1. 5

    Pretty amazing and great work about something people often overlook — how do we ensure we have something clean in our toolchains. I’m also wondering how the story will look in 30 years from now — would there be a need to compile GCC suite at all, or majority of software will be written in different set of languages, like Go, Rust,

    1. 2

      Even today, you might get away with using some other compiler in place of GCC. Like, clang or llvm or something. Uh, I don’t know the details here; not my area of expertise!

      But, that doesn’t change the nature of the situation you’re describing–it only changes the particulars. Substituting one big compiler project for another doesn’t scratch that itch.

      The Rust compiler is currently written in Rust, so it has a bootstrapping problem, just like GCC does. See this fine article about that: https://guix.gnu.org/blog/2018/bootstrapping-rust/

      I don’t know about golang. Hm, apt-get build-dep golang-go tries to pull in GCC. So, that’s a data point.

      1. 2

        The current golang is built using go. But a previous version (1.4?) was built using C. So that is used for bootstrapping.

        1. 2

          This script installs from sources latest released version of Go without any prior Go compiler available in roughly 20 minutes (most of that time is spent in selftests of Go) on my weak machine.

    1. 4

      Rust can do that too :)

      $ cat variant.rs &&  rustc --crate-type=staticlib -C opt-level=2 variant.rs && objdump -d libvariant.a | grep \<do_something\> -A 4
      pub enum ExampleSumType { T0, T1, T2, T3, T4, T5, T6, T7, T8, T9 }
      #[no_mangle]
      pub fn do_something(s: ExampleSumType) -> i32 {
          use ExampleSumType::*;
          match s {
          T0 => 3,
          T1 => 5,
          T2 => 8,
          T3 => 13,
          T4 => 21,
          T5 => 34,
          T6 => 55,
          T7 => 89,
          T8 => 144,
          T9 => 233,
          }
      }
      0000000000000000 <do_something>:
         0:	48 0f be c7          	movsbq %dil,%rax
         4:	48 8d 0d 00 00 00 00 	lea    0x0(%rip),%rcx        # b <do_something+0xb>
         b:	8b 04 81             	mov    (%rcx,%rax,4),%eax
         e:	c3                   	retq
      
      1. 1

        Rust has built-in support for sum types in the language though.

      1. 1

        Does 10s latency really matter if you’ve decided that watching the numbers change on a search results page is enough for you? Is it used enough for it to be worth putting in more engineering effort?

        1. 1

          Matt here, author of that article. Well latency is only one of the three problems with their approach. That on its own is not a big problem, but their approach overall carries unnecessary overhead in the requests, the payloads, latency, and of course power consumption for end users. At Google’s scale, I would have expected that it is worth the engineering effort.

          1. 3

            It’s the simplest possible solution which clearly is not a problem for Google’s backend. As for client traffic usage - even on a modem connection this wouldn’t be a problem.

            This whole article reads like a advertisement of your product…

            1. 1

              Sure, I am interested in realtime and streaming problems and closely follow what everyone is doing. I hope I was clear in the article that I am the co-founder of Ably, and we do realtime-stuff-as-a-service.

              Which part did you feel was an advertisement though? I am genuinely interested as I tried not to make it about Ably, and instead focussed on transports and protocols that are open and can be used on any platform / cloud / vendor etc.

              1. 4

                Which part did you feel was an advertisement though?

                • clickbait title
                • posted under company blog
                • finding problem where there is none
                • the only discussed commercial ‘solution’ is your own
                • comments regarding subpar frontend developers working for google
                • no discussion of positive aspects of design chosen by Google
                1. 1

                  clickbait title

                  That’s not an advert. That’s a title.

                  posted under company blog

                  Sure, it’s relevant to Ably. I don’t think I should be ashamed of that. We post articles on our blog abut realtime and streaming problems because this is what we do as a business and what we care about. I don’t see why that is an issue.

                  finding problem where there is none

                  I quantified where optimization opportunities were. Are those optimizations inaccurate? If so, I am happy to correct the article or comment here.

                  the only discussed commercial ‘solution’ is your own

                  So you want me to be “an advertisement” for other products now? I did in fact mention Google’s Firebase btw. Either way, the article never mentioned once that Ably is the right solution for this, it was focussed on using open protocols only for these benefits, which any platform and technology can benefit with, without Ably.

                  comments regarding subpar frontend developers working for google

                  That was not my intention, and will apologize if that is the case. What I said was “front-end engineering is treated as a second-class citizen”, and I made no reference to front-end developers being subpar. I said that one of my theories in regards to why this optimization has been skipped is perhaps because Google doesn’t prioritize frontend engineering (not peopleengineers).

                  no discussion of positive aspects of design chosen by Google

                  Why is that relevant to my article being an advertisement? My article was about optimizing what Google has done, not about what they could have done worse. I appreciate you may see it as bashing Google, it was not meant to be. It was meant to focus on how to be better from an engineering and optimization perspective.

        1. 2

          @trickyanswers, @mattheworiordan claims he’s the author of that story. So which one of you is the real author? :)

          1. 2

            It’s me! I am the author. Who are you @trickyanswers?

            1. 1

              Good question. About half of their posts are from Ably, and they claim to have authored them. Perhaps it’s a coworker. You may want to PM them and find out. :-)

          1. 8

            Folks that think technology and culture are separate can mute the tag if it exists. Folks that think they are interleaved can leave it. If you take away the tag you just end up pushing stories about culture into technical tags.

            Treating culture as forbidden on a site focused on technology is a strong cultural statement of avoidance, which is maladaptive at best.

            1. 10

              you just end up pushing stories about culture into technical tags

              Or this will mean that such stories can be removed from the site as off topic. If no tag applies then you shouldn’t post it here.

              1. 4

                This is my feeling. The about page specifically points that out.

                1. 2

                  The only reference I see to culture on the about page is how the signup process helps new users acculturate. In terms of removing culture as off-topic, I stand by it being avoidance. https://en.wikipedia.org/wiki/Avoidance_coping As in acknowledging technology as part of culture and culture as hugely influential on technology is simply acknowledging the reality in which we exist. But if the culture of lobste.rs denies culture + tech otherwise, so be it. I’ve said how I feel.

            1. 68

              I’m against this. I want to have at least one place on the net where that kind of topics are considered out of scope.

              1. 32

                Everyone upvoting this needs to realize it’s already in scope. We’re doing it on the regular. The majority voted for politics. Several people, including a mod, threatened to quit the site if it changed. Politics is staying.

                From there, a politcs tag that can be used as a filter is an improvement on current situation. It doesn’t legitimize or threaten anything since what’s being tagged is already legitimate by majority vote. A tag can give Lobsters minority something to help them.

                1. 4

                  Meta tags are how we fix scope.

                  1. 2

                    That’s fine. Im saying you cant get changes if you open with statements or base your plans on the idea that there aren’t a huge pile of people already discussing politics, that have been for years now, and who vote in favor of it (including several mods).

