1. 4

    Interesting read, but I don’t understand one detail of the argument: what makes Perl more secure than the other scripting languages mentioned?

    1. 12

      Taint checking comes to mind, and Perl has it. I think OpenBSD folks prefer tech where it’s easier to do the right thing; doing the right thing in shell or php can require more effort, with painstaking, error-prone effort to avoid pitfalls.

      1. 2

        ruby might be an interesting alternative, but I would assume it doesn’t support nearly as many platforms or architectures as perl.

        EDIT: huh. Apparently ruby removed taint checking in 2.7.

        1. 9

          Ruby code ages poorly compared to perl, though. I’ve been on too many projects where code written in ruby a year or two earlier at most had already been broken by language or dependency changes.

          1. 2

            To be fair, OpenBSD controls base, so they could keep a check on the dependency changes. Language changes are rarely breaking with Ruby, when was the last one?

            1. 5

              Now, you’ve got to start auditing upstream for bug and security fixes, and backporting them, rather than just updating when needed.

              Forking is a bunch of work – why do it when there’s a suitable alternative?

              1. 1

                We may be talking past each other here. I said that they could keep a check on the dependency changes, by which I meant that they would author code in such a way that it does not require external dependencies (or at least not few enough that they couldn’t vendor them), which wouldn’t be any different from what they’re doing with Perl already. This means that this downside of the Ruby ecosystem could be mitigated. And language changes they’d just have to accept and roll with, but I hold that Ruby rarely introduces breaking changes.

                OpenBSD will have to vendor $language_of_choice in any case because that’s how the BSDs’ whole-OS approach works.

                1. 2

                  Yes. I thought you meant essentially forking the shifting dependencies instead of fully avoiding them.

                  In any case, perl is there and in use, so switching would be a bunch of work to solve a non-problem.

            2. 1

              Yeah, you’re not wrong. Excellent point.

        2. 3

          Maybe the “use warnings” and “use strict”?

          1. 3

            That doesn’t bring any security though: it may give you a bit of safety, catching bugs earlier than in some other script languages.

            1. 6

              What would bring any security then, as opposed to just helping catch bugs? Barring “legitimate” cases of correct algorithms outliving their usefulness (e.g. the math behind crypto algorithms getting “cracked” to the point where it’s feasible to mount attacks on reasonably-priced hardware) virtually all security issues are bugs. Things like shell injections are pretty easy to miss when writing shell code, no matter how careful you are.

              1. 1

                Probably the taint mode that the other commenter mentioned

                1. 3

                  But that’s exactly what taint checking does: it helps you catch bugs that occur due to executing stuff that’s under the user’s control. Some of these can be exploited for security reasons, but security isn’t the only reason why you want this – it’s just as good at preventing a user enumeration attack as it is at preventing accidental “rm -rf /”

              2. 2

                I thought the same. I figure the OpenBSD people know what they are talking about but I am still not really clear on what Perl has over Tcl, for example. Hopefully a Perl monk will show up and clarify.

          1. 9

            Definitely Gtk.

            Qt always feels like it’ll be the best choice, but then you’re either stuck with writing C++ (and it’s not even “normal” C++), or using bindings that tend to cut corners because cooperating with QtC++ is too tricky and awkward.

            I recently hit that when trying to write a Qt GUI for a Rust program: the bindings existed, but were not capable of creating their own QObjects – so forget about spinning up a worker thread that can talk to the UI sensibly (perhaps you could somehow, but the documentation was insufficient, and mostly randomly generated).

            By comparison, gtk.rs has fantastic, idiomatic bindings, and a mpsc channel replacement that talks over glib’s event loop. I’m not sure if it’s all because of it being C-backed and thus easier to talk to, but I remember the same thing when doing GUI in Perl back in the day: Qt bindings existed, Gtk bindings were good.

            1. 2

              +1 for Gtk. They’ve put a lot of work into their multiple language support of late, so you can code in Javascript or Python just as easily as you can in C or Vala.

              1. 1

                I recently hit that when trying to write a Qt GUI for a Rust program: the bindings existed, but were not capable of creating their own QObjects

                Out of interest, which rust Qt bindings did you try? I experimented with qmetaobject-rs (https://woboq.com/blog/qmetaobject-from-rust.html) a few months back. Using qmetaobject-rs itself seemed ok, but the project I tried to implement consisted of some tree-shaped data which I wanted the GUI to view and modify. However, when I tried to represent the data in rust, I couldn’t find an idiomatic way to represent a tree in rust. The only information I could find online suggested breaking out of rust’s ownership model by storing the tree’s nodes in an “Arena”. Essentially I ended up with an application that was part qml (fine), part bindings and boilerplate to marshal data between qml and rust (could be an acceptable cost if we get the best of both worlds…) and a bunch of rust code which was mostly just working around rust, not benefiting from it. At that point, I abandoned it.

                In case it isn’t obvious, I am not a Rust programmer. I keep trying to learn it, but so far I can’t seem to find the right project to try it out on (I also tried writing some rust in a functional style a while back, but despite borrowing many ideas from functional programming, rust doesn’t feel like a good functional programming language (which is fine, I don’t think it’s meant to be one)). I suspect that most of my issues with rust are that I am trying to write Haskell in Rust, or trying to write C++ in Rust, instead of writing in Rust. I am still on the lookout for how to represent hierarchical data properly in Rust.

                1. 1

                  I used rust-qt, aka ritual: https://rust-qt.github.io/. Back then it was the only access to “raw Qt” that I could find on areweguiyet.com (nowadays it doesn’t seem to be there at all). qmetaobject-rs look a bit more fleshed out but also QML-centric: I could find any examples of its use with plain old QtGUI so I gave up on it – perhaps prematurely.

                  I suspect that most of my issues with rust are that I am trying to write Haskell in Rust, or trying to write C++ in Rust, instead of writing in Rust

                  That was very much I experience when I started off with Rust: I kept writing things and thinking to myself “this would’ve Just Worked in C! Why is this so hard!?”. After a while the Rust Mindset clicks in and everything becomes fairly obvious from the get go – I found myself fighting the borrow checker a lot less the when I started subconsciously designing my programs in a way that it’s obvious what owns what. I imagine your experience might be negatively impacted by the fact that you’re trying to marry it to Qt which has its own mindset of what things are and how they talk, to it reinforces your regular habits and thus making Rust seem even more unnatural in this whole puzzle.

                  1. 1

                    qmetaobject-rs look a bit more fleshed out but also QML-centric

                    It certainly is QML-centric. Whether that’s a good thing depends of course whether you want to use QML. Personally, I quite like QML, as long as it’s being used as a declarative UI description language, delegating all the heavy lifting to C++ or another language.

                    I imagine your experience might be negatively impacted by the fact that you’re trying to marry it to Qt

                    This is an excellent point.

              1. 3

                I don’t get the excitement for the PinePhone, and I’ve owned a Palm Pre, a Nokia N900 and a Sailfish Jolla. The problem with all of these is mostly software. For the N900 and Jolla (I think) you had poor documentation and had to create RPMs. Tolerating this is far too much of an ask for the average mobile dev, and without them you’ll have 2 or 3 apps a day instead of the thousands on other platforms. You need to ship an IDE with a “Build now” button that packages it for you, and a second button to upload it to your (free) developer account.

                Succeeding on the mobile landscape enough to have a 2nd gen model, or even keeping their software updated, is going to take sales to more than hobbyists - and that means quality software tools and documentation. IMHO the hardware is mostly secondary, since most mobile chipsets these days can deliver a good enough “first version” to prove the model. I hope I’m wrong, but I’m not hopeful for the PinePhone.

                1. 2

                  You need to ship an IDE with a “Build now” button that packages it for you, and a second button to upload it to your (free) developer account

                  I don’t think that Jolla is really that far off with this. Using the Sailfish SDK you have a build now button, and then a run/deploy button that installs it and runs directly on the phone connected over a USB cable. You don’t even need to know what RPMs are: in fact, one of the deployment options skipped it entirely in favour of just rsyncing the files. Unless you mean the actual, „production” deployment: then yes, you need to build all the RPMs and submit it to a website manually. Harbour is criminally underdeveloped.

                  As for poor documentation, agreed: Sailfish app development is full of tribal knowledge :/

                  1. 2

                    And it’s a shame, because Sailfish seems to have failed without having the basics in for developers - what did they expect? It’s like having a website with a malfunctioning shopping cart and wondering why you went bankrupt.

                    1. 3

                      Funny you should mention that specifically: over 5 years after it’s been first released Sailfish still has no support for paid apps: and I remember it being asked for at least as long as I’ve lurked on #mer-meeting for the weekly community chats.

                      And then there’s the missing APIs… Qt has a standard library for displaying tiled maps with simple overlays. A Map { } is literally an import away. For some reason, that API is still not allowed in Harbour, so if you want a map-using app in the official Jolla Store, good luck rolling out your own map renderer. And examples like these go on and on: to the point where the de-facto store with state-of-the-art apps is the unofficial https://openrepos.net/, with actual depedency management, no artificial restrictions and even trivial things like being notified on user comments about your apps.

                  2. 2

                    I’m personally excited by it because it’s a $200 phone that’s actively manufactured with (nearly) mainline’d drivers. I’ve got the braveheart version and it’s amazing to have a phone that I know I won’t have to recycle just because google decided to stop releasing updates for.

                    AFAIK, with most phone SOCs there are non-opensource drivers that are provided from the mfg, that can’t be up-streamed, which makes you dependent on the mfg to provide updates.

                    Also, I don’t see the limited selection of apps as a strong negative. Can you really say with a straight face that the vast majority of those 1000s of apps are beneficial to you in any way? I don’t personally see this as a more is better situation. You just need to search any store for “flashlight” to see that it’s really more of a problem that a benefit. I’d much rather have an opinionated repository of applications that someone has done at least a minimum amount of vetting to check that’s they apps it contains aren’t actively and explicitly harmful. And with the pinephone anyway it’s not like you’re opting into a walled garden, it’s more like a selection of different gardens with paving stones that someone has laid to show where they have checked it’s safe to step. But you can always walk where ever you want (and just go pipe some curl to sh because a readme told you to).

                    1. 1

                      Also, I don’t see the limited selection of apps as a strong negative. Can you really say with a straight face that the vast majority of those 1000s of apps are beneficial to you in any way? I don’t personally see this as a more is better situation.

                      At the end of the day, those apps are needed for the PinePhone to have a future. Or else you’ll just have a repeat of the kind of apps that F-Droid already has.

                      1. 3

                        I don’t think having thousands of flashlight apps that all want to track your location and phone history is ‘needed’.

