1. 3

    It wasn’t linked anywhere, but the library seems to be https://github.com/brave/adblock-rust/

    1. 3

      Yep, indeed - using https://github.com/ArniDagur/python-adblock to bridge it to Python/qutebrowser.

    1. 6

      I think it’s safe to say that most of us don’t exactly have fond memories about the early days of the 3.x series.

      Hopefully this will be nothing like that!

      1. 3

        They’ve guaranteed API stability this time, so fingered crossed, no churn. Porting also looks a lot simpler than 2->3 was.

        1. 3

          “Stability” was guaranteed at various points during the 3.x series, too, and it didn’t count for much. Remember, for example, that time (around 3.12 or 3.14?) when we all breathed a sigh of relief that support for theme engines was just being “deprecated” and would remain in until GTK 4, and that turned out to mean the methods won’t be removed, so that the code will still compile, they just won’t do anything anymore?

          1. 1

            There is no API stability. See my other comment. They have removed major GTK components.

            1. 4

              I don’t think anyone was expecting API stability between 3 and 4 though? That’s kind of the whole thing of major versions.

              1. 1

                Yeah, what they’re not doing is changing the core APIs in 4.x.

                1. 1

                  What do they mean by Core APIs then? If GTK.container is not one, then what is? I know the input manager APIs are vastly different as well?

                  1. 4

                    I should have been clear: in 4.x minor versions. The churn in early 3.x minor versions was… not exactly SemVer.

        1. 54

          We need a postmortem on how a small group of wokes were able to force millions of hours of toil on the entire software industry. Think of all the repos and scripts that have to be updated… my god.

          The connection between master branches and slavery is suuuuuch a stretch: git has no concept of slave branches, but BitKeeper, the version control system git was based on did. In woke logic, being descended from something offensive makes you offensive, therefore git is offensive.

          As crazy as this is, there’s no way I’m going to fight this one. The mobs of self-righteous wokes that police the software industry are too strong, so I will update my repos and double-check my scripts like a good little worker bee.

          1. 46

            Here’s your postmortem: the “small group” of “wokes” appears to be the majority of our industry, just people trying to be kinder to one another. Personally I find the change heartening.

            1. 20

              I agree that this is true for a lot of things but I find this one a bit of a stretch. For example, I fully support avoiding the terms ‘blacklist’ and ‘whitelist’ because they provide a narrative that white == good, black == bad, which is not something I want to perpetuate in a society where ‘black’ and ‘white’ are adjectives applied to people independent of any personal choice on their part.

              The discussions I’ve seen around renaming the branch name have had white Americans leading the charge for this change and black people either saying nothing or that they don’t personally feel a negative connection with the word ‘master’ and they’d rather white folks spent more time addressing structural racism and less time addressing words with a tenuous connection to some awful bits of history. The word ‘master’ in the absence of ‘slave’ crops up in so many other contexts (in degree titles, master of martial arts, master chef, and so on) and, if anything, this narrative is pushing the idea that black people can’t (or shouldn’t) self-identify with the word ‘master’ in any context, which is pretty harmful.

              That said, on a personal level, I recently followed some advice in another article to put the current Git branch name in my command prompt and main gives me two extra characters of space before I wrap lines than master, so I do see a small concrete benefit to this.

              1. 15

                My own anecdata tells me that the number of black people who are uncomfortable with master/slave terminology in tech isn’t zero. I’m with you 100% on this not being the most important thing to tackle, but I fail to see why we shouldn’t do this as well as address the larger systemic problems.

                The default branch in git seems like such a silly thing for people to object to changing (to me, at least) as branch names have no special meaning. All these scripts that need changing have the same bug: they hard-coded a value which was never guaranteed to be static.

                This isn’t directed at you, but I read through threads like these and find myself wondering about the folks who argue strongly that this change, of all things, is simply too much to bear.

                1. 8

                  The default branch in git seems like such a silly thing for people to object to changing (to me, at least) as branch names have no special meaning. All these scripts that need changing have the same bug: they hard-coded a value which was never guaranteed to be static.

                  It was never guaranteed, no, but it was the de-facto default for the overwhelming majority; probably above 99%. I’m a big fan of “convention over configuration”, and that has now been kind of lost. I also have 70 git repos or some such I now need to rename (or stick to “master” which might be misconstrued as making some political point) and probably a script or three.

                  At my last job we had even more repos, and a bunch of scripts floating left and right on people’s machines. Changing all of this for a group of ~100 devs and making sure everyone is up to date would be quite a task. Life is short; and there are real problems everyone agrees on. It just seems to me it would be much better if all that time and money was spent on more important issues.

                  At any rate, I think why people object so strongly is a resentment over being told what to do. No one really likes that, and a lot of people have the feeling this change is being imposed upon them. Hell, I feel this change is being imposed on me, because I now need to spend time on something I don’t see the point of. It’s not a “passive change” like a project renaming some terminology which doesn’t affect much outside of some documentation or popup.

                  Personally I think all of this is wasting a lot of political capital on something that’s … just nowhere near the top of the priority list, even if you agree it’s a problem in the first place. This seems to be a pattern I’ve seen over the last few years; this lack of focus, prioritisation, stubbornness, and tendency to divide people in camps is why I find American liberals so incredibly frustrating to deal with 🤷‍♂️

                  1. 5

                    At my last job we had even more repos, and a bunch of scripts floating left and right on people’s machines. Changing all of this for a group of ~100 devs and making sure everyone is up to date would be quite a task. Life is short; and there are real problems everyone agrees on. It just seems to me it would be much better if all that time and money was spent on more important issues.

                    My expectation is that when/if this change lands we’ll all be even more bored with it. It’s just a change to the default, I don’t see why much at my work or in my personal projects would need to change. Either we’re using 3rd-party generic tooling which definitely has the ability to specify branches and better not have hardcoded assumptions by the time this actually happens, or it’s just some in-house tooling which only needs to work on our own repos.

                    At any rate, I think why people object so strongly is a resentment over being told what to do. No one really likes that, and a lot of people have the feeling this change is being imposed upon them. Hell, I feel this change is being imposed on me, because I now need to spend time on something I don’t see the point of. It’s not a “passive change” like a project renaming some terminology which doesn’t affect much outside of some documentation or popup.

                    I think you’re spot on when you say folks are mostly objecting to being told what to do. I think our perception of the people who (we believe) are telling us what to do is also at play here.

                    Personally I think all of this is wasting a lot of political capital on something that’s … just nowhere near the top of the priority list, even if you agree it’s a problem in the first place. This seems to be a pattern I’ve seen over the last few years; this lack of focus, prioritisation, stubbornness, and tendency to divide people in camps is why I find American liberals so incredibly frustrating to deal with 🤷‍♂️

                    I’m not sure I deal with American liberals much (I honestly don’t know the political leanings of the few American colleagues I have), so I defer to you here. My staggeringly obvious observation is that lately there’s a whole lot more dividing people into camps going on, by seemingly everyone.

                    Thank you, sincerely, for taking the time to reply to me. What started as an off-the-cuff comment while I ate my sandwich has snowballed into quite the thread (by Lobsters standards anyway). I’ve spent more time thinking about this topic in the last 24h than I ever have before, that’s for sure :-) I think I’m done with this thread; my guess is most folks reading this, regardless of their thoughts on git’s default branch name, think it’s a garbage fire.

                    1. 4

                      I also have 70 git repos or some such I now need to rename (or stick to “master” which might be misconstrued as making some political point) and probably a script or three.

                      This reads to me as emblematic of a certain paranoia in the id of this community that I really think we ought to call attention to (not you specifically, but this fear more broadly). This type of fear is a counter productive projection that we need to let go of because it prevents us from making real progress.

                      I guarantee you that nobody is going to come across one of your git repos and call you out as a racist/colonizer/white supremacist/you name it. The vast majority of people calling for a better default branch name are reasonable and morally centered people who simply want to speak to their terminal without unnecessarily charged metaphors. They themselves almost certainly have git repos that will continue to use the branch master. People are not the personification of the “wokes” that the OP feels the need to fabricate.

                      People all over this thread are afraid of the scary “woke mob” bogeyman, but if they were to get off of twitter and have an actual conversation with real antiracist people, they’d probably realize they’re normal people with strong moral values who spend energy on constructing a more just world. What’s funny to me about this whole “master” debate is that I think the folks making the most noise are the ones fighting against the change. Those pushing for it have bigger fish to fry.

                      1. 7

                        In this particular case I don’t expect people to come in and start accusing me of anything, but they might see “master” and misconstrue that to mean something even though it doesn’t. Of course, if I do change it then other people might also misconstrue it to mean something. I kind of feel a bit stuck here; as this politicisation of a bloody branch name is forcing me to take a position where I don’t really feel comfterable with either side (you can’t really inject nuance in a branch name). Although I obviously feel significantly less comfterable with all the “SJW cultural marxists!!!” idiocy, that doesn’t automatically mean I feel comfterable with the other side.

                        I also don’t think that the “woke mob bogeyman” is quite as paranoid as you make it out to be; I’ve definitely seen quite a few incidents first-hand – and even been subjected to some – where people were beleaguered over a triviality, which sometimes resulted in some downright bullying. I know this isn’t the majority of people, but as the same time there definitely is a subgroup of what we might call “toxic SJWs”, for lack of a better term, which reflects really badly on the entire cause.

                        What’s funny to me about this whole “master” debate is that I think the folks making the most noise are the ones fighting against the change. Those pushing for it have bigger fish to fry.

                        I think that’s kind of a strange sentiment; do you expect people to just accept anything uncritically? And if there are bigger fish to fry, then why not fry them instead of wasting all this goodwill and political capital on this?

                        1. 3

                          I think that’s kind of a strange sentiment; do you expect people to just accept anything uncritically?

                          Of course not. Critical thinking is required to reflect on the value of language in this context. It’s precisely a lack of critical thinking that leads to knee-jerk reactions, projections, straw men, overemphasis of the technical implications and these wacky slippery slope arguments I am seeing up and down the thread.

                          And if there are bigger fish to fry, then why not fry them instead of wasting all this goodwill and political capital on this?

                          Because people who care about social progress are pretty good at walking and chewing gum at the same time. You can go to the local DSA meeting, take part in a protest, read books from the library, and also send emails about git. You yourself mentioned having 70 git repos. Is it hard to imagine that a large group of people are capable of multitasking?

                          1. 4

                            And if there are bigger fish to fry, then why not fry them instead of wasting all this goodwill and political capital on this?

                            Because people who care about social progress are pretty good at walking and chewing gum at the same time. You can go to the local DSA meeting, take part in a protest, read books from the library, and also send emails about git. You yourself mentioned having 70 git repos. Is it hard to imagine that a large group of people are capable of multitasking?

                            A day still has 24 hours, so there really is a hard limit on things, and more importantly, because you’re asking other people to change with you, you also need to factor in that not everyone is willing to spend the same amount of time on this kind of stuff. This is what I meant with “wasting all this goodwill and political capital”.

                            There are also plenty of far bigger issues that see hardly any attention, often because there is far too much focus on much less important matters. I’ll avoid naming examples so this doesn’t turn too political, but the whole “walking and chewing gum” multitask theory is a bit misguided IMHO. It annoys (even angers) me because all of this is standing in the way of actual progress.

                        2. -1

                          People all over this thread are afraid of the scary “woke mob” bogeyman, but if they were to get off of twitter and have an actual conversation with real antiracist people, they’d probably realize they’re normal people with strong moral values who spend energy on constructing a more just world.

                          Is it even possible to have a conversation with these Enlightened Ones, whose moral values are so much stronger than the rest of us?

                      2. 4

                        You’re not black and represent exactly zero black people in tech.

                        1. 2

                          Very true.

                    2. 7

                      Or, perhaps, they are the majority of people who care. Most people don’t care too much about what to call the default branch. For the average person, this is probably a small bit of trivia. The people who care (in either direction) are probably the minority. Of course, the people are care are the people who choose.

                      1. 4

                        I suspect you’re correct; I’m looking at discussions like this and mistakenly assuming most people are “in the room”, but of course it’s only the people who care either way who bother to chime in. Thanks for reminding me of that :-)

                      2. 5

                        You you mean the majority of the leaders of large, influential entities in the industry.

                        1. 5

                          It’s kind of a difficult conversation to have; I think that all things considered, there are very few people who want to be unwelcome, much less (subtly) racist, but once you argue “this is a pointless change” it’s very easy to have the optics of that. This is made even worse by all the “zomg, another example of cultural marxist feminazi SJWs destroying civilisation!!!!111” idiots.

