong selection bias is towards masochism.

        1. 12

          Are you not fully aware by this point of the bias that occurs when inclusion isn’t a priority? Being “neutral” in this way generally ends up creating groups with homogeneous gender, skin color and sexual preference.

          1. 22

            how do you even know these things here? Most people have a nick and an auto-generated avatar picture. Nowhere have we ever given the site any information about age, race, color whatever. I could be a sentient goldfish and it should not matter really

            1. 11

              This is hyperbole. As long as the moderator is good it doesn’t matter who they are.

          2. 6

            We don’t have a demographic view of the site to compare against and have generally avoided collecting personal information, so I don’t have a goal along these lines. Looking at my inbox and following some homepage links I can see that this process will met the Rooney rule.

            1. 14

              whoa, someone down voted me for trolling because I asked about DEI criteria? in 2021?

              This is, um, not making a good first impression on this new lobster.

              1. 9

                This is pretty typical, sadly.

                1. 7

                  Asking about goals didn’t seem like a troll to me. That said, people have certainly used that topic as bait here and elsewhere before.

                  Acting surprised and complaining about downvotes after seeing the answers other commenters gave you seems quite a bit more troll-y.

                  1. 5

                    If there’s an audience around to make that topic work as troll bait, well, there’s our problem.

                    1.  

                      There are different kinds of trolls. What they have in common is that they aim to derail discussions. Leaving aside meta discussions like this one, in almost every discussion on this site, business, hiring practices and the like are explicitly off-topic.

                      But there are some people who especially like to discuss those topics anyway and will cheerfully derail a discussion about computing with just a little prompting like that. So one good way to derail a discussion is to talk about some aspect of hiring practices or business dealings.

                      Discussing US partisan politics would be similarly effective, but that tends to get shut down quicker, so the trolls try to be a bit more subtle.

                      The fact that people are sometimes too easily nudged off topic seems to be a relatively minor problem. But it probably makes people quicker to flag something like OP’s question even in a thread where it’s more topical. Not sure I’d say “well, there’s our problem” about that :)

                  2. 6

                    You touched a nerve. I became the fifth-most-flagged contributor recently under similar circumstances; this single thread did it. It is difficult for folks to look in the mirror, and anything which requires enough reflection will naturally gather downvotes.

                    Don’t worry about it. Focus on being the best contributor that you can be, and you’ll do great.

                1. 5

                  These posts are great.

                  Do you have a background in Smalltalk and/or Squeak? Squeak of course has a version of morphic which John Maloney did after the Self one. It has some improvements but personally I think it struggled a bit to be as dynamic as the Self version. (It’s interesting though that it has had staying power - both Pharo and Squeak have tried to get away from it for many years without managing to come up with something better)

                  Just as some random thoughts: I’m not sure that the best way of programming morphs has yet arisen. Morphic is in a sense an attempt to collapse the MVC hierarchy in order to achieve better flexibility and directness. As such it doesn’t force you to split your model and view (or controller) in any particular way but lets you do it as you see fit. This means that a calculator morph can work just fine without a separate model which is one reason why your morph is so conceptually simple.

                  For people reading along I’d recommend:

                  1. 4

                    Thanks for following my posts, it means a lot to me.

                    Do you have a background in Smalltalk and/or Squeak?

                    Not at all, Self was my first “true OO” language.

                    Squeak of course has a version of morphic which John Maloney did after the Self version.

                    That’s quite interesting! I don’t really know the history of Self’s evolution, but this definitely got me interested.

                    both Pharo and Squak have tried to get away from it for many years

                    Do you mean to say that Pharo is using a version of Morphic right now?

                    I’m not sure that the best way of programming morphs has yet arisen.

                    I’m open to new ideas. In my first post I mentioned that I would be working on my own implementation of Self (for fun) and I’d like to incorporate the knowledge of the past 20 years into the programming environment.

                    it doesn’t force you to split your model and view (or controller) in any particular way

                    I have noticed that indeed. I wonder how a MVC styled use of Morphic would look like (perhaps as the topic of a future article)?

                    1.  

                      Pharo is using a version of morphic now. If you look at a Pharo image you can see the morph class etc. Pharo’s Morphic compared to Self’s is much more complex for a bunch of historical reasons, and they have tended to try to deal with the complexity by creating various layers on top of it. I haven’t looked at it for ages, but I think the current recommended layer is called Spec. Morphic is still underneath, but the idea is Spec provides a more familiar MVC interface to it.

                      If you want to look at a Morphic done well in Smalltalk, I think Cuis would be the place to look. Cuis is another fork of Squeak like Pharo, but the author has focussed on trying to make a small clean codebase with a cleaned up version of Squeak’s Morphic: https://github.com/Cuis-Smalltalk/Cuis-Smalltalk-Dev

                      I’m very interested that you have come to Self straight and not through Smalltalk as that’s the way I’ve seen other people come.

                      Also looking forward to your implementation of Self :)

                    2.  

                      There was an observation from the folks behind the Apple Newton that’s stuck with me:

                      You typically have many instances of model objects of the exact same structure. You typically have a single instance of a view, tailored to how it connects to the data and to the rest of the UI (controllers / view-models are ways of factoring that code out from the view). Class-based OO works very well for model objects (unsurprising given Simula’s influence in the design of those abstractions) whereas prototype-based OO works much better for view objects. I’ve not seen any other system that acknowledges this and takes proper advantage of it by design but an increasing number of HTML+JavaScript for the UI, something else for the back end, systems seem to be converging on these ideas accidentally.

                    1. 5

                      The last straw for me for firefox was its auto update policy. It renders itself unusable (can’t open any new tabs) until you shut it down and restart, which is unbelievably user-unfriendly.

                      1. 2

                        That never happened to me ever. Strange.