                        1. 1

                          Location and phone history tracking aside, apps that hobbyists don’t necessarily want are maybe a path to success. Otherwise it’s a repeat of WebOS, Maemo and Sailfish.

                          1. 1

                            What makes you think that Pine64 (and Purism, for that matter) are measuring success based on market share vs. Android/iOS? Dismissing alternative mobile operating systems because they don’t have a goal of immediate world domination is silly. These options can still be successful even if your grandma isn’t using it.

                            1. 2

                              I’m not advocating for world domination, just staying afloat long enough for us to see this going somewhere. As I’ve mentioned, I’ve owned a number of alt phones and they all end up folding. I see nothing different about this one.

                              1. 1

                                Sailfish/Jolla hasn’t folded. WebOS and Maemo/Meego/Tizen folded because they were trying to achieve world domination, and therefore had a massive uphill battle to win in order for the companies investing in them to see it as a success.

                                1. 2

                                  Jolla doesn’t make hardware anymore, right? Would that be an acceptable outcome for Pine64?

                                  Regardless, hardware doesn’t really matter in the end. It’s all about software and solving problems for users. Relying on free software is not a winning strategy long term. Hence the “year of Linux on the desktop” recurring joke. If we rely on the average FLOSS app on mobile to be the poster child for PinePhone, people will just flock to other platforms because they work better. Design is not opensource software’s forté.

                        2. 1

                          There’s clearly a large space between what’s in the google play store and the f-droid repos. I agree with you that a phone that only had access to f-droid wouldn’t be successful. (And I say that as someone that gets as many apps as I can from f-droid.) But I think the pinephone is better off nearer the f-droid end than the play store end.

                          I feel like desktop linux is a better comparison since most of the OS options for the pinephone are basically that with a compressed UI. Places like flat-hub have both open source and closed source software. There’s many more recognizable apps available. f-droid is much more focused on open source only because the play store already exists so it doesn’t need to cater to users looking to use closed source software.

                          We’re getting really far away from your original question that I was giving my answer to, I’ll just say (and I may not have made this super clear in my earlier reply): I’m excited for the pinephone, not because the ecosystem as it exists today is ready to be my one and only phone, but because the hardware that does exist seems to be a great vehicle for the software ecosystem to mature on. The fact that the kernel portions are all either already mainline or well on their way, it means that it won’t get left behind in the same way the previous best options would.

                          That combined with the fact that pine aren’t trying to do everything themselves and are leaving the software up to the community means that development of the higher-level parts of the software stack that don’t yet exist will continue to be made almost no matter what.

                          1. 2

                            I install 100% of the apps I use from f-droid. Sure, it means I miss out on the latest android app trends (at least until there’s a FOSS clone or client on f-droid), but the device I have now is still far more functional even with this ‘limitation’ than one from 10 years ago.

                            1. 1

                              Yeah, it’s definitely possible and I’d be right there with you if it weren’t for the fact that my job depends on having access to an app that requires the play store APIs (or an iPhone). However, I don’t really think that a phone that only had access to f-droid would be enough of a commercial success to sustain it’s own development costs, as much as I’d love to see one succeed. It’s a just too much of a niche of a niche of a niche.

                              1. 4

                                The key thing about the pinephone is that it doesn’t need to be a commercial success. It’s a labour of love from a company that already has a thriving income from their SoC business. Iirc they’re even selling the hardware at cost. So this isn’t a one-shot-or-bust project like most other linux phones - they can provide the breathing time for a community to gel around the platform and maybe solve the chicken-and-egg problem of not having any software because there isn’t any supported hardware.

                    1. 0

                      I hate these use-ids & fragments for magical behavior - it messes up my browsing history and it’s annoying. I would expect a JS solution if JS is possible and an optional fallback to ids only when no JS is executed.

                      1. 22

                        This is literally plain HTML. If something is magical here, it is the usage of javascript to emulate a behavior that has been standard in the web since the nineties.

                        1. 5

                          I gave up on the back button roughly a decade ago.

                          1. 3

                            I wanted to ask you what kind of browser would do such a silly thing, but apparently that’s (also?) what Firefox does: fragments do get added to history, and all the “back” button does is dropping the fragment.

                            I still find it peculiar that there’s even a need for such button (on PC I have a Home button, and on mobile providing one should be the browser’s job imo), but seems like there is a good reason why people use JS for this after all.

                            1. 24

                              I like that it gets added to the history. You can press a link to a reference or footnote, and then press back to go to where you were.

                              1. 4

                                There has been a craze for “hash-bang URLs” that abused URL fragments for keeping state and performing navigation. This let JS take over the whole site and make it painfully slow in the name of being a RESTful web application.

                                That was when HTML5 pushState was still too poorly supported and too buggy to be usable. But we’re now stuck with some sites still relying on the hashbang URLs, so removing them from history would be a breaking change.

                                1. 2

                                  It’s always crazy to see how people abuse the anchor tag. My favourite personal abuse is I kept finding that SysAdmins and IT were always just emailing cleartext credentials for password resets and during pentests I’d often use this to my advantage (mass watching for password reset emails for example). So I jokingly ended up writing a stupid “password” share system that embedded crypto keys in the hash url and would delete itself on the backend after being viewed once: https://blacknote.aerstone.com/

                                  Again, this is stupid for so many reasons, but I did enjoy abusing it for the “doesn’t send server side” use case. EDIT: I originally had much more aggressive don’t use this messages, but corporate gods don’t like that.

                                  1. 1

                                    One useful trait of hash-bang URLs is that your path is not sent to the server. This is useful for things like encryption keys. MEGA and others definitely use this as lawful deniability that they cannot reveal the contents of past-requested content. Though, if given a court order I suppose they can be forced to reveal future requests by placing a backdoor in the decryption JS.

                                2. 2

                                  Hmmm that’s a good point, and not something I had considered. Thanks for the feedback.

                                1. 12

                                  As we can see the pool of people willing to work on Perl projects is shrinking fast.

                                  This may be true, but it’s a bit of a stretch to say that “we can see” anything based on what appears to be a made up graph.

                                  1. 5

                                    Yeah, I’m not so sure that the number of people able and willing to work with Perl is that close to 0. I know a number of people under 35 who have worked with it (including myself, although I’m pretty close to turning 35 😅)

                                    1. 5

                                      Sounds like author is living in their own bubble ;) I work for two different Perl companies and hardly anyone is over the age of 35.

                                      1. 5

                                        I agree. Perl consultants and distributors have told me that if anything, the Perl mindshare is growing. People are rediscovering it, and using it for new projects because it is ubiquitous, mature, and way more capable today than it was 20 years ago.

                                        Sure, other languages might grow faster, but what’s getting smaller is a slice of the ever-increasing pie of developers, so it’s still increasing in absolute numbers.

                                        1. 3

                                          In the company I work in, there is significant number of perl scripts that are powering the infrastructure which is used every day, plus some people are using perl to write new scripts (for one-time jobs, after few months those scripts will be tossed out).

                                      2. 2

                                        That graph was made up, but this one isn’t:

                                        https://trends.google.com/trends/explore?date=all&q=Ruby%20-%20Programming%20Language,Python%20-%20Programming%20language,Perl%20-%20Programming%20Language

                                        And I just looked on indeed, and saw 1932 Perl jobs (“perl developer”), 2679 ruby jobs (“ruby developer”), and 15867 python jobs (“python developer”).

                                      1. 1

                                        Any thoughts on the effects of auto-complete on the developer? Eg faster typing, but less familiarity with the language because of reduced memory effort.

                                        1. 4

                                          In my experience it mostly saves the time that I’d usually spend going to the documentation website, finding the type that I need and scrolling through the methods to find the one that I want – I usually remember the “it’s in there somewhere” part but not the name. Autocompletion is a huge timesaver. I don’t feel like it’s a different learning experience, the end result is pretty much the same.

                                          1. 3

                                            For me, ide features are not about time, they are about flow. In an IDE, I am writing a depth first search, in a bare text editor, I am fixing the text of my code to conform to the actual syntax of the language.

                                          1. 5

                                            Hah! I’m glad we made Stripe loading ondemand (not a moment before explicitly chooses Stripe as a payment option). It seemed obvious at the time for GDPR if nothing else, and has since been a massive PITA for customers with overly aggresive adblockers, but turns out we were right about this all along.

                                            1. 2

                                              Funny you should mention this. I think I probably failed my company’s evaluation of Stripe’s fraud prevention because of implementing it exactly like this (unintentionally, since the integration was many years ago). I understand the privacy tradeoff, but this tracking can help fight fraud by a lot.

                                            1. 7

                                              It should be “Stop Making Students Use Java” first.

                                              Not only due to my personal criticism against Java, but mostly because it limits you to the JVM instead of teaching students about the actual systems and platforms.

                                              1. 6

                                                I agree, but for somewhat different reasons – and I’ll rephrase that as “Stop making students use java first” :)

                                                From the first section of the article:

                                                A student who has not written an if statement doesn’t need to understand the philosophy behind putting each public class in its own file, or what public or “class” even means

                                                I completely agree. In that case, perhaps a language that forces you to start everything with “class” and follow it with “public static int main” is not the best choice?

                                                If you want to teach someone to write if statements and loops, provide a tool that allows them to do just that – eliminate the distractions rather than hiding them. Just like the article mentions later on:

                                                Use a language that teaches the fundamentals of the paradigm you’re interested in, like Scheme or Python. (Please, please not Java.)

                                                IDEs are not the main problem here. Java is. But an overly helpful IDE can also bring more harm than good.

                                                When I teach my students Python, I suggest them simple IDEs like Thonny because I don’t want to see them spending 60% of their time juggling windows around in order to see the results of what they wrote – only to realize that they forgot to save the file. At the same time, I discourage them from using something like PyCharm at least for the first few days, since the constant “help” of autocompletion makes them almost brainless – if autocomplete suggests something then it’s probably right! After all, I’m just a beginner! Sometimes I encounter self-made beginner programmers who did start with PyCharm, and now they don’t really know Python – they just know how to write Python in that IDE. That’s not very helpful either, even if it seemingly makes them effective quickly.

                                                1. 3

                                                  it limits you to the JVM instead of teaching students about the actual systems and platforms

                                                  Conversely, it enables one to concentrate on the programming language without having to delve into the minutuae of each hosting OS.

                                                  1. 1

                                                    If you provide the 100% pure Java-powered OS to the world, that would be true.

                                                  2. 3

                                                    but mostly because it limits you to the JVM instead of teaching students about the actual systems and platforms.

                                                    Most programming activity does not require you to know about the actual systems and platforms. And no matter how much you know about it there’s still a layer underneath so you gotta stop somewhere.

