1. 6

    So many of these orgs are going to be the ones least equipped to do the incident response. Situations like this are what I think about whenever somebody makes a proposal along the lines of “what if everybody had a small server in their home with all their data?”

    1. 5

      Wordpress is in a very similiar situation. A lot of servers running the software with many of the server admins having less that desirable expertise. They mitigate the danger of a zero day exploit via automatic security updates. On the other hand then you could have something like the solarwinds hack. If you put all the data into one central server with an elite team of admins monitoring it, then you still have a single point of failure. I guess there is no perfect secure solution out there. I mean basically every large organization tech or non-tech had a security incident in the past. IT security is not solved yet, I wonder if it will be someday :)

      1.  

        IT security is not solved yet, I wonder if it will be someday :)

        Security in general is not solved yet. The problem itself is extremely tough: make something somewhat easily accessible to a small group while not accessible to the rest of the world.

      2.  

        Monocultures are apparently always fragile. Users better have various implementations of the same standard.

      1. 3

        How does this handle old cached DNS entries pointing to servers that are lower on power? Or do we assume that TTLs are small enough and the amount of power left on lower-energy-available servers is enough to sustain until the TTL expires?

        1. 4

          From where I am it looks like a 180-second TTL:

          $ dig solarprotocol.net @dns1.registrar-servers.com
          …
          ;; ANSWER SECTION:
          solarprotocol.net.	180	IN	A	120.88.164.57
          
          ;; AUTHORITY SECTION:
          solarprotocol.net.	1800	IN	NS	dns1.registrar-servers.com.
          solarprotocol.net.	1800	IN	NS	dns2.registrar-servers.com.
          
        1. 4

          I’ve been able to solve most of this pain with regular old git and SourceTree’s “split view staging” where the staged/unstaged parts of the same file can be inspected separately. Changes that I’m still working on are unstaged, and when I think I’ve hit a minor milestone that doesn’t warrant a commit I drag them up to the “staged” area. This sets a checkpoint and if I make a mess, I can view only my subsequent changes in the “unstaged” area and revert them in isolation.

          1. 3

            That’s an interesting use of git staging. You can also do this in regular old git with git add, then git diff to show unstaged changes.

            1. 3

              Yeah, I do much the same thing, using hg commit --secret to create commits that serve as checkpoints. (“secret” means Mercurial won’t push them when I run hg push.)

              When I want to compare my current work in progress to some entirely other version of the file (also common), I create a copy in the working directory using hg cat -r 123 myfile.txt > 123.myfile.txt. Als always, Git has an (a) clumsier command that (b) does the same thing (emphasis on both parts): git show 1a2b3c:./myfile.txt > 1a2b3c.myfile.txt. (Using a hash here because Git doesn’t have local revision numbers.)

              Still, all these workarounds depend us on remembering to stage/commit or commit our edits at logical points. It’s a pity I don’t use Atom; but I’m really grateful to the author for their realisation, and I hope the tool will spread to other editors.

              1. 2

                I also rely on git. Sometimes just git commit -am asdfjkjl and later rebase/squash it all.

              1. 2

                speaking of additions to the language, any idea why a crate for a proprietary password manager is now required to build rust itself?

                https://github.com/rust-lang/rust/blob/master/Cargo.toml#L24

                1. 9

                  That particular section of Cargo.toml is listing all of the workspace members, which just means that all of those projects share dependency resolution information, compilation profiles, etc.

                  That particular project is part of cargo, and it looks like that’s just one particular provider for storing tokens securely. There are other crates in the same repository for macOS, Windows, and Gnome. I suspect the maintainers would be open to contributions that support other providers.

                  1. 2

                    fair enough, thank you for filling me in

                    1. 1

                      1password is no more proprietary a password manager than macOS or Windows.

                      1. 1

                        You’re correct of course that macOS and Windows are both proprietary, but if you buy a Mac or Windows laptop, 1Password is not included in that purchase :)

                    2. 4

                      These tools are described in the cargo-credential README.

                      The specific crate you mentioned contains this single file: main.rs

                      It seems to be a wrapper around 1password’s op command line tool, implementing the Credential trait for storing and retrieving passwords.

                    1. 25

                      First off, I’m not out to belittle Ken Thompson’s efforts here. Writing an assembler, editor and basic kernel in three weeks is highly respectable work by any standard. It’s also a great piece of computer lore and fits Blow’s narrative perfectly - especially with Kernighan’s little quip about productivity in the end. Of course, we don’t know how “robust” Thompson’s software was at this stage, or how user friendly, or what kind of features it had. I’m going to boldly claim it would’ve been a hard sell today, even if it did run on modern hardware.

                      Ooh, I can answer this! Ken Thompson’s first version of Unix was just the barebones he needed to run Space Traveler, a game he wanted to port from MULTICS. It wasn’t anything close to what we’d recognize as a Unix.

                      Despite that, I’m willing to bet a few bucks there are more people around today (including youngsters) who can program in C than ever before, and that more C and assembly code is being written than ever before.

                      I was thinking the same thing. Maybe in relative numbers there are fewer people who understand the low level things, but the absolute numbers are magnitudes higher.

                      1. 10

                        Maybe in relative numbers there are fewer people who understand the low level things, but the absolute numbers are magnitudes higher.

                        This is very powerful thinking and unlocks a lot of counter narratives to popular beliefs.

                        I remember when the Wii came out and people were worried that games would stop being “good” cuz so many casual games existed now (see also mobile game stuff). The ratio with sales was super weird but ultimately we were looking at bigger pie stuff.

                        I think a similar thing has happened with software sales as well relative to mobile applications

                        1. 3

                          Ooh, I can answer this! Ken Thompson’s first version of Unix was just the barebones he needed to run Space Traveler, a game he wanted to port from MULTICS. It wasn’t anything close to what we’d recognize as a Unix.