                    People’s statements and proposals should include the fact that they exist.Then, try to win some of them over (the moderates). Alternatively, do what the political side has been doing more than no-politics side: invite many like-minded friends who might vote for same stance.

                    1. 12

                      While it’s tempting to believe we can find a compromise where everyone can “live and let live,” I’m skeptical that adding a politics tag will do anything but legitimize that lobsters is no different from other news sites.

                      And, honestly, if a mod is going to quit over something like “I’m upset we can’t discuss politics,” they might not be a good fit for moderating a technical-only board.

                      There are other people who would do a fine job as moderator. You, for example.

                      The point is that I don’t think “Some moderators are willing to leave” is a good argument to depart from the mainstay of the site: lobsters has been for tech. Everywhere else is for tech and politics.

                      1. 5

                        What is “technical only” even mean though?

                        I think there’s a lot of social stuff around tech that can be interesting and feels relevant to lobsters (example: governing structures for certain open source projects. Would be weird if we didn’t talk about what happened in Python over the past 18 months)

                        I am for tags to help people slice things up as they want to (after all there are other tags on the site as well!), but I think we should at least agree on a premise.

                        As to the difference with other news sites: well, compared to the orange site there’s a lot less “entrepreneur” posts. Lot less “growth hack” stuff. That’s how I read the difference

                        Unrelated but is the RMS thing “politics”? There’s surely a better tag name for this stuff. “Social”? Could let people filter out posts about linus’ rants (not that that happens anymore)

                        1. 5

                          Unrelated but is the RMS thing “politics”? There’s surely a better tag name for this stuff. “Social”? Could let people filter out posts about linus’ rants (not that that happens anymore)

                          Yes it’s absolutely politics. Your opinion on whether it was good or bad that RMS was forced out of the FSF is directly related to your opinion about feminism, the correct way to talk about sexual assault, how to weigh the value of freedom-preserving software against other non-technical values, and a host of other opinions about how humans ought to interact with one another that have nothing to do with technology. In fact, it’s exactly the sort of politics that is bitterly controversial, and thus is the sort of thing that people who don’t want to deal with bitter controversy would want to analyze as “politics” so they can ignore it in favor of things that aren’t bitterly contested, i.e. the sort of politics that made this meta thread exist.

                          1. 5

                            so they can ignore it

                            I’ll add that many of us just want to ignore it in select places like Lobsters to get (a) more value from those places and (b) a break from the politics. Throwing that in there since some people here kept pushing the no politics here = want none everywhere / head in the sand.

                            1. 6

                              Yeah, I get my political coverage elsewhere. The SNR on political threads here is abysmal; loads of undergraduate level mudslinging, people arguing past one another, jumping on anyone who isn’t already sufficiently woke… it’s a mess.

                              1. 2

                                I appreciate that you ssid something. I didn’t know if anyone with your leanings thought that way. Maybe I was assuming too much there.

                        2. 2

                          “While it’s tempting to believe we can find a compromise where everyone can “live and let live,””

                          I’ve about given up on that with how many groups’ politics have gone. They want to go against their outgroups. Looks like human nature in action.

                          “There are other people who would do a fine job as moderator. You, for example.”

                          I appreciate the vote of confidence but I’m saying No 100%. I’m good at helping folks and calling them. Mainly a catalyst for change at various levels. Folks like me are also disruptive enough in most communities that it’s better we be moderated than try to moderate.

                          “ they might not be a good fit for moderating a technical-only board.”

                          I’m normally in agreement. Given the style of politics, maybe let them do what they want to advance our better cause [for this web site]. I made an exception for her, though, since she has shown unusually high commitment to addressing her own biases and being careful in her role when subjects trigger them. Way more than most in far-left, P.C. politics. Likely more than many in moderation positions. Doesn’t seem right to encourage people of such character to leave over political disagreements on a site currently favoring such politics. There’s still alternatives to explore that keep us mostly together before going to that extreme.

                  2. 36

                    1,000x this. It’s everywhere else, all the time. This is one of the few (largely) politics-free bunkers left on the internet, bunkers with a technical focus. I’m so sick of politics, it’s probably starting to make me physically ill and I’m sure I’m not the only person who feels that way. It’s stressful and distracting. There are already so many websites you can do the politicking on.

                    1. 29

                      Lobsters is not free of politics, it just goes undiscussed and unquestioned. It’s not like you can opt-out of it by pretending it doesn’t exist.

                      1. 25

                        We’re not “pretending it doesn’t exist”, it’s just off topic. There are other sites to discuss politics. I think creating a tag would tacitly encourage such posts.

                        1. 2

                          When you say it’s off topic, would you have examples of what would be on or off topic here?

                          To be honest I think a lot of us are mostly aligned but the term “politics” is vague

                          Examples:

                          • technical breakdown of figuring out the sourcing of the 2016 election hacks (assumption: on topic since it’s a technical post)

                          • article on Google lobbying efforts to avoid privacy legislation (assumption: kinda off topic cuz it’s basically business and legislation stuff)

                          • an article discussing Python governance and the walrus operator (assumption: on topic on account of being around governance on developing OSS, as well as being news about pythons future in general)

                          1. 4

                            I can’t speak for maddogshark. The first item would probably be accepted because it’s a technical post that might teach people things tech-specific. The other two wouldn’t despite having value. They’d likely learn about that from other sites when their mind was in gear to deal with all the crap that came with them. Technical posts probably were relaxing by comparison. May or may not be speaking from experience.

                        2. 13

                          I agree entirely with the gist of your point, but actually and shockingly, people can and do opt-out of it by not understanding that there is no such thing as apolitical technology. The reason that this disconnect is so contentious is down to the definition of the word ‘politics’. For some people ‘politics’ is the thing that they see politicians doing - it involves elections and governments; it’s covered on the TV, it’s social-interaction and media driven; it’s entirely uninteresting and irrelevant - it’s just unoptimised human beahaviour. For other people ‘politics’ is how we live together – every decision an individual who is part of a community makes can have an effect on the other people in that community and ‘politics’ is how we figure out how to live together.

                          By the first definition, technologists understandably choose to opt-out of politics. They prefer to work on their craft, and they leave the ‘politics’ to other people. The technology they build is not ‘political’ because it doesn’t directly have anything to do with this notion of politics.

                          By the second definition, all tool productoin is completely political, therefore everything every technologist does has a political effect. By this definition much of the work of technologists influences or drives poltics directly. Because technologists tend to use the first definition, they unwittingly conceding the immense power of their work to others who do not understand it and wield it for political or capitalist reasons.

                          1. 7

                            Except the thing you leave out is that the majority of Lobsters talking politics usually vote in the far-left, PC camp. They push for political things most people, majority or minorities, don’t push for. Many equate dissent with personal attacks and other extremist reactions. Their outgroups get downvoted into oblivion since they have superior numbers and non-political side mostly avoids those political threads (their votes invisible).