                                                    Java is still a terrible first lang tho.

                                                    1. 1

                                                      Most programming activity does not require you to know about the actual systems and platforms.

                                                      It sure doesn’t! Don’t get me wrong, I’m not pushing people to making their own memory management and doing syscalls at their first days.

                                                      But, right after you get out of the academic code (like, algorithms only, with strictly defined input and output) you might want to know how to do basic “operational” tasks. Most of the cases reading/writing to file(s) comes first, and you probably should know where to write, why you can’t write there, what you need to do first and why it doesn’t work on a Mac in the same way (because you put some assumptions into the code). This is where “knowing the platform” comes in.

                                                      That might sound silly for people around here, but there are quite a lot (mostly young) people who want “to code” but barely know what even a file is (mobile platforms are quite good at hiding that file abstraction from the user, I’m afraid of that trend moving onto bigger machines) or what’s a difference between process and thread (which isn’t obvious on mobile as well).

                                                  1. 3

                                                    Hopefully finishing Pillars of Eternity :)

                                                    And perhaps implementing pauses for my CLI work tracker.

                                                    1. 29

                                                      The 6-week release cycle is a red herring. If Rust didn’t have 6-week cycles, it would have bigger annual releases instead, but that has no influence on the average progress of the language.

                                                      It’s like slicing the same pizza in either 4 or 42 slices, but complaining “oh no, I can’t eat 42 slices of pizza!”

                                                      Rust could have had just 4 releases in its history: 2015 (1.0), 2016 (? for errors), 2018 (new modules) and 2020 (async/await), and you would call them reasonably sized, each with 1 major feature, and a bunch of minor standard library additions.

                                                      Async/await is one major idiom-changing feature since 2015 that actually caused churn (IMHO totally worth it). Apart from that there have been only a couple of syntax changes, and you can apply them automatically with cargo fix or rerast.

                                                      1. 17

                                                        It’s like slicing the same pizza in either 4 or 42 slices, but complaining “oh no, I can’t eat 42 slices of pizza!”

                                                        It’s like getting one slice of pizza every 15 minutes, while you’re trying to focus. I like pizza, but I don’t want to be interrupted with pizza 4 times. Being interrupted 42 times is worse.

                                                        Timing matters. Treadmills aren’t fun as a user.

                                                        1. 13

                                                          Go releases more frequently than Rust, and I don’t see anyone complaining about that. Go had 121 releases, while Rust less than half of that.

                                                          The difference is that Go calls some releases minor, so people don’t count them. Rust could do the same, because most Rust releases are very minor. If it had Go’s versioning scheme it’d be on something like v1.6.

                                                          1. 20

                                                            People aren’t complaining about the frequency of Go releases because Go doesn’t change major aspects of the language, well, ever. The most you have to reckon with is an addition to the standard library. And this is a virtue.

                                                            1. 8

                                                              So, what major aspects of the language changed since Rust 1.0, besides async and perhaps the introduction of the ? operator?

                                                              1. 10

                                                                The stability issues are more with the Rust ecosystem than the Rust language itself. People get pulled into fads and then burned when they pay the refactoring costs to move to the next one. Many of those fad crates are frameworks that impose severe workflow constraints.

                                                                Go is generally far more coherent as an overall ecosystem. This was always the intent. Rust is not so opinionated and structured. This leads to benefits and issues. Lots of weird power plays where people write frameworks to run other people’s code that would just be blatantly unnecessary in Go. It’s unnecessary in Rust, too, but people are in a bit of daze due to the complexity flying around them and it’s sometimes not so clear that they can just rely on the standard library for a lot of things without pulling in a stack of 700 dependencies to write an echo server.

                                                                1. 2

                                                                  Maybe in the server/web part of the ecosystem. I am mostly using Rust for NLP/ML/data massaging and the ecosystem has been very stable.

                                                                  I have also use Go for several years, but I didn’t notice much difference in the volatility.

                                                                  But I can imagine that it is different for networking/services, because the Go standard library has set strong standards there.

                                                                2. 6

                                                                  Modules have changed a bit, but it was optional change and only required running cargo fix once.

                                                                  Way less disruptive than GOPATH -> go modules migration.

                                                              2. 5

                                                                That is kind of the point. I love both Go and Rust (if anything, I’d say I’d like Rust more than Go if working out borrow checker issues wasn’t such a painstaking, slow process), but with Go I can go and update the compiler knowing code I wrote two years ago will compile and no major libraries will start complaining. With Rust, not so much. Even in the very short time I was using it for a small project, I had to change half of my code to use async (and find a runtime for that, etc.) because a single library I wanted to use was ‘async or the highway’.

                                                                Not a very friendly experience, which is a shame because the language itself rocks.

                                                                1. 9

                                                                  In Rust you can upgrade the compiler and nothing will break. Rust team literally compiles all known Rust libraries before making a new release to ensure they don’t break stuff.

                                                                  The ecosystem is serious about adherence to semver, and the compiler can seamlessly mix new and old Rust code, so you can be selective of what you upgrade. My projects that were written for Rust 1.0.0 work fine with the latest compiler.

                                                                  The async addition was the only change which caused churn in the ecosystem, and Rust isn’t planning anything that big in the future.

                                                                  And Go isn’t flawless either. I can’t upgrade deps in my last Go project, because migration to Go Modules is causing me headaches.

                                                                  1. 3

                                                                    Ah, yeah, the migration to modules was a shit show. It took me about six months to be able to move a project to modules because a bunch of the dependencies took a while to upgrade.

                                                                    Don’t get me wrong, my post wasn’t a criticism of my Rust. As I said, I really enjoy the language. But any kind of big changes like async and so on introduce big paradigm shifts that make the experience extra hard for newcomers. To be fair to Rust, Python took 3 iterations or so until they figured out a proper interface for async, while rust figured the interface and left the implementation to the reader… Which has created another rift for some libraries.

                                                            2. 4

                                                              I can definitely agree with the author, since I do not write Rust in my day job it is pretty hard for me to keep up with all the minor changes in the language. Also, as already stated in the article, the 6 week release cycle exacerbates the problem.

                                                              I’m not famliar with Rust’s situation, but from my own corporate experience, frequent releases can be awful because features are iterated on continuously. It would be really nice to just learn the final copy of something rather than all the intermediate steps to get there.

                                                              1. 3

                                                                Releasing “final copy” creates design-by-commitee. Features have to get real-world use to prove they’re useful.

                                                                There’s a chicken-egg problem here. Even though Rust has nightlies and betas, features are adopted and used in production only after they’re declared stable. But without using a feature for real, you can’t be sure it’s right.

                                                                Besides, lots of changes in 6-week releases are tiny, like a new command-line flag, or allowing few more functions to be used as initializers of global variables.

                                                                1. 6

                                                                  Releasing “final copy” creates design-by-commitee. Features have to get real-world use to prove they’re useful.

                                                                  Design-by-committee can be a lot more thoughtful than design-by-novice. I think this is one of the greatest misonceptions of agile.

                                                                  Many of the great things we take for granted are done by committee including our internet protocols and core infrastructure. There’s a lot of real good engineering in there. Of course there’s research projects and prototyping which are super useful but it’s a full time job to keep up with developments in research. Most people don’t have to care to learn it until it’s stable and published.

                                                                  1. 2

                                                                    Sorry, I shouldn’t have mentioned an emotionally-charged “commitee” name. It was not the point.

                                                                    The point is that language features need iteration to be good, but for a language with strong stability guarantee the first iteration must be the final one.

                                                                    So the way around such impossible iteration is release only obvious core parts, so that libraries can iterate on the rest. And the rest is going to be blessed as official only after it proves useful.

                                                                    Rust has experience here: the first API of Futures turned out to have flaws. Some interfaces caused unfixable inefficiencies. Built-in faillibility turned out to be more annoying than helpful. These things came out to light only after the design was “done” and people used it for real and built large projects around them. If Rust held that back and waited for the full async/await to be feature-complete, it’d be a worse design, and it wouldn’t have been released yet.

                                                                  2. 3

                                                                    Releasing “final copy” creates design-by-commitee.

                                                                    I’m not convinced that design-by-crowd is substantively different from design-by-committee.

                                                                    1. 1

                                                                      Releasing “final copy” creates design-by-commitee. Features have to get real-world use to prove they’re useful.

                                                                      There’s a chicken-egg problem here. Even though Rust has nightlies and betas, features are adopted and used in production only after they’re declared stable. But without using a feature for real, you can’t be sure it’s right.

                                                                      I deny the notion that features must be stabilized early so that they get wide spread or “production use.” It may well be the case that some features don’t receive enough testing on nightly/beta and in order to get more users it must hit stable, but limited testing on nightly or beta is not a reason to stabilize a feature. Either A) wait longer until it’s been more thoroughly tested on nightly/beta or B) find a manner to get more testers of features on nightly/beta.

                                                                      I’m not necessarily saying that’s what happened with Rust, per se, but it’s close as I’ve seen the sentiment expressed several times over my time with Rust (since 0.9 days).

                                                                  3. 10

                                                                    It’s not a red herring. There might be bigger annual releases if there weren’t 6-week releases, but you’re ignoring the main point: Rust changes frequently enough to make the 6-week release cycle meaningful. The author isn’t suggesting the same frequency of changes less often, but a lower frequency of changes - low enough, perhaps, that releasing every 6 weeks would see a few “releases” go by with no changes at all.

                                                                    No one is trying to make fewer slices out of the pizza. They’re asking for a smaller pizza.

                                                                    1. 7

                                                                      How is adding map_or() as a shorthand for map().unwrap_or() a meaningful language change? That’s the scale of changes for the majority of the 6-week releases. For all but handful of releases the changes are details that you can safely ignore.

                                                                      Rust is very diligent with documenting every tiny detail in release notes, so if you don’t pay attention and just gloss over them only counting the number of headings, you’re likely to get a wrong impression of what is actually happening.

                                                                      1. 3

                                                                        How is adding map_or() as a shorthand for map().unwrap_or() a meaningful language change?

                                                                        I think that’s @ddevault’s point: the pizza just got bigger but it didn’t really get better. It’s a minor thing that doesn’t really matter, but it happens often and it’s something you may need to keep track of when you’re working with other people.

                                                                        1. 9

                                                                          Rust also gets criticised for having too small standard library that needs dependencies for most basic things. And when it finally adds these basic things, that’s bad too…

                                                                          But the thing is — and it’s hard to explain to non-users of the language — that additions of things like map_or() is not burdensome at all. From inside, it’s usually received as “finally! What took you so long!?”.