                        1. 1

                          It depends on what package manager you used to install Firefox. If you installed it on Windows or Mac, or if you use a Portable install of Firefox on Linux, then the update will be installed only when Firefox is restarted, and the problem will be avoided.

                          If you’re managing your Firefox install using RPM or DPKG, then it doesn’t get to delay the update like that.

                          Source: I run Linux Mint, and use both their stock Firefox version and Tor Browser (which is effectively a portable Firefox install). I used to run Windows, which uses the same tactic.

                          1.  

                            But it’s not like that for me (on Windows, Mac and Ubuntu) , as I never got forced to update.

                        2. 2

                          This is probably because of Electrolysis and the contentprocess system. Because Firefox runs separate processes to contain the Javascript VM, if you update while Firefox is running and it has to start a new content process it might cause broken behavior due to version incompatibilities. Does Chrome not experience this?

                          1. 1

                            Chrome doesn’t; I think it keeps a copy of the old version until you restart.

                        1. 12

                          Here’s something I don’t understand. Microsoft in the late 90s was hit with an antitrust lawsuit after they bundled Internet Explorer with Windows and made it un-removable. Now, Google is doing the same, with most Android devices coming with an un-installable (AFAIK not even the “Disable” button works) Chrome browser, and their Chromebooks also come with pre-installed Chrome. How does this not cause an antitrust violation, considering a majority of the world runs Android (even if not Chromebook)?

                          1. 10

                            I feel like we’ve been in a long period where antitrust laws have been fairly toothless. However, there are also some differences.

                            I wasn’t around at the time, but my understanding is that basically the entire world of computing was using Windows. Today, a normal person might realistically access the web from their iPhone, or their Android phone, or their Windows computer, or their Apple computer, or their Chromebook. That’s a very different world from the one where every person realistically only could access the web from their Windows computer. We’re in a world where Chrome is in a privileged position on Android/ChromeOS, Safari is in a privileged position on iOS/macOS, and Edge is in a privileged position Windows, compared to the world where IE was in a privileged position on essentially every computing device.

                            1. 7

                              Back when I started to use Unix around the turn of the millennium it was a very different world indeed. Apple was as niche as “Linux on the desktop” is today, there were no other platforms, and Microsoft was the God Emperor Company when it came to desktop software.

                              Being sent a .doc was file a serious problem. You could kind-of open them in OpenOffice.org, but not really. There were some CLI tools as well (e.g. antiword) but they just dumped the text and everything lost was lost. Saving .doc files was possible, but expecting someone in Microsoft Word to view the document in the same way as you saved it was a leap of faith.

                              Making a site look great on both IE and Firefox was a real mission as they used different box models; the IE one made a lot more sense (and is also what everyone is using now box-sizing: border-box) but it wasn’t “according to the spec” and the Mozilla people stuck to their guns on this, a mistake IMO as it was far easier to just make CSS 2.3 to change this; it would saved untold hours of web dev work and made the spec better, as it’s just a better model. But ah well.

                              As much as people love to complain about Chrome now, the entire situation is a lot better. I rarely have issues in Firefox, and if I make something I tend to just test it in Firefox and then Chrome “just to be sure”, but it almost always just works well. Problems with .doc file formats and whatnot are mostly gone.

                              This doesn’t mean it’s all perfect or that we haven’t gotten new problems in return; I kind of resent that I need to own an Android or iOS device just to use WhatsApp for example, and that not using it can be quite debilitating. But overall, yeah, the “Chrome problem” is much less severe than the “IE problem” of 20 years ago.

                              1. 4

                                Disclaimer: I’m a Microsoft employee, but wasn’t during the antitrust trial.

                                It’s true that back in 1997 the market share of Windows was much higher than now, and that antitrust is really concerned with regulating monopolies. But note the antitrust trial was launched as a result of bundling IE with Windows, and in the end after the settlement, IE was still bundled with Windows.

                                Imagine an alternate universe where this didn’t happen. If Microsoft weren’t allowed to bundle IE with Windows, how would it have influenced Apple or Google’s behavior? Then again, if platforms didn’t bundle browsers, what would the user experience be today? I think part of the answer would be “we’d run a lot more native applications.”

                                1. 2

                                  I think you are right. Sadly the main difference between them is in which stocks revenues go to. Otherwise, despite all of the marketing, fanoboyism, etc. they are still acting largely the same on both platforms. They essentially work the same, you need to have an account by them, you cannot use the device as intended without an account, you have to pay them loads of money to get access to their customers.

                                  And there is essentially no competition. Furthermore this is slowly being set into stone, as for example European laws require one to use 2FA for money transfers/banking, and that 2FA in the majority of cases means you have to use an app provided by the bank, which means if you want to even have the slightest chance to compete you need to make all these banks develop an app, which is a chicken and egg problem, where big enough user bases won’t happen unless you have support for apps and vice versa. Banking apps just being one example.

                                  I don’t think there are many ways out. Maybe something like forcing them to support let’s say WASM (or any kind of standard) there is little chance to get out of that. Even if you were had one of the biggest companies and that somehow became your major plan I imagine it would be very hard to break into the market without basing off open source Android for example. In other words you won’t achieve this with innovation alone.

                              1. 5

                                Great article, I’m loving seeing more articles on Self. For those wanting to see a video of using the transporter, I have a short demonstration here.

                                I find the transporter and module system takes quite a bit of getting used to. There’s a lot of moving parts and it’s easy to mess up. But it is nice to be able to export Self code to files where they can be stored in a standard version control system. I do resort to grepping the Self code sometimes despite the good graphical tools to find things.

                                1. 2

                                  Thank you! The video is great as well.

                                  I find the transporter and module system takes a quite a bit of getting used to.

                                  It’s definitely a different paradigm indeed. It’s quite different from other languages where you write the code first and it’s converted to the in-language structure later. Plus, the information you have to supply via annotations is kind of counter-intuitive at first, but I get why they are there. I hope we can figure out a better implementation for those.