                          Most people that I know respond to this with “sigh 🙄”, but don’t really say much about it, and a very small amount of people I know are in favour of this. This is not a very scientific opinion poll of course, but as far as I can see it’s really quite a small minority.

                          As I argued last time, I’d personally rather not comment too much on this to give people who are actually affected by this a chance to speak without being drowned out, and in the 5 months since I placed that comment I still see mostly white people (including myself) discus issues that don’t affect them, which makes me kind of uncomfortable.

                          1. 2

                            How is the master branch unkind? Do you think everyone using git was being unkind until this change?

                            1. 2

                              It’s not, and I certainly don’t think everyone using git is being unkind either.

                              I think that changing the default branch name to not reference master/slave terminology (a common thing in IT which I know has made at least one of my friends uncomfortable) shows kindness and empathy. It is a tiny, minuscule such act, to be sure.

                              Not making this change is not an act of unkindness. Using the branch name “master” in your repos is not an act of unkindness. An unkind act would be renaming the default branch to a racial slur. That’s my view on it, at least: not being kind isn’t the same as being unkind.

                              I regret my pretty barbed initial reply to you, and I apologise. Reading it back, I made distinctly unkind assumptions :-)

                          2. 36

                            Worth to read: The Most Intolerant Wins: The Dictatorship of the Small Minority

                            It explains the logic behind it. The funniest part of this is that master as a word predates slavery in the US.

                            c. 1200, maistren, “to get the better of, prevail against; reduce to subjugation,” from master (n.) and also from Old French maistriier, Medieval Latin magistrare. Meaning “acquire complete knowledge of, overcome the difficulties of, learn so as to be able to apply or use” is from 1740s. Related: Mastered; mastering.

                            https://medium.com/incerto/the-most-intolerant-wins-the-dictatorship-of-the-small-minority-3f1f83ce4e15

                            UPDATE: tadzik’s was correcting me on the missing qualifier for which slavery i am talking about

                            1. 19

                              master as a word predates slavery

                              I’m pretty sure slavery existed long before the 1200s ;) Did you mean “american slavery”?

                              1. 12

                                Yes, sorry, I mean the slavery why the mob is upset now. Slavery outside of the context of USA is irrelevant to them because it does not fit their narrative. Thomas Sowell writes a lot about this.

                                1. 3

                                  No worries, thanks for clarifying – and for the reading links :)

                              2. 6

                                This was an entertaining read, thanks. This should actually be the top comment, since it gives more insight on what’s going on than any ideological comment in this thread (on lobsters, but on other sites as well).

                              3. 45

                                Not only you can’t fight this one, but not actively participating in woke’s narration makes you their enemy. Even expressing dislike about this patch risks being taken as a person who is pro-slavery, which is an obvious BS. But indeed, you can’t fight with angry mob alone.

                                1. 13

                                  You misunderstand the primary ‘woke’ argument.

                                  The primary argument is that encountering the word ‘master’ reminds people of the enslavement of their ancestors, the related stories of suffering and the discrimination and oppression they are still being subjected to. It’s what is called a micro-aggression: something that isn’t a problem in small doses, but that adds up when experienced over and over again. Death by a thousand cuts.

                                  What this change, and others like it, intend to accomplish is not unnecessarily subjecting people to such reminders.

                                  1. 13

                                    Guess we gotta remove it from the dictionary too, lest they chance upon it and feel hurt.

                                    1. 6

                                      That would be the logical conclusion from the argument, save for the word ‘unnecessarily’.

                                      The question is when it is appropriate to not be accommodating to those that claim being hurt, because the cost of accommodating them is too high. And it bears mentioning that the cost effectively, indirectly, causes others to suffer.

                                      It’s not all or nothing. You don’t have to reject the argument to reject the conclusion, as it hinges on costs and thus trade offs. There should be a few Schelling points here and I agree that it seems unreasonably difficult to defend some of those points.

                                    2. 11

                                      Well, my homeland has suffered a communist dictatorship and invasion for decades. Reading the cultural marxism here and there reminds me of the terrors my people, and specifically my family has suffered from communism in the last hundred years.

                                      What could be changed, to unnecessarily subject me to these micro-agressions?

                                      1. 12

                                        cultural marxism is a conspiracy theory invented by the american far right. Go complain to them.

                                        1. 7

                                          Actually it’s reinforced by former USSR KGB agents ;).

                                          1. 4

                                            totally a reputable and unbiased source on this topic

                                            1. 5

                                              Well, can’t deny that they actually had much experience with it (Stalin, Lenin), unlike USA

                                          2. 9

                                            sure, whatever different opinion appears it is fake news, conspiracy theory, or simply wrong, not worth consideration or discussion.

                                            1. 9

                                              When there is:

                                              • kids being threatened
                                              • jews in disguise
                                              • any flavor of progressive agenda threatening the lifestyle of conservative or reactionary white people
                                              • loose attacks on intellectuals

                                              Yep, it’s probably a conspirancy theory. QAnon is the same, just more loud and with sweatpants instead of cheap fedoras.

                                              1. 4

                                                nah, you’re just wrong. the origins of cultural marxism

                                            2. 2

                                              That one group was lucky enough to get their cause taken up by a larger group of activists doesn’t entitle any other group to get their cause taken up as well. But the arbitrariness doesn’t imply anything about the reality and worthiness of the cause (neither in the positive nor in the negative direction).

                                              You could start a movement to try and get your cause taken up by as many fellow activists as you can find to spread awareness so broadly that it leads to changes like the one we are discussing here. An outcome could be that promoting communism becomes something that is considered shameful.

                                              1. 1

                                                Frankly, comparing the suffering of the victims of Communism to having to make a minor change in a software workflow strikes me as wildly hyperbolic.

                                                1. 10
                                                  1. If I was comparing the suffering of victims of communism to anything that would be the suffering of the victims of slavery in the USA in the context of my comment.
                                                  2. What I was comparing is that the micro-agressions I am subjected to by some comments on the internet, are of the same category, as the micro-agressions one has to take when reads the master word while working with version control.

                                                  If you think I should not be reminded of that, and the above is a hyperbole (not what you said), that is an opinion some share about the case about the push to remove the word master.

                                                  1. 3

                                                    Thanks for clarifying your position.

                                            3. 17

                                              I think you can make this point without using such charged language.

                                              I happen to agree with the change, but I don’t consider myself a “self-righteous woke”. I read your post and felt uneasy.

                                              1. 4

                                                The obvious solution is to fork git, keep master as the default name, and give it a nice new name, like… Consolidated Source Association, or similar…

                                                1. 3

                                                  So in summary, you think that master in git is not offensive, and you think that people who do find it offensive are ridiculous. Curious, how many of your coworkers are black?

                                                  1. 71

                                                    Curious, how many of your coworkers are black?

                                                    This feels a bit like “what do you even know about being offended”. I share /u/y0ssar1an’s viewpoint, so let me tell you how it looks from my perspective. I have zero black coworkers as I live in a country that barely has any black people in it at all (Poland). The word “master” doesn’t hold have any negative meaning to people around here. But there is another: “Collaborator”. Used very widely in VCS-related software, in our cultural context it immediately reminds people of the old meaning: “the one who collaborated with the nazis during WW2”.

                                                    My ancestors fought in WW2. Am I now smearing their name because I have myself become a collaborator? Should I now feel uncomfortable because someone on the other end of the world came up with a word that makes me slightly uncomfortable? No, that’d be absolutely ridiculous. Every cultures has words that make some people uncomfortable, and trying to please everyone by making the subset of the language we use smaller and smaller is not just futile imo – it’s also pointless, and arguably a detriment to diversity by itself.

                                                    The implication that slavery is somehow inherently connected to racism is by itself an ameri-centric idea. This whole master->main “diversity theater” feels like a symptom of a particular culture being unable to deal with their past (or largely their present, afaict) and thus resorting to empty gestures rather than trying to deal with real problems – last I checked, Github, the champion of the “master bad” movement was still working with ICE who’s basically building concentration camps for minorities. But I guess it doesn’t bother people as much since it’s not so well entrenched in american culture.

                                                    1. 1

                                                      The implication that slavery is somehow inherently connected to racism is by itself an ameri-centric idea.

                                                      I could not imagine what exactly it is that make America, slavery, and racism so connected! Words have meaning which are inherently connected to history. Just because you want to pretend that they always mean what makes you feel best doesn’t mean everyone is going to harbor the same narrow viewpoint as you.

                                                      1. 9

                                                        Outside of the USA slavery has been a think before, and at some unlucky places after the abolition in the USA. It did not generally have a racist motivation: debtors could sell themselves as slaves, prisoners of war were sold as slaves, and in many feudal states serfs had so few rights and possessions, that they were basically slaves.

                                                        It is ironic, but in Tibet actually the invading communist chineese have abolished slavery, where it had no racist character.

                                                        In the USA, and the Americas generally slavery did have a racist character, as the slaves sold by the Netherlander, English and Arabic slavers were mostly of African origin.

                                                        1. 5

                                                          Totally correct. Historians very regularly caution against comparing the brutality and sheer scale of the transatlantic slave trade to earlier forms of slavery. A great way to understand why is to go back to the fall of the Songhai Empire for it is through the unfolding of that empire and the colonial fire that engulfed its ruins that the taking and trading of slaves exploded violently and grew to dispossess, dislocate, and traumatize millions of families.

                                                      2. 1

                                                        The use of the (American) English language can be seen as a form of cultural imperialism, but it also allows people like you (not native English speakers, but part of the global computing community) to reach markets previously unimaginable. I think putting up with the occasional linguistic disruption that emanates from the dominant market should be worth it.

                                                      3. 33

                                                        I wonder how many of them have MSc degrees. You know, Main of Sciences degree.

                                                        1. 12

                                                          The two definitions of the word “master” for “owner” and “teacher” are a doublet, they come from different etymological paths that converged. Git derives its use from the former.

                                                          1. 7

                                                            And where they keep the main copy of their diplomas.

                                                      1. 1

                                                        “ Categorising code as either public or private is an attempt to reduce the costs of change by communicating stability.”

                                                        The purpose is to hide internal functionality from those seeking to use an abstraction. It isn’t to somehow indicate what is stable or not.

                                                        “It’s to reduce future maintenance costs by discouraging coupling to unstable dependencies.”

                                                        I think this is a possible consequence, not its purpose.

                                                        1. 1

                                                          The purpose is to hide internal functionality from those seeking to use an abstraction. It isn’t to somehow indicate what is stable or not.

                                                          Why hide internal functionality? Why not make it all public?

                                                          1. 1

                                                            Well it depends on what one is modeling, but as an example consider the Abstract Data Type, like a stack or queue. They are defined in terms of their operations, not their internal representation. That representation together with supporting functionality is hidden by definition.

                                                            Alternatively, consider that you are modeling a phenomena using an object in an object-oriented language. That one can make requests that the object do something without necessarily knowing how it does it, is how one can model a complex process unimportant to the requestor. An elevator (modeled in software) might know how to move between floors, but how it does so is unimportant to the requestor.

                                                            This perhaps goes right back to the invention of the subroutine by Maurice Wilkes in the early 1950s. Being able to decompose problems into small reusable parts that hide their implementation, is necessary to create complex programs. The alternative of a very long procedure that merely has jump or goto statements is surely unattractive unless the problem is simple or trivial?

                                                            1. 1

                                                              Making things hidden (private) ensures that you don’t break someone else’s code with your internal changes. It’s a contract between you and your user – they agree to the fact that they won’t be able to use the private parts, while you agree to never break the public interface, while still having the ability to turn the internal details upside down if you so desire. As others have mentioned, it helps to reduce the mental load too: the user doesn’t need to read into every internal detail of your objects/modules, it’s enough for them to just be aware of the public bits.

                                                              1. 1

                                                                Yep, it’s to allow changes, and changes are a measure of stability. If it could be guaranteed not to change, then you wouldn’t really get any benefit from making it private. I was trying to show that to the original commenter with Socratic questioning, but they managed to dodge it expertly.

                                                              2. 1

                                                                Because objects have rights. And from that perspective, the unnecessary word is not private, but public; why should a language ever have a default behavior of breaking isolation and integrity? When we allow objects to keep to themselves and be left alone, then we are able to more fully notice when we take improper advantage of ambient authority.

