1. 19

    This is kind of interesting, but it’s neither informative nor actionable–and yet, it’s gotten a bunch of upvotes in solidarity.

    Let’s not normalize this.

    1. 28

      Why does it have to be actionable? Why do you think the votes are out of solidarity? I find this kind of stuff very interesting.

      1. 16
        • It’s slacktivism.

        • It’s a pretty well-supported theory that exposing people to a bunch of news, when they can’t do anything about it, contributes to depression and anxiety.

        • And, of course, lobste.rs is supposed to complement the other sites, not replace them.

        1. 18

          I think I’m missing something here. How could upvoting this story possibly constitute slacktivism? Are you assuming that Stenberg quit Mozilla for some principled reason and that we’re “supporting” him by promoting this blog post? I read the story and didn’t come away with that understanding at all. (And his mention that he can’t get a US visa was a very tangential bit at the end.)

          1. 12

            This is such an odd reply. Do you believe that most news on lobste.rs is actionable?

            1. 8

              The problem is that lobste.rs wasn’t supposed to be for news.

              1. 4

                What’s it supposed to be for then?

                1. 10

                  Personally I come here to learn new things and not to catch up on news and drama. I could get that from reddit.

                  1. 4

                    Or HN, for that matter. I fully agree; I’d prefer if Lobste.rs would be limited to technical posts. The odd informative post about a person can be interesting, but only if it’s “important news” like a death. Even if someone loudly resigns from a software project I’m not sure I’d want to read about it (it’s just drama).

                    I can’t actually downvote yet, so bear in mind that the upvotes are skewed; out of all the people who can only upvote, if 50% wants to downvote, they can’t. Worse: if 25% upvotes, it looks like the majority is in favor of the post.

                2. 4

                  That’s news to me. I am pretty sure that’s not true.

              2. 6

                To adhere to bullet two it would be best just to shut lobsters down.

                1. 6

                  There’s good, actionable, technical content here. If you need to see new posts every 15 minutes regardless of quality or relevance, the internet has plenty of that already.

                  1. 5

                    Can you tell me which pieces on the frontpage right now you consider actionable, and which action you would take?

                    1. 13

                      State of Haskell: I’m not into Haskell, so I haven’t read it, but if I were, then I’d focus on making Haskell better for what people are currently using it for.

                      Some notes about HTTP/3: I’d remember this information for use when actually implementing services that use it.

                      Flying for Thanksgiving: I’d take the plane on thanksgiving day, instead of the day before or after.

                      How to install Yggdrasil in Debian(stretch) and find peers: install Yggdrasil in Debian and find peers.

                      Scrolling the main document is better for performance, accessibility, and usability: scroll the main document.

                      Bleeding edge django template focused on code quality and security: scaffold a Django project using it.

                      Python memoization across program runs: memoize data.

                      Running x86_64 binaries on the Talos II: run x86_64 binaries on the Talos II.

                      6 core falsehoods about the digital sphere: not repeat them.

                      Safer bash scripts with ‘set -euxo pipefail’: put this on the top of my bash scripts.

                      The History of GNOME: … okay … I’ve got nothing.

                      Kobzol/hardware-effects: write software that isn’t slow.

                      MEMs oscillator sensitivity to helium (helium kills iPhones): keep helium away from iPhones, and keep this in mind if I ever end up in charge of hardware design.

                      Formal Verification of Distributed Checkpointing Using Event-B (2015): build better distributed systems.

                      NN based self-driving car with Lego Mindstorms and a Raspberry Pi 3: build a demo self-driving car.

                      Open-Source, Bitstream Generation (2013): generate bitstreams.

                      Computing History at Bell Labs: again, historical documents might not have immediate worth, but in the long term, copying an old forgotten design can make you seem smarter than you actually are.

                      A verified email address will be required to publish to crates.io starting on 2019-02-28: avoid getting in trouble with the DMCA if I ever end up in charge of something like crates.io.

                      elm-ui: Forget CSS and enjoy creating UIs in pure Elm: enjoy creating UIs in pure Elm.

                      Yet another memory leak in ImageMagick or how to exploit CVE-2018–16323: stop writing C (“perform a DoS attack” would also be a valid, but less accepted, answer).

                      If I were to invent a programming language for the 21st century: this one should probably be tagged “satire”, but in any case, it’s a call to stop repeating history, so while it might not be immediately actionable, keep it in mind before you ever start writing a programming language.

                      Time is Partial, or: why do distributed consistency models and weak memory models look so similar, anyway?: build better distributed systems using these consistency models.

                      boar - Tool for archiving your digital life: archive my digital life.

                      Developer to Manager - Experiences going from development to management: avoid repeating their mistakes.