                            So, rather than “discussing politics,” what you’re actually advocating for in this environment is for folks wanting political conformance to their belief system to talk about their belief system, other people to speak in a way that’s not seen or just torn up by majority, and majority beliefs on politics to float on top of the technical posts as they sometimes do. That with no change to anyone’s tech, job status, political affiliation, etc. Just a shout-down by whoever is in majority at a given time enjoying seeing their beliefs in a high place with lots of people clicking a button instead of out there making their supposed goals happen in the real world. (Some exceptions.)

                            I can’t imagine what good that does here on a site hardly anyone reads. Most political topics require prominent or popular people to enact change. Alternatively, massive numbers of everyone else which requires putting the message in sites of massive reach. If they’re putting it here, they’re probably not really doing politics so much as getting a mental high on Internet feel-good points (i.e. slacktivism). Lobsters has some benefit in politics that I’ve seen. It’s just not that by far.

                          2. 2

                            It’s like bringing you beef patty to a vegan grill party. One could do it, but people would honestly question whether that person is just doing it to annoy them.

                            1. 1

                              We’re discussing it, we were discussing it on recent articles, debating it heavily on Palantir thing, had the “Community Standards” thread with proposed CoC, and so on. It goes plenty discussed with several metas questioning or advocating the hell out of politics here.

                              Again, it’s better if nobody pretends Lobsters is something it’s not before attempting to accomplish something with it. Addressing the actual site and what goes on here will work out better.

                            2. 4

                              1,000x this. It’s everywhere else, all the time. This is one of the few (largely) politics-free bunkers left on the internet, bunkers with a technical focus.

                              This view is why I initiated this discussion, for there seems to be plenty of disagreement and implicit understandings on what is permissible and what is not. If there weren’t any political discussions, there wouldn’t be a need to talk about them. But as I said, since it looks like there is a change in the community, it could be worth reconsidering, not to please one or the other, but find an common agreement.

                            3. 5

                              I’m against this. I want to have at least one place on the net where that kind of topics are considered out of scope.

                              The posts have survived the front page and all -1 Off-Topic flags that people have piled on it. From a puristic standpoint, you’re completely right, they’re off-topic, but people upvote them anyway, and there are evidently moderation actions taken against them. I think the battle on that front is completely lost; the posts are too popular. At least with a tag, we could filter the stories, as opposed to have nothing at all right now.

                              1. 1

                                That’s how Im seeing it.

                              2. 2

                                What if one had a tag, but it’s hodness modifier would pull it down, as to not motivate discussions, but enable filtering.

                                A technical solution could be that this tag would be a co-tag or a partial-tag, meaning that it wouldn’t suffice for a post, but can only be added to other tags.

                                1. 14

                                  A co-tag could perhaps be “political” instead of “politics” to further underscore that the post is not primarily discussed as a topic of politics, but it has political implications.

                                  1. 2

                                    You’re right, that sounds better.

                                    1. 1

                                      I like that.

                                    2. 14

                                      If we’re going to go with a technical solution, make the “hotness mod” so negative the story does not show up on the site.

                                      If someone were to start a clone of lobste.rs for more culture and political talk, I’m all for it. I would really like to see much less of it here. It has had a serious impact on the value of the site, in my opinion. Lobste.rs is less and less a place I want to visit (but I still love it).

                                      Clarification: it’s not so much the culture and political talk as it is submission of news items.

                                      1. 3

                                        Or create a politics tag, but make it opt-in (instead of opt-out).

                                        1. 2

                                          That would effectively make the tag a community-shadow ban, which doesn’t have to be restricted to politics, but isn’t quite where I was going at. It seems like a one-sided solution, because it would only be in the interests of those who are totally against interacting with any political posts, but ignore those who are interested in it, which are still a considerable bunch. “Ruthlessly” privileging one of these camps over the other is something that I think should be avoided.

                                          1. 5

                                            My point was somewhat facetious. I don’t think there should be any technical solution to this. I’d rather see a community agreement to avoid political posts at all.

                                            1. 2

                                              As @nickpsecurity says, we’re past that point already. It will be most difficult, to agree because

                                              1. there is such disagreement on the issue
                                              2. it’s hard to draw a line on what is and isn’t political
                                              1. 9

                                                I don’t want to drag this thread out too long (that never works well). I don’t think we’re past that point and I am not swayed by the cited argument.

                                                I want to be clear that I am not against a political discussion, nor do I think it is something that can be avoided. I do not, however, want to encourage it. Adding a tag would not help in this regard. Right now political discussion (mostly) comes out in the comments. Adding a tag for it would make it explicit in the stories, more so that already exists. It will exacerbate the problem.

                                            2. 2

                                              Not really one-sided. It is a way to keep it away from folks that don’t want to see it. That’s one thing tags already do here. However, it will also highlight the content for politics supporters. That’s the other thing tags do.

                                              They’ll also still be able to discuss it amongst themselves and folks that don’t filter.

                                              Edit: Added an example highlight in case some of you don’t know of or forgot it.

                                              Edit 2: Clicking that tag myself led me to the Texel submission I somehow missed. See! There it is in action.

                                              1. 2

                                                I get that, but my issues was that a “minus infinity” hotness-mod, would effectively hide the content from everyone, anything that gets posted lands on the last page of the feed, making filtering it irrelevant. That means, even for those who would be interested, it wouldn’t be highlighted, because it just never appears.

                                                1. 1

                                                  Oh no, I wasn’t agreeing with minus infinity thing. Just a tag that could be suggested, highlighted, and/or filtered.

                                                  1. 2

                                                    Oh, my bad then.

                                            3. 1

                                              Wow it’s almost like you wish you could filter the items about politics. I sure wish there were a feature for things like this!

                                              1. 3

                                                It’s not just that. These political articles aren’t just objects in a vacuum, in their own way they mould the site culture and content.

                                              2. 1

                                                If we’re going to go with a technical solution, bring this ‘hotness mod’ under user control by letting every user choose for themselves whether or not to mute this political tag? I don’t see why it would need to be banned for everybody.

                                                1. 2

                                                  That’s already the case. Anyone can choose what tags to filter.

                                                  1. 1

                                                    Indeed, that is what I was hinting at. I should have spelled it out, perhaps. Thanks for making sure I knew :-)

                                                    1. 2

                                                      Oh, my mistake, wrote that response in a hurry :/

                                            4. -1

                                              If you’re against politics on the site, you should either leave or advocate for a politics tag so you can filter that content. It’s always been here, and it always will be here. If you’d like to totally avoid politics I honestly suggest watching home cooking videos on Youtube instead of browsing a website oriented around discussion and news about a multi-million dollar male-dominated industry that regularly contributes to devices used to harm people around the world. Those cooking videos are comparably extremely chill.