                          Not only that, you can actually run it in SIMH’s PDP-7 emulator! The original source code is available, including the source for the game Space Travel. The ~3k lines kernel is bundled with ~18k user space programs (assembler, debugger, text editor, disk/file management utilities, some games, etc.). Maybe less barebones than you’d expect. To me this inititial UNIX version is akin to prototype to see if the approach will work (later evolved and refined into Research UNIX of course).

                          1. 2

                            it wasn’t anything close to what we’d recognize as a Unix

                            Do you have any recommendations for philosophical/historical/narrative reading produced by these folks or their contemporaries? I’ve consumed plenty of their writing on the technical side, but most of the philosophical/historical/narrative accounts I’m aware of seem to have gone through the filters of other people involved with later/divergent parts of the historical trajectory (GNU, Linux, FSF, and so on).

                            1. 2

                              Have a look around on multicians.org. I’ve enjoyed some of Tom Van Vleck’s pieces like his history of electronic mail.

                              1. 3

                                Unix Hater’s Handbook http://web.mit.edu/~simsong/www/ugh.pdf

                                Lion’s Commentary on Unix https://cs3210.cc.gatech.edu/r/unix6.pdf

                          1. 16

                            Regarding the gripe about Gemini - retrocomputing was never its goal. It was about reforming the browsing experience of the modern user, where code execution or unexpected downloads cannot happen behind your back. Guaranteed TLS was deemed table stakes - for each person who complains about it, there is another who would never touch Gemini if all/much of their browsing was trivially observable by third parties. Gemini was never intended to supplant gopher. The protocol author mentioned continues to maintain both gopher and gemini sites, and gopher would be the right choice when encryption is inappropriate, such as retrocomputing or amateur radio.

                            1. 8

                              From the Gemini FAQ:

                              Gemini may be of interest to people who are: […]

                              • Interested in low-power computing and/or low-speed networks

                              So it does seem that there’s some tension there…

                              1. 4

                                I don’t quite know what to think of the TLS requirement in Gemini, either, but low-power computing and/or low-speed networks doesn’t necessarily mean old computers and networks. Modern low-power machines with low-speed connections can handle TLS just fine. See e.g. this thread: https://lists.orbitalfox.eu/archives/gemini/2020/002466.html for an older example of someone running a Gemini client on an ESP32.

                                (Full disclosure: not under this alias – which, for better or for worse, I ended up using in some professional settings – but I am running a Gemini-related project. I have zero investment in it, it’s just for fun, and I was one coin toss away from using Gopher, I’m just sort of familiar with the protocol).

                                1. 1

                                  Yes, I think it’s a relative statement as well. Low-power systems today are magnitudes more performant. The little 68030 I did some testing on takes over 20 seconds to complete a TLS 1.2 transaction, but even a few years old embedded systems today will run rings around that.

                                  For retro systems, I still say Gopher is the best fit.

                                2. 2

                                  Yes, contrasting this with @jcs’s post, it does look like a dichotomy.

                                3. 5

                                  But then, why reinvent the wheel? Instead of implementing a whole new protocol, a more sensible decision would have been to simply develop a modern HTML 3.2 browser without the JS crap. Just freeze the pinnacle of HyperText before the web became the edge of Hell it is today.

                                  1. 4

                                    See the Gemini FAQ section 2.5

                                    1. 4

                                      My memories of those days weren’t so halcyon, just table soup.

                                      1. 2

                                        It’s because the point of Gemini is to be intentionally exclusionary.

                                      2. 2

                                        I agree about Gemini, The one thing I wish they had done differently is used much much simpler crypto for integrity and not bother about confidentiality. Pulling in TLS was a shame as it missed out on a great opportunity.

                                        1. 2

                                          So what crytpo, and what libraries for which languages exist for it? I ask because the wisdom is not to invent crypto, nor implement it yourself.

                                      1. 10

                                        While I agree that the writer follows a certain logic and it makes sense in their world view, I think there’s one important thing missing: The copy-left and free software part of open source always was more than just “this needs to work well in the established system”, it had a more revolutionary part that made it so interesting. It tried to build an alternative to the capitalist way of working and paying for work, because software and digital content (being copyable) is fundamentally different to physical goods and services. The free software people tried to apply new ways of thinking about those new goods. This is why it was frowned upon in the early days by entepreneurs, and it was completely unthinkable that something like Linux will work somehow. This part can’t be grasped by the logic the author uses.

                                        1. 11

                                          To add to that a little: the kind of friction that the author mentions became more or less inevitable once FOSS expanded past the community of dogfooding enthusiasts, and it comes from both sides.

                                          I.e. for a long time, it wasn’t uncommon for people to show up not just with bug reports, but also with a patch. Some communities still see this as natural (FRIGN mentions it in another comment here re. suckless, but they aren’t the only ones), and facilitate this in every possible way (I haven’t contributed anything to suckless projects but reading their mailing lists it’s clear that they’re really cool about it).

                                          But it was inevitable that, as FOSS adoption grew, it would eventually grow to include people who lack the expertise to modify the tools they use, people who are simply forced to use them at work and so on. I mean, 20 years ago, lots of people who used Linux in enterprise settings were trying to get the higher-ups to approve using Linux on white boxes instead of Sun’s expensive stuff, and they had a lot of stakes in the game. Lots of people using it today are junior devops who inherited the Linux shop set up 20 years ago. They have no stakes in it, and there aren’t any Sun salesmen to yell at, either, so of course they get yelled at and then show up demanding bugfixes from the same people who showed up at FOSDEM encouraging others to adopt their tools. I’m not saying they’re right, just that I understand why they do it.

                                          There’s some friction at the other end, too. E.g. sometimes you unwittingly end up working around a bug that you have a patch for, but the fix will never get in because the project – while FOSS in terms of license – is effectively a corporate playground, and maintainers will (understandably) prioritize their colleagues’ fixes over yours, assuming you can even get them to look at yours, that is.

                                          1. 5

                                            RMS always stressed that he is a capitalist, not a communist. I guess the revolutionary part is that he wants to eradicate proprietary software, which would mean changing the business models of large parts of the software industry, but you can still pay people to work on free software.