                                  I do resort to grepping the Self code sometimes despite the good graphical tools to find things.

                                  Can you give an example? So far I haven’t felt the need to do this, because you can usually use the Find Slot... tool to find whatever you need in an object quite easily (though some slots are named… oddly. Looking at you traits string shrinkwrapped).

                                  1. 1

                                    I mostly don’t need to grep Self code, but having the text was very useful a while back when I did a full reorganisation of the categories in globals. It was too invasive to do in a live image with the standard tools - even a Self world can’t keep running if the collections prototypes flicker in and out of existence :)

                                    It was very useful to be able to do regex replaces on the .self files before building a new Self image.

                                1. 6

                                  I am done with the second article about Self, currently working on the third, this one about the Morphic UI toolkit. Sneak peek!

                                  1. 1

                                    Another great (!) article from the StackOverflow blog, who have previously also talked about editors and presented Vim and Emacs as unusable. The solution to sharding is not to introduce a datastore which doesn’t have a proper schema and any sort of relation, it is fixing the existing databases. The lack of a schema is listed as a good thing, but it becomes a nightmare if you have an existing application. Adding new things to the application that can use non-existent keys means either adding doc.value || "" everywhere, or re-implementing what SQL does for you with default values anyway. Additionally, as the article mentions, lack of joins means that you will have to embed related data within the row, which leads to duplication and bloated stores. Now, I completely agree with the sentiment that creating indexes is hard and it’s hard to properly optimize a database, but that doesn’t mean we should just throw our hands up in the air and just embed related data in each row (duplicating it in the process).

                                    1. 2

                                      Another great (!) article from the StackOverflow blog, who have previously also talked about editors and presented Vim and Emacs as unusable.

                                      That article was particularly terrible. Citing it as support for this one doesn’t really bolster any confidence in me that this one is any good.

                                      1. 2

                                        To clarify, this article doesn’t cite that one, it’s just by the same authors.

                                    1. 9

                                      I have to say this is one of these lobsters links and comments where I discover something completely new, that opens perspectives. Lately they have been rare for me, so this post is even more valuable.

                                      1. 8

                                        Self is very significant. Historically it was extremely influential even though it wasn’t widely used — sort of like the Velvet Underground whom “nobody listened to, but everyone who did started a band.”

                                        • It pioneered prototypes in OOP, later adopted of course by JavaScript.
                                        • The extremely dynamic nature of the language appeared to make it inefficient, but the JIT compiler introduced features like monomorphization and dynamic recompiling that made it much faster than it had any right to be. After Self’s creators moved to Sun, they applied those same techniques to the HotSpot JVM, and of course all modern JavaScript VMs use them.
                                        • The oddball visual environment was AFAIK the first GUI to apply techniques from the animation world, like distorting objects to emphasize the sense of motion. Later on these were adopted in systems like the iOS UI.
                                        1. 4

                                          The people who created the V8 JavaScript VM at Google as well as Urs Holzle (first Google Fellow)… actually worked on the Self project.

                                          Dave Ungar was most recently working on Swift at Apple. I don’t recall him saying anything about pushing for the kind of dynamism that self had into the Swift runtime. I think he was more interested in the IDE experience. Things like Swift playground.

                                        2. 4
                                          1. 1

                                            This is really nice, you explained some points better than I did.

                                        1. 24

                                          This is very nice write up, thanks. What are you running Self on?

                                          I guess I’m the de facto Self maintainer the moment, so happy to answer questions if anyone has any.

                                          1. 8

                                            Wow, it is amazing to see you here! I am running it on Debian GNU/Linux. I hope that with these posts I can at least get a few more people interested in the language.

                                            1. 2

                                              Thanks for all you do!

                                              Is there a particular sort of problem that makes you reach for Self? Or an area you’d like Self to be a preferred tool?

                                              I’ve been interested in GlamourousToolkit and try to check in on Newspeak (Gilad Bracha says it draws lots of inspiration from Self), any thoughts on how Self interacts with/is used by other kinds of programs?

                                            1. 6

                                              I will be publishing a few more posts about Self, notably about the module system and the UI framework Morphic. It might annoy people who are not interested, so maybe it would be good to add a “self” tag.

                                              1. 5

                                                Thanks for your post, I will gladly read the follow-ups.

                                                If you’re going to publish often and are afraid some people might get annoyed, my suggestion would be to rather make the RSS feed more visible on your website. This way, people interested will subscribe (I did).

                                                1. 2

                                                  Thank you, I will work on doing that.

                                              1. 35

                                                e-mail has a lot of legacy cruft. Regardless of the technical merits of e-mail or Telegram or Delta Chat, Signal, matrix.org or whatever, what people need to be hearing today is “WhatsApp and Facebook Messenger are unnecessarily invasive. Everyone is moving to X.” If there isn’t a clear message on what X is, then people will just keep on using WhatsApp and Facebook Messenger.

                                                It seems clear to me that e-mail is not the frontrunner for X, so by presenting it as a candidate for replacing WhatsApp and Facebook Messenger, I think the author is actually decreasing the likelihood that most people will migrate to a better messaging platform.

                                                My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                1. 26

                                                  Signal is a silo and I dislike silos. That’s why I post on my blog instead of Twitter. What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                  1. 10

                                                    Signal isn’t perfect. My point is that Signal is better than WhatsApp and that presenting many alternatives to WhatsApp is harmful to Signal adoption. If Signal can’t reach critical mass like WhatsApp has it will fizzle out and we will be using WhatsApp again.

                                                    1. 12

                                                      If Signal can’t reach critical mass like WhatsApp has it will fizzle out

                                                      Great! We don’t need more silos.

                                                      and we will be using WhatsApp again.

                                                      What about XMPP or Matrix? They can (and should!) be improved so that they are viable alternatives.