            2. 24

              I knew this would be a controversial post generating a few down votes. I almost felt like not submitting at all, but I decided to submit for those reasons:

              • the author of curl is a somewhat noteworthy person, his blog is often times featured here.
              • there is a person tag on lobsters
              • the upvote/down vote system will tell me if I was right.

              Regarding my last point: I value friendlysocks comment here. I think he’s right. 4 downvotes (“off topic”) is a strong supporting signal. I’ve gotten less downvotes for stuff that was truly controversial :-)

              1. 4

                Thank you for participating in the site, and even more for explaining your reasoning!

              2. 16

                Please stop policing content.

                1. 10

                  Fwiw, it didn’t come across to me as policing. Imho, It’s good we have healthy discussions on content from time to time.

                  1. 11

                    Consider it opening a discussion about content, rather than policing it. It is surely agreeable that not all content (even high-quality content) is desirable on lobste.rs; so we need to reach a rough consensus on where the line should be drawn. Doing that exclusively by “letting the votes decide” has been demonstrated over and over again to lead to low-effort content; so there needs to be discussion. And here we are, discussing. =)

                    So: why do you think this article should stay? What does it bring to lobste.rs that’s valuable to the community? I’m not generally in agreement with @friendlysock that news and current events should be outright banned, but in my opinion this particular article doesn’t really bring much to the table. It’s basically saying that Daniel is leaving Mozilla, he’s not telling us why, and we shouldn’t worry about it. Okay? Is this useful or important for significant numbers of people to know? I don’t feel I benefited much from reading the article.

                    1. 6

                      An appropriate response to a post you don’t want to see on the website is to downvote it, flag it, or hide it. An inappropriate response is to comment and complain that the post doesn’t meet your perceived standards for content. The latter, especially when coming from a member and not a moderator, is pure moralizing noise, actually and substantially worse than the “offending” content being submitted in the first place.

                      1. 16

                        I have to agree with @whbboyd and @danielrheath. It’s obvious that voting mechanisms are not effective for maintaining quality (for examples, see Hacker News, Reddit and a plethora of other sites). Maintaining norms through interaction seems like a better approach worth experimenting with, and moreover, it seems to be working for Lobste.rs.

                        1. 13

                          This is a community, and communities find (and maintain) their cultural norms by interacting with one another.

                          Perhaps this norm has changed as the site has grown, and perhaps not.

                          especially when coming from a member and not a moderator

                          Having a database bit set (or not) has nothing to do with your credibility or standing in the community. He’s one of the oldest and most active site members, and (as evidenced by karma/post ratio) is well regarded.

                      2. 9

                        I, for one, appreciate that someone is doing it.

                        The internet has no shortage of sites with a poor SNR; lobsters has remained high-quality primarily because the cultural norms lean towards ‘keep the noise low’.

                        1. 1

                          Having less discussion on why content may not be a great fit for lobsters isn’t a great long-term strategy. FWIW, it’s exactly the difference between low-quality communities like /r/programming and higher-quality communities like /r/netsec on reddit. I would really prefer that we don’t end up like /r/programming or HN, and a little introspection can’t hurt.

                        2. 5

                          it’s actionable in the sense that there could be someone here that 1. likes his work on curl and mozilla and 2. have a company that might want to hire him.

                          1. 1

                            That would be the case if the post indicated he was looking for work - but it explicitly says he has other plans.

                            1. 4

                              well it didn’t quite say that. it just stated that he was unsure where he was going and was in talks. perhaps someone else wants to get in on those talks.

                              I don’t yet know what to do next.

                              I have some ideas and communications with friends and companies, but nothing is firmly decided yet. I will certainly entertain you with a totally separate post on this blog once I have that figured out! Don’t worry.

                              1. 2

                                Fair enough.

                          1. 2

                            I get that we’re supposed to keep original titles but I’d argue that the spacing is a result of the site’s “styling” and doesn’t have to be reproduced (just like we wouldn’t prepend a # to every submission’s title that links to a markdown doc)

                            1. 2

                              In Swedish typography this is called “spärrning”, from the German Sperrsatz.

                              https://en.wikipedia.org/wiki/Emphasis_(typography)#Letter_spacing

                              It’s basically the only emphasis you have available if you can’t underline or use italics/bold.

                              1. 1

                                Yeah, I agree. The spaces just make things like searching for the article harder.

                              1. 5

                                I don’t understand how/if webmentions are significantly different from the pingbacks everbody used to have on their WordPress blog (because I think they were enabled by default?) and then promptly disabled because of too much spam.

                                1. 7

                                  Webmentions have been modeled after pingback. They are basically a refinement.