                                            1. 1

                                              Then he’s not a capitalist. Capitalism is about earning dividends from property (ie software you’ve written or bought using capital), not from work.

                                              1. 2

                                                He believes in a capitalist system of production, which existed before software and could continue without proprietary software (in principle if not in practice).

                                            2. 4

                                              The copy-left and free software part of open source always was more than just “this needs to work well in the established system”, it had a more revolutionary part that made it so interesting. It tried to build an alternative to the capitalist way of working and paying for work

                                              While many choose to approach free software in this way, this mischaracterises the philosophy of the free software movement at least as RMS and the FSF established it. They have never been shy about authors charging money for free software - whether it’s your own or somebody else’s!

                                              Actually, we encourage people who redistribute free software to charge as much as they wish or can. If a license does not permit users to make copies and sell them, it is a nonfree license. (https://www.gnu.org/philosophy/selling.en.html)

                                              To me, the author’s approach seems very consistent with what FSF advocates.

                                              1. 1

                                                From the GNU Manifesto:

                                                We must distinguish between support in the form of real programming work and mere handholding. The former is something one cannot rely on from a software vendor. If your problem is not shared by enough people, the vendor will tell you to get lost.

                                              1. 10

                                                Great writeup, lots of practical advice. I’ve dabbled in similar projects in the past and it worked well when I had efficient software for the things I wanted to do. The sharp edge I kept hitting over and over again is modern websites with lots of javascript. On the one hand advanced web applications are the saviour of the Linux desktop user—an opportunity to interoperate in the same services as your closed source peers—but on a 10–15 year-old CPU and with few GB of RAM it just sucks. If you enjoy playing with NoScript all day maybe it’s okay but I’m not willing to go that far. Until my usage patterns change I’m stuck on the treadmill even for my non-work computing.

                                                1. 6

                                                  Isn’t this overstating the impact of NoScript a bit? You generally turn it on for a website you want to use that doesn’t work with JavaScript disabled and that’s it. It works from then on.

                                                  1. 2

                                                    IME NoScript’s impact varies greatly depending on how much the thing you’re using spread its code out over different domains & CDNs.

                                                    1. 1

                                                      For many “modern”, “user-friendly” websites, the JavaScript bits that are actually useful and have a functional impact over the website are actually only a (n often very tiny) subset of all the JS code that runs when you open that website. Lots of the JS code that runs is advertising and/or tracking code that you can disable and still not lose functionality. Once all that crap is turned off, 10 year-old CPUs can sometimes handle a page just fine, but you do have to fiddle with it a little and… yeah.

                                                      Oops, I don’t think that makes a difference – I think I was misremembering how NoScript works. I haven’t used it in a while.

                                                      1. 1

                                                        Do you have an example of a page that you think doesn’t work well on 10+ age cpu? I have a cpu that was not the latest back in 2007 and there are a few tasks where it starts to show (such as multiparty videoconference in 4k or unaccelerated webgl vr) but haven’t had issues with run of the mill webapps yet.

                                                    2. 1

                                                      i’m curious what you consider “a few GB” – I’ve never had more than 4 and always seems like more than enough for the web?

                                                    1. 2

                                                      FrontPage was good fun. A bit later there was also iWeb. I don’t recall it being as powerful as FrontPage but it certainly filled that niche of WYSIWYG editing, complete with publishing to a web-accessible URL.

                                                      Recently it feels like Microsoft and Apple focus on inward-focusing services. Despite various flirtations over the years, now they seem to be staying the heck away from anything that involves end user publishing or forms of social media. There’s no technical reason why they couldn’t - maybe they don’t want to deal with all the moderation aspects? It’s an unavoidable part of the easy web publishing story that FrontPage promised.

                                                      1. 2

                                                        Microsoft as a “conglomerate” deals with end users on their Xbox platform. I honestly don’t know how active it is but you can publish screenshots etc from games and of course hosting games and dealing with the inevitable moderation headaches is a huge part of what Xbox Live provides.

                                                        1. 1

                                                          There’s multiple problems:

                                                          • For making it easier on people, they need an easy way to get webspace. Apple did provide that, Microsoft didn’t. I have to imagine that’s a burden because you have to have and enforce an AUP. Easier to wash your hands of it and make it someone else’s problem, even if it increases barrier to entry.
                                                          • Most people don’t actually have anything to say or publish, and if they do, they have little interest in maintaining their own space or CMS (WordPress, SSGs, HTML editors all have their tradeoffs) for it. Normal people actually prefer the social media model, brainwormed/abusive as it can be. The people who don’t tend to be nerds like us. (Maybe my reading is wrong and there are people who do want this, but I suspect they’re a niche.
                                                          1. 1

                                                            Most people don’t actually have anything to say or publish, and if they do, they have little interest in maintaining their own space or CMS (WordPress, SSGs, HTML editors all have their tradeoffs) for it. Normal people actually prefer the social media model, brainwormed/abusive as it can be.

                                                            Indeed, perhaps it was inevitable. I still wonder if things would look different today if tools like MS Office and iWork had worked to keep web publishing low friction. Maybe we’d have fewer facebook-only small businesses, and fewer community groups who rely on facebook groups to share rosters and other information. It’s hard to imagine it would be radically different though.

                                                        1. 2

                                                          I suspect the authors are a little confused when they call it OCSP stapling. If it’s verifying application developer certificates, surely there wouldn’t be any TLS connection to staple to?

                                                          1. 1

                                                            To answer my own question, this article explains that there is a stapling-like procedure for including notarisation tickets with apps. It’s different from the TLS extension usually called “OCSP stapling”, which is described in the wikipedia article they link.

                                                          1. 5
                                                            1. People feel paralyzed by the ongoing catastrophe and want to use their technical skills to make a difference. Writing faster code is using your skills, right?

                                                            You can observe this across the software industry in general. Evgeny Morozov set it out well in To Save Everything, Click Here:

                                                            This never-ending quest to ameliorate…is short-sighted and only perfunctorily interested in the activity for which improvement is sought. Recasting all complex social situations either as neatly defined problems with definite, computable solutions or as transparent and self-evident processes that can be easily optimized—if only the right algorithms are in place!—this quest is likely to have unexpected consequences that could eventually cause more damage than the problems they seek to address.