                                              1. 6

                                                The about clearly states that: content that does not fit into any of those categories should not be submitted. There are many interesting things on the net that I’ve decided not to post here because I value what we have here and don’t want to post inappropriate (for this community) content. By creating ‘politics’ tag we legitimize such content and risk significantly increasing number of politics related (or even worse - politics only) content submitted. I would prefer to keep lobste.rs as free of politics as possible so for me the best option is to flag and hide such content, which hopefully sends clear signal to submitter.

                                                1. 2

                                                  I’ve been here since 2014, you’re wrong. “Culture” is the catch-all for this content. You would prefer whatever you prefer, but I don’t really care about that. Filter the tag if you don’t want to see it.

                                                  1. 3

                                                    Filtering the tag doesn’t solve the issue that the mere existence of it attracts a certain … kind .. of people I’d rather not spend time with, because they have not much to contribute.

                                                    1. 2

                                                      I’ve yet to have to filter a tag here. I assume that by filtering a tag, you do not see the submission nor associated comments? Because I usually read /comments before I read /newest, personally.

                                                      1. 3

                                                        Correct. For example, if I filter the webdevelopment tag because those stories are not relevant by and large to my work in embedded engineering, those stories will not show up for me at all on the front page. Useful to improve the signal to noise ratio, since lobsters covers a variety of tech topics.

                                                      2. 1

                                                        The “culture” tag has been on this website since 2015, and has since regularly found its way to the front page with distinctly political posts. If politics “attracts” some type of people you don’t like, they’ve long been here already.

                                              1. 6

                                                How much has CentOS/Linux/VIM/LibreOffice/X11/GCC saved your company in licensing costs?

                                                How much money have you given them?

                                                1. 4

                                                  Why should I pay for copies of software which is being distributed by authors free of charge?

                                                  1. 4

                                                    If my buddy cooks as a hobby and makes me a nice dinner every so often, I make sure I do something nice for him from time to time even if he insists it’s unnecessary.

                                                    If I get to the point that my daily dinner plans just assume that he’s going to make me dinner, I’m definitely gonna give him something nice even if he still insists it’s his pleasure.

                                                    If I get to the point that I’m demanding he make certain recipes for me and on a certain schedule, I’m definitely gonna give him something nice.

                                                    (Or, to keep the analogy going, I’ll make him dinner sometimes by…submitting patches or something. I suppose it’s not a perfect analogy.)

                                                    1. 7

                                                      Yeah, on the other hand if I go to some charity and work for them, I’m not expecting to be paid and I’m definitely not working for them expecting that when my work will become essential I will be paid. I’m doing charity work to do something good never expecting anything in return. That is how I understand charity.

                                                      If I want to serve food to hungry people for free, I’m not expecting them to compensate me. If I wanted to be compensated I would have started normal paid restaurant.

                                                      Going back to free or open software - if you release something with license that permits usage in commercial setting without any compensation then why would you expect to be paid? You just said that you don’t want to be compensated… If you want to get paid, say so clearly and make it so that your software can’t be used for commercial purposes without you being paid.

                                                      Commercial entities are not your buddies and will spend the money where they need to, not where it would be nice to.

                                                      1. 5

                                                        Unlike @lorddimwit, I think the charity analogy is misleading for several reasons:

                                                        • Charity work, like serving food to hungry people, is labour. And whilst making software is labour, the software itself is not labour. Commercial entities don’t care about your labour, they care about your software.

                                                          I think we all, commercial entities included, recognise that when we want something about the software to change, we have to pay for that labour. But usually after exhausting every other way of getting that labour for free: bug reports, “free” swag, good / bad publicity, flattering / badgering authors, etc…

                                                        • Charity is freely given to specific groups. “Hungry people.” Free or open source software is given to anyone with a computer, technical acumen, an Internet connection… well-off people. Some software licenses aren’t so undiscriminating, but they aren’t generally considered free or open source.

                                                          This is why I have difficulty sympathising with the frustration expressed by some authors of permissive (MIT/BSD) licensed software. “I think I get annoyed when it feels like people try to take advantage of us instead of contributing their share to the project when they are getting so much out of it.” If you feel like people are still taking advantage of you after you’ve asked them to stop and told them what you want in exchange, then I think you could:

                                                          1. Stop labouring for free. Go do something that get you paid.
                                                          2. Keep labouring. Stop freely sharing the the fruits of your labour. (Don’t give them a license. Go proprietary. Dual license. GPL or AGPL.)
                                                          3. Keep labouring, keep sharing the fruits of your labour, and find another mechanism to get paid? Because complaining— empirically— doesn’t help. (Go 501c3, let profitable organisations reduce their tax burden.)

                                                        In short, I’d love to live in a kind world, but the world isn’t kind. Capitalism is especially not kind. If you’re making free and open source software, remember that copyleft licenses require people to grow the ecosystem of free and open software. Permissive licenses don’t. And whether or not you get paid is independent of that choice٭.

                                                        Choose appropriately.

                                                        (٭ Yes, a permissively licensed bit of code is more likely to be depended upon by a business. Later, the cost of paying for the changes / continuity they want may be less than a rewrite or fork. It’s the precious, few, and wonderful profitable company that simultaneously chooses a free dependency and supports it before forced by circumstances…)

                                                        1. 3

                                                          The charity analogy is great, and I think it actually helped me realize the root of my problem here. If I’m doing charity work, I’m doing it to help those who need it. Google doesn’t need my help.

                                                          That was, I think, the crux of the article: a lot of major, multibillion dollar companies are benefiting to the tune of millions of dollars of unpaid labor a year by hobbyist programmers. To me, it’s qualitatively different when Google’s or Apple’s or Facebook’s infrastructure benefits from this labor than from some grandparent running a blog or a hobbyist building something in their garage.

                                                          It’s like a restaurant going to the county food bank to get their food.

                                                          The problem is, there’s no good way of saying “my software is free to use unless your company revenues are over $X a year.” I mean, I suppose that could just be a term of the license but then you have to take into account inflation, etc…

                                                          The various versions of the GPL are, IMHO, the best compromise we can really get in this sort of situation: everyone benefits and nobody can lock it down.

                                                          1. 3

                                                            “ the root of my problem here”

                                                            The root of the problem is their “solution” doesn’t address requirements first. Much like many problems in software projects. The requirement is to give something of benefit to organizations operating on rational self-interest with incentives to maximize this, minimize that, and otherwise be greedy. The other requirement is to get those selfish organizations to give back funding for development expenses.

                                                            The solution to this is going to be a paid license of some kind. It can add as many benefits of F/OSS in terms of customer freedom as they want. Like I’ve said before, one can even allow them to fork the software among themselves creating derivatives so long as they’re still paying for it. You can contractually say that the original supplier might donate it to a foundation if they stop maintaining it. There’s a lot you can do to approach F/OSS except one change is necessary: payment is in the terms to force them to give money in exchange for benefits. Or go elsewhere if they want to freeload.