                                                      1. 13

                                                        (Majority of) People don’t care about technology (how), they care about goal (why).

                                                        They don’t care if it’s Facebook, Whatsapp, Signal, Email, XMPP, they want to communicate.

                                                        1. 14

                                                          Yeah, I think the point of the previous poster was that these systems should be improved to a point where they’re just really good alternatives, which includes branding and the like. Element (formerly riot.im) has the right idea on this IMHO, instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                          Of course, die-hard decentralisation advocates don’t like this. But this is pretty much the only way you will get any serious mainstream adoption as far as I can see. Certainly none of the other approaches that have been tried over the last ~15 years worked.

                                                          1. 7

                                                            …instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                            Same problem with all the decentralized social networks and microblogging services. I was on Mastodon for a bit. I didn’t log in very often because I only followed a handful of privacy advocate types since none of my friends or other random people I followed on Twitter were on it. It was fine, though. But then they shut down the server I was on and apparently I missed whatever notification was sent out.

                                                            People always say crap like “What will you do if Twitter shuts down?”. Well, so far 100% of the federated / distributed social networks I’ve tried (I also tried that Facebook clone from way back when and then Identi.ca at some point) have shut down in one way or another and none of the conventional ones I’ve used have done so. I realize it’s a potential problem, but in my experience it just doesn’t matter.

                                                            1. 4

                                                              The main feature that cannot be listed in good faith and which is the one that everybody cares about is: “It has all my friend and family on it”.

                                                              I know it’s just a matter of critical mass and if nobody switches this will never happen.

                                                            2. 1

                                                              Sure, but we’re not the majority of people.. and we shouldn’t be choosing yet another silo to promote.

                                                            3. 5

                                                              XMPP and (to a lesser extent) Matrix do need to be improved before they are viable alternatives, though. Signal is already there. You may feel that ideological advantages make up for the UI shortcomings, but very few nontechnical users feel the same way.

                                                              1. 1

                                                                Have you tried joining a busy Matrix channel from a federated homeserver? It can take an hour. I think it needs some improvement too.

                                                                1. 1

                                                                  Oh, definitely. At least in the case of Matrix it’s clear that (1) the developers regard usability as an actual goal, (2) they know their usability could be improved, and (3) they’re working on improving it. I admit I don’t follow the XMPP ecosystem as closely, so the same could be the same there, but… XMPP has been around for 20 years, so what’s going to change now to make it more approachable?

                                                              2. 4

                                                                […] it will fizzle out

                                                                Great! We don’t need more silos.

                                                                Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                Chat platforms have a strong network effect. We’re going to be stuck with Facebook’s network for as long as other networks are fragmented due to people disagreeing which one is the perfect one to end all other ones, and keep waiting for a pie in the sky, while all of them keep failing to reach the critical mass.

                                                                1. 1

                                                                  Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                  Uh, not sure how you pulled that out of what I said, but I’m actually cheering for the downfall of all silos.

                                                                  1. 2

                                                                    I mean that by opposing the shift to the less-bad silo you’re not actually advancing the no-silo case, but keeping the status quo of the worst-silo.

                                                                    There is currently no decentralized option that is secure, practical, and popular enough to be adopted by mainstream consumers in numbers that could beat WhatsApp.

                                                                    If the choice is between WhatsApp and “just wait until we make one that is”, it means keeping WhatsApp.

                                                                2. 3

                                                                  They can be improved so that they are viable alternatives.

                                                                  Debatable.

                                                                  Great! We don’t need more silos.

                                                                  Domain-name federation is a half-assed solution to data portability. Domain names basically need to be backed by always-on servers, not everybody can have one, and not everybody should. Either make it really P2P (Scuttlebutt?) or don’t bother.

                                                                  1. 2

                                                                    I sadly agree, which is why logically I always end up recommend signal as ‘the best of a bad bunch’.

                                                                    I like XMPP, but for true silo-avoidance you need you run your own server (or at least have someone run it under your domain, so you can move away). This sucks. It’s sort of the same with matrix.

                                                                    The only way around this is real p2p as you say. So far I haven’t seen anything that I could recommend to former whatsapp users on this front however. I love scuttlebutt but I can’t see it as a good mobile solution.

                                                                3. 8

                                                                  Signal really needs a “web.signal.com”; typing on phones suck, and the destop app is ugh. I can’t write my own app either so I’m stuck with two bad options.

                                                                  This is actually a big reason I like Telegram: the web client is pretty good.

                                                                  1. 3

                                                                    I can’t write my own app either so I’m stuck with two bad options.

                                                                    FWIW I’m involved with Whisperfish, the Signal client for Sailfish OS. There has been a constant worry about 3rd party clients, but it does seem like OWS has loosened its policy.

                                                                    The current Whisperfish is written in Rust, with separate libraries for the protocol and service. OWS is also putting work into their own Rust library, which we may switch to.

                                                                    Technically you can, and the risk should be quite minimal. At the end of the, as OWS doesn’t support these efforts, and if you don’t make a fool of them, availability and use increases their brand value.

                                                                    Don’t want to know what happens if someone writes a horrible client and steps on their brand, so let’s be careful out there.

                                                                    1. 2

                                                                      Oh right; that’s good to know. I just searched for “Signal API” a while ago and nothing really obvious turned up so I assumed it’s either impossible or hard/hackish. To be honest I didn’t look very deeply at it, since I don’t really care all that much about Signal that much 😅 It’s just a single not-very-active chatgroup.

                                                                      1. 1

                                                                        Fair enough, sure. An API might sound too much like some raw web thing - it is based on HTTPS after all - but I don’t think all of it would be that simple ;)

                                                                        The work gone into the libraries has not been trivial, so if you do ever find yourself caring, I hope it’ll be a happy surprise!