                                                                          • First, it follows a naming pattern already used elsewhere. It’s something you’d expect to exist already, not really a new thing. It’s more like a bugfix for “wtf? why is this missing?”.

                                                                            Back-filling of outrageously missing features is still a common thing in Rust. 1.0 was an MVP rather than a finished language. For example, Rust waited 32 releases before add big-endian/little-endian swapping.

                                                                          • There’s cargo clippy that will flag too unidiomatic code, so you don’t really need to keep track of it.

                                                                          • It’s OK to totally ignore this. If your code worked without some new stdlib function, it’ll doesn’t have to care. And these changes are minor, so it’s not like you’ll need to read a book on a new method you notice. You’ll know what it does from it’s name, because Rust is still at the stage of adding baby things.

                                                                          1. 7

                                                                            In the Haskell world, there’s a piece of folklore called the Fairbairn Threshold, though we have very clean syntax for composing small combinators:

                                                                            The Fairbairn threshold is the point at which the effort of looking up or keeping track of the definition is outweighed by the effort of rederiving it or inlining it.

                                                                            The term was in much more common use several years ago.

                                                                            Adding every variant on every operation to the Prelude is certainly possible given infinite time, but this of course imposes a sort of indexing overhead mentally.

                                                                            The primary use of the Fairbairn threshold is as a litmus test to avoid giving names to trivial compositions, as there are a potentially explosive number of them. In particular any method whose definition isn’t much longer than its name (e.g. fooBar = foo . bar) falls below the threshold.

                                                                            There are reasonable exceptions for especially common idioms, but it does provide a good rule of thumb.

                                                                            The effect is to encourage simple combinators that can be used in multiple situations, while avoiding naming the explosive number of combinations of those combinators.

                                                                            Given n combinators I can probably combine two of them in something like O(n^2) ways, so without the threshold as a rule of thumb you wind up with a much larger library, but no real greater utility and much higher cognitive overhead to track all the combinations.

                                                                            Further, the existence of some combinations tends to drive you to look for other ever larger combinations rather than learn how to compose combinators or spot the more general usage patterns yourself, so from a POSIWID perspective, the threshold encourages better use of the functional programming style as well.

                                                                        2. 1

                                                                          Agreed. It has substantially reduced my happiness all around:

                                                                          • It’s tiring to deal with people who (sincerely) think adding features improves a language.
                                                                          • It’s disappointing that some people act like having no deprecation policy is something that makes a language “stable”/“reliable”/good for business use.
                                                                          • It’s mind-boggling to me that the potential cost of removing a feature is never factored into the cost of adding it in the first place.

                                                                          Mainstream language design is basically living with a flatmate that is slowly succumbing to his hoarding tendencies and simply doesn’t realize it.

                                                                          What I have done to keep my sanity is to …

                                                                          • freeze the version of Rust I’m targeting to Rust 1.13 (I’m not using ?, but some dependencies need support for it), and
                                                                          • playing with a different approach to language design that makes me happier than just watching the constant mess of more-features-are-better.
                                                                          1. 2

                                                                            Mainstream language design is basically living with a flatmate that is slowly succumbing to his hoarding tendencies and simply doesn’t realize it.

                                                                            I like that analogy, but it omits something crucial: it equates “change” with “additional features/complexity” – but many of the changes to Rust are about removing special cases and reducing complexity.

                                                                            For example, it used to be the case that, when implementing a method on an item, you could refer to the item with Self – but only if the item was a struct, not it it was an enum. Rust 1.37 eliminated that restriction, removing one thing for me to remember.

                                                                            Other changes have made standard library APIs more consistent, again reducing complexity. For example the Option type has long had a map_or method that calls a function on the Some type or, if the Option contains None, uses a default value. However, until Rust 1.41, you had to remember that Results didn’t have a map_or method (even though they have nearly all the other Option methods). Now, Results have that method too, making the standard library more consistent and simpler.

                                                                            I’m not claiming that every change has been a simplification; certainly some have not. (For example, did we really need todo!() as a shorter way to write unimplemented!() when they have exactly the same effect?).

                                                                            But some changes have been simplifications. If Rust is a flatmate that is slowly buying more stuff, it’s also a flatmate that’s throwing things out in an effort to maintain a tidy space. Which effect dominates? As a pretty heavy Rust user, my personal feeling is that the language is getting simpler over time, but I don’t have any hard evidence to back that up.

                                                                            1. 3

                                                                              But some changes have been simplifications.

                                                                              I think what you are describing is a language that keeps filling some gaps and oversights, they are probably not the worst kind of additions, but they are additions.

                                                                              If Rust is a flatmate that is slowly buying more stuff, it’s also a flatmate that’s throwing things out in an effort to maintain a tidy space.

                                                                              What has Rust thrown out? I have trouble coming up with even a single example.

                                                                              As a pretty heavy Rust user, my personal feeling is that the language is getting simpler over time, but I don’t have any hard evidence to back that up.

                                                                              How would you distinguish between the language getting simpler and you becoming more familiar with the language?

                                                                              I think this is the reason why many additions are “small, simple, obvious fixes” to expert users, but for new/occasional users they present a mountain of hundreds of additional things that have to be learned.

                                                                              1. 1

                                                                                How would you distinguish between the language getting simpler and you becoming more familiar with the language?

                                                                                That’s a fair question, and is part of the reason I added the qualification that I can only provide my personal impression – without data, it’s entirely possible that I’m mistaking my own familiarity for language simplification. But I don’t believe that’s the case, for a few reasons.

                                                                                I think this is the reason why many additions are “small, simple, obvious fixes” to expert users, but for new/occasional users they present a mountain of hundreds of additional things that have to be learned.

                                                                                I’d like to focus on the “additional things” part of what you said, because I think it’s key: if a feature is revised so that it’s consistent with several other features, then that’s one fewer thing for a new user to learn, not one more. For example, match used to treat & a bit differently and require as_ref() method calls to get the same effect, which frequently confused people learning Rust. Now, & works the same with match as it does with the rest of the language. Similarly, the 2015 Edition module system required users to format their paths differently in use statements than elsewhere. Again, that confused new users (and annoyed pretty much everyone) and, again, it’s been replaced with a simpler, more consistent, and easier-to-learn system.

                                                                                On the other hand, you might have a point about occasional Rust users – if a user understood the old module system, then switching to the 2018 Edition involves learning something new. For the occasional user, it doesn’t matter that the new system is simpler – it’s still one more thing for them to learn.

                                                                                But for a new user, those simplifications really do make the language simpler to pick up. I firmly believe that the current edition of the Rust Book describes a language that is simpler and more approachable – and that has fewer special cases you have to “just remember” – than the version of the language described in the first edition.

                                                                                1. 1

                                                                                  A lot of effort is spent “simplifying” things that “simply” shouldn’t have been added in the first place:

                                                                                  • do we really need two different kind of use paths (relative and absolute)?
                                                                                  • do we really need both if expressions and pattern matching?
                                                                                  • do we really need ? for control flow?
                                                                                  • do we really need to have two different ways of “invoking” things, (...) for methods (no support for named parameters) and {...} for structs (support for named parameters)?
                                                                                  • do we really need the ability to write foo for foo: foo in struct initializers?

                                                                                  Most often the answer is “no”, but we have it anyway because people keep conflating familiarity with simplicity.

                                                                                  1. 2

                                                                                    You’re describing redundancy as if it was some fault, but languages without any redundancy are a turing tarpit. Not only we don’t need two kinds of paths, the whole use statement is unnecessary. We don’t even need if. Smalltalk could live without it. We don’t really need anything more than a lambda and a Y combinator or one instruction.

                                                                                    I’ve used Rust v0.5 before it had if let, before there was try!(). It required a full match on every single Option. It was a pure minimal design, and I can tell you it was awful.

                                                                                    So yes, we need these things, because convenience is also important.

                                                                                    1. 2

                                                                                      You’re describing redundancy as if it was some fault, but languages without any redundancy are a turing tarpit.

                                                                                      I’m very aware of the turing tarpit, and it simply doesn’t apply here. A lack of redundancy is not the problem – it’s the lack of structure.

                                                                                      Not only we don’t need two kinds of paths, the whole use statement is unnecessary. We don’t even need if. Smalltalk could live without it. We don’t really need anything more than a lambda and a Y combinator or one instruction.

                                                                                      Reductio ad absurdum? If you think it’s silly to question why we have both if-then-else and match, why not add ternary operators, too?

                                                                                      It required a full match on every single Option. It was a pure minimal design, and I can tell you it was awful.

                                                                                      Pattern matching on options is pretty much always wrong, regardless of the minimalism of design. I think the only reasons Rust users use it is because it makes the borrow checker happy more easily.

                                                                                      I’ve used Rust v0.5 before it had if let, before there was try!(). It required a full match on every single Option. It was a pure minimal design, and I can tell you it was awful.

                                                                                      In my experience, the difference in convenience between Rust 5 years ago (which I use for my own projects) and Rust nightly (which is used by some projects I contribute to) just isn’t there.

                                                                                      There is no real point in upgrading to a newer version – the only thing I get is a bigger language and I’m not really interested in that.

                                                                        3. 1

                                                                          This discussion suffers from “Monday morning quarter backing” to an extent. We now (post fact) know which releases of Rust contained more churn than others. “churn” being defined as a change that either introduced a different (usually better IMO) way of doing something already possible in Rust, or a fundamental change that permeated the ecosystem either to due to being the new idiomatic way, or being the Next Big Thing and thus many crates in the ecosystem jumped in early. Either way, my code needs to change due to new warnings (and the ecosystem doesn’t care for warnings) or since many crates are open source I’ll inevitably get a PR to switch to the new hotness.

                                                                          With that stated, my actual point is that Rust releases every 6 weeks. I don’t know if the next release (1.43 at the time of this writing) will contain something that produces churn or not without closely following upcoming releases. I don’t know if the release after that will contain big changes. So I’m left with either having to follow all releases (every 6 weeks), or closely follow upcoming releases. Either way I’m forced to stay in tune with Rust development. For many this is fine. However in my industry (Government) where dependencies must go through audit, etc, etc. It’s really hard to keep up with. If Rust had “major” (read churn inducing releases) every year, or say every 3 years (at new editions) that would be far, far easier to keep up with. Because then I don’t need to check every 6 weeks, I can check every year, or three years whatever it may be. Minor changes (stdlib additions, etc.) can still happen every 6 weeks, almost as Z releases (in semver X.Y.Z speak), but churn inducing changes (Y changes) happen on a set much slower schedule.