                                                            Note: I’ve also had ideas like contractually forcing them to donate to a foundation. You let them know they can write it off as charity for P.R. on top of getting the benefits of the software. The foundation funds the software or, if altruistic, some other software.

                                                            “The problem is, there’s no good way of saying “my software is free to use unless your company revenues are over $X a year.”

                                                            There’s companies that do exactly that [1]. They give away proprietary stuff for free until you grow to the point that you should be expected to pay for it. I was thinking setting it at either what most one-person consultancies make, what a VC-funded startup starts with, or whatever denotes the start of what’s a mid-sized or just expanding business. Where they have broken even with discretionary income. Realistically, it’s probably just going to be “X number of dollars in revenue and/or investor funding.”

                                                            [1] Although I forget original companies, a quick DDG gave me Fusion 360 as example. They give free license to companies making under $100,000 a year and free to hobbyists.

                                                            1. 2

                                                              The various versions of the GPL are, IMHO, the best compromise we can really get in this sort of situation: everyone benefits and nobody can lock it down.

                                                              That is why I now prefer agpl. Random developer like me will still be able to benefit from this in private, yet faang corps will never use it. I’m definitely not going to work for free for faangs :)

                                                    1. 2

                                                      It’s an important distinction though, because one is about “creating software that people can use and modify without seeking permission” and one is about “creating software that people can use and modify as long as they join our crusade”

                                                      1. 9

                                                        And yet every other day we get stories about people releasing their software with relatively permissive licenses (BSD/MIT) and complaining that BigCo’s are profiting from their labor without compensating them.

                                                        At least the GPL requires said companies to actually contribute back their enhancements to the community.

                                                        But hey, release GPL software and BigCo’s won’t use it, because of the requirement above. Life’s a trade-off.

                                                        1. 4

                                                          the GPL requires said companies to actually contribute back their enhancements to the community

                                                          Only if they release the modified version. Not if they just run in as a server, which is what the “commons clause” stuff was trying to defend against.

                                                          1. 4

                                                            AGPL solves this issue, right?

                                                            1. 4

                                                              Yes, AGPL solves this issue, which was the main motivation behind its creation.

                                                              1. 1

                                                                It’s also too toxic for people trying to create a business. I get aiming at big corps, but so many measures can be absorbed by the big ones yet completely prevent small ones from getting traction.

                                                                1. 4

                                                                  This is part of why I want a good CopyFarLeft license: something that would allow share-alike use between individuals and cooperatively-organized firms (and possibly non-profits; not sure), while disallowing use by corporations. I’m not super concerned about the size: small business tyrants and startup-bros can go fry ice as much as the big corps.

                                                                  1. 2

                                                                    I see things that ban corporate use as inconveniencing big companies and killing little ones. I want to see more little companies so the big companies know they are not safe just because they are big. Therefore, I dislike things like strong copyleft because they are not hurting people who can afford to be hurt.

                                                                  2. 3

                                                                    It’s also too toxic for people trying to create a business.

                                                                    We could always dual license; if you don’t like the GPL freedom, pay money for a separate license.

                                                          2. 6

                                                            You do not need permission to use or modify Free Software.

                                                          1. 9

                                                            Except that, sadly, the tooling is pretty weak.

                                                            I like the language but I don’t like the experience of developing with it. I’ve grown soft after a couple of years of Rust development.

                                                            1. 6

                                                              I don’t know where Rust thinks it’s going, though. I can’t even update to the latest version of Bitwarden_rs because it requires a rust-nightly compiler which won’t build on FreeBSD because it dies with an invalid memory reference

                                                              error: process didn’t exit successfully: /wrkdirs/usr/ports/lang/rust-nightly/work/rustc-nightly-src/build/bootstrap/debug/rustc -vV (signal: 11, SIGSEGV: invalid memory reference)

                                                              1. 5

                                                                That’s Bitwarden_rs’s fault for using nightly, imo.

                                                                Looks like this is bug has already been reported with bitwarden-rs though: https://github.com/dani-garcia/bitwarden_rs/issues/593

                                                                1. 3

                                                                  Every non-trivial rust program I’ve tried to use so far requires a nightly compiler. This ecosystem is just a trash fire.

                                                                  1. 8

                                                                    I’ve got an 80k+ LOC Rust codebase I work with at Rust that doesn’t use nightly. In fact, we’ve never needed nightly… The program runs on production workloads just fine.

                                                                    1. 12

                                                                      I’m using Rust professionally and I don’t even have a nightly compiler installed on my computer. Almost all Rust large programs I see don’t require nightly compilers. Any that do tend to be OS kernels, with exception of a few web apps like this project that use Rocket, a web framework (with many good alternatives, I might add, not to disparage Rocket) that requires syntax extensions and loudly states it requires nightly Rust (and is planning to target stable Rust next release apparently). People who use nightly are generally already writing something experimental which is explicitly not production-quality, or they’re writing something that’s working towards being ready for an upcoming feature (which allows the ecosystem to develop well in response to ecosystem changes, vs waiting months or years for trickle down as is common in other languages), and they’re targeting what is explicitly an alpha-quality compiler to do so.

                                                                      1. 3

                                                                        People who use nightly are […] and they’re targeting what is explicitly an alpha-quality compiler to do so.

                                                                        Or they just want to write benchmarks ;)

                                                                        1. 7

                                                                          criterion.rs is a better harness and works on stable Rust. I’ve been slowly migrating all my crate benchmarks to it. The only advantage of the built-in harness (other than compile times) is the convenient #[bench] annotation. But criterion will get that too, once custom test framework harnesses are stabilized. See: https://bheisler.github.io/post/criterion-rs-0-3/

                                                                          1. 6

                                                                            …and don’t want to use excellent third party tools that function on stable, like Criterion. ;)

                                                                            I admit, the fact that Criterion works great on stable and the built in cargo bench doesn’t IS pretty dismal.

                                                                1. 13

                                                                  Flagged for being almost entirely content-free. I have pretty wide opinion on what counts as on-topic for this site, but this is literally just corporate damage control.

                                                                  1. 12

                                                                    … I’m more than a little sincerely mystified. Reading your comment, I took the opportunity to avail myself of the implications of the first bullet point of the Tagging section of the About page. It says that tags are useful due to their categorization of topics of interest, and that topics not thus categorizable are liable to be off-topic. There is an iOS tag. This is an iOS story. I can’t find any other rules. I respect your opinion. I just don’t get it. I’m no jcs, so do lemme know if this cluelessness is idiosyncratic to myself. I doubt it.

                                                                    Consider the P0 post, which was linked here on the day of the exploit chain’s announcement. I was the only commenter, and it received a paltry single-digit number of upvotes. A sourcehut release or CoC flamewar this was emphatically not. By the numbers, Lobste.rs could have cared less.