                                                                    2. 2

                                                                      The Telegram desktop client is even better than the web client.

                                                                      1. 3

                                                                        I don’t like desktop clients.

                                                                        1. 4

                                                                          Is there a specific reason why? The desktop version of Telegram is butter smooth and has the same capabilities as the phone version (I’m pretty sure they’re built from the same source as well).

                                                                          1. 3

                                                                            Security is the biggest reason for me. Every other week, you hear about a fiasco where a desktop client for some communication service had some sort of remote code execution vulnerability. But there can be other reasons as well, like them being sloppy with their .deb packages and messing up with my update manager etc. As a potential user, I see no benefit in installing a desktop client over a web client.

                                                                            1. 4

                                                                              Security is the reason that you can’t easily have a web-based Signal client. Signal is end-to-end encrypted. In a web app, it’s impossible to isolate the keying material from whoever provides the service so it would be trivial for Signal to intercept all of your messages (even if they did the decryption client-side, they could push an update that uploads the plaintext after decryption).

                                                                              It also makes targeted attacks trivial: with the mobile and desktop apps, it’s possible to publish the hash that you get for the download and compare it against the versions other people run, so that you can see if you’re running a malicious version (I hope a future version of Signal will integrate that and use it to validate updates before it installs them by checking that other users in your network see the same series of updates). With a web app, you have no way of verifying that you’re running the same code that you were one page refresh ago, let alone the same code as someone else.

                                                                              1. 1

                                                                                A web based client has no advantages with regards to security. They are discrete topics. As a web developer, I would argue that a web based client has a significantly larger surface area for attacks.

                                                                                1. 1

                                                                                  When I say security, I don’t mean the security of my communications over that particular application. That’s important too, but it’s nothing compared to my personal computer getting hacked, which means my entire digital life getting compromised. Now you could say a web site could also hijack my entire computer by exploiting weaknesses in the browser, which is definitely a possibility, but that’s not what we hear every other week. We hear stupid zoom or slack desktop client containing a critical remote code execution vulnerability that allows a completely unrelated third party complete access to your computer.

                                                                              2. 1

                                                                                I just don’t like opening a new window/application. Almost all of my work is done with one terminal window (in tmux, on workspace 1) and a browser (workspace 2). This works very well for me as I hate dealing with window management. Obviously I do open other applications for specific purposes (GIMP, Geeqie, etc) but I find having an extra window just to chat occasionally is annoying. Much easier to open a tab in my browser, send my message, and close it again.

                                                                      2. 3

                                                                        The same thing that’s happening now with whatsapp - users move.

                                                                        1. 2

                                                                          A fraction of users is moving, the technically literate ones. Everyone else stays where their contacts are, or which is often the case, installs another messenger and then uses n+1.

                                                                          1. 2

                                                                            A fraction of users is moving, the technically literate ones

                                                                            I don’t think that’s what’s happening now. There have been a lot of mainstream press articles about WhatsApp. The technical users moved to Signal when Facebook bought WhatsApp, I’m now hearing non-technical folks ask what they should migrate to from WhatsApp. For example, one of our administrators recently asked about Signal because some of her family want to move their family chat there from WhatsApp.

                                                                            1. 1

                                                                              Yeah these last two days I have been asked a few times about chat apps. I have also noticed my signal contacts list expand by quite a few contacts, and there are lots of friends/family who I would not have expected to make the switch in there. I asked one family member, a doctor, what brought her in and she said that her group of doctors on whatsapp became concerned after the recent announcements.

                                                                              I wish I could recommend xmpp/OMEMO, but it’s just not as easy to set up. You can use conversations.im, and it’s a great service, but if you are worried about silos you are back to square one if you use their domain. They make using a custom domain as friction-free as possible but it still involves DNS settings.

                                                                              I feel the same way about matrix etc. Most people won’t run their own instance, so you end up in a silo again.

                                                                              For the closest thing to whatsapp, I have to recommend Signal. It’s not perfect, but it’s good. I wish you didn’t have to use a phone number…

                                                                        2. 2

                                                                          What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                                          Not supporting signal in any way, but how would your preferred solution actually mitigate those risks?

                                                                          1. 1

                                                                            Many different email providers all over the world and multiple clients based on the same standards.

                                                                            1. 6

                                                                              Anyone who has written email software used at scale by the general public can tell you that you will spend a lot of time working around servers and clients which do all sorts of weird things. Sometimes with good reasons, often times with … not so good reasons. This sucks but there’s nothing I can change about that, so I’ll need to deal with it.

                                                                              Getting something basic working is pretty easy. Getting all emails handled correctly is much harder. Actually displaying all emails well even harder still. There’s tons of edge cases.

                                                                              The entire system is incredibly messy, and we’re actually a few steps up from 20 years ago when it was even worse.

                                                                              And we still haven’t solved the damn line wrapping problem 30 years after we identified it…

                                                                              Email both proves Postel’s law correct and wrong: it’s correct in the sense that it does work, it’s wrong because it takes far more time and effort than it really needs to.

                                                                              1. 2

                                                                                I hear you (spent a few years at an ESP). It’s still better than some siloed walled garden proprietary thing that looks pretty but could disappear for any reason in a moment. The worst of all worlds except all others.

                                                                                1. 2

                                                                                  could disappear for any reason in a moment

                                                                                  I’m not so worried about this; all of these services have been around for ages and I’m not seeing them disappear from one day to the next in the foreseeable future. And even if it does happen: okay, just move somewhere else. It’s not even that big of a deal.

                                                                                  1. 1

                                                                                    Especially with chat services. There’s not that much to lose. Your contacts are almost always backed up elsewhere. I guess people value their chat history more than I do, however.

                                                                        3. 11

                                                                          My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                          I’ve recently started using it, and while it’s fine, I’m no fan. As @jlelse, it is another closed-off platform that you have to use, making me depend on someone else.