                                                                          1. 2

                                                                            When your deps updated to ?, you didn’t need to change anything. When your deps started using SIMD, you didn’t need to change anything. When your deps switched to Edition 2018, you didn’t need to change anything because of that.

                                                                            Warnings from libraries are not displayed (cap-lints), so even if you use deprecated stuff, nobody will notice. You could sleep through years of Rust changes and not adopt any of them.

                                                                            AFAIK async/await was the first and only language change after Rust 1.0 that massively changed interfaces between crates, causing a necessary ecosystem-wide churn. It was one change in 5 years.

                                                                            Releases are backwards compatible, so you really don’t need to pay attention to them. You need to update the compiler to update dependencies, but this doesn’t mean you need to adopt any language changes yourself.

                                                                            The pain of going through dependency churn is real. But apart from async, it’s not caused by compiler release cycle. Dependencies won’t stop changing just because the language doesn’t change. Look at JS for example: Node has slow releases with long LTS, the language settled down after ES2016, IE and Safari put breaks on language evolution speed. And yet, everything churns all the time! People invent new frameworks weekly on the same language version.

                                                                        1. 2

                                                                          I use Star Wars planets.

                                                                          1. 2

                                                                            Going through Andrew Yang’s “War on Normal People”.

                                                                            1. 4

                                                                              offline web apps

                                                                              They could be web apps or offline apps. No both at once.

                                                                              And I approve every measure to kill cancerous “webdev” in mobile apps. Just treat your customers right and deliver native applications, okay?

                                                                              1. 7

                                                                                It can be both at the same time. You get the best of both worlds, the amazing distribution capabilities of the web and the offline features of a native app. The fact that you don’t like them shouldn’t preclude people from shipping them and those who enjoy them, from using them.

                                                                                For example, my main machine is a Surface Pro X and I don’t get many native apps for my system but I can use PWAs on the desktop and they work great.

                                                                                Also you mention:

                                                                                I approve every measure to kill cancerous “webdev” in mobile apps

                                                                                Which means you’re unaware that this affects desktop as well, thought you should know.

                                                                                I find your phrase:

                                                                                Just treat your customers right and deliver native applications, okay?

                                                                                Disingenous are there are many reasons to ship a web app, among them is the fact that to ship an iOS application you need at least a Macintosh computer and a paid membership to Apple’s developer program, while to ship a web app you need nothing, you can do it from a cybercafe using nothing but online services. The Web is empowering, democratic as in most people can post, and interoperable. These qualities are not usually present in native apps. Saying that web developers are cancerous is quite bad. The Web is the only mass media communication channel available for mankind. It is how many of us are finding comfort and solace in this time of lockdowns and pandemic. It is how we’re learning new skills, finding new friends, recording our memories. Do not disqualify something that is larger than what your petty prejudices can reason about.

                                                                                1. 7

                                                                                  Just treat your customers right and deliver native applications, okay?

                                                                                  This may be preferable for your existing mainstream customers, but it also makes sure that you become one more reason why any iPhone/Google Android alternative is bound to fail.

                                                                                  I hate web technologies as much as anybody else, but if it wasn’t for them I wouldn’t have Uber or Duolingo on my phone. If webapps is what it takes to have any chance at some mobile platform diversity, I’d happily waste some CPU cycles.

                                                                                  1. 3

                                                                                    Are you talking on the desktop or on mobile?

                                                                                    On mobile, as a consumer, I really don’t want apps I need to install and that spy on me. I trust the web browser sandbox plus plugins so much more then I would ever trust app reviews. And app stores are closed ecosystems and there are so few of them and they are OS specific – argh. Disgusting.

                                                                                    On the desktop, app sandboxes are premature. And often suffer the same problems as the app stores.

                                                                                  1. 2

                                                                                    Probably Angular stuff for work. I’m growing more and more frustrated with it (especially after doing a commercial side-project in Rust a few weeks ago); I feel like taking a break from web development for a while.

                                                                                    1. 8

                                                                                      Today I’m writing perl scripts to parse wikipedia entries on house and senate membership, with the ultimate goal of joining this data to coronavirus fatality rates for age and sex, so that I can simulate how the virus might shift legislative power.

                                                                                      1. 4

                                                                                        Not sure if helpful, but you may be able to get that data from https://www.wikidata.org in a less brittle way

                                                                                        1. 2

                                                                                          the ultimate goal of joining this data to coronavirus fatality rates for age and sex, so that I can simulate how the virus might shift legislative power.

                                                                                          I’m confused. Are you trying to see how if a congressional district’s constituencies suddenly dies off from the disease how the number of eligible voters might change?

                                                                                          1. 1

                                                                                            No, just the reps themselves. Doing a deep dive on voting pattern changes based on voters dying would also be interesting, but a little beyond my current scope.

                                                                                            I expect the result will be that power shifts not very much to either side, maybe mode of 2 dead congressmen? But I want to actually run the numbers.

                                                                                          2. 1

                                                                                            That’s definitely interesting! Will you be posting your results anywhere?

                                                                                            1. 1

                                                                                              Yup, that’s the plan! It will be a blog post here some time this week: https://www.dolthub.com/blog/

                                                                                              1. 1

                                                                                                That sounds fascinating. Do you use a lot of Perl at dolthub for data mangling like this?

                                                                                                1. 1

                                                                                                  Yeah, perl is our main squeeze. A bunch of us are from Amazon back when Amazon was a perl shop. It’s a terrible language for programming in the large, but for text munging there’s really nothing better, even today.

                                                                                          1. 3

                                                                                            Fearless Concurrency actually delivers.

                                                                                            Until you write a deadlock, which I managed to do within 30min of writing Rust code.

                                                                                            1. 14

                                                                                              Deadlocks are easy compared to data races. You just connect a debugger, and you see exactly what is deadlocked, and which stack traces lead to this situation. That is a walk in the park compared to some bytes somewhere sometimes briefly having wrong value, which might not even be reproducible with a debugger attached.

                                                                                              I’ve had my share of deadlocks in Rust, and I’ve been able to solve them all. OTOH in my last C project I’ve had a data race, and the best I could do was to give up and remove all non-trivial OpenMP uses. Was it my bug? Was it compiler bug? I couldn’t know. I couldn’t even reproduce the data race myself.

                                                                                              1. 3

                                                                                                Three years ago I fought with a deadlock in a distributed system. Never learned of a good way to debug this. My problem magically disappeared due to some seemingly unrelated change.

                                                                                                1. 1

                                                                                                  Deadlocks are easy compared to data races. You just connect a debugger, and you see exactly what is deadlocked, and which stack traces lead to this situation. That is a walk in the park compared to some bytes somewhere sometimes briefly having wrong value, which might not even be reproducible with a debugger attached.

                                                                                                  I’ve had my share of deadlocks in Rust, and I’ve been able to solve them all. OTOH in my last C project I’ve had a data race, and the best I could do was to give up and remove all non-trivial OpenMP uses. Was it my bug? Was it compiler bug? I couldn’t know. I couldn’t even reproduce the data race myself.

                                                                                                  distributed system? Everything is more complicated with micro-services and other distributed systems. Rust can’t save you there.

                                                                                                2. 3

                                                                                                  While I’d agree with your overall point that data races are more insidious and typically harder to debug, deadlocks can certainly be nondeterministic and arbitrarily difficult to reproduce with a debugger attached too.

                                                                                                  1. 3

                                                                                                    The nice thing about deadlocks is that they’re eminently fixable but still sufficiently annoying that after the third time you start asking “why am I getting deadlocks all the time?” and rekajigger your design so that it can’t happen any more. In my experience it’s another case of confused ownership, just expressed differently.

                                                                                                    1. 2

                                                                                                      Did you try clang thread sanitizer? Last time I used it was over 5 years ago and it very effectively told me exactly which threads and exactly what structures / bytes had a race.

                                                                                                      I use address sanitizer every time I code C and C++ now and it has changed how I code… I would call it “fearless memory management”

                                                                                                      1. 3

                                                                                                        That’s the experience you get in Rust, but at compile time. The important improvement is that you don’t need to make the race (or use-after-free) happen for it to be caught. This helps ensure that also rare situations you haven’t thought about testing are correct too.

                                                                                                        1. 3

                                                                                                          I would call it “fearless memory management”

                                                                                                          I wouldn’t. I’ve used valgrind since the early 2000s and asan since I knew it existed (probably around 2010/2011 but I’m not sure). I’ve lost count of how many memory management bugs went undetected until a segfault led me to investigate.

                                                                                                          asan is huge for C and C++. But it’s only as good as your test suite and its coverage, and even then…

                                                                                                        2. -1

                                                                                                          Deadlocks are easy compared to data races

                                                                                                          Even assuming I agree, I don’t see how that changes my point that if I can write deadlocks it’s not fearless.

                                                                                                          You just connect a debugger, and you see exactly what is deadlocked, and which stack traces lead to this situation

                                                                                                          That’s not been my experience. And that’s if the bug is easily reproducible, which tends to not be the case with concurrency.

                                                                                                          OTOH in my last C project I’ve had a data race

                                                                                                          Why compare to C? C is terrible at writing concurrent programs. If the bar for Rust is “better than C”…

                                                                                                          1. 5

                                                                                                            Compile-time verification that the whole program (and dependencies!) are free from data races is without a doubt a major improvement over C, C++ and Go. It is a way stronger guarantee than most other languages offer with “just be careful” and runtime sanitizers (and Rust also supports thread sanitizer). On top of that Rust has a rich ecosystem of libraries with robust concurrency primitives, so you can make programs multi-threaded without even touching any lock yourself.

                                                                                                            But your entire argument hangs only on a literal interpretation of an advertising slogan. Of course a slogan doesn’t contain every possible caveat. And arguing about it is arguing about who fears what, which is unconstructive (there’s always someone afraid of everything, but this doesn’t change what Rust does).

                                                                                                            The reasonable interpretation is that we all know data races are a major source of hard-to-fix bugs that are commonly feared, and Rust improves in this area so much that addition of concurrency to programs is no longer a major risk (but Rust does not guarantee bug-free programs, and never claimed that).

                                                                                                            1. 0

                                                                                                              major improvement over C, C++ and Go

                                                                                                              I don’t think Go is even close to being in the same category as C or C++ in this regard.

                                                                                                              rich ecosystem of libraries

                                                                                                              I don’t think any existed at the time I wrote the deadlock (I looked). I ended up using mio directly. Things certainly seem to have change for the better since then.

                                                                                                              we all know data races are a major source of hard-to-fix bugs that are commonly feared,

                                                                                                              In certain languages, sure. I’ve written more concurrency bugs than I can count in C++, and I’m glad that if I write Rust those wouldn’t be possible. But there are other languages which make such bugs rare or non-existent. Rust is literally the only language I’ve every written a deadlock in and I did it on my first day.