                                                                    The same is true of the Orange Site, for what it’s worth, since this post and the P0 post received some hundreds of points, nothing unusual.

                                                                    Does that really lessen the importance of these statements by the most important developer hardware manufacturer on the most expansive breach of security they have been publicly revealed to have experienced?

                                                                    Is a lack of code a lack of content?

                                                                    Statements made in the myopia of marketing contexts are still statements – they just describe something other than what they purport to describe. This posturing, which I suggest you’re suggesting it is, is as informationally content-ful as whatever you’d rather read, something we can describe as “cold hard facts.” It’s just that – in the absence of cold hard facts about actual content in the world out there, the facts available to us are themselves the absence of facts.

                                                                    I think your thinking damage control is irrelevant is as myopic as a corporation thinking damage control is appropriate. These are in actuality the statements representing the actual desires of the single most important monopoly around. I freely admit I’m exaggerating to make a point – barely.

                                                                    If lobste.rs is the wrong place to read about this kind of thing, that is okay, but if I’m not the only one who sees the matter this way, presumably that would allow for further discussion.

                                                                    Written with no animosity, just, again, sincere, perplexed mystification.

                                                                    Edit: couple typos.

                                                                    1. 11

                                                                      Analysis of the timeline of events taking this post into account, or this in the context of previous vulnerabilities or other concurrent events such as Zerodium’s pricing changes for android vs ios, or really anything beyond forwarding Apple’s PR statement would have made this more appropriate.

                                                                      Lack of code is definitely not a lack of content IMO.

                                                                      I by no means have a perfect record on this, but I try to ask myself if a post will be equally valuable in, say, 6 months, before dropping it here. If not, twitter is likely more appropriate, and that’s where I’ve been following this thread.

                                                                      Thank you both for discussing rather than flaming!

                                                                      1. 2

                                                                        Thanks

                                                                    2. 8

                                                                      I would say the new (or contradictory) content here is:

                                                                      1. Exploit campaign ran for a period of two months, not two years.

                                                                      2. Apple was aware of the exploits and fixing them before notification by google.

                                                                      I certainly found those two points interesting because there was a great deal of speculation at the time of the P0 post regarding how a campaign could run for so long and how it escaped notice and how it was finally detected. Apple isn’t really shedding a whole lot of light here, but if it’s two months, that clears up one question at least.

                                                                      1. 5

                                                                        Google had evidence that the exploit campaign was renewed regular with fresh exploits. Not zero day, because Webkit commits crash tests and PoC to their repo long before they ship an iOS update (sometimes months). So, of course Apple was already “working on a fix”, but that doesn’t make their users less exposed.

                                                                        I think they should commit the security patches only shortly before making a release and wait with the test case commit until after they’ve released.

                                                                        1. 2

                                                                          I think they should commit the security patches only shortly before making a release and wait with the test case commit until after they’ve released.

                                                                          There are compelling arguments against that way: http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html

                                                                          1. 1

                                                                            I’ve read this article (second time now). Which point are you referring to? The fact that a patch and a test case are no different? That you won’t keep the bug secret if your group is big enough?

                                                                            I’m not sure what to take from this blog post as a course of action. Halvar appears to advocate for a right to know, maybe for a change in liability from software vendors.

                                                                            But what is a software company ought to do? Rushing to a release within the next 24hrs everytime we find a serious bug seems not applicable :-)

                                                                            1. 1

                                                                              Seems to me that releasing PoC/testcases after the fix only affects ‘good guys’.

                                                                    1. 3

                                                                      Who is Marta?

                                                                      1. 1

                                                                        Apparently, a terrific footballer. Alternatively, it could be Márta Pardavi ranked as Civil Rights Defender of the Year by that website. We just can’t know by the presentation. Did find out about some great women, though. :)

                                                                      1. 6

                                                                        The number of times I’d wished I had this feature on Travis.

                                                                        Instead you just end up blindly pushing changes to the branch in the hope that it works :P

                                                                        1. 4
                                                                          1. 3

                                                                            Only on Travis-ci.com (the paid version), and not Travis-ci.org (the free version).

                                                                            1. 4

                                                                              sr.ht is also a paid service, right?

                                                                              1. 4

                                                                                It’s up to you whether to pay or run the exact same free software on your own infra.

                                                                                1. 2

                                                                                  Is it easy to run on your own? That’s kind of cool. I may pay them anyway but still run it myself.

                                                                                  1. 9

                                                                                    https://man.sr.ht/installation.md

                                                                                    Reach out to the mailing list if you run into trouble :)

                                                                                    1. 1

                                                                                      Wow, cool! Thanks :)

                                                                                  2. 1

                                                                                    You can also run travis-ci.org on your own infra (I currently do this) but there isn’t a lot of info about it.

                                                                                2. 3

                                                                                  The trick is that for public repos, you have to email support: https://docs.travis-ci.com/user/running-build-in-debug-mode/#enabling-debug-mode

                                                                                  1. 1

                                                                                    Weird… I guess that they’re trying to prevent wasted containers by adding manual process in the middle?

                                                                                    1. 2

                                                                                      It’s a security risk, especially for public repos.

                                                                                      1. 2

                                                                                        Eeeek, that’s rough. builds.sr.ht’s SSH access uses the SSH keys we already have on your account for git authentication et al.

                                                                                        1. 1

                                                                                          You get that from Github, too. But I also think it doesn’t help, because GH projects are liberal with adding people to orgs/repos and while they cam be grouped, there’s no way to assign structures roles. GH as an identity provider is mediocre at best.

                                                                                        2. 1

                                                                                          Like, in terms of things which they may do in the shells, DDoSing by creating too many, etc? They use your SSH key from GitHub to prevent others from SSHing in, right?

                                                                                          1. 4

                                                                                            They use your SSH key from GitHub to prevent others from SSHing in, right?

                                                                                            Not AFAIR. It gives a temporary login/password in the build log (which is public). And anyone who logs in can see the unencrypted secrets (e.g. API keys used for pushing to GitHub).

                                                                                            1. 1

                                                                                              oooooooh… yipes. Super dangerous. CircleCI uses SSH keys to improve on this.

                                                                                    2. 1

                                                                                      Aren’t they doing some funky reorganization to eliminate the split? I haven’t looked closely so I might be wrong.

                                                                                    3. 2

                                                                                      I guess I’ve just been too cheap to pay then ;)

                                                                                    4. 1

                                                                                      This feature is on Travis, but their new configuration API is so excruciatingly painful and lacking of reasonable documentation that it fails to help when it’s really needed.

                                                                                      1. 1

                                                                                        With Gitlab you can debug CI stages on your machine by starting a local Gitlab Runner.

                                                                                      1. 2

                                                                                        @skade, are you the author of this?

                                                                                        1. 12

                                                                                          Somewhat. I’m one of the project managers, I wrote the website, an ample amount of docs, some code and partially ghostwrote the announcement. The implementation is mainly Stjepan Glavina. I was a bit on the edge of marking it is as author, but erred on that side.