                                                            1. 2

                                                              I rebind:

                                                              " colemak
                                                              " arrows => hnei  (qwerty hjkl)
                                                              " undo => l       (qwerty u)
                                                              " insert => u     (qwerty i)
                                                              " nextsearch => k (qwerty n)
                                                              noremap n j
                                                              noremap e k
                                                              noremap i l
                                                              noremap k n
                                                              noremap u i
                                                              noremap l u
                                                              
                                                              1. 7

                                                                Overly dramatic. And I do like getting a free t shirt.

                                                                1. 15

                                                                  Not at all. I have a few sub-500 stars projects, and they too get a significant amount of spammy PRs. It’s literally just “Adding a gif to the readme” or something similarly ridiculous.

                                                                  And I can’t begin to imagine how much crap high-profile project maintainers have to deal with. This post is fully warranted.

                                                                  1. 10

                                                                    Interestingly, I’ve gotten zero thus far. I wonder if tech choice and/or the kind of project is a factor here?

                                                                    1. 2

                                                                      I should’ve been clear—I was describing my experience from last year. After all, it’s only Oct 1st. Give it time. :)

                                                                      I’ve gotten two so far for Hacktoberfest 2020, by the way.

                                                                      1. 2

                                                                        I didn’t get any last year either; or any year. Actually, this is the first time I heard of the entire thing 🤔

                                                                    2. 4

                                                                      To add some context, Vaelatern is a Void Linux contributor and we encouraged hacktoberfest PRs: https://twitter.com/VoidLinux/status/1179006377219506177.

                                                                      There is a spam problem but for some reason we were not the target, maybe because its not python, js or html.

                                                                      Not sure about the stars, but we are now at 1.1k and I think we already had around 500 in 2018. I think we were easily one of the top non-spammy “add your name to a file” repositories.

                                                                    3. 8

                                                                      I’d love actual contributions. Even if they were just typo fixes, or I had to guide a novice how to improve the code.

                                                                      But the only “contributions” I’ve got were pure useless garbage. Someone has added “Requires Windows 7 or higher” (with worse spelling) to my Mac app. They didn’t even bother read a single line of the README they were changing.

                                                                      1. 3

                                                                        I archived a repo two days back to avoid this spam (and I’m not actively working on it anyway)

                                                                        https://github.com/learnbyexample/Python_Basics/pulls?q=is%3Apr+is%3Aclosed

                                                                        1. 1

                                                                          man I’d feel bad if I was abhinav-TB and created a PR for some project only to have it closed without comment a mere 5 days later

                                                                          1. 1

                                                                            may be if they read the readme first or if they explained why they are making a pointless PR, then perhaps I’d have made an effort to comment

                                                                        2. 3

                                                                          I thought so too, but take a look at this: https://github.com/search?o=desc&q=is%3Apr+%22improve+docs%22&s=created&type=Issues

                                                                          Try “amazing project” too. It’s an onslaught. I don’t remember it ever being this bad, but perhaps it was for the more popular repos.

                                                                          1. 2

                                                                            This small 0-star project got three “improve docs” PRs in the last 40 minutes from three different accounts (just noticed it was mentioned several times on the first page): https://github.com/tehpug/TehPUG/pulls?q=is%3Apr+is%3Aclosed

                                                                            Then I clicked another random project from that list, and this 4-star project has four pages of PRs spammed: https://github.com/Moeplhausen/SunknightsWebsite/pulls – literally those entire four pages are full of this idiocy, there’s not one legitimate PR in there. This is just idiocy.

                                                                            I don’t know why these projects gets so many, nothing about those repos or the accounts/organisations they belong to seems well-known in the slightest; just a typical small project people uploaded just for code hosting. As I mentioned in my other comment, I’ve gotten zero PRs thus far in spite of having several >100 star repos. If these repo are targetted (and I think that’s an appropriate term here) them why aren’t mine? 🤔

                                                                            What a clusterfuck.

                                                                            1. 3

                                                                              I would guess they are now targeting small/inactive repositories in the hope of maintainers not flagging their PRs within the 7 day period in which “invalid” flags are checked.

                                                                              They could instead of make PRs to their own repos or create organizations without bothering other projects.

                                                                              1. 1

                                                                                Right; that makes sense. I assumed you need to actually have the PR merged to count, but turns out you just need to make it.

                                                                                As for making your own repo, the site mentions:

                                                                                Bad repositories will be excluded. In the past, we’ve seen many repositories that encourage participants to make simple pull requests – such as adding their name to a file – to quickly gain a pull request toward completing Hacktoberfest. [..] We’ve implemented a system to block these repositories, and any pull requests submitted to such repositories will not be counted.

                                                                        1. 6

                                                                          So I am growing increasingly dissatisfied with even the minimal utility I get out of Facebook (sharing pictures of my kids with family members) and have thought about standing up a fediverse instance and trying to use that, instead. The problem for me is with the clients – how are they, for elderly parents with a strong interest in granddaughters and none at all with fiddling with technology? How is the fediverse for non-nerds?

                                                                          1. 10

                                                                            You should absolutely not share pictures of your kids on ActivityPub. Depending on the software you are using its either more like Twitter or more like blogging software like Wordpress (wordpress has an AP plugin actually, and dedicated blogging instance software like write freely and plume exist and rock)

                                                                            Can’t speak for the current state of Diaspora, but THAT is what you are looking for.

                                                                            1. 5

                                                                              The Fediverse, in general, is closer to Twitter than it is Facebook. That being said, Tusky for Android and Mast for iOS are both (IMO) better than the Twitter client for both platforms. Both incredibly polished and intuitive. There’s a number of high quality clients, but these are the two that I’ve personally settled on.

                                                                              1. 3

                                                                                Interesting. I wonder if there is anything that is more of a Facebook replacement.

                                                                                1. 4

                                                                                  Diaspora perhaps?

                                                                                  1. 3

                                                                                    Yeah, Disaspora looks more facebook-like. I don’t think it’s quite as popular as the Fediverse, and it’s not built on ActivityPub to my knowledge.

                                                                                    If you’re into more Instagram-like (ie. photosharing), there’s always Pixelfed as well, which is part of the Fediverse

                                                                                    1. 3

                                                                                      ActivityPub. And no, it’s not a great protocol for a Facebook-like; the existing projects are all fairly nascent and have been struggling with follower/friend mechanics.

                                                                                  2. 3

                                                                                    friendica could be interesting for you

                                                                                    1. 3

                                                                                      Thanks, I’ll check it out. I’ve always wondered about building something like Facebook but focussed on the needs of families, particularly families with small kids. Yeah, it would never be a billion dollar thing, but nowadays it seems like there might be an appetite for something less crap than Facebook.

                                                                                      1. 2

                                                                                        For the social network, I always thought that the Google circles concept was way better. I wonder if there are any successors to that concept.

                                                                                  3. 2

                                                                                    I don’t use iOS so I haven’t been able to try it myself, but I just want to mention that Mast does still seem to be open source, the repo is here: https://github.com/ShihabMe/Mast2 It’s annoyingly difficult to find that repo, I found the link on the developer’s Mastodon account. Many open source projects don’t adequately advertise their open source nature, which is a source of significant frustration for me.

                                                                                    1. 1

                                                                                      And the guy is doing a lot of support directly on mastodon.

                                                                                1. 19

                                                                                  Mastodon used about ~2.5 GB out of the 4 I have on my Pi. With Pleroma, the total used RAM is only about ~700 MB. That’s crazy!

                                                                                  I agree it’s crazy. Crazy less bloated, and crazy still bloated.

                                                                                  700MB. Christ.

                                                                                  1. 27

                                                                                    To be clear, the 700 MB is the total RAM usage, i.e. by all programs and not Pleroma alone.

                                                                                    1. 21

                                                                                      That 700MB includes a Postgres database and a webserver.

                                                                                      1. 9

                                                                                        I wonder if we can still run pleroma in a 256mb ram system. Most of the ram is used by postgres, and that can be configured to use a lot less.

                                                                                        1. 11

                                                                                          I bet you can but PostgreSQL is also very tricky to limit RAM usage to a certain cap. First off the defaults are very conservative in most cases you would be cranking all the values up not down but you already know that as if I recall correctly I saw some great articles regarding PostgreSQL inner-workings from your blog posts on pleroma development.

                                                                                          That said there are several configs that have direct and indirect influence on how much memory PostgreSQL will use: shared_buffers - the actual working set of the data the DB hacks on, that will be the largest immediate RAM allocation. Then we have the tricky parts like work_mem which is a per connection allocation but not a per connection limit. If your work mem is 8 MB and you execute a query which has 4 nodes in the resulting plan you can allocate up to 4*8 MB for that one connection. If you add to that parallel query execution then multiply that by concurrently running workers. I assume pleroma uses a connection pool so that alone can bump RAM usage a lot. Add to that things like maintenance_work_mem for tasks like vacuums and index rebuilds and you quickly can see how the actual memory usage can fluctuate on a whim.

                                                                                          To the point.

                                                                                          I agree it’s crazy. Crazy less bloated, and crazy still bloated.

                                                                                          700MB. Christ.

                                                                                          I simply think @ethoh is wrong. 700 MB usage is crazy low for a RDBMS and we are talking about RDBMS + a whole app using it. Databases are designed to utilize memory and avoid hitting the disk when not necessary. Unused memory is wasted memory.

                                                                                          1. 3

                                                                                            700 MB usage is crazy low for a RDBMS

                                                                                            I don’t really get how you can make this claim with no reference at all to the data storage needs of the application. A fair metric would be the overhead of the DB relative to the application data. In this case we’d need to know some things about how Mastodon and Pleroma work, and how OP managed his instances of them.

                                                                                            1. 4

                                                                                              I don’t really get how you can make this claim with no reference at all to the data storage needs of the application.

                                                                                              In similar fashion the OP claimed that 700 MB is crazy bloated. I was making a reference to that. However to back up my claims with some quick napkin calculations:

                                                                                              Default shared_buffers for PostgreSQL 12 is 128 MB. Per PostgreSQL documentation the recommended setting is roughly 25% of available system RAM then measure.

                                                                                              If you have a dedicated database server with 1GB or more of RAM, a reasonable starting value for shared_buffers is 25% of the memory in your system.

                                                                                              source: https://www.postgresql.org/docs/12/runtime-config-resource.html

                                                                                              The system in question has 4 GB of RAM so by that logic 1 GB for shared_buffers would be a reasonable setting - hence 700 MB at that point could be considered crazy low.

                                                                                              Default work_mem is 4 MB, max_worker_processes is set to 8 and max_connections by default is 100 (https://www.postgresql.org/docs/12/runtime-config-connection.html#GUC-MAX-CONNECTIONS). This means that query execution can easily eat up to 3.2 GB by default in the absolutely unlikely worst case scenario.

                                                                                              maintenance_work_mem is by default an additional 64 MB.

                                                                                              So we are looking at PostgreSQL itself using anywhere between 128 MB and 3 GB of RAM with it’s default settings that are ultra conservative and usually the first thing everyone increases. This is before considering the actual data and application workload.

                                                                                              By this logic, personally for me 700 MB for PostgreSQL on a running Pleoroma instance including the memory used by Pleroma itself is crazy low.

                                                                                              1. 5

                                                                                                But, this little Pi is not a dedicated database server, it at least hosts the app too? And defaults are just defaults. Maybe indicative of PG usage in general, across every application that uses it, but that’s a really broad brush to be painting such a tiny picture with! I still think there are a few different species of fruit being compared here. But I do appreciate your explanation, and I think I understand your reasoning now.

                                                                                              2. 1

                                                                                                Fwiw, my Pleroma database is approaching 60GB in size.

                                                                                                1. 1

                                                                                                  Due to shit posting or bot? You can clean it up a little bit by expiring remote messages older than 3months

                                                                                                  1. 2

                                                                                                    I have a dedicated 500GB NVMe for the database. Storage isn’t a problem and it’s nice for search purposes.

                                                                                            2. 2

                                                                                              I’m still not convinced that postgresql is the best storage for ActivityPub objects. I remember seeing in pleroma that most of the data is stored in a jsonb field, and that makes me think that maybe key-value stores based on object’s IDs would be simpler and maybe(???) faster.

                                                                                              I’m currently implementing a storage “engine” based on this idea and I’m saving the plain json as plain files in a directory structure. It, of course, is missing ACID[1] and other niceties, but I feel like the simplicity of it is worth for an application that just wants to serve content for a small ActivityPub service without any overhead.

                                                                                              [1] IMHO ACID is not a mandatory requirement for storing ActivityPub objects, as the large part of them (activities) are immutable by design.