                                                            Another example is the theory that you can bring an organisation to its knees if only we deny them access to a particular open source library, or a particular brand of source code control.

                                                            1. 7

                                                              The Big Web has “users” – a term Silicon Valley has borrowed from drug dealers to describe the people they addict to their services and exploit.

                                                              On the Small Web, we do not have the concept of “users”. When we refer to people, we call them people.

                                                              IMO this hyperbole distracts from the serious goal that the author is getting at:

                                                              Our greatest usability challenge on the Small Web is making the ownership and control of your own web site or application as seamless as possible.

                                                              The hyperbole is not inconsequential—it disinvites close scrutiny of the goal of turning users into sysadmins. At various times I’ve been on all sides of this issue and right now I think it’s understandable but absurd. It is impossible to reduce the complexity of operating a unique resource on the internet without either a great level of technical understanding, or placing a great deal of trust in some other party. The obvious example: why should I install follow the instructions to use site.js? How do I know they’re any more trustworthy than Google? They’re just a small band of activists vs a famous company, right? (This is only slightly tongue-in-cheek.) That’s before we get into the autonomy of cloud vs VPS vs self-hosting.

                                                              The premise of single-tenant services is flawed when it comes to online services. You can’t make the complexity go away—you can only delegate it to somebody else. To me, community-run federated technologies offer the best balance. When I say “federated” that doesn’t necessarily mean ActivityPub. Web, email, gemini and jabber are all services that can operate with multiple users under the care of a locally-trusted administrator who takes care of the details. But community servers have their own woes (as anybody who relies on SDF for their primary email knows). In the meantime, avoiding the FAANGs of the world is a useful stepping stone until we work out good federated responses.

                                                              1. 19

                                                                I have no idea if it will meet its goals but I was really pleased to see this line:

                                                                The Anti-Capitalist Software License is not an open source software license.

                                                                The recent takes on software morality that I’ve heard about are antithetical to free software and open source philosophy. That’s not a value judgement, just a statement of fact. If you want to restrict the use of your software it’s more productive to start from proprietary and progressively free things up than to take open source as we know it and try to restrict it, whether through licencing or social coercion. I have no idea what will “stick” but good on them for trying - it worked for the GPL.

                                                                1. 8

                                                                  I have no idea if it will meet its goals but I was really pleased to see this line:

                                                                  The Anti-Capitalist Software License is not an open source software license.

                                                                  Yes, it is honest compared to attempts to hijack or bend free software or open-source. But it is probably the only advantage of this license.

                                                                1. 3

                                                                  Have there been any notable attempts to create a new language-agnostic ABI? I’m guessing most people reach for a message-passing or RPC library when C gets too limiting but it would be an interesting project.

                                                                  1. 5

                                                                    WebAssembly WASI is kinda that if you squint a bit: https://hacks.mozilla.org/2019/11/announcing-the-bytecode-alliance/

                                                                    1. 2

                                                                      VMS has always had a language-agnostic ABI.

                                                                    1. 35

                                                                      There’s really a problem with this blog post. I don’t know how it’s technically done but having to wait several seconds every time you display the tab is why almost nobody will read it.

                                                                      1. 20

                                                                        It is actually super-high-level web development. Kudos to @tedu for pulling it off.

                                                                        Pages are progressively enhanced using JavaScript if it is available. If it isn’t, users can still read the page. If JS is available, then UX is enhanced with a realtime loading indicator, much like the ten-pixel-bars top bars that are on many pages.

                                                                        After all, in this Third Age of JavaScript, we cannot simply trust the browser to render the page. We need to tell the user the progress of that.

                                                                        1. 14
                                                                          var delay = 100
                                                                          switch (progress) {
                                                                          	case 70:
                                                                          	case 73:
                                                                          	case 76:
                                                                          		delay = 250
                                                                          		progress += 3
                                                                          		break
                                                                          	case 79:
                                                                          		delay = 500
                                                                          		progress += 2
                                                                          		break
                                                                          	case 81:
                                                                          		progress += 14
                                                                          		break
                                                                          	default:
                                                                          		progress += 5
                                                                          		break
                                                                          }
                                                                          

                                                                          I have to give props for verisimilitude. And for teaching me where to find uBlock Origin’s “disable javascript on this page” function.

                                                                          1. 10

                                                                            I wouldn’t be surprised if @tedu spent a good twenty minutes fine tuning that for maximum annoyingness.

                                                                            1. 2

                                                                              You have more patience than me. It taught me where to find uBlock Origin’s domain-level blocklist.

                                                                            2. 9

                                                                              I’m sorta ok with progressive enhancement. What ground my gears was that it triggered every time the window (Chrome on Windows) regained focus. It made it really hard to find my place again in a page with lots of code.

                                                                              1. 19

                                                                                I mean, just so we’re all clear, it’s something between a joke and a protest statement, and what you’re complaining about is entirely the deliberate point: it’s a perfectly fine, instantly rendering webpage that’s being “progressively dehanced” by the presence of annoying JS.

                                                                                1. 4

                                                                                  Wow… kids these days 😒

                                                                              2. 5

                                                                                Yeah, I love it. This “protest” is a nice compromise in comparison to sth like “Disable JS to enter the page”. It is annoying but still usable.

                                                                              3. 12

                                                                                The site loads almost instantaneously. Just disable JavaScript ;-)

                                                                                1. 11

                                                                                  What’s really weird is all the markup appears to be there, and the loading is just for…giggles?

                                                                                  1. 22

                                                                                    That sounds like something @tedu would do.

                                                                                  2. 2

                                                                                    Well, @tedu also had a period with a self-signed certificate, the horror!

                                                                                    1. 2

                                                                                      When you have a self-signed certificate, you are expected to trust it on first use, and then the web browser remember it.

                                                                                      If the web browser remember the certificate of a website, noone, including a MitM possessing the key of a certificate trusted by your web browser, noone can tamper the connection anymore.