                                                                                        1. 1

                                                                                          I’ve boycotted Scott Adams because he’s gone so far on the wrong side of history it isn’t even funny.

                                                                                          1. 10

                                                                                            How is this comment relevant to the content of the linked story? I looks like pure virtue signaling.

                                                                                            1. 5

                                                                                              Because Scott Adams is an internet provocateur, and it’s hard to separate any factual content he writes from the weird manipulative writing style he’s adopted (and is proud of).

                                                                                              Additionally, if the post is about writing style, it probably would make sense to evaluate the post in context with other posts written by the author, would it not?

                                                                                              1. 1

                                                                                                It’s hosted on Scott Adam’s blog and he would derive a minuscule amount of revenue from a visit.

                                                                                                1. 3

                                                                                                  …I mean, would he? He doesn’t even host it, a business called typepad does.

                                                                                                2. 1

                                                                                                  I personally think that this site is for technical articles which this is not and I would prefer to keep such articles out of here. - tt

                                                                                                  Because I don’t want to see Scott’s work on this site? Just like you want to keep lobste.rs a tech only site ;-)

                                                                                                  Also, people are motivated either by results or by virtue ethics. There is nothing wrong with showing your virtues on your sleeve. I think maybe too many people are afraid to do so and we need more people being honest.

                                                                                              1. 3

                                                                                                (Apologies if the below isn’t well thought through - I’m at the edge of my understanding here)

                                                                                                The “contract for multiple types” thing puzzled me, because I didn’t understand the example.

                                                                                                I thought it would be better to have per-type constraints. But the graph example shows that a contract can express cross-type dependencies. That’s cool.

                                                                                                The declaration of contracts and interfaces otherwise seem close enough (semantically and conceptually) that I’d really like to understand the semantic differences between the two. I (think I) understand that an interface is implemented as a boxed type and the generics constrained by constract would be implemented as an unboxed type - but to me that should be an implementation detail.

                                                                                                To me it seems similar to whether a value is allocated on the heap or stack. In go, the heap/stack distinction has a performance difference but not a semantic difference. In C, it also has a semantic difference and that is the source of much pain.

                                                                                                So I think I’m asking: if we’re happy breaking back-compat, would it be possible to unify the contract+interface concepts and have the compiler choose whether we are boxing or not? (e.g. default to boxing and not-box in the cases where enough information is given to permit the optimisation).

                                                                                                1. 1

                                                                                                  if we’re happy breaking back-compat, would it be possible to unify the contract+interface concepts and have the compiler choose whether we are boxing or not?

                                                                                                  Maybe, in the draft it is clear that Go team wants to have flexibility in how contracts are implemented:

                                                                                                  We believe that this design permits different implementation choices. Code may be compiled separately for each set of type arguments, or it may be compiled as though each type argument is handled similarly to an interface type with method calls, or there may be some combination of the two.

                                                                                                  1. 1

                                                                                                    Thanks, that’s interesting.

                                                                                                    I think my main interest would be to see if having a single language construct (extended interfaces?) would suffice, rather than adding ‘contract’.

                                                                                                1. 2

                                                                                                  Are all these things prototyped and tested in realistic use cases prior to being finalized in the standard?

                                                                                                  1. 1

                                                                                                    gcc, clang, and msvc often have these features hidden behind experimental flags before the proposals are even approved, so the features certainly get tested in running code, and often also in production as the link from @tt points out:

                                                                                                    Most major C++20 features have been implemented in essentially their current draft standard form in at least one shipping compiler, and in most cases actually used in production code (i.e., has already been released to customers who are very happy with it). For example, coroutines (adopted only five months ago as of this writing) has been used in production in MSVC for two years and in Clang for at least a year with very happy customers at scale (e.g., Azure, Facebook).

                                                                                                    1. 15

                                                                                                      It’s a clickbait title, but there’s a real cryptographic bug in there: hashing of phone numbers for privacy isn’t doing anything. Such hashes are vulnerable to a dictionary attack. So effectively, AirDrop and WiFi sharing are broadcasting user’s phone number.

                                                                                                      1. 2

                                                                                                        I think the most serious one there is getting Wifi passwords from iPhones by spoofing a friend.

                                                                                                        1. 5

                                                                                                          I think the most serious one there is getting Wifi passwords from iPhones by spoofing a friend.

                                                                                                          No, the phone numbers are the one that’s worse. If you are sharing wifi-passwords with your friends, you know when you are doing that and you will probably click no when you are not doing that. Furthermore: Impersonating a friend requires a lot of reconnaissance.

                                                                                                          The phone-numbers however, are continuously sent out, which means that every tracking company in stores or subways will set up a SHA256(phonenumber):phonenumber database.

                                                                                                          This differs from the previous situation where they only had MAC-addresses in that they now know for certain with high probability that this MAC-address belongs to that phone number, which can be connected to any other data the user enters somewhere else.

                                                                                                          1. 5

                                                                                                            Update: As a test, I’ve written a quick and dirty java-program which calculates the SHA256-hash of every cell-phone number in The Netherlands. This program simply runs through all 8-character suffixes of all phone numbers. The resulting csv-file is 7,3 GB in size and it took my personal laptop about 162 seconds to generate this file. A simple grep-search takes about 17 seconds. Note that I haven’t optimized the code at all and that my laptop is running on a i7-6500U (@2,5GHz). This means that my private laptop can run through the SHA256 hashes of virtually all phone numbers in the world in about 4 days and that the resulting database-file would only be about 700 GB in size. More beefy machines will certainly be faster.

                                                                                                            This should be the final nail on the coffin for everyone who thinks that hashing a phone number is adequate for privacy protection, or that sending out a hashed version of the phone number is acceptable. It simply isn’t and the whole is capable of tracking individuals based on this. It doesn’t matter which hash-function you use, there simply aren’t enough phone numbers.

                                                                                                            1. 2

                                                                                                              I put Troy Hunt’s Pwned Passwords dataset (500 million SHA1 hashes) into SQLite, and by storing them as primary keys, lookups only take 0–1 milliseconds. Presumably you’d get similar results with however many SHA256 hashes. :-)

                                                                                                              1. 2

                                                                                                                Presumably you’d get similar results with however many SHA256 hashes. :-) Nice!

                                                                                                                I’ve imported the phone numbers into sqlite, but importing and indexing them took much longer than the actual generation. :-) Lookups are also instantaneous. Which is as expected.

                                                                                                              2. 1

                                                                                                                Switching to something like scrypt should solve this issue, right?

                                                                                                                1. 1

                                                                                                                  If you used a persistent salt per-device, yeah.

                                                                                                                  1. 1

                                                                                                                    Yes this would solve the issue for just about any hash function. But then you won’t need the phone number in there as well. If you go down this path you are essentially using device id’s or something simmilar, but you might just as well use some random id that you refresh after a certain period.