                                  Regarding spam, well, as always when you are exposing a write permission though the web, you are more or less vulnerable. This problem has and is still discussed within the indieweb community. A protocol, Vouch has been proposed to address this problem.

                                  And as mentioned below, you still can moderate or simply not display your webmentions altogether.

                                  1. 3

                                    Webmentions have been modeled after pingback. They are basically a refinement.

                                    Did anyone ever care about pingbacks though? Even the non-spammy ones?

                                    1. 1

                                      Presumably? I mean, they got implemented, right? Someone spent the time to make that happen.

                                      1. 1

                                        Did anyone ever care about pingbacks though? Even the non-spammy ones?

                                        I can only speak for myself, but I did. It often gave me access to blogs by people with similar interests that I would have otherwise never known about to visit. It used to be that a large percentage of bloggers would list their favourite blogs somewhere on every page (sidebar/footer) so finding one blog with an author who shared similar interests could end up in a twenty five link binge.

                                        I guess it was a different time, then again it was over a decade ago.

                                    2. 3

                                      I was wondering that, unless these aren’t intended to be published in verbose and instead used more as a notification for the author and only really published publicly as a counter?

                                      If the pingbacks had been used simply to list in the authors admin places where their articles had been mentioned and not published alongside comments to the article then there would have been a lot less spam.

                                      1. 3

                                        Vouch was mentioned here already, but for now, just requiring a valid h-entry reply/like/repost/etc. instead of just a link works well enough. Of course spammers can start posting proper replies, but they haven’t yet.

                                      1. 0

                                        This is good to know, but having news of outages here is not going to increase the quality of Lobsters.

                                        1. 12

                                          I find this to be valuable information. I was not aware that by sharing source code on github/gitlab, I might be excluding people from the listed countries from accessing my code. Similarly, this seems to be relevant news for any lobste.rs users from those countries. (Or does lobste.rs not allow readers from Iran or Cuba itself?)

                                          Certainly labelling this as an “outage” is disingenuous.

                                          1. 12

                                            this isn’t about outages

                                            1. 14

                                              It three things:

                                              1. A business announcement saying they’ll get some benefits switching cloud providers. People change providers all the time for arbitrary reasons.

                                              2. A warning about a planned outage of some services during a maintenance window. These are common during big changes. Gitlab’s customers should be following their site for such information.

                                              3. A reminder some freedom/crypto-hating, police states might block some software (eg theirs). Like they always do.

                                              I agree with friendlysock. Just noise. This prior submission is an example for Gitlab of a write-up with more technical depth that teaches us stuff we might use. That kind of stuff is our differentiator here.

                                              1. 5

                                                If a service stops being available it’s an outage–whether due to legal reasons or not.

                                                If we had a submission here every time a law threatened a services availability we’d have no time for the sort of content that’s usually here.

                                                1. 9

                                                  […] we’d have no time for the sort of content that’s usually here.

                                                  I don’t know your perspective of lobste.rs’ typical content, but recently my usual experience here is that whenever I enter a comment thread for a topic that interests me, there is a comment by you claiming that this sort of content doesn’t belong on this site.

                                                  1. 5

                                                    We had a discussion to define what the site was about. There were a lot of opinions. I thought friendlysock had the best baseline here. As said in that comment, people wanting those kinds of articles and discussions have plenty of places to get them. Hacker News and Reddit often have the same ones. Lobsters can copycat them with all their strengths and weaknesses or have its own strengths and weaknesses.

                                                    We often have more technical depth with low noise here than most other places I see. We occasionally get management, academic, or political stuff that’s actionable with detailed analyses, too. I say we stay on that instead of fluff that other sites have. Even if it’s important to you, it’s redundant: you can just get that stuff from places where it’s already at with Lobsters adding something different to your overall set of feeds.

                                                    1. 3

                                                      If you’d like to share with the rest of us in a top-level comment what you found interesting about this submission, I would hope it would generate some positive discussion.

                                                      What did you find interesting about this topic?

                                                    2. 3

                                                      I think the two comments you made here would be better if you had combined them in to a single comment and spent more time describing your claim of this submission being off-topic. I’d also have welcomed you dwelling longer on the quality of the content that’s usually here.

                                                1. 15

                                                  I’m not particularly thrilled with either the tone or content of this essay.

                                                  First, there’s some revisionism:

                                                  The first reason that WebAssembly is different is that it’s succeeded, and those technologies did not.

                                                  The essay goes on to redefine “success” in some super-niche way and qualify it, but this is rhetorically dishonest. I might as well write in an essay that “The first reason I disagree with them is that @steveklabnik is a fascist” and then go on to explain that by that I mean a fascist who supports government control of resources and careful policing of speech…sure, under that tortured definition I am both consistent and not wrong, but you wouldn’t be faulted for observing that I’m not right either.