                                                                                              1. 5

                                                                                                Misskey used to use a nosql / document store. They switched to postgresql because of performance issues. I’m sure you could build an AP server with a simpler store, but you we do make heavy use of relational features as well, so the relatively ‘heavy’ database part is worth it for us.

                                                                                                1. 2

                                                                                                  Yes. One problem with a off the shelf key value store in this setup is that scanning over the whole keyspace to be able to filter objects is way less efficient than a good indexed db. (Even though I’m not there yet), I’m thinking of adding some rudimentary indexes based on bloom filters on properties that might require filtering.

                                                                                                  1. 4

                                                                                                    postgresql provides indexing for json objects, so it makes a lot of sense to use it even for this kind of use case. Even sqlite has some json support these days.

                                                                                                2. 2

                                                                                                  I am not convinced to store tons of small files individually, they are usually less than 1kb. The overhead from inode will waste 75% of a 4k, and you will also run out of inodes pretty quickly if your fs is not tuned for tons of small files.

                                                                                                  1. 3

                                                                                                    inodes are a legacy filesystem problem. Use ZFS :)

                                                                                                    1. 1

                                                                                                      The idea behind federation would be that most instances would have a small number of users with small local storage needs.

                                                                                                  2. 1

                                                                                                    Not really for recent releases, you need at least 512MB for a stable instance. Pleroma itself use <200MB RAM, and postgresql can use another 200MB, depends on your configuration.

                                                                                                3. 10

                                                                                                  Total RSS for my Pleroma instance on Arch x86_64 (which is extremely lightly used) is ~115MB. There’s a bunch of other RSS being used by the Postgres connections but that’ll depend on your precise configuration.

                                                                                                  For comparison, my honk instance on Arch armv7l is using 17MB (but it admittedly bare-bones compared to Pleroma.)

                                                                                                  1. 2

                                                                                                    How is honk working for you? Do you want to share a link to your instance? I’ve been considering installing it myself. It seems cool, but the only honk deployment I’ve seen in the wild is the developer’s. If we’re talking about saving resources, honk seems to be better for that than Pleroma :)

                                                                                                    1. 3

                                                                                                      I run it for my single user instance. Haven’t tried upgrading since I installed it.

                                                                                                      It generally works as expected, if a little rough - I edited a bunch of the default templates and found the terminology a little obtuse, and threads where some replies are private don’t show any indication which can be a bit confusing.

                                                                                                      I may setup Plemora at some point, as I would like the extra features, but I might never get around to it because honk is so trouble-free and works alright.

                                                                                                      1. 2

                                                                                                        Pretty well - I just run the binary in a screen session on one of my servers for now.

                                                                                                        https://honk.rjp.is/ - mainly using it as a publish-on-your-own-space feeder for tweets via IFTTT.

                                                                                                        1. 3

                                                                                                          Have you looked into crossposting using one of the open source crossposters?

                                                                                                          I’m assuming that they won’t work because honk has fewer features than Mastodon, but I don’t actually know.

                                                                                                          1. 2

                                                                                                            I did try moa for a while but the link [from moa to twitter] kept disappearing for some reason - I did intend to self-host it but never got around to it. IFTTT is easier for now and if I want to shift off IFTTT, I’ve already got “RSS to Twitter” code for other things I can easily repurpose.

                                                                                                            [edited to clarify “link”]

                                                                                                    2. 4

                                                                                                      Fwiw it’s a bit over 300MBs on my (single user) instance.

                                                                                                      1. 3

                                                                                                        I still think that 300MB is a lot, especially when cheaper VPS can have only 500MB of RAM.

                                                                                                        1. 3

                                                                                                          In fairness, 512 mb is a ridiculously low amount of memory.

                                                                                                          Nowadays it’s possible to configure a physical system with 128c/256t and literally terabytes of ram and we’re still paying 2013 prices for 1c/512mb VPS instances.

                                                                                                          Think about this.

                                                                                                          1. 1

                                                                                                            I’ve been mostly using (and recommending) the smallest hetzner vps instances, which have 2gb of ram and cost just under 3 euro per month. although looking at lowendbox, i see that you can get a 1gb vps for $1 per month.

                                                                                                    1. 16

                                                                                                      I’ve asked this the last time, but does anyone know why “rewritten in rust” and “overuse of colour and emojis” correlate? I have no need to switch from coreutils, but as someone who disables colours in my terminal sessions, I wouldn’t even want to (with the exception of ripgrep, where I get the technical advantage over rgrep).

                                                                                                      1. 31

                                                                                                        I kind of think that “overuse of color and emojis” is a bit of an oversimplification, but I take your meaning. Or at least, I might say, “more thought and care given toward the overall user experience.” However, you might disagree with that, since you might think that colors and emojis actually make the user experience worse. (Although, to be honest, I’m not sure how much these tools use emojis.) With that said, I think it’s at least reasonable to say that many of the “new” tools (and not just Rust) are at least paying more attention to improving the overall user experience, even if they don’t actually improve it for every user. For example, I know for ripgrep at least, not everyone likes its “smart” filtering default, and that is absolutely a totally reasonable position to have. There’s a reason why I always include smart filtering in every short description of ripgrep; if you aren’t expecting it, it is not only surprising but frightening, because it violates your assumptions of what’s being searched. It’s a disorienting feeling. I know it all too well.

                                                                                                        As for why this is happening, I’m not sure. If we wanted to get hand wavy about it, my personal take is that it’s some combination of lower barriers to entry to writing these kinds of tools and simultaneously providing more head space to even think about this stuff. So that means that you not only have more people entering the space of writing CLI tools, but you also have more breathing room to pay attention to the finer details of UX. This isn’t altogether surprising or unprecedented. Computing history is littered with building new and better abstractions on top of abstractions. As you move higher up the abstraction ladder, depending on the quality of said abstractions, you get more freedom to think about other things. This is, after all, one of the points of abstraction in the first place. And Rust is definitely an example of this IMO. And it’s not just about freeing yourself from worry about undefined behavior (something that I almost never have to do with Rust), but also about easy code reuse. Code reuse is a double edged sword, but many of these applications shared a lot of code in common that handle a lot of the tricky (or perhaps, “tedious” is a better word) details of writing a CLI application that conforms to common conventions that folks expect.

                                                                                                        I also don’t think it is the only phenomenon occurring either. I think building these kinds of tools also requires tapping into a substantial audience that no longer cares (or cares enough) about POSIX. POSIX is a straight jacket for tools like this, and it really inhibits one’s ability to innovate holistically on the user experience. The only way you can really innovate in this space is if you’re not only willing to use tools that aren’t POSIX compatible, but build them as well. My pet theory is that the pool of these people has increased substantially over the past couple decades as our industry has centralized on fewer platforms. That is, my perception is that the straight jacket of POSIX isn’t providing as much bang for its buck as it once did. That isn’t to say that we don’t care about portability. We do. There’s been a lot of effort in the Rust ecosystem to make everything work smoothly on Linux, macOS and Windows. (And POSIX is a big part of that for Unix, but even among Unixes, not everything is perfectly compatible. And even then, POSIX often doesn’t provide enough to be useful. Even something as simple as directory traversal requires platform specific code. And then there’s Windows.) But beyond that, things drop off a fair bit. So there’s a lot of effort spent toward portability, but to a much more limited set of platforms than in the older days. I think the reason for that is a nearly universal move to commodity hardware and a subsequent drop in market share among any platform that isn’t Windows, macOS or Linux.

                                                                                                        Sorry I got a bit rambly. And again, these are just some casual opinions and I didn’t try to caveat everything perfectly. So there’s a lot of room to disagree in the details. :-)

                                                                                                        1. 7

                                                                                                          Just to provide feedback as a user of ripgrep, xsv, bat, broot. I have experienced no annoyance with respect to colourization or emojification of my terminal emulator. If I had to hypothesize, I think easy Unicode support in Rust allows people to embed emojis so they do.

                                                                                                          1. 4

                                                                                                            The key is overuse. Some colour can sometimes be very helpful! Most most of these tools paint the screen like a hyperactive toddler instead of taking the time to think of what would improve the user’s experience.

                                                                                                            1. 26

                                                                                                              taking the time to think of what would improve the user’s experience

                                                                                                              I addressed this. Maybe they have taken the time to think about this and you just disagree with their choices? I don’t understand why people keep trying to criticize things that are border-line unknowable. How do you know how much the authors of these tools have thought about what would actually improve the user experience? How do you know they aren’t responding to real user feedback that asks for more color in places?

                                                                                                              We don’t all have to agree about the appropriate amount of color, but for crying out loud, stop insinuating that we aren’t taking the appropriate amount of time to even think about these things.

                                                                                                              1. 2

                                                                                                                “How much colour is too much colour” is kind of an empirical question; while design is certainly some matter of taste and trade-offs, generally speaking human brains all work roughly the same, so there is one (or a small range of) “perfect” designs. It seems quite a different problem than Ripgrep’s smart filtering you mentioned in your previous comment, which has more to do with personal preference and expectations.

                                                                                                                See for example these Attention management and Color and Popout pages; the context here is very different (flight control systems), but it’s essentially the same problem as colour usage in CLI programs. I don’t know if there’s more research on this (been meaning to search for this for a while, haven’t gotten around to it yet).

                                                                                                                Have some authors spent a long time thinking about this kind of stuff? Certainly. But it’s my observation based on various GitHub discussions and the like that a lot of the time it really does get added willy-nilly because it’s fashionable, so to speak. Not everything that is fashionable is also good; see the thin grey text on website fashion for example (which thankfully died down a wee bit now) which empirically makes things harder to read for many.

                                                                                                                When I worked on vim-go people would submit patches to the syntax highlighting all the time by adding something for some specific thing. Did that improve readability for some? Maybe, I don’t know. For a while most of these patches were accepted because “why not?” and because refusing patches is kind of draining, but all of the maintainers agreed that this added colouring didn’t really improve vim-go’s syntax highlighting and were superfluous at best. There certainly wasn’t a lot of thought put in to this on our part to be honest, and when we started putting thought in to it, it was too late and we didn’t want to remove anything and break people’s stuff.

                                                                                                                1. 6

                                                                                                                  “How much colour is too much colour” is kind of an empirical question; while design is certainly some matter of taste and trade-offs, generally speaking human brains all work roughly the same, so there is one (or a small range of) “perfect” designs. It seems quite a different problem than Ripgrep’s smart filtering you mentioned in your previous comment, which has more to do with personal preference and expectations.

                                                                                                                  While I agree that it’s a quantifiable question, there’s 2 classic problems here.

                                                                                                                  All quantifications in user design are “70% of users find this useful” for statement A, and “60 % don’t find it useful” for statement B. The often committed mistake is then assuming that you should implement “A & ^B”, ignoring that you now need to analyse the overlap.

                                                                                                                  The second is that good quantification are a lot of work and need tons of background knowledge, with standard books on color and interface perception doubling as effective close combat weapons.

                                                                                                                  A classic answer to the above problem is that good UI uses at least two channels, potentially configurable. So if if the group that doesn’t find B useful isn’t having problems with it, having both is a good option. Your cited Color and Popout page is a very good example of that. And it gracefully degrades for people that do e.g. not see color well. And especially emoji based CLI programs do that very well: Emoji don’t take up a lot of space, are easily differentiable, are accessible to screen readers while still keeping their symbolic character - the line afterwards is the thing for people that need the details.

                                                                                                                  While I agree with your fashion argument, but see it in a much more positive light: user interface trends have the benefit of making good basics the default - if they are successful. This is community practice learning - I would say that the phase of gray text made the design community realise that readability is not optional when reading text. This may seem trivial, but it isn’t unsurprising that this trend came up when visual splendor was much easier available in websites and the current focus of that time.

                                                                                                                  For a practical summary of research and reading, I can highly recommend “Information Visualization: Perception for Design” by Colin Ware. Take care, though, it was updated for the 4th Edition this year and many vendors still try to sell you the 3rd. For a book of around 70$, I’d hate if you fell into that trap ;). It’s the book I learned from in University courses and found it very accessible, practical, but also scientifically rigorous. It also spends a lot of time on when visual encoding should be applied, when not and especially has clarity and accessibility as its biggest goals.

                                                                                                                  Also, even scientific research isn’t protected of the fads you describe: for a long time, with enough computational power available, everyone tried to make visualisations 3 dimensional. That’s generally seen as a mistake today, because either you just add fake depth to you bar diagram while it still remains essentially 2D (wasting the channel), or you run into problems of perspective and occlusion, which make it hard to judge distances and relationships making you turn the image all the time, because 3D data is still projected on 2D. Reading 3D data is a special skill.