                                                                          They seem to (as of writing) prioritize “security” over “user freedom”, which I don’t agree with. There’s the famous thread, where they reject the notion of distributing Signal over F-Droid (instead having their own special updater, in their Google-less APK). What also annoys me is that their desktop client is based on Electron, which would have been very hard for me to use before upgrading my desktop last year.

                                                                          1. 6

                                                                            My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                            What I hate about signal is that it requires a mobile phone and an associated phone number. That makes it essentially useless - I loathe mobile phones - and very suspect to me. Why can’t the desktop client actually work?

                                                                            1. 2

                                                                              I completely agree. At the beginning of 2020 I gave up my smartphone and haven’t looked back. I’ve got a great dumb phone for voice and SMS, and the occasional photo. But now I can’t use Signal as I don’t have a mobile device to sign in to. In a word where Windows, Mac OS, Linux, Android, and iOS all exist as widely used operating systems, Signal is untenable as it only as full featured clients for two of these operating systems.

                                                                              Signal isn’t perfect.

                                                                              This isn’t about being perfect, this is about being accessible to everyone. It doesn’t matter how popular it becomes, I can’t use it.

                                                                              1. 1

                                                                                What I hate about signal is that it requires a mobile phone and an associated phone number.

                                                                                On the bright side, Signal’s started to use UUIDs as well, so this may change. Some people may think it’s gonna be too late whenever it happens, if it does, but at least the protocols aren’t stagnant!

                                                                                1. 1

                                                                                  They’ve been planning on fixing that for a while, I don’t know what the status is. The advantage of using mobile phone numbers is bootstrapping. My address book is already full of phone numbers for my contacts. When I installed Signal, it told me which of them are already using it. When other folks joined, I got a notification. While I agree that it’s not a great long-term strategy, it worked very well for both WhatsApp and Signal to quickly bootstrap a large connected userbase.

                                                                                  In contrast, most folks XMPP addresses were not the same as their email addresses and I don’t have a lot of email addresses in my address book anyway because my mail clients are all good at autocompleting them from people who have sent me mail before, so I don’t bother adding them. As a result, my Signal contact list was instantly as big as my Jabber Roster became after about six months of trying to get folks to use Jabber. The only reason Jabber was useable at all for me initially was that it was easy to run an ICQ bridge so I could bring my ICQ contacts across.

                                                                                  1. 1

                                                                                    Support for using it without a phone number remains a work in progress. The introduction of PINs was a stepping stone towards that.

                                                                              1. 1

                                                                                I guess the Typescript one would need to be solved by restricting array types to have no implicit casting and give the programmer enough rope to do explicit casting if they wish to.

                                                                                1. 2

                                                                                  That particular soundness bug runs deeper than the array type: Typescript lets generics on property types (even mutable ones!) and function parameters be covariant. This is a pretty big soundness hole, but it apparently is very useful for typing typical JavaScript code. You could fix the soundness issue (ex. with variance annotations), but that would run counter to Typescript’s main goal of being a compile-time layer over top of existing idiomatic JavaScript.

                                                                                1. 2

                                                                                  What about parsing that line as a whole instead of cutting off until the dbg() part? It should provide valid AST and you could just traverse the tree and find the dbg() nodes. Since you wouldn’t be debugging super tricky functions anyway, it wouldn’t be too bad performance-wise, it would just give you the inner expression which you can reconstruct into a string. It would probably not be a 1:1 representation but it should still work pretty fine.

                                                                                  1. 1

                                                                                    You hit a variant of the ast.parse problem, since a single line of context might not be parsable.

                                                                                    For example, if you have:

                                                                                    if dbg(foo()):
                                                                                       do_stuff()
                                                                                    

                                                                                    then your code context (if you’re working on one line through frame) is just if dbg(foo()):, which isn’t fully parsable as an AST node by itself.

                                                                                    That being said, it might be possible to take the AST of the entire source file, and from there find nodes that cover the line you’re on and look from there. If the information is freely available on the module that might be the cleaner solution.

                                                                                  1. 2

                                                                                    It’s full, :-(

                                                                                    1. 1

                                                                                      Check @ignaloidas’ comment.

                                                                                    1. 3

                                                                                      Small shell scripts are your friend, something like:

                                                                                      cat << 'EOF' > /usr/local/bin/publicise-recording
                                                                                      #!/bin/sh
                                                                                      cd /var/recordings
                                                                                      mv "$@" public/
                                                                                      cd -
                                                                                      EOF
                                                                                      

                                                                                      Then, hit their hand with a ruler when they use mv, rather than the script.

                                                                                      You may have grand plans for VOD and making recordings public by default, but those plans may not come to fruition for another year, if ever, but if you spend 5 minutes putting up guards around dangerous manual processes, you won’t have to spend hours grepping through binary files…

                                                                                      1. 5

                                                                                        I think that last cd is superfluous

                                                                                        1. 1

                                                                                          Nah, it would move you back to the directory you started in.

                                                                                          1. 9

                                                                                            It won’t do either. It operates in the context of the shell process running the script, which is a sub process of the shell you invoke it from. That shell’s CWD will be unaffected.

                                                                                          2. 1

                                                                                            Yeah, that was just a nice thing to put them back where they were, if they were in a different directory

                                                                                            1. 3

                                                                                              That would only matter if the script was sourced though.

                                                                                        1. 3

                                                                                          Assuming we have schemes, have a scheme for configuration:

                                                                                          Let me read/add/modify configuration through “normal” file APIs, without me having to worry in which format the config is stored.

                                                                                          1. 3

                                                                                            Kinda similar to my “structured data in files” idea. It would be great if operating systems could say “this is the format we use, and this is the format you will also use”. XML, JSON, YAML, TOML, etc. etc. all these incompatible data formats have lost people thousands of hours, not to mention a program on the other side might not understand what you speak.