                                                                                      So you suddenly jump from a situation that looks suspicious security-wise, to one that can face the NSA kind of attack vector.

                                                                                      Of course, in the case of a MitM situation, your “accepted security exception” situation (self signed but trusted manually) would turn into a “green padlock” (certificate signed by the MitM) situation, and I doubt many will choose the “padlock with yellow cross” over the “padlock with green check mark”, even if icons barely have any accurate meaning on their own…

                                                                                      Simply wandering on an off-topic… Not actually meaning that Cloudflare should switch to self-signed right now… Oh, wait, Cloudflare are self-signing, they are their own trusted certificate authority…

                                                                                    2. 2

                                                                                      Just use links? ;)

                                                                                    1. 11

                                                                                      Like the author I think having your own mail server isn’t worth it in most cases. But I do think it’s useful to have your own domain for email (and using an email service that supports custom domains). This way you’re never locked in to a particular email service because you can easily point your MX record to another one.

                                                                                      1. 8

                                                                                        Using your own domain has its risks too. If you miss a renewal payment, perhaps due to an errant email filter or an unusually long illness, you might lose control of it. Not only is it a major hassle—the new owner gains access to every account that can be reset by email without 2FA (i.e., most of them).

                                                                                        That doesn’t necessarily mean using your own domain is a bad idea, but after many years doing that I’ve been slowly transferring some eggs out of that basket.

                                                                                        1. 3

                                                                                          I have crucial things (such as domains, but also water, electricity, …, phone service) set up with automatic direct withdrawal on a bank account that won’t run dry anytime soon. Not worth the hassle to check every invoice on those before the fact, especially since, given that they maintain crucial things, I took some care to choose providers I think I can trust with that as much as I can trust with them providing a reasonable service.

                                                                                          1. 2

                                                                                            That’s a good point. I have a yearly reminder in my calendar and have auto-renewal enabled, for me that’s good enough. I wonder how mail providers handle this actually. If someone stops paying for their account and it gets deleted, can someone else register using that same email?

                                                                                            1. 2

                                                                                              Most registrars will give you a reminder (or several) a few weeks before your domain expires. Assuming you keep up on that inbox (you should), it’s not too difficult. Many will park the domain for a time period after it expires too to prevent scalpers. Obviously if you’re super out of commission for a month, you probably have other things to worry about than your email.

                                                                                          1. 1

                                                                                            Reading this I have to wonder, are crates simply too big? The trouble with Rust dependencies is that if you want one function you have to compile the whole crate*. I like the thrust of this article, insofar as we should look more closely at we’re actually asking rustc to do rather than blaming it for all our problems. I think it gives slightly too much responsibility to the developer of the final application though—there is no guarantee that a lean alternative crate exists for a given task. Making crates smaller in scope or using feature flags more often(*) is a community-wide effort that would help substantially.

                                                                                            1. 5

                                                                                              Unfortunately, people also freak out when they see many dependencies. “OMG, this project has 274 dependencies! <insert left-pad joke>!”. This creates an incentive to make fewer, larger crates to bring down the scary number of dependencies, even if that actually increases the amount of unused code.

                                                                                            1. 101

                                                                                              Requests of the form “I support $GOOD_THING, so please make $CHANGE” are often emotional manipulation and power plays, as they carry a subtext of “if you do not make $CHANGE, you support $BAD_THING and are therefore a bad person”.

                                                                                              Statements like “all software is political” are used as a motte-and-bailey: the motte is the narrow sense in which a piece of software could be downloaded by almost anyone and applied to nearly any end; the bailey is “there can be no middle ground - you are either with us or against us”. The aim is to back the maintainer into a corner where a hasty decision gets made under pressure.

                                                                                              Note also the rush to fork - that’s another power play and adds pressure to the existing project’s leadership. In addition to the emotionally-manipulative requests, there is the additional threat of “if you do not comply, we will attempt to take your work and community away from you”.

                                                                                              Projects which allow these kinds of tactics to succeed increase the likelihood that they will be deployed again: both against the project itself and within the wider ecosystem. The correct response, IMHO, is to call out the manipulation for what it is, refuse to enter discussion, and wait for the storm to pass. Bozhidar, you did well.

                                                                                              1. 7

                                                                                                I agree that this PC virtue signalling manipulative game is bad.

                                                                                                “if you do not comply, we will attempt to take your work and community away from you”.

                                                                                                Work given in the spirit of free software, and community of free individuals, are not yours.They cannot be ‘taken’ away.

                                                                                                I think forking should be encouraged. If you don’t like it, make your own, has always been in the spirit of Freedom.

                                                                                                1. 9

                                                                                                  “if you do not comply, we will attempt to take your work and community away from you”

                                                                                                  What action do you feel would be reasonable for community members and users to express their discontent with the current name?

                                                                                                  1. 36

                                                                                                    None.

                                                                                                    If the name really bothers you – and I don’t believe that’s what’s going on here, it reads to me like a power play, as the GP states – but if it really does, then recognize your feeling as the personal idiosyncrasy it is, rather than interpreting it as a right to impose on others. Then either don’t use the gem, or fork it yourself and rename it without any fanfare.

                                                                                                    1. 8

                                                                                                      So would you agree that in light of maintainers’ unwillingness or inability to change, a fork is appropriate?

                                                                                                      1. 14

                                                                                                        I was referring to a personal fork, to satisfy one’s personal feelings. I think forking the project publicly with the intention of promoting the fork is petty, vindictive, and completely inappropriate. That said, people are free to do as they wish per the license.

                                                                                                        1. 15

                                                                                                          I actually support this kind of public forking. I’ve said before that I would like to see more open-source projects publicly fork over political differences, rather than have political fights within the project over whose vision will prevail. Forking an open-source project, even publicly, is absolutely within the rights of anyone using open-source software and no one should feel dissuaded from doing so for any reason.