                                                                                                              2. 4

                                                                                                                What are some examples? Curious what makes you think that the authors did not consider user experience when implementing nonstandard features specifically in pursuit of user experience? No doubt their efforts may not land well with some of the users. I just think it’s a bit dismissive to assume that the authors didn’t put thought into their open source projects, and pretty rude to characterize the fruits of their labor as a “hyperactive toddler”.

                                                                                                                1. 8

                                                                                                                  As a personal data point: I use fd, ripgrep, and hexyl, and they’re fine. However, I tried exa (a replacement for ls) and exa -l colors absolutely everything, which I find overwhelming compared to ls -l (which for me colors just the file/directories/symlinks). To me it seems like exa developers pushed it a bit too far :-)

                                                                                                                  1. 5

                                                                                                                    Cool. It definitely seems that exa in particular colorizes a lot of things by default. My initial thought is “wouldn’t it be nice if I could customize this” and it turns out you totally can via the EXA_COLORS variable (see man exa).

                                                                                                                    I think the ideal colorized tool would roughly do the following: it would make coloring configurable, ship with reasonable defaults, and then some presets for users with disabilities, colorblindnesses, or those who prefer no color at all.

                                                                                                                    1. 2

                                                                                                                      exa -lgh --color=never

                                                                                                                      seems flag heavy but that’s just me and there’s probably more than one way to do it

                                                                                                                      1. 7

                                                                                                                        Flag heaviness doesn’t matter much in this case though, since it can be trivially aliased in shell configuration.

                                                                                                                    2. 3

                                                                                                                      compared to ls -l (which for me colors just the file/directories/symlinks).

                                                                                                                      This is likely local configuration, whether you’re aware of it or not. GNU ls will happily color more or fewer things, in different ways, based on the LS_COLORS environment variable and/or configuration files like ~/.dir_colors. See also the dircolors utility.

                                                                                                                      1. 1

                                                                                                                        Interesting, TIL. I don’t have a ~/.dir_colors but LS_COLORS is indeed full of stuff (probably added by fish?). In any case, exa was a bit much, the permissions columns are very very colorful. Maybe it’s to incentivize me to use stricter permissions 😂

                                                                                                                      2. 0

                                                                                                                        Agree. Most people’s shell prompts are essentially rainbow unicorn vomit.

                                                                                                                  2. 1

                                                                                                                    If we wanted to get hand wavy about it, my personal take is that it’s some combination of lower barriers to entry to writing these kinds of tools and simultaneously providing more head space to even think about this stuff

                                                                                                                    It seems plausible, adding colours or UI extensions sounds like a good “first patch” for people learning Rust and wanting to contribute to “real world” projects.

                                                                                                                    1. 6

                                                                                                                      That’s not exactly what I had in mind. The syntax highlighting that bat does, for example, is one of its central features AFAIK. I don’t know exactly how much integration work it took, but surely a decent chunk of the heavy lifting is being done by syntect. That’s what I mean by headspace and lower barriers to entry.

                                                                                                                  3. 17

                                                                                                                    why “rewritten in rust” and “overuse of colour and emojis” correlate?

                                                                                                                    JS community does the same. I think it’s not specific to Rust, but specific to “modern” rewrites in general (modern for better or worse).

                                                                                                                    I see a similar thing in C/C++ rewrites of old C software – htop and ncmpcpp both use colours while top and ncmpc did not. Newer languages, newer eyecandy.

                                                                                                                    1. 5

                                                                                                                      JS community does the same. I think it’s not specific to Rust, but specific to “modern” rewrites in general (modern for better or worse).

                                                                                                                      The phrase “modern” is a particular pet peeve of mine. It’s thrown around a lot and doesn’t seem to add anything to most descriptions. It is evocative without being specific. It is criticism without insight. Tell me what makes it “modern” and why that is good. The term by itself means almost nothing which means it can be used anywhere.

                                                                                                                      1. 2

                                                                                                                        AIUI “modern” as it relates to TUIs means “written since the ascendence of TERM=xterm-256color and Unicode support, and probably requires a compiler from the last 10 years to build.” Design wise it’s the opposite of “retro”

                                                                                                                        I don’t see how it’s a criticism (what’s it criticizing?), Or why every word needs to be somehow insightful, It’s just a statement that it’s a departure from tradition. It’s like putting a NEW sticker on a product. It doesn’t mean anything more than “takes more current design trends into account than last year’s model”

                                                                                                                        1. 1

                                                                                                                          I think a “new” sticker on a product tells you more than sticking “modern” in a software project page. At least you know it isn’t used/refurbished. What constitutes modern is a moving target. It may be helpful if you had knowledge of the domain in which it’s being used, but otherwise it’s just fluff.

                                                                                                                          Worse, I think it doesn’t present a nuanced view of the design choices that go into the product. In my mind it subtlety indicates that old is bad and new is good. That thinking discourages you from learning from the past or considering the trade offs being made.

                                                                                                                          Moreover I think it bugs me because I work in a NodeJS shop. When I ask people what’s great about a package they tell me it’s modern. It’s just modern this or modern that. It barely means anything. So maybe take this with a grain of salt.

                                                                                                                          1. 2

                                                                                                                            Huh. I think this must be a cultural difference. Working with C and C++ packages, ‘modern’ has a bit more meaning because of the significant changes that have happened in the languages themselves in a reasonably recent fraction of their existence. (For example, “modern” C++ generally avoids raw pointers, “modern” C generally doesn’t bother with weird corner cases on machines that aren’t 32 or 64 bit architectures I can currently buy)

                                                                                                                            It’s even true to a lesser extent in python, “modern” usually refers to async/generators/iterators as much as possible, while I agree that “modern” definitely does lack nuance, it fits in an apt package description and means roughly “architected after 2010,” and I think this is a reasonable use of 6characters.

                                                                                                                            1. 2

                                                                                                                              Here’s another way of looking at it:

                                                                                                                              You make a library. It’s nice and new and modern. You put up a website that tells people that your package is modern. The website is good, the package is good. It’s a solved problem so you don’t work on it any more. Ten years pass and your website is still claiming that it is modern. Is it? Are there other ways that you could have described your project that would still be valid in ten years? In twenty years?

                                                                                                                              The definition of modern exists in flux and is tied to a community, to established practices, and, critically, a place in time. It is not very descriptive in and of itself. It’s a nod, a wink, and a nudge nudge to other people in the community that share the relevant context.

                                                                                                                              1. 1

                                                                                                                                I definitely see your point, but I’d also argue that if I put something on the internet and left it alone for 10 years, it would be obvious that it’s “modern” (if it’s still up at all) is that of another age. If you’d done this 10 years ago, you’d likely be hosted by sourceforge, which these days is pretty indicative of inactivity. It also doesn’t change that your package is appreciably different than the ones serving a similar purpose that are older.

                                                                                                                                There are buildings almost 100 years old that count as “modern” (also, there are ‘modern’ buildings made after ‘postmodern’ ones. Wat?) It’s a deliberately vague term for roughly “minimal ornament, eschewing tradition, and being upfront about embracing the materials and techniques of the time” what “the time” is is usually obvious due to this (and IMO it is in software as well). The operative part isn’t that it’s literally new, more that it’s a departure from what was current. and when a modern thing gets old, it doesn’t stop being modern, it just gets sidelined by things labelled modern that embrace the tools and techniques of a later time. Architects and artists don’t have an issue with this, why should we?

                                                                                                                                Libuv is I think a good example IMO. I’d call it “modern”, but it’s not new. That said, it doesn’t claim to be.

                                                                                                                                Honestly, given how tricky it is for me to pin this down I feel like I should agree with you that it’s cruft, but I just… Don’t… I think it’s cause there’s such a strong precedent in art and architecture. Last time I was there, Half of the museum of modern art was items from before the Beatles.

                                                                                                                                I do think it sounds a bit presumptuous

                                                                                                                                1. 1

                                                                                                                                  Honestly, given how tricky it is for me to pin this down I feel like I should agree with you that it’s cruft, but I just… Don’t… I think it’s cause there’s such a strong precedent in art and architecture. Last time I was there, Half of the museum of modern art was items from before the Beatles.

                                                                                                                                  Haha, well, I think we’ll have to agree to disagree then.

                                                                                                                                  Ultimately, I’m being a bit of hardliner. There is value in short hand and to be effective we need to understand things in their context. I think being explicit allows you to reach a wider audience, but it is more work and sometimes we don’t have the extra energy to spread around. I’d rather have the package exist with imprecise language than have no package at all.

                                                                                                                      2. 2

                                                                                                                        That’s a fair point, I guess I have just been noticing more Rust rewrites, or haven’t been taking JS CLI-software seriously?

                                                                                                                        1. 6

                                                                                                                          I don’t blame you – I haven’t been taking JS software seriously either ;) Whenever I see an interesting project with a package.json in it I go “ugh, maybe next time”. Rust rewrites at least don’t contribute to the trend of making the software run slower more rapidly than the computers are getting faster.

                                                                                                                      3. 10

                                                                                                                        but as someone who disables colours in my terminal sessions

                                                                                                                        As someone who appreciates colors in the terminal, I’m pretty into it. I think it’s just a personal preference.

                                                                                                                        1. 2

                                                                                                                          Wrong, but ok ;)

                                                                                                                          But seriously: I don’t think so many tools and projects would be putting the effort into looking the way they do, if nobody wanted it. I just think that colour is better used sparingly, so that issues that really need your attention are easier to spot.

                                                                                                                        2. 10

                                                                                                                          Because it’s easy in Rust. It has first-class Unicode support, and convenient access to cross-platform terminal-coloring crates.

                                                                                                                          1. 5

                                                                                                                            I suspect that the pool of tool users has expanded to incorporate people with different learning styles, and also that as times change, the aesthetic preferences of new users track aesthetic changes in culture as a whole (like slang usage and music tastes).

                                                                                                                            Personally, I find color extremely useful in output as it helps me focus quickly on important portions of the output first, and then lets me read the rest of the output in leisure. I’ve been using *nix since I was a kid, and watching tools evolve to have color output has been a joy. I do find certain tools to be overly colorful, and certain new tools to not fit my personal workflow or philosophy of tooling (bat isn’t my cup of tea, for example). That said not all “modern” rewrites feature color, choose being the example that comes up for me immediately.

                                                                                                                            (On emojis I’m not really sure, and I haven’t really seen much emoji use outside of READMEs and such. I do appreciate using the checkmark Unicode character instead of the ASCII [x] for example, but otherwise I’m not sure.)

                                                                                                                            1. 3

                                                                                                                              I think it is more of a new tool trend than new language trend. I see similar issue in other new tools not written in Rust.

                                                                                                                              1. 2

                                                                                                                                Perhaps it’s simply that Rust has empowered a lot of young people, and young people like colors and emojis?

                                                                                                                                1. 1

                                                                                                                                  I wrote this blog post as an answer to this article. I am also wondering why this “overuse of color” is so popular among “rewritten in rust” kind of tools.

                                                                                                                                  1. 1

                                                                                                                                    I think this is generally true of CLI tools written since Unicode support in terminals and languages is commonplace. I don’t have any examples but I’ve gotten a similar impression from the go.community. I think emojis and colors in terminals are kind of in Vogue right now, as is rewriting things in rust, so… Yeah, that’s my hypothesis on the correlation.

                                                                                                                                    Aside, as someone with rather bad visual acuity and no nostalgia for the 80s, I like it.

                                                                                                                                  1. 1

                                                                                                                                    Is it available to download somewhere, or is that only for Google Android via the play store?

                                                                                                                                    1. 2

                                                                                                                                      I have bookmarked this address, it’s for the testing build of Firefox https://firefox-ci-tc.services.mozilla.com/tasks/index/mobile.v2.fenix.nightly.latest/arm64-v8a

                                                                                                                                      I found this address unnecessarily hard to find

                                                                                                                                      1. 1

                                                                                                                                        I used Aurora Store, after that FFUpdater picks it.

                                                                                                                                      1. 11

                                                                                                                                        Web browsers that will render the modern web cost millions of dollars to produce.

                                                                                                                                        Who else has the incentive to do that?

                                                                                                                                        Is he suggesting that someone (not him, presumably) fork Chrome and remove the extensions and features he doesn’t like, and backport security fixes weekly?