                                                                                            1. 2

                                                                                              If my “I don’t even care anymore how your config store looks like underneath, just implement the file API” doesn’t work out, then “you are going to use XML, and I don’t care how much you whine” is the close runner-up approach. :-)

                                                                                          1. 40

                                                                                            Something other than “everything is bytes”, for starters. The operating system should provide applications with a standard way of inputting and outputting structured data, be it via pipes, to files, …

                                                                                            Also, a standard mechanism for applications to send messages to each other, preferably using the above structured format when passing data around. Seriously, IPC is one of the worst parts of modern OSes today.

                                                                                            If we’re going utopic, then the operating system should only run managed code in a abstract VM via the scheduler, which can provide safety beyond what the hardware can. So basically it would be like if your entire operating system is Java and the kernel runs everything inside the JVM. (Just an example, I do not condone writing an operating system in Java).

                                                                                            I’m also liking what SerenityOS is doing with the LibCore/LibGfx/LibGui stuff. A “standard” set of stuff seems really cool because you know it will work as long as you’re on SerenityOS. While I’m all for freedom of choice having a default set of stuff is nice.

                                                                                            1. 20

                                                                                              The operating system should provide applications with a standard way of inputting and outputting structured data, be it via pipes, to files

                                                                                              I’d go so far as to say that processes should be able to share not only data structures, but closures.

                                                                                              1. 4

                                                                                                This has been tried a few times, it was super interesting. What comes to mind is Obliq, (to some extent) Modula-3, and things like Kali Scheme. Super fascinating work.

                                                                                                1. 3

                                                                                                  Neat! Do you have a use-case in mind for interprocess closures?

                                                                                                  1. 4

                                                                                                    To me that sounds like the ultimate way to implement capabilities: a capability is just a procedure which can do certain things, which you can send to another process.

                                                                                                    1. 5

                                                                                                      This is one of the main things I had in mind too. In a language like Lua where closure environments are first-class, it’s a lot easier to build that kind of thing from scratch. I did this in a recent game I made where the in-game UI has access to a repl that lets you reconfigure the controls/HUD and stuff but doesn’t let you rewrite core game data: https://git.sr.ht/~technomancy/tremendous-quest-iv

                                                                                                  2. 1

                                                                                                    I would be interested in seeing how the problem with CPU time stealing and DoS attacks that would arise from that could be solved.

                                                                                                  3. 17

                                                                                                    Digging into IPC a bit, I feel like Windows actually had some good stuff to say on the matter.

                                                                                                    I think the design space looks something like:

                                                                                                    • Messages vs streams (here is a cat picture vs here is a continuing generated sequence of cat pictures)
                                                                                                    • Broadcast messages vs narrowcast messages (notify another app vs notify all apps)
                                                                                                    • Known format vs unknown pile of bytes (the blob i’m giving you is an image/png versus lol i dunno here’s the size of the bytes and the blob, good luck!)
                                                                                                    • Cancellable/TTL vs not (if this message is not handled by this time, don’t deliver it)
                                                                                                    • Small messages versus big messages (here is a thumbnail of a cat versus the digitized CAT scan of a cat)

                                                                                                    I’m sure there are other axes, but that’s maybe a starting point. Also, fuck POSIX signals. Not in my OS.

                                                                                                    1. 5

                                                                                                      Is a video of cats playing a message or a stream? Does it matter whether it’s 2mb or 2gb (or whether the goal is to display one frame at a time vs to copy the file somewhere)?

                                                                                                      1. 2

                                                                                                        It would likely depend on the reason the data is being transferred. Video pretty much always fits into the ‘streaming’ category if it’s going to be decoded and played, as the encoding allows for parts of a file to be decoded independent of the other parts. Messages are for atomic chucks of data that only make sense when they’re complete. Transferring whole files over a message bus is probably a bad idea though, you’d likely want to instead pass a message that says “here’s a path to a file and some metadata, do what you want with it” and have the permissions model plug into the message bus so that applications can have temporary r/rw access to the file in question. Optionally, if you have a filesystem that supports COW and deduplication, you can efficiently and transparently copy the file for the other applications use and it can do whatever it wants with it without affecting the “original”.

                                                                                                        1. 4

                                                                                                          Which is why copy&paste is implemented the way it is!

                                                                                                          Many people don’t realize but it’s not actually just some storage buffer. As long as the program is running when you try to paste something the two programs can talk to each other and negotiate the format they want.

                                                                                                          That is why people sometimes have odd bugs on linux where the clipboard disappears when a program ends or why Powerpoint sometimes asks you if you want to keep your large clipboard content when you try to exit.

                                                                                                    2. 13

                                                                                                      Something other than “everything is bytes”, for starters. The operating system should provide applications with a standard way of inputting and outputting structured data, be it via pipes, to files, …

                                                                                                      It’s a shame I can agree only once.

                                                                                                      Things like Records Management Services, ARexx, Messages and Ports on Amiga or OpenVMS’ Mailboxes (to say nothing of QIO), and the data structures of shared libraries on Amiga…

                                                                                                      Also, the fact that things like Poplog (which is an operating environment for a few different languages but allows cross-language calls), OpenVMS’s common language environment, or even USCD p-System aren’t more popular is sad to me.

                                                                                                      Honestly, I’ve thought about this a few times, and I’d love something that is:

                                                                                                      • an information utility like Multics
                                                                                                      • secure like seL4 and Multics
                                                                                                      • specified like seL4
                                                                                                      • distributed like Plan9/CLive
                                                                                                      • with rich libraries, ports, and plumbing rules
                                                                                                      • and separated like Qubes
                                                                                                      • with a virtual machine that is easy to inspect like LispM’s OSes, but easy to lock down like Bitfrost on one-laptop per child…

                                                                                                      a man can dream.