                                                                                                          I do think that in this specific case the people who forked Rubocop are being petty and vindictive, but that’s because I disagree with them on the object-level political political issue, not because of the fact of forking. In fact, if the activists had succeeded in convincing the project to change their name, I would support a fork to restore the original name of Rubocop!

                                                                                                          1. 2

                                                                                                            Fwiw, I upvoted this and don’t consider it incompatible with my post.

                                                                                                          2. 6

                                                                                                            Would you say that it is fine to fork the project over a difference in political point-of-view, just as long as it is kept quietly private and no one ever heard about it?

                                                                                                            1. 4

                                                                                                              Yes. I think it’s fine to fork a project privately and do whatever you want for any reason whatsoever. That’s the beauty of OSS.

                                                                                                              1. 2

                                                                                                                Under what circumstances should a fork be publicized?

                                                                                                                1. 11

                                                                                                                  What are you aiming at?

                                                                                                                  1. 3

                                                                                                                    It seems that @jonahx has some ideas about the normative standards of community behavior in OSS. I’m trying to understand what those are.

                                                                                                                    1. 11

                                                                                                                      I guessed so, but the whole thread started to look like an interrogation. Thus, and sorry for asking it so abruptly, I thought it would be better both for him, you, and us, the readers, to know what is the topic of the discussion.

                                                                                                                  2. 8

                                                                                                                    Common reasons I can think of:

                                                                                                                    • Original is no longer maintained.
                                                                                                                    • Fork was made for substantial technical reasons. Eg, the forkers want to support a new API and the original author does not.

                                                                                                                    This list is not exhaustive and I doubt any list could be. But that ambiguity does nothing to diminish the argument that a gem name containing the word “cop” in a playful, tongue-in-cheek way is not a good reason to fork and publicly promote someone else’s work.

                                                                                                                    1. 1

                                                                                                                      If this proposed fork began with a name change and subsequently diverged in function or API compatibility, would that be a good reason to publicize it?

                                                                                                                      1. 15

                                                                                                                        @jec Have you heard of “io.js”? it was a fork of Node.js that lasted for a few years, born from the dissatisfaction of how Node was being managed (at the time, by a single company, Joyent). Eventually, for a combination of reasons, Joyent would adopt the open governance model of io.js for Node, essentially giving up control to the community, and the fork was no longer necessary. In that time, io.js and node.js did have some significant differences in feature set, primarily in the realm of ES6 adoption. I think a lot of your questions could be answered pretty well by simply reading up on the history of that project, why it started, and why it ultimately no longer needed to exist.

                                                                                                        2. 20

                                                                                                          No action. If you don’t like product A because of the way it works, use a different product.

                                                                                                          If you don’t like product A because its name has a word that reminds you of something you feel the need to publicly perform against, stop what you’re doing, and go outside and publicly perform against the thing you’re actually mad at.

                                                                                                          The idea that the existence of police brutality somehow gives you the right to demand a bunch of programmers you don’t know rename their entirely unrelated project is farcical and bad behaviour like this does nothing to aid your causes.

                                                                                                          1. 4

                                                                                                            As soon as it’s publicly forked, it’s a different product. So what’s the issue?

                                                                                                            1. 2

                                                                                                              It would seem that this means that OSS affords a community no additional freedoms over traditional software. Take it or leave it. Do I misunderstand?

                                                                                                              1. 28

                                                                                                                I’m not making any statement about OSS or community management. I’m making a statement that if your response to police brutality is harassing software developers about the name of a static analysis tool that’s clearly a pun on a 30 year old action film which is itself clearly extremely critical of police brutality then you’re being a jerk, and you’re being part of the problem.

                                                                                                                1. 3

                                                                                                                  Yes, of course you misunderstand. If you don’t like the name Windows you can’t just take it and run with it under the name Doors . You can do this with free software if you so please.

                                                                                                                  An important misunderstanding is that you seem to think that the maintainers of free software have some sort of obligation towards you, the user of such software. While there are some obligations they do not exceed those you’d have in any interaction with other people, e.g. free software can not intentionally cause harm nor can it intentionally discriminate based on a bevy of things the extent of which varies by country. Otherwise there is no obligation, zip, nada, niente. Take it as it is, fork it and rename it if the licence allows you to do so or leave it.

                                                                                                                  1. 1

                                                                                                                    So, to be clear, a public fork is an acceptable course of action in this case. Do you agree?

                                                                                                                    1. 3

                                                                                                                      If the licence accepts it and - and this is a big and - if the rhetoric is free from the usual vitriol about how insensitive and *-ist and *-phobe those original maintainers are then I see no problems with a fork since that is one of the mechanisms used to promulgate free software. That part about rhetoric is important since another mechanism used in free software is voluntary cooperation, something which is made far less pleasant when you get accused of being a horrible person for volunteering your own time and effort to make something useful for the world to enjoy, all because a limited number of people insist on their own moral superiority. Just because others don’t blindly follow doesn’t make those others despicable -ists/**-phobes. Discuss the matter and be prepared to accept that you might be wrong in your assumptions. If there is true weight to the matter you want to discuss there is a good chance you can convince reasonable people. That does not mean those people need to act in any way since you do have the possibility to fork the project. When doing so, do not use smear tactics to try to get the other developers to jump ship to your fork. Again, if your position has merit and is of significant importance those developers will probably follow, if not immediately then after a while. Accept the fact that what you consider to be of utmost importance might not be important at all - or even valid - for others.

                                                                                                                      1. 3

                                                                                                                        I’m not following your point about rhetoric. Do you really mean that the tone with which a fork is made determines its allow-ability?

                                                                                                                        1. 3

                                                                                                                          Legally those who fork a project for these reasons are allowed to be as nasty as they want. Ethically they are not since that type of behaviour severely undermines the process which makes free software development possible. Nobody is helped by balkanisation of the development community, nothing is gained when people retreat behind rhetorical barricades and throw epithets at each other.