                                                                                                                                        Google’s incentives are clear, and no one is forced to run browsers with these featuresets he complains about.

                                                                                                                                        What, exactly, is he proposing, and to whom?

                                                                                                                                        1. 20

                                                                                                                                          What, exactly, is he proposing, and to whom?

                                                                                                                                          “I call for an immediate and indefinite suspension of the addition of new developer-facing APIs to web browsers. “

                                                                                                                                          The article is very short and doesn’t need a lot of interpretation. He simply wants the companies that create browsers to stop adding these new features and in some cases start removing them. This may happen with Firefox. By removing 25% of their workforce it might take a little bit longer to add new features.

                                                                                                                                          1. 9

                                                                                                                                            Firefox wants feature parity with Chrome.

                                                                                                                                            Google wants a large technical moat around browser competitors, as well as full, native-app-like functionality on ChromeOS devices (hence webmidi and webusb et c).

                                                                                                                                            Why would they stop? Because Drew said so?

                                                                                                                                            More importantly, why should they?

                                                                                                                                            1. 6

                                                                                                                                              Google wants a large technical moat around browser competitors

                                                                                                                                              More importantly, why should they?

                                                                                                                                              Should they be allowed to rig the market such that it’s impossible to compete in? It sounds like you agree they’re doing that, and I don’t see how that’s a good thing by anyone’s standards.

                                                                                                                                              1. 12

                                                                                                                                                It seems to me that Google is playing the embrace-extend-extinguish game, but in a different way: they’re extending the scope so broadly and with features so hard to implement that even companies comparable in size to Google don’t can’t compete against it (think of Microsoft dropping trident and forking chromium, and think of opera basically becoming a chromium skin)

                                                                                                                                                1. 1

                                                                                                                                                  Nobody’s rigging anything by releasing free software (Chromium).

                                                                                                                                                  1. 10

                                                                                                                                                    I’m not sure if that’s true. Google has arguably “won” the browser wars by open-sourcing chromium. Everyone (almost) chose to contribute to Google’s dominance rather than compete with them. You can’t realistically fork Chromium anyway, with the limited resources you left yourself with, so all you can do is contribute back to Google while sheepishly adopting everything they force upon you.

                                                                                                                                                2. 2

                                                                                                                                                  They shouldn’t stop because Drew said so. It looks like they’ll stop whenever this becomes a financial burden.

                                                                                                                                                  1. 2

                                                                                                                                                    We’ll end up with a situation like before, with IE 6: All competitors well and truly crushed with a more featureful, “better” browser, and then decide to throw in the towel when it comes to maintenance. Yay…

                                                                                                                                              2. 11

                                                                                                                                                Web browsers that will render the modern web cost millions of dollars to produce.

                                                                                                                                                Yes, and the proposal is to stop adding features to keep the cost from rising further.

                                                                                                                                                You know, there might be viable new competition, if writing a browser wouldn’t involve also writing a half-assed operating system, an USB stack, an OpenGL driver wrapper, …

                                                                                                                                                1. 2

                                                                                                                                                  I’m not sure that there is a legal or moral argument that they shouldn’t be permitted to. There certainly isn’t a logical one that, from their perspective, they shouldn’t.

                                                                                                                                                  1. 4

                                                                                                                                                    how is moral that a private american corporation has de facto unlimited power over a technology developed by thousands of people around the world over the years and it’s free to steer the future of such a critical technology? If Google behaves like Google, this will lead to the exploitation of billions of user around the world. This is the equivalent of buying out all the sources of water and then asking for money at the price you decide. Web Technologies are now necessary to create and operate the tools we use to reproduce socially, to work, to study, to keep families and communities together: letting a bunch of privileged techbros in California exploit these needs freely is in no way moral.

                                                                                                                                                    1. 3

                                                                                                                                                      It’s nothing like buying out the water supply. In this case there are still alternate browsers with differing feature sets.

                                                                                                                                                      1. 4

                                                                                                                                                        Not if Google keeps breaking the standards and no dev supports the alternative browsers. Yes, you can have nice browsers that work for niche sites, but that might become a separate web entirely that will be simply ignored by the vast majority of the users.

                                                                                                                                                      2. 1

                                                                                                                                                        Because steering is an abstraction, at any point you can use the version of Chromium from that day for all time if you so wish.

                                                                                                                                                        Google gets free expression just like anyone else does, and can add any features they like to their own free software project.

                                                                                                                                                        1. 1

                                                                                                                                                          A browser can be used only if the websites are compatible. The situation where chromium is a viable, secure option now might change in the future, rendering it a non-viable option. Why do you think Google will keep supporting chromium after winning this war? It might happen but it might not.

                                                                                                                                                  2. 1

                                                                                                                                                    Yeah, I don’t really understand.

                                                                                                                                                    His proposal seems to be “give the last vestiges of control over the web to Google”? It might make more sense if the title were “Google needs to stop”.

                                                                                                                                                    1. 2

                                                                                                                                                      At the moment, Google is deciding where web browsers go, approximately unilaterally. The two aren’t precisely equivalent, but they’re far too close for comfort.

                                                                                                                                                  1. 9

                                                                                                                                                    What is your favorite pitfall in Date?

                                                                                                                                                    Has to be toISOString(). Claims to return ISO8601, which contains the timezone offset, but instead it just gives you the GMT string, even though it’s perfectly aware of the timezone information:

                                                                                                                                                    // It's 15.44 in Europe/Warsaw
                                                                                                                                                    > dt.getTimezoneOffset()
                                                                                                                                                    -120
                                                                                                                                                    > dt.toISOString()
                                                                                                                                                    '2020-08-02T13:44:03.936Z'
                                                                                                                                                    
                                                                                                                                                    1. 5

                                                                                                                                                      That is a valid ISO 8601 timestamp. The ‘Z’ (“zulu”) means zero UTC offset, so it’s equivalent to 2020-08-02T15:44:03.936+02:00.

                                                                                                                                                      1. 3

                                                                                                                                                        Oh, it is valid, yes. It’s just less useful than one containing the TZ information that is stored in that Date object. It’s correct, but less useful than it could be (and with little extra effort).

                                                                                                                                                        1. 3

                                                                                                                                                          Ah, I misunderstood you, then. When you wrote “claims to return ISO 8601” I thought you meant that it wasn’t actually an ISO 8601 string.

                                                                                                                                                          So what you mean is that the “encoding” of the of the ISO 8601 string should reflect the local timezone of the system where you call .toISOString()? I.e. 2020-08-02T15:44:03.936+02:00 if you called .toISOString() on a CEST system and 2020-08-02T09:44:03.936-04:00 if you called it on an EDT system?

                                                                                                                                                          1. 2

                                                                                                                                                            I’d expect it to not lose the timezone information, given that it already uses a format that supports that information. It’s not incorrect, it’s just less useful that it could be. Perhaps that’s just the implementation, not the spec – but I’m yet to see it implemented differently. It’s not a huge deal, it’s just frustrating that it could’ve been better at a little cost and yet no one bothered, apparently.

                                                                                                                                                            It’s not about the system it’s called on – that determines the timezone that’s already in the object, as my code snipped showed. I’d expect the data that’s already there to be included in the formatting, instead of being converted to UTC, lost and disregarded. If implemented correctly better, toISOString could’ve been a nice, portable, lossless serialization format for Dates – but as it is, a roundtrip gives you a different date than you started with, because it will now always come back as UTC.

                                                                                                                                                            1. 2

                                                                                                                                                              I would actually assume that getTimezoneOffset is a class method that just looks at your system’s configured time zone and does not read anything from the Date object. I’m pretty sure the object does not store information about the timezone of the system in which it was generated, because it’s never needed. You can always convert to the timezone you want at read time.

                                                                                                                                                              This is also what PostgreSQL does. If you create a column for “timestamps with timezone” it will discard the timezone information at write time and just use UTC (because why not?). The only thing that is different when you choose a timestamp column with timezone is that at read time it will convert values from columns to the configured timezone. All it stores is the number of seconds since the epoch.

                                                                                                                                                              If you look at Firefox’s JS source, it looks like they also just store the seconds since the Unix epoch in a Date object, no timezone information: https://github.com/mozilla/gecko-dev/blob/d9f92154813fbd4a528453c33886dc3a74f27abb/js/src/vm/DateObject.h

                                                                                                                                                          2. 3

                                                                                                                                                            I don’t believe Date contains a time offset. As far as I’m aware, like many languages, the problem is not that the APIs ignore the time offset - they would have to silently reach into the client locale to get it, which would be misleading and make it easy to create bugs. the problem is that they named it “Date” when it’s really just a point in absolute time. Combine a Date with the client locale’s time offset and you’ve got yourself a date, but a Date is not a date.

                                                                                                                                                        2. 5

                                                                                                                                                          This is a namespacing error that’s common when methods are on objects like this. getTimezoneOffset is a property here of the client locale, not of the date time object.

                                                                                                                                                        1. 4

                                                                                                                                                          Seems like the Perl community is getting pretty lost. My team at work is still using Perl 5 for some pretty non-trivial applications, but there is no plan to ever change versions. Either keep maintaining or rewrite it in another language when we can. I imagine there are others in similar situations?

                                                                                                                                                          1. 6

                                                                                                                                                            I think you’re overestimating the cost of the version transition. If your team follows Perl’s best practices, they’re already not using the things that will be phased out. If they update to current Perl 5 versions, they’ll move on to Perl 5 and exhale in relief, not having to declare 10 lines of Modern Perl Boilerplate at the start of every file.

                                                                                                                                                            It’s nowhere close to a Huge Language Change. It’s mostly a culture shock, like leont mentions in the post, where the “stability first” mentality that’s been driving Perl for all this years is being phased out in favour of “let’s actually make the new, good features available by default”.

                                                                                                                                                            1. 3

                                                                                                                                                              I’m learning Perl5 (after a brief glimpse at Perl6/Rakudo and saying to myself that Perl6 does not seem to have rooted enough).

                                                                                                                                                              As I’m learning on my own, what cultural shock are you referring to ? I add to my learning bits of Perl, just ad hoc, at the moments I need some improvement, and that makes me learn something. (For example I’m not there yet to use what seems strikingly similar to OOP in Perl)

                                                                                                                                                              Is it the fact of always having use strict; use warnings; and always using my for variables? Or are there deeper coding rules ? In such case, what is the name, or a name, for this group of recommendations ?

                                                                                                                                                              1. 6

                                                                                                                                                                what cultural shock are you referring to ?

                                                                                                                                                                Like I mentioned in my post:

                                                                                                                                                                the “stability first” mentality that’s been driving Perl for all this years is being phased out in favour of “let’s actually make the new, good features available by default”

                                                                                                                                                                Perl5’s MO, for as long as I remember was “we never break old code, unless there is a really good reason. Everything should be backwards compatible by default”. It was not all roses, but the maintainers have stuck to it, for better or worse – a lot of progress was inhibited because of it. If you’re new to Perl you may have noticed that a lot of good features (like subroutine signatures) are locked out behind use experimental or similar: that’s because Perl really tries to not break old code. But because of this, the experience for a new programmer is really substandard – unless you know what to enable, the Perl you write is the Perl from roughly 20 years ago – hardly the best Perl there is.

                                                                                                                                                                If you’re new here, you’re the main benefactor of this culture shock – good for you, and welcome to the community :) The change will mostly hurt the “I have a Perl code from 2004 that I haven’t updated since” people – and they often don’t update their Perls anyway.

                                                                                                                                                                1. 2
                                                                                                                                                              2. 3

                                                                                                                                                                Perl 7 is still very far from workplace adoption, considering the project itself is still figuring it out. Its necessity is definitely obvious though. Perl is an awesome idea that should definitely keep being explored, nothing else is quite like it, so I think Perl 7 is a step in the right direction, they just need to figure out where to leave the footprints.

                                                                                                                                                                First build the new thing, then push for adoption. One step at a time.

                                                                                                                                                              1. 15

                                                                                                                                                                SawyerX’s keynote making this announcement laid out more of the rationale, how Perl 5.32 today begins reading a file as the perl of 20 years ago, then you have all the boilerplate bringing your into the modern world, and what burden that puts on newcomers.

                                                                                                                                                                Most things today will run okay under an interpreter that has all this on by default, but if you really, really want to stick to “no strict” by default it will be a one line change to get back. I don’t think this is going to be that burdensome for things like distros that have perl in the base for support scripts - I mean, hopefully they’re already strict safe.