                                                                                                      1. 7

                                                                                                        Something other than “everything is bytes”, for starters. The operating system should provide applications with a standard way of inputting and outputting structured data

                                                                                                        have you tried powershell

                                                                                                        1. 4

                                                                                                          or https://www.nushell.sh/ for that matter

                                                                                                        2. 4

                                                                                                          In many ways you can’t even remove the *shells from current OS’s IPC is so b0rked.

                                                                                                          How can a shell communicate with a program it’s trying to invoke? Array of strings for options and a global key value dictionary of strings for environment variables.

                                                                                                          Awful.

                                                                                                          It should be able to introspect to find out the schema for the options (what options are available, what types they are…)

                                                                                                          Environment variables are a reliability nightmare. Essentially hidden globals everywhere.

                                                                                                          Pipes? The data is structured, but what is the schema? I can pipe this to that, does it fit? Does it make sense….? Can I b0rk your adhoc parser of input, sure I can, you scratched it together in half a day assuming only friendly inputs.

                                                                                                          In many ways IPC is step zero to figure out. With all the adhoc options parsers and adhoc stdin/out parsers / formatters being secure, robust and part of the OS.

                                                                                                          1. 3

                                                                                                            I agree wholeheartedly with the first part of your comment. But then there is this:

                                                                                                            If we’re going utopic, then the operating system should only run managed code in a abstract VM via the scheduler, which can provide safety beyond what the hardware can.

                                                                                                            What sort of safety can a managed language provide from the point of view of an operating system compared to the usual abstraction of processes (virtual memory and preemptive scheduling) combined with thoughtful design of how you give programs access to resources? When something goes wrong in Java, the program may either get into a state that violates preconditions assumed by the authors or an exception will terminate some superset of erroneous computation. When something goes wrong in a process in a system with virtual memory, again program may reach a state violating preconditions assumed by the authors, or it may trigger a hardware exception, handled by the OS which may terminate the program or inform it about the fault. Generally, it all gets contained within the process. The key difference is, with a managed language you seem to be sacrificing performance for an illusory feeling of safety.

                                                                                                            There are of course other ways programs may violate safety, but that has more to do with how you give them access to resources such as special hardware components, filesystem, operating system services, etc. Nothing that can be fixed by going away from native code.

                                                                                                            No-breaks programming languages like C may be a pain for the author of the program and there is a good reason to switch away from them to something safer, in order to write more reliable software. But a language runtime can’t protect an operating system any more than the abstractions that make up a process, which are a lot more efficient. There are of course things like Spectre and Meltdown, but those are hardware bugs. Those bugs should be fixed, not papered over by another layer, lurking at the bottom.

                                                                                                            Software and hardware need to be considered together, as they together form a system. Ironically, I may conclude this comment with an Alan Kay quote:

                                                                                                            People who are really serious about software should make their own hardware.

                                                                                                          1. 1

                                                                                                            The link on the article linking to the four-fours problem seems to be broken.

                                                                                                            1. 2

                                                                                                              Sigh, and that after less than ten years. I hate link rot. OK, updated to point to the Wikipedia page. Which is worth a rant of its own, but I’m going to try to write code.

                                                                                                              1. 1

                                                                                                                Many thanks.

                                                                                                            1. 2

                                                                                                              Serif WebPlus is also in this category of “web publishing” shitware. It’s actually not that bad, but it treats webpages like PDF documents (probably owing to its sister product PagePlus), and so it becomes annoying to modify page sizes. Also master pages suck. Plus (hehe) there’s the vendor lock-in as stated in the article, as it produces absolutely garbage HTML like Muse.

                                                                                                              1. 4

                                                                                                                Serif kinda reinvented themselves with Affinity though; otherwise I’d suspect they’re be yet another forgotten dumpy shareware studio.

                                                                                                              1. 35

                                                                                                                I think it’s interesting and kind of heartening–and I recognize this is almost certainly a wilful misinterpretation on my part, so take that as you will–that once Terry had gotten the operating system and OS up, he made a bunch of frivolous and fun things. One of the apps demoed is just playing around with a water hose…what delightful and kind use to put effort towards.

                                                                                                                It’s oddly comforting to me that the whole thing was public domain from the start and that it serves as a reminder that people can do things, hard technical things, for reasons other than chasing fame or money.

                                                                                                                Be well and at peace Mr. Davis, wherever you ended up.

                                                                                                                1. 26

                                                                                                                  He had always intended his operating system to be something people can just mess around on and have experiments with. In his own words, “I made TempleOS to be the modern Commodore 64”. Almost all design decisions (directly executable source code, no user mode, 2D and 3D graphics routines easily available, detailed documentation, …) seem to reflect this. The circumstances surrounding his final years is upsetting, and makes you think how far TempleOS could get if Mr. Davis could keep his sanity. Rest in peace, Mr. Davis.

                                                                                                                  1. 1

                                                                                                                    Would TempleOS have even gotten off the ground (or at least become what it did) if Terry were sane? (I’m genuinely asking, I’m not sure when he started the project in chronological relation to the start of his mental health deterioration, before or after.)

                                                                                                                    RIP, Terry!

                                                                                                                  2. 8

                                                                                                                    It is also an art piece from an engineering point of view. The code is compact and succinct. Everything is to-the-point. Everything is clear and immediate. No sluggishness, no resources wastefully used. Just what it is, the obvious way it should be. Nothing more than necessary for the intended effect.

                                                                                                                    This is what great engineering looks like. TempleOS is not build with ‘real everyday usage’ in mind, but it sure is a strong example on how do something and doing it well. I wish more IT products would adopt part of this philosophy, or at least draw inspiration from it. Everything is bloated and wasteful these days.

                                                                                                                    Be well and at peace Mr. Davis, wherever you ended up.

                                                                                                                    Ditto. Let us be grateful for Terry’s contribution.