                                                                                                                          1. 3

                                                                                                                            Can you give me an example of what you consider “nasty” behavior on the part of the activists here? I read many of the comments on the Github issue, and while most people on both sides of the discussion were respectful and measured in their tone, the most vitriolic language came from those who were opposed to the change. Here are some specifics:

                                                                                                                            “this is a joke” https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640170345

                                                                                                                            “fuck off, grow up” https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640172260

                                                                                                                            “go eat dogs shit” https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640184377

                                                                                                                            encouraging abortion/suicide https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640185317

                                                                                                                            “fat and or ugly and/or seriously damaged” https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640186576

                                                                                                                            [ablist/heteronormative] “make children” https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640173744

                                                                                                                            1. 2

                                                                                                                              Not in this thread, yet. In other threads on other projects I’ve been involved in, very much so. Peertube is a good example:

                                                                                                                              the ridiculous responses from people who don’t seem to understand the need for this…

                                                                                                                              https://github.com/Chocobozzz/PeerTube/issues/1179#issuecomment-427225447

                                                                                                                              What exactly makes you think that you deserve respect? The fact that you’re some random dude on github who doesn’t understand the definition of harassment? The fact that you can’t empathize with the other people in this thread? Like, I don’t do this “respectful” bullshit. If you’re an asshole and being intentionally obtuse I’m going to tell you that you are, and you are.

                                                                                                                              https://github.com/Chocobozzz/PeerTube/issues/1179#issuecomment-427259110

                                                                                                                              On the issue of solutions, I’m pretty sure solutions were already given, but since you’re pretty much the posterchild of the average techbro, nothing’s gonna get done.

                                                                                                                              https://github.com/Chocobozzz/PeerTube/issues/1179#issuecomment-427260328

                                                                                                                              lmao. dude, can we like, not with the “submit a patch” thing? does this really need to be explained to you?

                                                                                                                              https://github.com/Chocobozzz/PeerTube/issues/1179#issuecomment-433243619

                                                                                                                              This is a sampling of some of the abusive comments in a thread which started by someone asking for a way to block others from following a Peertube (a federated video server for those who might wonder) channel. It started with a reasonable request but quickly turned into a shouting match with people from outside the project joining in on trying to shame the developers into submission. The thing is, there was no hostility from the developers, just the normal questions on the what - why - how of a feature request.

                                                                                                                              1. 2

                                                                                                                                Four of those examples are egregious and vitriolic. Describing something as a joke is not.

                                                                                                                                Most importantly, saying ‘make children and raise them well’ is not ‘heteronormative’ or ‘ableist’. Or if it is, then those terms have lost all meaning. That was a very respectful and reasonable comment. It was also clearly by a non-native English speaker, which means you have to forgive the particular choices of words. We’d say ‘have children’ and most people today are comfortable with the idea that homosexual people can have children by adoption or surrogacy.

                                                                                                                                1. 2

                                                                                                                                  Read the context of “this is a joke” and it is clearly disrespectful and dismissive. That comment does not belong in a constructive conversation. That person followed it up with “fuck off, grow up idiots.” https://github.com/rubocop-hq/rubocop/issues/8091#issuecomment-640172260

                                                                                                                                  As someone whose partner has struggled with infertility for several years, I would say yes that a suggestion to “make children” is indeed ableist. I listed it here because that was the only comment of all these that hit me personally. I can imagine my partner would be very hurt to hear someone say that she should go “make children” instead of speaking up for her sincere beliefs.

                                                                                                                                  1. 3

                                                                                                                                    While for some individuals a remark like the reworded version of “go forth and procreate” might give bad vibes because that is just what they’d like to do but can’t for whatever reason (infertility, China’s single child policy, lack of a suitable partner, no financial means, dire outlook on the world, etc) this does not mean the remark itself is in any way bad. For the absolute majority of people this remark is either neutral, positive or maybe meddlesome or something similar.

                                                                                                                                    If someone were to say “have a good holiday” there will be people in the audience who have never had a holiday and won’t get one this time either. Say “listen to this, people” and there will be those who can’t because they’re deaf. Say “don’t worry, be happy” or “Hakuna matata” or something similar and there will be people who are depressed or manic or otherwise incapable of following this device. Say “enjoy your meal” and those who can’t because they have to lose weight, they have nothing to eat, they have no sense of taste or in any other way are kept from doing just that will be left out. Go and enjoy the sunshine? What about those with photophobia? Think of the children! Well, I guess that one was mentioned already.

                                                                                                                                    In short, nearly anything which is said will in some way leave out a fraction of the population. Policing speech (no pun intended) by attaching labels to all those cases will make it simply impossible to communicate as there will always be new categories to be added, new ways to split people, new lines of demarcation between the victims and the perpetrators, new barricades to throw up and defend.

                                                                                                                                    By the way, the mere fact that we’re discussing these issues in lengthy and sometimes complex sentences might be labelled as ‘ableist’ since it potentially excludes those with dyslexia. We still discuss, as we should, since not discussing would not do them any good nor does discussing really hurt them in the same way that an expression like “Teach your children well” (or, say, a song with those lyrics) does not really hurt anyone.

                                                                                                                                    1. 1

                                                                                                                                      I like CSNY too but are they the type who you would consider model parental figures?

                                                                                                                                      1. 2

                                                                                                                                        I consider them to be musicians. They don’t need to be model parental figures nor do I need to take anything they say literally. Which more or less goes hand in glove with what I’m trying to convey, I can listen to the Ramones telling me to beat on the brat with a baseball bat without either getting the urge to start beating brats nor to feel insulted. I sometimes listen to the Red Army Choir performing the Soviet national anthem even though I consider Marxism-Leninism and Communism to be ideologies on the same level as Fascism and Nazism (and many other *-isms, I ’m not that much for any *-ism really). When they sing ‘Partija Lenina – sila narodnaja, Nas k toržestju Kommunizma vedët!’ I consider them to be misguided by their leadership but great musicians nevertheless and feel no urge to lead us under the guidance of Lenin towards the victory of Communism, nor do I refuse to listen to them because they want to doom us all to a future of toil and trouble without recompense.