                                                                                                                  2. 1

                                                                                                                    No, switching to a different hash function won’t solve this issue. The fact that you are using phone numbers is the cause of this problem and it does not matter which hash function you use.

                                                                                                                    I’ve demonstrated this with AES256 because that is what Apple uses. You will get similar results with AES512, scrypt, whirpool or whatever other fancy hash function you want to use.

                                                                                                                    1. 3

                                                                                                                      Scrypt uses salting so precomputing one set of hashes won’t work. Furthermore you can select scrypt parameters so that computing one hash takes ~1s on modern (iOS) devices. Shouldn’t this be good enough to prevent this kind of attacks?

                                                                                                                      1. 1

                                                                                                                        Well even if a scrypt hash takes about one second, there is no one stopping me from running it 10 million times. Sure it would take me 115 days to build the table on a single core, but it would take me one day on 115 cores for an entire country. Given the fact that I already have access to about 40 cores at my own volition at home using scrypt would also only be a means of delaying the inevitable and is therefore kind of useless in this use case.

                                                                                                                        The only way to solve this, is by using a device specific seed, but if you have something like that, then why would you even put the phone number in there or bother with using scrypt at all?

                                                                                                                        I’ll sya it again: The phone numbers are the problem and as long as you are using those, the hash-function simply won’t matter.

                                                                                                          1. 29

                                                                                                            You’ve found a bug and reported it - there is no need to call them ‘incompetent’.

                                                                                                            1. 8

                                                                                                              As far as I can determine, that particular bug has existed since November 2017. I’m a bit surprised that no one working there (or for) has found it in a year and a half. It appears to be a pretty basic parsing bug.

                                                                                                              1. 1

                                                                                                                Whatever the bug is, if somebody put me on public display like that I would still block them wherever possible. I assume that’s what’s happening already.

                                                                                                              2. 7

                                                                                                                Following a URL is the primary purpose of a bot, yet that feature is completely broken in a way which would have been obvious had they tested the bot on any web site.

                                                                                                                Whether you want to call that incompetence or not is up to you, but, well, it’s not a good look.

                                                                                                                1. 6

                                                                                                                  If you find a bug and want it to get fixed, do you think that insulting maintainers is going to be helpful? I don’t think so.

                                                                                                                  feature is completely broken in a way which would have been obvious had they tested the bot on any web site.

                                                                                                                  And how do you know that? Maybe there is something special with the site/content in question that exposes bug that is not affecting 99% of other websites? Instead of assuming worst possible interpretation it might be better to just report the issue without judging project maintainers :)

                                                                                                                  1. 5

                                                                                                                    It can be helpful in making sure that nobody uses it. Not everyone has a vested interest in getting every bug fixed. Sometimes the best solution is encouraging people to use other software and not something completely broken. The article was pretty clear about the bug in question, and it would affect really any page with comments or discussion.

                                                                                                                  2. 3

                                                                                                                    I’ve seen pretty obvious bugs in code written by very competent programmers. These things slip through. It’s a bit like shouting “YOU ARE SUCH A FUCKING IDIOT” at a friend because he calls a wrong number.

                                                                                                                    I agree, these things don’t make you look particularly good, but they do happen to anyone, and calling someone incompetent over something like this is just being a dick. The bad thing is that it hits the insecure people disproportionally hard. If you get an aggressive reply, then maybe it’s time to act like a dick.

                                                                                                                  3. 2

                                                                                                                    Definitely. The wording in this blog post is really too pedantic.

                                                                                                                  1. 4

                                                                                                                    Apart from crypto parts fossil already handles distribution of all project related communications quite well.

                                                                                                                    1. 6

                                                                                                                      Racket’s is the nicest GUI library I’ve ever had the pleasure of using.

                                                                                                                      1. 4

                                                                                                                        I like how convenient it is but I’ve always found the object-based approach a bit awkward. An elm architecture-inspired interface would be interesting and more idiomatic, but I can’t find any library that implements it.

                                                                                                                        Maybe it’s finally time to learn syntax-parse

                                                                                                                        1. 2

                                                                                                                          That’s an interesting idea. racket/gui was inspired by Smalltalk’s OO approach to GUI: traditional message passing style, encouraging you to augment and override (or overment and augride) existing classes to specialise them for your use case. Still, I’d like to see more applications of the Elm-style declarative GUIs, myself.

                                                                                                                          Do you know of other languages/frameworks using it?

                                                                                                                          1. 2

                                                                                                                            Elm was the first GUI “framework” I learned so I guess it’s had a big impact on what I’ve come to expect from these things.

                                                                                                                            As for other implementations of TEA, the only major one I know if is Elmish for F#, which is used by Fable for browser GUIs and Fabulous for mobile.

                                                                                                                          2. 2

                                                                                                                            It’s dated and awkward, and the class system isn’t great. (Modern Racket tends to prefer the interface system instead of classes.) But it’s still dramatically better than any alternative for building conventional GUIs I’ve ever seen.

                                                                                                                          3. 2

                                                                                                                            Is it really? It looks to me that it has many shortcomings, like e.g. it lacks tree widget (available externally) or a way to customize model of list.

                                                                                                                            1. 1

                                                                                                                              You can do any customisation you want using the class system.

                                                                                                                              1. 2

                                                                                                                                I’m not sure how to do that – care to explain?

                                                                                                                                1. 1

                                                                                                                                  Well, briefly, every send message you see in that list-box% manual page is override-able within a subclass, so you can just substitute a new class with whatever customisations you like (there are very few private or un-overridable behaviours). The class system is very flexible and you can do a lot with it that you can’t in many other languages.

                                                                                                                                  I researched how it works after sending my response (of course) and it uses the platform widget toolkit, so there may be some platform-specific things you can’t directly change.

                                                                                                                                  1. 1

                                                                                                                                    Well, I know that I can derive and override how my class responds to messages. The question is which messages handling should I change to change how entries are stored (and which I can leave as-is). It’s not clear (at least to me) from the code nor from documentation. Furthermore by using subclassing and not agregation/delegation with separate model it makes it hard to reuse same model for different widgets, right?

                                                                                                                                    So I’m not sure that your original claim “Racket’s is the nicest GUI library I’ve ever had the pleasure of using” is correct, if you used cocoa/uikit or qt.

                                                                                                                                    1. 1

                                                                                                                                      In that case it’s just a matter of using append, get-data, and set-data or just keeping an association of entries alongside - what use case do you have for changing exactly how entries are stored? (Why does this particular point bring into question the veracity of my opinion on the matter?)

                                                                                                                                      It’s not forcing you to use inheritance; that was just an example. You can substitute any object for any other as long as it implements the right widget interfaces. Classes are first-class objects so you can pass them around between functions. It’s up to you to organise it nicely.

                                                                                                                            2. 1

                                                                                                                              agreed, it’s very well designed and a joy to use