                                                                                                                                                                1. 9

                                                                                                                                                                  A point I found interesting is that with this Perl (5) finally has a roadmap other than “let’s keep things as-is”. There was a hint that Cor, the new object system, may get included in one of the new releases as the object system to be used.

                                                                                                                                                                  Exciting times. Raku is cool and all, but Perl (5) has this peculiar elegance to it that I haven’t quite seen anywhere else. I’m happy to see the edges smoothed out.

                                                                                                                                                                  1. 7

                                                                                                                                                                    A point I found interesting is that with this Perl (5) finally has a roadmap other than “let’s keep things as-is”.

                                                                                                                                                                    There’s been one of those for about ten years, to be fair. 2000-2010 was kind of stagnant, development-wise, but with the 5.12 series in 2010 we got a yearly release cadence, a deprecation policy, a mechanism for ‘experimental’ features, a new policy on what goes in core, and more focus on new features to make the language nicer to use. Sure, the pace of development hasn’t been blazing fast, and we do still care a lot about back-compatibility (being realistic, if new users aren’t flocking in by the millions, you should at least take care of the ones you’ve got, and their legacy apps), but it’s been a real thing.

                                                                                                                                                                    Another thing that might not be immediately obvious to outsiders, but that’s been going on for ten years, is the outright encouragement of hacking the language from modules. Perl has always been flexible in that way, but since around 5.12 or 5.14 that’s been ramped up even more with features like keyword plugins, meaning that it’s been possible to create stuff like sub signatures and async/await as completely optional features that anyone can play with, and that can be developed outside of core, and then propose them for adoption as core features down the line.

                                                                                                                                                                    1. 3

                                                                                                                                                                      There’s been one of those for about ten years, to be fair

                                                                                                                                                                      Yes, good point. However, from my perspective it always felt like there was no clear vision in there, other than “let’s see what we can introduce without breaking anything”, and apart from sub signatures (which are still experimental, and I remember being excited about them on YAPC::NA 2013) and the syntax extension ops you mentioned there hasn’t really been anything major on the horizon. All the stuff prototyped in module space can, technically, end up in core one day – but when’s the last time that has happened? Even the aforementioned sub signatures happened only because of one dedicated guy who wasn’t allowed to use CPAN at work so he needed to put them in core.

                                                                                                                                                                      As 5.32 was approaching release, I had no idea if there’ll even be anything to be excited about. It’s comforting to see that there’s now a bold vision for the future. Sawyer’s talk really spoke to me – I’d like my Perl to by nice by default, rather than “I have enough years of experience to bend it into something nice, most of the time”.

                                                                                                                                                                      1. 3

                                                                                                                                                                        Yeah, no doubt. I like it too, I don’t mind seeing a little more boldness. It’s either do that or fade out entirely. I just want to give a little credit to all the cool folks who haven’t been sitting doing nothing since 2000. This is a culmination, not a bolt from the blue.

                                                                                                                                                                  2. 1

                                                                                                                                                                    The video is marked as private? Will it be publicly available later?

                                                                                                                                                                    1. 1

                                                                                                                                                                      Oh, they must have edited and reposted, I’ve updated the link.

                                                                                                                                                                      1. 1

                                                                                                                                                                        Thanks!

                                                                                                                                                                  1. 4

                                                                                                                                                                    Interesting read, but I don’t understand one detail of the argument: what makes Perl more secure than the other scripting languages mentioned?

                                                                                                                                                                    1. 13

                                                                                                                                                                      Taint checking comes to mind, and Perl has it. I think OpenBSD folks prefer tech where it’s easier to do the right thing; doing the right thing in shell or php can require more effort, with painstaking, error-prone effort to avoid pitfalls.

                                                                                                                                                                      1. 2

                                                                                                                                                                        ruby might be an interesting alternative, but I would assume it doesn’t support nearly as many platforms or architectures as perl.

                                                                                                                                                                        EDIT: huh. Apparently ruby removed taint checking in 2.7.

                                                                                                                                                                        1. 10

                                                                                                                                                                          Ruby code ages poorly compared to perl, though. I’ve been on too many projects where code written in ruby a year or two earlier at most had already been broken by language or dependency changes.

                                                                                                                                                                          1. 2

                                                                                                                                                                            To be fair, OpenBSD controls base, so they could keep a check on the dependency changes. Language changes are rarely breaking with Ruby, when was the last one?

                                                                                                                                                                            1. 5

                                                                                                                                                                              Now, you’ve got to start auditing upstream for bug and security fixes, and backporting them, rather than just updating when needed.

                                                                                                                                                                              Forking is a bunch of work – why do it when there’s a suitable alternative?

                                                                                                                                                                              1. 1

                                                                                                                                                                                We may be talking past each other here. I said that they could keep a check on the dependency changes, by which I meant that they would author code in such a way that it does not require external dependencies (or at least not few enough that they couldn’t vendor them), which wouldn’t be any different from what they’re doing with Perl already. This means that this downside of the Ruby ecosystem could be mitigated. And language changes they’d just have to accept and roll with, but I hold that Ruby rarely introduces breaking changes.

                                                                                                                                                                                OpenBSD will have to vendor $language_of_choice in any case because that’s how the BSDs’ whole-OS approach works.

                                                                                                                                                                                1. 2

                                                                                                                                                                                  Yes. I thought you meant essentially forking the shifting dependencies instead of fully avoiding them.

                                                                                                                                                                                  In any case, perl is there and in use, so switching would be a bunch of work to solve a non-problem.

                                                                                                                                                                            2. 1

                                                                                                                                                                              Yeah, you’re not wrong. Excellent point.

                                                                                                                                                                        2. 4

                                                                                                                                                                          Maybe the “use warnings” and “use strict”?

                                                                                                                                                                          1. 3

                                                                                                                                                                            That doesn’t bring any security though: it may give you a bit of safety, catching bugs earlier than in some other script languages.

                                                                                                                                                                            1. 6

                                                                                                                                                                              What would bring any security then, as opposed to just helping catch bugs? Barring “legitimate” cases of correct algorithms outliving their usefulness (e.g. the math behind crypto algorithms getting “cracked” to the point where it’s feasible to mount attacks on reasonably-priced hardware) virtually all security issues are bugs. Things like shell injections are pretty easy to miss when writing shell code, no matter how careful you are.

                                                                                                                                                                              1. 1

                                                                                                                                                                                Probably the taint mode that the other commenter mentioned

                                                                                                                                                                                1. 3

                                                                                                                                                                                  But that’s exactly what taint checking does: it helps you catch bugs that occur due to executing stuff that’s under the user’s control. Some of these can be exploited for security reasons, but security isn’t the only reason why you want this – it’s just as good at preventing a user enumeration attack as it is at preventing accidental “rm -rf /”

                                                                                                                                                                              2. 2

                                                                                                                                                                                I thought the same. I figure the OpenBSD people know what they are talking about but I am still not really clear on what Perl has over Tcl, for example. Hopefully a Perl monk will show up and clarify.

                                                                                                                                                                          1. 9

                                                                                                                                                                            Definitely Gtk.

                                                                                                                                                                            Qt always feels like it’ll be the best choice, but then you’re either stuck with writing C++ (and it’s not even “normal” C++), or using bindings that tend to cut corners because cooperating with QtC++ is too tricky and awkward.

                                                                                                                                                                            I recently hit that when trying to write a Qt GUI for a Rust program: the bindings existed, but were not capable of creating their own QObjects – so forget about spinning up a worker thread that can talk to the UI sensibly (perhaps you could somehow, but the documentation was insufficient, and mostly randomly generated).

                                                                                                                                                                            By comparison, gtk.rs has fantastic, idiomatic bindings, and a mpsc channel replacement that talks over glib’s event loop. I’m not sure if it’s all because of it being C-backed and thus easier to talk to, but I remember the same thing when doing GUI in Perl back in the day: Qt bindings existed, Gtk bindings were good.

                                                                                                                                                                            1. 2

                                                                                                                                                                              +1 for Gtk. They’ve put a lot of work into their multiple language support of late, so you can code in Javascript or Python just as easily as you can in C or Vala.

                                                                                                                                                                              1. 1

                                                                                                                                                                                I recently hit that when trying to write a Qt GUI for a Rust program: the bindings existed, but were not capable of creating their own QObjects

                                                                                                                                                                                Out of interest, which rust Qt bindings did you try? I experimented with qmetaobject-rs (https://woboq.com/blog/qmetaobject-from-rust.html) a few months back. Using qmetaobject-rs itself seemed ok, but the project I tried to implement consisted of some tree-shaped data which I wanted the GUI to view and modify. However, when I tried to represent the data in rust, I couldn’t find an idiomatic way to represent a tree in rust. The only information I could find online suggested breaking out of rust’s ownership model by storing the tree’s nodes in an “Arena”. Essentially I ended up with an application that was part qml (fine), part bindings and boilerplate to marshal data between qml and rust (could be an acceptable cost if we get the best of both worlds…) and a bunch of rust code which was mostly just working around rust, not benefiting from it. At that point, I abandoned it.

                                                                                                                                                                                In case it isn’t obvious, I am not a Rust programmer. I keep trying to learn it, but so far I can’t seem to find the right project to try it out on (I also tried writing some rust in a functional style a while back, but despite borrowing many ideas from functional programming, rust doesn’t feel like a good functional programming language (which is fine, I don’t think it’s meant to be one)). I suspect that most of my issues with rust are that I am trying to write Haskell in Rust, or trying to write C++ in Rust, instead of writing in Rust. I am still on the lookout for how to represent hierarchical data properly in Rust.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  I used rust-qt, aka ritual: https://rust-qt.github.io/. Back then it was the only access to “raw Qt” that I could find on areweguiyet.com (nowadays it doesn’t seem to be there at all). qmetaobject-rs look a bit more fleshed out but also QML-centric: I could find any examples of its use with plain old QtGUI so I gave up on it – perhaps prematurely.

                                                                                                                                                                                  I suspect that most of my issues with rust are that I am trying to write Haskell in Rust, or trying to write C++ in Rust, instead of writing in Rust

                                                                                                                                                                                  That was very much I experience when I started off with Rust: I kept writing things and thinking to myself “this would’ve Just Worked in C! Why is this so hard!?”. After a while the Rust Mindset clicks in and everything becomes fairly obvious from the get go – I found myself fighting the borrow checker a lot less the when I started subconsciously designing my programs in a way that it’s obvious what owns what. I imagine your experience might be negatively impacted by the fact that you’re trying to marry it to Qt which has its own mindset of what things are and how they talk, to it reinforces your regular habits and thus making Rust seem even more unnatural in this whole puzzle.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    qmetaobject-rs look a bit more fleshed out but also QML-centric

                                                                                                                                                                                    It certainly is QML-centric. Whether that’s a good thing depends of course whether you want to use QML. Personally, I quite like QML, as long as it’s being used as a declarative UI description language, delegating all the heavy lifting to C++ or another language.

                                                                                                                                                                                    I imagine your experience might be negatively impacted by the fact that you’re trying to marry it to Qt

                                                                                                                                                                                    This is an excellent point.

                                                                                                                                                                              1. 3

                                                                                                                                                                                I don’t get the excitement for the PinePhone, and I’ve owned a Palm Pre, a Nokia N900 and a Sailfish Jolla. The problem with all of these is mostly software. For the N900 and Jolla (I think) you had poor documentation and had to create RPMs. Tolerating this is far too much of an ask for the average mobile dev, and without them you’ll have 2 or 3 apps a day instead of the thousands on other platforms. You need to ship an IDE with a “Build now” button that packages it for you, and a second button to upload it to your (free) developer account.

                                                                                                                                                                                Succeeding on the mobile landscape enough to have a 2nd gen model, or even keeping their software updated, is going to take sales to more than hobbyists - and that means quality software tools and documentation. IMHO the hardware is mostly secondary, since most mobile chipsets these days can deliver a good enough “first version” to prove the model. I hope I’m wrong, but I’m not hopeful for the PinePhone.

                                                                                                                                                                                1. 2

                                                                                                                                                                                  You need to ship an IDE with a “Build now” button that packages it for you, and a second button to upload it to your (free) developer account

                                                                                                                                                                                  I don’t think that Jolla is really that far off with this. Using the Sailfish SDK you have a build now button, and then a run/deploy button that installs it and runs directly on the phone connected over a USB cable. You don’t even need to know what RPMs are: in fact, one of the deployment options skipped it entirely in favour of just rsyncing the files. Unless you mean the actual, „production” deployment: then yes, you need to build all the RPMs and submit it to a website manually. Harbour is criminally underdeveloped.