                                                                                                                                        Are there no limits then? Yes, there are, but they’re not defined by any personal grievances I might have. I consider ‘gangsta’ to be off-limits since it does not only glorify a criminal lifestyle but actively promotes it - the more street cred (i.e. the larger the rap sheet) the better. That’d be like the Ramones gaining fame by piling up a stack of brats beaten with baseball bats or CSN(Y) actually selling tickets to their wooden ships to flee to some remote place where they’ll be eating purple berries for 6 or 7 weeks and not much more.

                                                                                                                                        1. 3

                                                                                                                                          It’s pretty cool that you chose to tell that that the only music you consider off limits is gangta rap, as it just happens to be a Black American art form that arose in response to highly visible police violence in the early 1990s

                                                                                                                                          1. 3

                                                                                                                                            That is because a) it is immensely popular and b) it is the only popular music style which combines the glorification of something I consider to be bad - a life of violent crime with all the attitudes to women which are normally loudly protested but often ignored in this case - with the actual practice of many of those things. By the way, gangsta might have started in the black community but it is by no means limited to it. Glorifying crime in such a way that those who actually commit crime gain higher credibility as ‘artists’ is a bad thing, more fitting to the crime guilds in Ankh-Morpork than something I want to see thrive in our society. Violent crime is bad, no matter who commits it. Why mention race at all?

                                                                                                                                            Stop doing that, identity politics only leads to balkanisation and segregation. It is not good. The original version of your post read “Ok whatever, see you in the next culture thread” which was a better response.

                                                                                                                                            1. 2

                                                                                                                                              What year is it for you where gangsta rap is still immensely popular?

                                                                                                                                              1. 2

                                                                                                                                                The year 2020, when the most streamed artist in Sweden, ‘Einar’, just was in the news for first being kidnapped and molested and then for not cooperating with the police to apprehend his kidnappers and also continues on the gangsta path? The year when the Swedish’ television ‘most promising artist’ (who is not the same as the above-named ‘Einar’) is now hiding for the police somewhere in Göteborg, being wanted for murder?

                                                                                                                                                This conversation is getting way off-topic. If you have more questions on the phenomenon of gangsta send a PM.

                                                                                                                                    2. 2

                                                                                                                                      You’re just much too easily offended. It was a list of things that are more effective than trying to rename a project with ‘Cop’ in the name, which is clearly a completely ineffective way to solve gun violence issues in the USA.

                                                                                                                                      Suggesting someone does something is not ableist just because some people can’t do that thing. “Go and protest” isn’t ableist against people stuck at home unable to leave the house for example.

                                                                                                                                      1. 2

                                                                                                                                        Having a hurt feeling is not the same as being offended and I haven’t claimed to be.

                                                                                                                                        Suggesting someone go off and do anything is rude, dismissive, presumptive, and uncalled for in this case. How would anyone know whether these folks are not already also doing these other suggested things?

                                                                                                                                      2. 1

                                                                                                                                        Also, I don’t know if you are aware but adoption, surrogacy, and fertility treatments are very costly, on top of the expense of child-rearing. These aren’t options that are just available for everyone. I’m privileged to have a well-paying job and insurance that covers much of the costs.

                                                                                                                        2. 1

                                                                                                                          That is certainly the baseline - or if it was, I think we would all be a lot more relaxed. To take the four essential freedoms as an example (not because this is representative of all OSS, but because it’s a clear statement of intent), the benefits to the user clearly do not include having any influence over the development, or expecting the maintainer to do or not do any particular thing. What OSS offers is much more flexibility in how you “take it”. I wouldn’t call that “no additional freedoms over traditional software”.

                                                                                                                          1. 1

                                                                                                                            The way I’m understanding comments here, some folks are willing to grant freedoms 0&1, but to exercise 2 or 3 with a political motive or without consent of mainstream crosses the line.

                                                                                                                            1. 4

                                                                                                                              I see what you mean - I think there is confusion in both camps due to many maintainers who really want to build a community. If you’re someone who tries really hard to accommodate everybody in your development process, forks represent a cheap insult, a vote of no confidence in the unity you’re working so hard to build. In these projects I think forkability is viewed more of an “in case of emergency” circuit breaker in case the project really goes off the rails, and those who would pull it for seemingly minor reasons might be viewed as troublemakers. IMO the solution is to pay less attention - forkers are going to fork, and if it avoids some acrimonious arguments that might just be for the best.

                                                                                                                              1. 2

                                                                                                                                due to many maintainers who really want to build a community

                                                                                                                                There’s also some expectation to that end, otherwise “throw over the wall open source” wouldn’t be commonly considered pejorative.

                                                                                                                              2. 1

                                                                                                                                There’s a difference between what is legal and what is right. Adultery is legal essentially everywhere but is also considered morally wrong almost everywhere, for example.

                                                                                                                                Forking a project for this reason is stupid and wrong, in my opinion. That doesn’t mean that there can’t be good political reasons to fork: a bad governance model can be a good reason to do so.

                                                                                                                                1. 2

                                                                                                                                  Adultery is in fact punishable by law in many places even in the US, Cf.https://www.womansday.com/relationships/dating-marriage/a50994/adultery-laws/

                                                                                                                                  It’s also admissible in court as grounds for at-fault divorce (effectively a breach of contract.) This doesn’t look like a good metaphor.

                                                                                                                                  1. 3

                                                                                                                                    The point isn’t adultery but that legal and moral clearly aren’t the same thing because, for example, there are things that are legal but not moral and things that are moral but not legal. The random example I gave not applying in your backwards theocracy doesn’t make my analogy bad.

                                                                                                                    1. 5

                                                                                                                      As long as your email client supports plain text email, you can use whichever you like the most.

                                                                                                                      Therein lies the rub. I expect many more would be comfortable using email for discussions if they can whack reply, type in their HTML-formatted reply as a top-post, embed their inline image and go merrily on their way. This is exactly the same workflow people use when they email groups of people directly. There is nothing to change or learn.

                                                                                                                      The concept of a Mailing List comes with a tonne of ascetic and technocratic baggage that is never going to resonate with the Slack-and-Discord crowd. Users make their choices accordingly.