                                                                                                              1. 5

                                                                                                                Again, you’re hung up on that one deadlock, as if it invalidated everything else. “Fearless” doesn’t mean “can be totally careless” or “guaranteed bug-free”.

                                                                                                                I don’t think you will find any language that can use low-level mio/libuv that can do better here, so let’s not pit real shipping Rust against an imaginary ideal.

                                                                                                                And you don’t have to use mio. You can use Rust with data-bound parallelism where you can’t make that bug. You can use Rust with an actor framework. Probably you could even hook it up to the Pony runtime.

                                                                                                                BTW, Pony is deadlock-free on a technicality. It doesn’t solve the problem, but merely reshapes it to “two actors will send a message only after receiving a message from each other”.

                                                                                                        3. 8

                                                                                                          I always assume that Rust’s “fearless” is more about “your thread will not accidentally use data that it shared with someone else and it was freed in the meantime” than preventing you from writing deadlocks – just like its regular safety features will prevent you from breaking the memory-related stuff, not from actual logic bugs.

                                                                                                          1. 1

                                                                                                            I don’t think that’s a fair comparison. I can trust Rust to not let me violate memory safety. I can’t trust it to prevent me from writing deadlocks. In one case, it’s fearless memory management, in the other it’s fearless concurrency except for deadlocks.

                                                                                                            Plenty of languages make it easy to not accidentally used data that is shared with someone else.

                                                                                                            1. 3

                                                                                                              Really? How many languages provide shared-memory concurrency with the promise that you won’t have data races? I can’t think of any other than rust. Erlang is another case but it doesn’t really share memory.

                                                                                                              1. 1

                                                                                                                How many languages Erlang

                                                                                                                I think you partially answered your own question. From my personal experience, also Haskell and D. From reading the tutorial, Pony. The fact that Erlang doesn’t share memory is a good thing.

                                                                                                                1. 4
                                                                                                                  • Does D protect you from data races if you use mutex?
                                                                                                                  • Does pony have locks? It seems to me it’s only about channels and sharing immutable references (which you can also do in rust, no need for locks if you share & Foo, just have to ensure it lives long enough)
                                                                                                                  • Erlang doesn’t share memory at all, which is good, except when you try to write something very efficient I guess, like a shared cache. Besides you can get deadlocks with actors too, if two actors are waiting for messages from one another.
                                                                                                                  • Haskell provides shared memory abstractions, but apart from the STM I don’t think it does anything special for the deadlock issue.

                                                                                                                  In this list, I still don’t see anything that offers what rust does (race-free shared memory concurrency, statically guaranteed, where multiple threads can still modify the shared structures concurrently). Channels don’t protect from deadlocks at a higher level, and even then, rust has them too if they fit your needs.

                                                                                                                  1. 0

                                                                                                                    Does D protect you from data races if you use mutex?

                                                                                                                    That’s not the usual way of writing concurrent code, which is to send messages between threads. You can only send immutable or shared data. The former guarantees a lack of data races, the latter can’t really be used without locks. That’s an oversimplified explanation though.

                                                                                                                    Does pony have locks?

                                                                                                                    No.

                                                                                                                    but apart from the STM

                                                                                                                    I think STM is their secret weapon when it comes to concurrency.

                                                                                                                    1. 3

                                                                                                                      That’s not the usual way of writing concurrent code, which is to send messages between threads.

                                                                                                                      But in rust you can do that too, and the move semantics even allows you to send mutable things since you give up their ownership. And you can still get deadlocks. I fail to see what D does that rust doesn’t.

                                                                                                          2. 5

                                                                                                            Detecting deadlocks statically is equivalent to solving the halting (heh) problem, so it’s never gonna be 100%.

                                                                                                            That being said, it is possible to detect deadlocks once they’ve occurred or are about to…how does Rust handle a deadlock situation? Does it do runtime deadlock detection and panic, or just lock up?

                                                                                                            (Forgive me if I sound pedantic. Not my goal. Low on coffee and it’s a pain to buy more right now, what with the apocalypse and all…)

                                                                                                            1. 4

                                                                                                              Rust as a language doesn’t even know that locks exist. They’re purely a library feature. Data-race safety of the locked data is expressed via Send/Sync traits, but there isn’t more to it. The stdlib just wraps pthread mutexes, but you’re free to use whatever implementation you want. parking_lot from WebKit is a popular alternative.

                                                                                                              1. 2

                                                                                                                You can constraint the programmer such that deadlocks are impossible by construction. X10 started like this. Later they introduced old-fashioned locks via library so the guarantee can be broken (like unsafe in Rust).

                                                                                                                X10 has async { } to spawn of an activity (think thread). There is “finish { }” which waits for all (recursively) spawned activities inside the block at the end of the block. You also get some barrier synchronization with a smart API design. If that is all you use, then you cannot have deadlocks.

                                                                                                                1. 0

                                                                                                                  Detecting deadlocks statically is equivalent to solving the halting (heh) problem, so it’s never gonna be 100%.

                                                                                                                  The Pony programming language guarantees absence of deadlocks.

                                                                                                                  That being said, it is possible to detect deadlocks once they’ve occurred or are about to

                                                                                                                  Not deterministically.

                                                                                                                  1. 2

                                                                                                                    The Pony programming language guarantees absence of deadlocks.

                                                                                                                    Right, I was referring to classic free-for-all threads-with-locks models; there are ways to prevent deadlocks by construction or restriction.

                                                                                                                    Not deterministically.

                                                                                                                    I’m rapidly approaching the edge of my knowledge, so absolutely correct me if I’m wrong, but at least for traditional threads-with-locks, you can generate resource-acquisition graphs to determine if a deadlock has occurred, right?

                                                                                                                    You can’t determine a priori if a deadlock will occur by static analysis of an arbitrary threads-and-locks, at least not in the general case, though, you’re right; that’s what I was alluding to above.

                                                                                                                2. 3

                                                                                                                  Most schemes to tame concurrency still seem to be able to deadlock and livelock. My favorite, though, is still SCOOP. Heck, I”ll throw in a submission on it since SCOOP appears portable across languages.

                                                                                                                  1. 5

                                                                                                                    Eiffel is the best of all the OOP languages. It’s got so much going for it, it’s sad that it isn’t more popular.

                                                                                                                    1. 3

                                                                                                                      Seemed like a great language for maintainable, business applications. Took a while for me to understand the non-technical reasons languages like it don’t get much adoption.

                                                                                                                      1. 6

                                                                                                                        For Eiffel the two big ones were

                                                                                                                        1. The compiler was really expensive for a long time
                                                                                                                        2. Bertrand Meyer did a great job alienating the entire OOP community. Like to the point of even refusing to use common, widespread terminology any of his papers.
                                                                                                                        1. 2

                                                                                                                          Carl Sassenrath, is that you?!?

                                                                                                                          stares wistfully at REBOL

                                                                                                                      2. 1

                                                                                                                        I tried to learn it, because I’m a huge fan of contracts, only to find out you couldn’t get it up and running without purchase, so I binned the plan.

                                                                                                                        1. 2

                                                                                                                          There were a few open source compilers over the years but, as far as I know, none are still under much active development.

                                                                                                                          1. 2

                                                                                                                            D has contracts.

                                                                                                                          2. 1

                                                                                                                            I know it was still cutting edge 25 years ago, but has it kept that up since? I remember reviewing it and being pretty disappointed. Even its contract system doesn’t feel that great now that we have Racket and Dafny.

                                                                                                                            1. 1

                                                                                                                              You know me, I’m a technical Luddite. Anything newer than 25 years is inexcusable newfangled decadence.

                                                                                                                              But, to answer your question, no, I don’t think it’s kept up. Last time I looked at the “official” Eiffel implementation, they were mainly focusing on interop and compiler speedups, though that was several years ago.

                                                                                                                          3. 1

                                                                                                                            Pony doesn’t allow deadlocks to happen.

                                                                                                                            1. 2

                                                                                                                              Well, it uses the actor model instead of multithreading with shared state that I recall. Great that it stops deadlocks, though.

                                                                                                                        1. 3

                                                                                                                          What’s wrong with a username + password? I used to be able to login this way to my bank account.

                                                                                                                          Now, my bank forces my to use a password with one capital, one lowercase, one digit, and some special characters but not other special characters. This means I can’t use my default secure password, but have to use something easy instead. Meanwhile, it forces my to install an app which allows access to my account, which is only protected with a 5-digit PIN… I will never understand security practices.

                                                                                                                          1. 3

                                                                                                                            By the way you can optionally use a regular password (with as many letters and punctuation and other characters as you want) on iOS and Android. It’s just not the default option because it’s not as convenient as short PIN codes for most people.

                                                                                                                            1. 2

                                                                                                                              Yes, it’s the actual banking app I’m talking about. It has no other option than using a 5-digit PIN. But of course, using a secure password on your phone would work as well.

                                                                                                                            2. 1

                                                                                                                              Them asking you to use those particular classes of character are their attempt to get their customers to not just type ‘password’ or ‘letmein’. Giving them the benefit of the doubt, disallowing certain ‘special’ characters may be to reduce confusion between characters or typos.

                                                                                                                              If I was being cynical I’d think they were doing something bad in how they deal with that data behind the scenes. I hope that they simply have a paranoia about the plaintext passing through some system where it breaks out of quoting before it gets hashed.

                                                                                                                              Ideally they would just assume everyone is using password managers to generate strong passwords, not make this assumption and check their code, but the world isn’t ideal.

                                                                                                                              The reason the five digits are okay for the mobile app is because it’s they can tell it’s their app and some stuff about your phone. It’s not bulletproof but it’s another factor. With a desktop browser, they can use a cookie from a previous login combined with the PIN.

                                                                                                                              Hopefully you understand a bit more. Happy to go further into this if you’re interested.

                                                                                                                              1. 1

                                                                                                                                What always bothers me about the phone app requirement (thankfully my bank doesn’t force this one yet – otherwise it won’t be my bank anymore :)), is that in an attempt to introduce the second factor of security they basically devolve it right back to a single-factor auth – the phone itself.

                                                                                                                                When using the bank website on my computer, even if said computer had no security whatsoever, I still have to confirm every transaction with an SMS code. Someone who steals my computer and cracks/guesses the disk encryption passwords will still have no access to my money. If I had an app on my phone, someone who guesses (or notices, since I use my phone in public places all the time) my password/pin will have full access to my account – it won’t require a computer-code to confirm transactions. How does the app improve security?