                                                                                                                                                                                  As for poor documentation, agreed: Sailfish app development is full of tribal knowledge :/

                                                                                                                                                                                  1. 2

                                                                                                                                                                                    And it’s a shame, because Sailfish seems to have failed without having the basics in for developers - what did they expect? It’s like having a website with a malfunctioning shopping cart and wondering why you went bankrupt.

                                                                                                                                                                                    1. 3

                                                                                                                                                                                      Funny you should mention that specifically: over 5 years after it’s been first released Sailfish still has no support for paid apps: and I remember it being asked for at least as long as I’ve lurked on #mer-meeting for the weekly community chats.

                                                                                                                                                                                      And then there’s the missing APIs… Qt has a standard library for displaying tiled maps with simple overlays. A Map { } is literally an import away. For some reason, that API is still not allowed in Harbour, so if you want a map-using app in the official Jolla Store, good luck rolling out your own map renderer. And examples like these go on and on: to the point where the de-facto store with state-of-the-art apps is the unofficial https://openrepos.net/, with actual depedency management, no artificial restrictions and even trivial things like being notified on user comments about your apps.

                                                                                                                                                                                  2. 2

                                                                                                                                                                                    I’m personally excited by it because it’s a $200 phone that’s actively manufactured with (nearly) mainline’d drivers. I’ve got the braveheart version and it’s amazing to have a phone that I know I won’t have to recycle just because google decided to stop releasing updates for.

                                                                                                                                                                                    AFAIK, with most phone SOCs there are non-opensource drivers that are provided from the mfg, that can’t be up-streamed, which makes you dependent on the mfg to provide updates.

                                                                                                                                                                                    Also, I don’t see the limited selection of apps as a strong negative. Can you really say with a straight face that the vast majority of those 1000s of apps are beneficial to you in any way? I don’t personally see this as a more is better situation. You just need to search any store for “flashlight” to see that it’s really more of a problem that a benefit. I’d much rather have an opinionated repository of applications that someone has done at least a minimum amount of vetting to check that’s they apps it contains aren’t actively and explicitly harmful. And with the pinephone anyway it’s not like you’re opting into a walled garden, it’s more like a selection of different gardens with paving stones that someone has laid to show where they have checked it’s safe to step. But you can always walk where ever you want (and just go pipe some curl to sh because a readme told you to).

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      Also, I don’t see the limited selection of apps as a strong negative. Can you really say with a straight face that the vast majority of those 1000s of apps are beneficial to you in any way? I don’t personally see this as a more is better situation.

                                                                                                                                                                                      At the end of the day, those apps are needed for the PinePhone to have a future. Or else you’ll just have a repeat of the kind of apps that F-Droid already has.

                                                                                                                                                                                      1. 3

                                                                                                                                                                                        I don’t think having thousands of flashlight apps that all want to track your location and phone history is ‘needed’.

                                                                                                                                                                                        1. 1

                                                                                                                                                                                          Location and phone history tracking aside, apps that hobbyists don’t necessarily want are maybe a path to success. Otherwise it’s a repeat of WebOS, Maemo and Sailfish.

                                                                                                                                                                                          1. 1

                                                                                                                                                                                            What makes you think that Pine64 (and Purism, for that matter) are measuring success based on market share vs. Android/iOS? Dismissing alternative mobile operating systems because they don’t have a goal of immediate world domination is silly. These options can still be successful even if your grandma isn’t using it.

                                                                                                                                                                                            1. 2

                                                                                                                                                                                              I’m not advocating for world domination, just staying afloat long enough for us to see this going somewhere. As I’ve mentioned, I’ve owned a number of alt phones and they all end up folding. I see nothing different about this one.

                                                                                                                                                                                              1. 1

                                                                                                                                                                                                Sailfish/Jolla hasn’t folded. WebOS and Maemo/Meego/Tizen folded because they were trying to achieve world domination, and therefore had a massive uphill battle to win in order for the companies investing in them to see it as a success.

                                                                                                                                                                                                1. 2

                                                                                                                                                                                                  Jolla doesn’t make hardware anymore, right? Would that be an acceptable outcome for Pine64?

                                                                                                                                                                                                  Regardless, hardware doesn’t really matter in the end. It’s all about software and solving problems for users. Relying on free software is not a winning strategy long term. Hence the “year of Linux on the desktop” recurring joke. If we rely on the average FLOSS app on mobile to be the poster child for PinePhone, people will just flock to other platforms because they work better. Design is not opensource software’s forté.

                                                                                                                                                                                        2. 1

                                                                                                                                                                                          There’s clearly a large space between what’s in the google play store and the f-droid repos. I agree with you that a phone that only had access to f-droid wouldn’t be successful. (And I say that as someone that gets as many apps as I can from f-droid.) But I think the pinephone is better off nearer the f-droid end than the play store end.

                                                                                                                                                                                          I feel like desktop linux is a better comparison since most of the OS options for the pinephone are basically that with a compressed UI. Places like flat-hub have both open source and closed source software. There’s many more recognizable apps available. f-droid is much more focused on open source only because the play store already exists so it doesn’t need to cater to users looking to use closed source software.

                                                                                                                                                                                          We’re getting really far away from your original question that I was giving my answer to, I’ll just say (and I may not have made this super clear in my earlier reply): I’m excited for the pinephone, not because the ecosystem as it exists today is ready to be my one and only phone, but because the hardware that does exist seems to be a great vehicle for the software ecosystem to mature on. The fact that the kernel portions are all either already mainline or well on their way, it means that it won’t get left behind in the same way the previous best options would.

                                                                                                                                                                                          That combined with the fact that pine aren’t trying to do everything themselves and are leaving the software up to the community means that development of the higher-level parts of the software stack that don’t yet exist will continue to be made almost no matter what.

                                                                                                                                                                                          1. 2

                                                                                                                                                                                            I install 100% of the apps I use from f-droid. Sure, it means I miss out on the latest android app trends (at least until there’s a FOSS clone or client on f-droid), but the device I have now is still far more functional even with this ‘limitation’ than one from 10 years ago.

                                                                                                                                                                                            1. 1

                                                                                                                                                                                              Yeah, it’s definitely possible and I’d be right there with you if it weren’t for the fact that my job depends on having access to an app that requires the play store APIs (or an iPhone). However, I don’t really think that a phone that only had access to f-droid would be enough of a commercial success to sustain it’s own development costs, as much as I’d love to see one succeed. It’s a just too much of a niche of a niche of a niche.

                                                                                                                                                                                              1. 4

                                                                                                                                                                                                The key thing about the pinephone is that it doesn’t need to be a commercial success. It’s a labour of love from a company that already has a thriving income from their SoC business. Iirc they’re even selling the hardware at cost. So this isn’t a one-shot-or-bust project like most other linux phones - they can provide the breathing time for a community to gel around the platform and maybe solve the chicken-and-egg problem of not having any software because there isn’t any supported hardware.

                                                                                                                                                                                    1. 0

                                                                                                                                                                                      I hate these use-ids & fragments for magical behavior - it messes up my browsing history and it’s annoying. I would expect a JS solution if JS is possible and an optional fallback to ids only when no JS is executed.

                                                                                                                                                                                      1. 22

                                                                                                                                                                                        This is literally plain HTML. If something is magical here, it is the usage of javascript to emulate a behavior that has been standard in the web since the nineties.

                                                                                                                                                                                        1. 5

                                                                                                                                                                                          I gave up on the back button roughly a decade ago.

                                                                                                                                                                                          1. 3

                                                                                                                                                                                            I wanted to ask you what kind of browser would do such a silly thing, but apparently that’s (also?) what Firefox does: fragments do get added to history, and all the “back” button does is dropping the fragment.

                                                                                                                                                                                            I still find it peculiar that there’s even a need for such button (on PC I have a Home button, and on mobile providing one should be the browser’s job imo), but seems like there is a good reason why people use JS for this after all.

                                                                                                                                                                                            1. 24

                                                                                                                                                                                              I like that it gets added to the history. You can press a link to a reference or footnote, and then press back to go to where you were.

                                                                                                                                                                                              1. 4

                                                                                                                                                                                                There has been a craze for “hash-bang URLs” that abused URL fragments for keeping state and performing navigation. This let JS take over the whole site and make it painfully slow in the name of being a RESTful web application.

                                                                                                                                                                                                That was when HTML5 pushState was still too poorly supported and too buggy to be usable. But we’re now stuck with some sites still relying on the hashbang URLs, so removing them from history would be a breaking change.

                                                                                                                                                                                                1. 2

                                                                                                                                                                                                  It’s always crazy to see how people abuse the anchor tag. My favourite personal abuse is I kept finding that SysAdmins and IT were always just emailing cleartext credentials for password resets and during pentests I’d often use this to my advantage (mass watching for password reset emails for example). So I jokingly ended up writing a stupid “password” share system that embedded crypto keys in the hash url and would delete itself on the backend after being viewed once: https://blacknote.aerstone.com/

                                                                                                                                                                                                  Again, this is stupid for so many reasons, but I did enjoy abusing it for the “doesn’t send server side” use case. EDIT: I originally had much more aggressive don’t use this messages, but corporate gods don’t like that.

                                                                                                                                                                                                  1. 1

                                                                                                                                                                                                    One useful trait of hash-bang URLs is that your path is not sent to the server. This is useful for things like encryption keys. MEGA and others definitely use this as lawful deniability that they cannot reveal the contents of past-requested content. Though, if given a court order I suppose they can be forced to reveal future requests by placing a backdoor in the decryption JS.

                                                                                                                                                                                                2. 2

                                                                                                                                                                                                  Hmmm that’s a good point, and not something I had considered. Thanks for the feedback.

                                                                                                                                                                                                1. 12

                                                                                                                                                                                                  As we can see the pool of people willing to work on Perl projects is shrinking fast.

                                                                                                                                                                                                  This may be true, but it’s a bit of a stretch to say that “we can see” anything based on what appears to be a made up graph.

                                                                                                                                                                                                  1. 5

                                                                                                                                                                                                    Yeah, I’m not so sure that the number of people able and willing to work with Perl is that close to 0. I know a number of people under 35 who have worked with it (including myself, although I’m pretty close to turning 35 😅)

                                                                                                                                                                                                    1. 5

                                                                                                                                                                                                      Sounds like author is living in their own bubble ;) I work for two different Perl companies and hardly anyone is over the age of 35.

                                                                                                                                                                                                      1. 5

                                                                                                                                                                                                        I agree. Perl consultants and distributors have told me that if anything, the Perl mindshare is growing. People are rediscovering it, and using it for new projects because it is ubiquitous, mature, and way more capable today than it was 20 years ago.

                                                                                                                                                                                                        Sure, other languages might grow faster, but what’s getting smaller is a slice of the ever-increasing pie of developers, so it’s still increasing in absolute numbers.

                                                                                                                                                                                                        1. 3

                                                                                                                                                                                                          In the company I work in, there is significant number of perl scripts that are powering the infrastructure which is used every day, plus some people are using perl to write new scripts (for one-time jobs, after few months those scripts will be tossed out).

                                                                                                                                                                                                      2. 2

                                                                                                                                                                                                        That graph was made up, but this one isn’t:

                                                                                                                                                                                                        https://trends.google.com/trends/explore?date=all&q=Ruby%20-%20Programming%20Language,Python%20-%20Programming%20language,Perl%20-%20Programming%20Language

                                                                                                                                                                                                        And I just looked on indeed, and saw 1932 Perl jobs (“perl developer”), 2679 ruby jobs (“ruby developer”), and 15867 python jobs (“python developer”).

                                                                                                                                                                                                      1. 1

                                                                                                                                                                                                        Any thoughts on the effects of auto-complete on the developer? Eg faster typing, but less familiarity with the language because of reduced memory effort.

                                                                                                                                                                                                        1. 4

                                                                                                                                                                                                          In my experience it mostly saves the time that I’d usually spend going to the documentation website, finding the type that I need and scrolling through the methods to find the one that I want – I usually remember the “it’s in there somewhere” part but not the name. Autocompletion is a huge timesaver. I don’t feel like it’s a different learning experience, the end result is pretty much the same.

                                                                                                                                                                                                          1. 3

                                                                                                                                                                                                            For me, ide features are not about time, they are about flow. In an IDE, I am writing a depth first search, in a bare text editor, I am fixing the text of my code to conform to the actual syntax of the language.