                                                                                                                                1. 2

                                                                                                                                  When you log into the service through the mobile app, the service establishes that it trusts the credentials you give (e.g. email address and password).

                                                                                                                                  Now the server can give the app a token which can be stored for later use.

                                                                                                                                  When you go back to use the app, the token is used to authenticate to the server (1) - NOT your PIN or fingerprint or whatever.

                                                                                                                                  Your PIN or fingerprint are used to allow you to bring up the app. This is simply to make it one step harder for someone sitting next to your unlocked phone to bring up the app. Of course PINs can be shoulder-surfed, fingerprints can be ‘stolen’ while you sleep, etc. - this is just a little extra that, in practice, makes enough difference it’s worth bothering with.

                                                                                                                                  (1) In practice, this is exchanged for a short-lived access token - have a look into OAuth 2.0 if you want an example of how this can work.

                                                                                                                                  1. 2

                                                                                                                                    Oh, I know about the tokens involved. My concern is that the app on the phone is still a single point of authorizing transactions on my bank account, and phones are ridiculously easy to steal. If my laptop gets stolen (and for any reason it’s unlocked at the time) I’m not too worried about my money because any transaction will require a confirmation from another device. A stolen phone would be a gateway to all of my money plus all the other fragile things phones keep – like a limitless creditcard without all the established fraud protection practices (on second thought: some of them probably still apply, but I don’t remember any bank ever question me about a SWIFT transfer).

                                                                                                                                    Having one-time codes sent to my phone when I do banking on my computer improves my security, since a stolen login+password doesn’t endanger my money. A phone app may be solving some of the issues, but also essentially it creates the same problem that a total lack of 2fa has.

                                                                                                                                    1. 1

                                                                                                                                      Phones being stolen isn’t much of a thing here in the UK since the ability to have them disabled easily.

                                                                                                                                      One profile of phone theft is something like this:

                                                                                                                                      • Phone is stolen
                                                                                                                                      • Phone is reset (so your app and its stored data doesn’t exist any more)
                                                                                                                                      • Phone is re-sold

                                                                                                                                      Sometimes it looks like this:

                                                                                                                                      • Phone is stolen
                                                                                                                                      • Thief makes feeble attempt to guess passcode and is locked out
                                                                                                                                      • Phone is reset (so your app and its stored data doesn’t exist any more)
                                                                                                                                      • Phone is re-sold

                                                                                                                                      Sometimes it looks like this:

                                                                                                                                      • Phone is stolen
                                                                                                                                      • Thief makes feeble attempt to guess passcode and is locked out
                                                                                                                                      • Phone cannot be unlocked or reset
                                                                                                                                      • Phone is discarded

                                                                                                                                      Sometimes it looks like this:

                                                                                                                                      • Phone is stolen
                                                                                                                                      • Phone cannot be unlocked or reset
                                                                                                                                      • Thief attempts to sell phone saying ‘locked to Apple ID but easy to unlock’ and hoping someone’s ignorant enough to buy it and try
                                                                                                                                      • Phone is eventually discarded

                                                                                                                                      Stolen phones really aren’t a big issue. More of an issue is the relative who knows or guesses your PIN and has ready access to your phone anyway. Kind of a less violent version of this: https://www.xkcd.com/538/

                                                                                                                                      Banks make decisions about things like this based on risk.

                                                                                                                                  2. 1

                                                                                                                                    “The app” means what, precisely?

                                                                                                                                    I assume the same as what my bank does: I had to install an app on my phone and the app is reasonably well protected against exfiltrating data.

                                                                                                                                    At this point, the app means that if I confirm a transaction, then the bank can be confident that it was issued by someone who knows my password and confirmed by someone who has physical possession of my phone. What it actually knows is that the app on the phone has access to private keys that’ve been used to authorise many transfers that I, the account owner, haven’t complained about.

                                                                                                                                    The app protects against two attacks that have been common in the real world:

                                                                                                                                    Social-engineering a new SIM card from a telco, or hijacking the number vis SS7, won’t get an attacker access to my account, because that app proves its identity using crypto, and the keys are stored on my actual phone.

                                                                                                                                    Installing the same app on a different phone and then trying to impersonate me by authenticating several times may work, but the bank can tell that it was authorised using a device that hasn’t yet proved very trustworthy. The bank may classify that as high-risk and let the outgoing transfer wait for a few hours or days and see if other accounts also suddenly start transferring money to the same destination.

                                                                                                                                    This isn’t perfect protection against everything. You describe one attack. But defending against two common attacks is much more than nothing.

                                                                                                                                  3. 1

                                                                                                                                    I understand that, but it doesn’t work in practice. A better way would be to perform a test (client-side) that rejects ‘hello’ as a password but accepts my strong password which is a base-64 encoding of a random number. Right now, I’m using a weaker password (something like Hello123!) because my stronger password gets rejected. Additionally, if someone knows my PIN, (s)he can access my account as well. Another bank I use just lets me use my strong password to log in, and that is so much more convenient and secure.

                                                                                                                                    1. 2

                                                                                                                                      consider using ascii85 instead of base64

                                                                                                                                      1. 1

                                                                                                                                        Cool! Never heard of it. Unfortunately, you still need to have your generated password to include and exclude exactly the right characters.

                                                                                                                                        1. 2

                                                                                                                                          Why do websites only allow certain arbitrary “special” characters anyway?

                                                                                                                                          1. 3

                                                                                                                                            Next time I get a password reset reminder from a certain vendor I will share all the weird steps I have to jump through. Let’s just say that restricting certain characters is just the start.

                                                                                                                                            1. 2

                                                                                                                                              I remember you going over it on IRC: it would probably make a pretty good lobsters submission.

                                                                                                                                              1. 2

                                                                                                                                                I was reminded of the insanity the other day when I had to do it again, but forgot to take screenshots.

                                                                                                                                      2. 1

                                                                                                                                        The proof that it works in practice is that it is in use by banks.

                                                                                                                                        I’m assuming that you can’t log in to your bank account giving only a PIN.

                                                                                                                                        Your bank will also need something to identify you as a customer - email address, username, account number, etc.

                                                                                                                                        They likely also store a cookie which holds an encrypted token telling them that you signed in through this browser using your actual password at some point. They don’t have to, but that’s a pretty good measure.

                                                                                                                                        They likely also look at your browser’s fingerprint, your location (based on IP), the time of day (most people don’t log in to their bank at 3am), and any other factors they can make use of.

                                                                                                                                        If any of these factors looks a bit suspect, it’s normal to drop back to requiring a stronger check.

                                                                                                                                        1. 2

                                                                                                                                          The proof that it works in practice is that it is in use by banks.

                                                                                                                                          For certain values of ‘works’. For example banks in Germany allow transaction verification at point of sales with only a signature. The bank refunds any money that is fraudulently authorised with this method. I know for a fact that this happens, and it probably amounts to a lot of money. The banks do it anyway because they have a lot of tech-illiterate customers and their business is worth more than the losses.

                                                                                                                                          In other words a bank using specific security practices simply means the financial losses from security breaches are outweighed by savings/profits/additional custom from using those practices. For many less ethical banks that may also simply mean that the customer is liable for those losses.

                                                                                                                                          If you think your bank security is weak, check the terms of service agreement and see who has to pay if it fails. If it is you, change banks.

                                                                                                                                          1. 1

                                                                                                                                            I’m assuming that you can’t log in to your bank account giving only a PIN. Your bank will also need something to identify you as a customer - email address, username, account number, etc.

                                                                                                                                            No, they don’t, that’s my whole point (which tadzik raises as well). If you open the app and enter my PIN, you’re in my account with full authorization. If someone peeks over my shoulder when I use my phone and steals it, he can unlock my phone and transfer my money. This is the whole point I’m making in my original post. You (rightly) seem to have a hard time believing this, but that’s how it is.

                                                                                                                                            Edit: I get your point, btw: You need my phone. But, I’d much rather have a system where you need my phone and to enter my username and password. Now it’s a much weaker system, as I have argued.

                                                                                                                                            1. 2

                                                                                                                                              There has to be a better way.

                                                                                                                                              Access to my BankID requires either an 8-digit PIN or my fingerprint (which one is at the discretion of the entity requesting authorization).

                                                                                                                                              My bank requires the PIN, the absence reporting at my kids school is fine with a fingerprint.

                                                                                                                                              1. 1

                                                                                                                                                My point about needing more than your PIN was on initial sign-in and tying to a device / browser.

                                                                                                                                                I know it’s technically much weaker to require only a (shoulder surfable) PIN (for the phone and for the app) than further credentials, but the point I’m making is that in practice it’s a small enough threat that banks eat the risk.

                                                                                                                                                They don’t do this lightly. They can’t just absorb the cost of fraud as much as makes sense for them financially. In the UK financial institutions are regulated by (at least) the FCA, who look to ensure that customers are being treated fairly - including not being subject to large fraud risk - and the ICO, who, to give one example, are looking to ensure compliance with regulation around data security - GDPR being relevant here.

                                                                                                                                                So you’re absolutely correct about the technical possibilities and I understand why the possibility of (perceived) easy fraud makes you uncomfortable, but these banks with real money to lose and these regulators with consumer-friendly powers agree that the risk is low enough that it’s fine.

                                                                                                                                                That said, I’m not saying that the retail banks have your interests as top priority. If your account is accessed due to you having your phone stolen, I’d bet they would at least attempt to hold you responsible. In their own interests, if they allowed everyone to claim phone theft and their money returned, collusion to commit fraud would be rampant pretty quickly.

                                                                                                                                        2. 1

                                                                                                                                          Why not generate a random conforming password and store it in a password manager?

                                                                                                                                          1. 3

                                                                                                                                            I want to be able to login from environments where I don’t have a password manager at hand.

                                                                                                                                          2. 1

                                                                                                                                            That app is probably also protected by history, location or both.

                                                                                                                                            When you installed it, it probably generated a private key and got a certificate signed by the server. You’ve authorised a bunch of transactions since then. This means that when you enter your five digits, the bank “knows” that you entered those five digits on a device that’s been used to sign many transactions that weren’t fraud in hindsight.

                                                                                                                                            Many of the apps look up your location using GPS, and the bank can trust that because of the way code signing works on android and ios, so very likely, the bank “knows” that you entered your five digits ±50m from some location where you’ve signed many whitehat transactions in the past.

                                                                                                                                          1. 9

                                                                                                                                            WARNING: this is alpha, and the default keybinds are still weird because I use colemak

                                                                                                                                            Finally, something will have non-weird keybinds for us colemak users \o/

                                                                                                                                            1. 4

                                                                                                                                              My thought was “at least keybindings are reasonable” when I was skimming through the README with one eye closed 3am this morning. (What’s wrong with me?)

                                                                                                                                              1. 2

                                                                                                                                                Colemak 4evah! So nice to find a piece of software living in that mode already.

                                                                                                                                                I was already inclined to check this out because I love rust and I have an unhealthy obsession with trying new thought mappers/todo systems, but the colemak defaults pushes it over the edge!

                                                                                                                                              1. 6

                                                                                                                                                The animated cursor looks like a gimmick, but I have a feeling that it would be really useful.

                                                                                                                                                1. 6

                                                                                                                                                  It felt like a silly addition to me, and then I realized how often I do jkjkjkjkjk to see where my cursor currently is after searches and jumps. I’m looking forward to trying this.

                                                                                                                                                  1. 5

                                                                                                                                                    It definitely pleases me. Whether it reduces the number of times I lose track of the cursor is hard to tell ¯\_(ツ)_/¯ my impression is yes, but your mileage may vary

                                                                                                                                                    1. 3

                                                                                                                                                      I’ve been using this to help keep track of the cursor:

                                                                                                                                                      set relativenumber
                                                                                                                                                      set number
                                                                                                                                                      highlight LineNr ctermfg=brown
                                                                                                                                                      highlight CursorLineNr ctermfg=yellow
                                                                                                                                                      
                                                                                                                                                      1. 2

                                                                                                                                                        Neat! My vimrc has something in a similar-ish vein with the following line:

                                                                                                                                                        :nnoremap <Leader>s :set cursorline! cursorcolumn!<CR>
                                                                                                                                                        

                                                                                                                                                        Leader s will highlight the current row and current column, creating a “crosshair” over your cursor. I use it all the time when pairing to show someone where my cursor is and as way to “point” at code.

                                                                                                                                                        Plus it’s a toggle. So when I lose my cursor I can just quickly toggle it on and then off with the same binding. Easy for it to become muscle memory.

                                                                                                                                                    1. 23

                                                                                                                                                      I really can’t agree with this more. At work I was just upgraded to a top of the line 16” MacBook Pro and I hate it. It’s so bad that I’ve been looking for something to buy myself to replace it and I can’t find anything good. The XPS 13 is probably good enough, but I’d really like something better than that.

                                                                                                                                                      I’m probably even less demanding than Drew, I’m willing to deal with non-free device firmware blobs. But I need a high DPI screen, so I don’t even have the option of going with something old.

                                                                                                                                                      1. 7

                                                                                                                                                        The new ThinkPads aren’t so bad; I have an x270 and it works well for me. It’s been working with Linux pretty much out of the box ever since I got it 2 years ago.

                                                                                                                                                        I don’t like how the XPS integrates the click buttons on the touchpad (a lot of laptops do that), but other than that it’s pretty okay for the most part.

                                                                                                                                                        1. 3

                                                                                                                                                          Can you only get a 1366 x 768 display on the x270? I don’t think I could deal with that.

                                                                                                                                                          The XPS is probably where I’ll end up. The just announced a new model with a 16:10 display. I’m going to wait to see what the linux compatibility with that is/see if that display comes to the Developer Edition models. And I actually prefer the click being integrated in the touch pad, so that’s not a worry of mine.

                                                                                                                                                          1. 4

                                                                                                                                                            I had work buy me an X260 without thinking about it, and they got me a 1366x768 one. It never even occurred to me that such a thing would be possible to buy, so I didn’t think to specify.

                                                                                                                                                            But even if they had gotten me a higher-resolution one, the display is still 16:9; too small to be usable without an external display. It’s also very dim; completely useless outside. The only good thing about it is that it’s not glossy. I’m much happier on my X301, so most of the time I just SSH in from that machine.

                                                                                                                                                            1. 3

                                                                                                                                                              Nah, I have a 1920x1080. For a 12.1” screen that’s more than plenty. Pretty sure I could also configure a higher resolution one. I’m not even sure they’re even selling the x270 any more, since there’s the x280 and x390 now. I’d probably get the x390 if I had to buy a laptop now.

                                                                                                                                                              “ThinkPad [model]” doesn’t necessarily say all that much, since they come in a gazillion build configurations. A lot of them are mass-produced for enterprises that buy 500 of them for their office workers and the like, and come with shitty screens like the one you saw. But you can get better for sure.

                                                                                                                                                              The ThinkPad has both integrated click and buttons on top; it’s a great design IMHO (but in the end of course a matter of personal taste/preference).

                                                                                                                                                              1. 2

                                                                                                                                                                Good to know, I only found one build of the x270 on their website, and I can’t even find that again now, which had that screen & AFAICT, couldn’t be customized. Probably just need to do through their website more.

                                                                                                                                                                The ThinkPad has both integrated click and buttons on top; it’s a great design IMHO (but in the end of course a matter of personal taste/preference).

                                                                                                                                                                Ah, yeah, that definitely is best. I miss that from my old x220. I wish I would have never gotten rid of that.

                                                                                                                                                            2. 2

                                                                                                                                                              I’m still holding out on buying anything as long as my X300 keeps running, but I just a look at the x270 and seriously … how can they build a notebook with a touchpad that has the buttons on the wrong side?

                                                                                                                                                              1. 3

                                                                                                                                                                I think they’re more intended for the TrackPoint than the touchpad, so it makes sense from that perspective. My old T61 had buttons on the top and bottom. I find it works quite well for both though. Also: it has a middle click button! A rarity on laptops and a small feature that actually matters a lot to me.

                                                                                                                                                                1. 1

                                                                                                                                                                  I think you’re using the touchpad wrong. x270 is design with the nipple pointer in mind and that’s why the buttons are on the top. Also I’ll just put it out there: buttons on the top of the trackpad should be standard to begin with ­— it’s much more ergonomic. You need to move your finger less and your wrist of the hand that is touching the buttons can rest on the laptop rather than outside surfice.

                                                                                                                                                                  1. 1

                                                                                                                                                                    Buttons at the top make it a pain to use gestures – if the laptop can’t be used without a mouse, why even bother with a touchpad?

                                                                                                                                                                    Maybe Lenovo should just sell me the device 2€ cheaper and put a real mouse in the package instead. (Same with keyboards these days. Those super-thin devices don’t look that practical anymore if I have to carry an additional, usable keyboard.)

                                                                                                                                                                2. 2

                                                                                                                                                                  They aren’t so bad, but they’re clearly worse work tools.

                                                                                                                                                                  I ~recently switched from a T430 to a A485 (that’s a T480 but with AMD in it).

                                                                                                                                                                  No latch on the cover, meaning that after 5 years it will be opening itself in the backpack every day.

                                                                                                                                                                  No ultrabay, or however it was called, meaning I need to carry around either a sata-to-usb converter or an external dvd depending on what I need. Sure it’s slimmer now: but also less useful. That’s not what I wanted a thinkpad for.

                                                                                                                                                                  Two batteries instead of one. Battery life is as good/bad as it was on the T430, but now when the battery wears out I’ll need to replace two instead of one – and one of them is deep enough to require a full-on disassembly.

                                                                                                                                                                  The physical cover for a webcam is nice, but everything else is a straight downgrade. If anyone else made laptops with decent trackpoints I’m sure I’d never look at Lenovo again :/

                                                                                                                                                                  1. 3

                                                                                                                                                                    I’m using T430 privately, yet I’m thinking more and more about buying something new. T430 lacks power, 1080p x265 is too much for it. Putting SSD in it gave it second breathe at the time, but that’s about it. Working with ThinkPads spoiled me, I need trackpoint, touchpad is no go (I mean I use it only for scrolling, but can easily live w/o it at all), which limits me mostly to ThinkPads (there are few other non-Lenovo series that happen to have trackpoint equivalents, but there aren’t many of them).

                                                                                                                                                                    I’m not necessarily fond of what is presently offered in ThinkPad lineups. I would even overpay for some Extreme if it was 14” and having normal RJ45 ethernet port (instead of Lenovo’s proprietary mini-RJ45-crap forcing you to buy and use some adapter if you’re wire networks user). 15” is too much, I want to have some mobility. And honestly, I use wire networks rarely, but lack of normal RJ45 port irritates me immensely, possibly more than it should. Ultrabays are cool too, I have one right now with additional SSD there. But if I need, I can replace it and put DVD drive in it, or something else. It takes literally seconds. Lack of it in newer models also bothers me (but not as much as lack of RJ45). And having USB-C for charging maybe is nice and dandy, but for firmness and durability I think slim tip connector, like used in T470 (my work laptop), is what I prefer the most.

                                                                                                                                                                    They make laptops slimmer, but modularity and usability, are reduced because of that.

                                                                                                                                                                3. 3

                                                                                                                                                                  What do you hate about the 16” MacBook Pro? I feel like I’ve been hearing generally positive things about it.

                                                                                                                                                                  1. 5

                                                                                                                                                                    It’s just super unreliable. Half the time when I connect it to my Thunderbolt 3 dock (which I bought from an apple store) it just sits there and flashes until it reboots. It also fairly often will end up rebooting while its suspended. Bluetooth devices slowly get juddery over time and half the time it won’t auto reconnect to them.

                                                                                                                                                                    I have more problems on top of that don’t help my impression of the system overall, those just come from Parallels being awful at what it does, but I need Linux to do my job.

                                                                                                                                                                    Edit: I should also mention, my last work-issued laptop was a 2015 Macbook, which as I understand it was the last “good” one before they started mucking things up. So, my expectations weren’t pre-set to be super low. Maybe that is why I’m relativity more disappointed with it than others that had used other newer models.

                                                                                                                                                                    1. 2

                                                                                                                                                                      I have more problems […] those just come from Parallels being awful at what it does […]

                                                                                                                                                                      I’m confused. Are most of your applications designed for macOS, Windows, Linux, or general Unix?

                                                                                                                                                                    2. 3

                                                                                                                                                                      I’m curious about the answer as well. I’ve been using a 16” for a few months now, and really like it. I’ll be disappointed(but not surprised) if the complaint is actually about the fact that it ships with Catalina.

                                                                                                                                                                    3. 2

                                                                                                                                                                      I have a hidpi x1 carbon v6 and it’s not bad. the v4 had better ergonomics though, and the fact that they backslid on that makes me sad. (specifically, the margins on the side of the keyboard are too small on the v6)

                                                                                                                                                                      1. 1

                                                                                                                                                                        … I need a high DPI screen…

                                                                                                                                                                        As do I…

                                                                                                                                                                        … so I don’t even have the option of going with something old.

                                                                                                                                                                        …which is why I’m still using 15 year old T42p’s with 1600x1200 screens…