                                                  They were never standardized, and that matters a lot.

                                                  JVM was never standardized.

                                                  Flash was not built on ES3/ES4 standards.

                                                  Unfortunately, just because something is standardized and went through the wringer doesn’t mean it isn’t hot steaming garbage.

                                                  If you built an applet in one of these technologies, you didn’t really build a web application […] You lost all of the benefits of other web technologies; you lost HTML, you lost CSS, you lost the accessibility built into the web.

                                                  Most of those features didn’t exist when Java applets first came out in 1995. Most of the useful stuff that Flash was good at didn’t exist in browsers for most of the 00’s. The essay is trying to sell you on a state of history that didn’t exist in any meaningful way.

                                                  “Don’t break the web” is a very, very important rule for browser vendors.

                                                  “…unless it gets you marketshare” is the rest of the sentence that the author leaves out. Browser vendors (and hell, let’s be real here: we mean Google, Apple, Microsoft, and that’s basically it these days) break things all the time and don’t care. https://caniuse.com/ is a monument to this fact.

                                                  Then there’s seeming misunderstanding about how browser development works:

                                                  These companies have significant motive to make profit, not to make the web better.

                                                  “Making profit” is how IE managed to deliver the first working version of CSS. Similarly, how they delivered a little thing called XMLHttpRequest, a small api with passing utility later adopted by every other browser manufacturer.

                                                  Google Chrome delivered lots of neat features ahead of standardization specifically so they could feed the ad machine. And Mozilla happily rode those coattails for a good long time.

                                                  I think the notion of “let’s make the web better” ultimately–intentionally or not–boils down to “let’s serve ads better”, once you look at things in context.

                                                  …and how companies work…

                                                  WebAssembly is a joint venture between Mozilla, Google, Apple, Microsoft, and others. It’s not trying to push anyone’s particular platform, but instead represents the shared interests of a wide number of stakeholders, both corporate and individual.

                                                  So, two ad-driven companies, a company known specifically for locking-down platforms (and goofing around in standards and industry groups if one’s familiar with OpenGL or the development of the Cell processor), and a company who is switching to moving as much of their stuff into the cloud–where it can be taxed and leased to users without fear of reprisal. I see why they might want to support WASM.

                                                  …and how maintenance works…

                                                  It’s hard enough to maintain one runtime, let alone two. And then how do you integrate them?

                                                  Runtimes don’t all need to be integrated, and we handily managed to keep the runtimes for JVM and Flash maintained for more than a decade, by letting interested parties support them.

                                                  …and how language proliferation and the Tower of Babel work…

                                                  Do we really want to christen one language as the next language of the web? We already have JavaScript. Are we someday going to introduce a third language? A fourth? An agnostic approach is significantly better for longevity’s sake.

                                                  Picking one language is better for longevity’s sake. Standardization–the shibboleth touched on here and there in this essay–would suggest that we take one language and adopt and update it as needed.

                                                  Wasm, as I rallied about many a time, is likely to make frontend dev skills even less portable than they already are. It’s an opportunity to let language writers and well-meaning developers rediscover every mistake in their language and find some way of introducing it into the browser and then saddling devs with their shortcomings!

                                                  …and how security works.

                                                  Wasm is missing some features of regular assembly language that can cause security vulnerabilities, like stack smashing. Wasm is memory-safe, which is huge!

                                                  And yet it directly enables malware and side-channel attacks, while it’s proponents kinda ignore the issue and forge ahead.

                                                  ~

                                                  We’re all going to be stuck with the outcome of this, and folks promoting the technology for their own career advancement or aesthetics are doing so, seemingly to me, without enough care for the ramifications of what they’re pushing.

                                                  EDIT: Cleanups to soften this up a bit…my annoyance got in the way of my politeness.

                                                  EDIT: Removed many “actually”’s in various headers, since I read them in my head as “well ak-shu-alee”

                                                  1. 23

                                                    I’m going to give you one reply, but that’s it; we have such a divergence of opinion so often that I don’t feel like we’re really going to agree, but I would like to respond to some things.

                                                    The essay goes on to redefine “success” in some super-niche way and qualify it, but this is rhetorically dishonest.

                                                    I tried to be super clear here that this is from an implementor’s perspective. Success in this context means “becoming part of the web platform.” I don’t feel that’s dishonest, it’s about being clear about exactly what I’m trying to talk about.

                                                    JVM was never standardized.

                                                    That’s a specification, not a standard.

                                                    Flash was not built on ES3/ES4 standards.

                                                    “built on” does not mean “conforms with”; ActionScript and ECMAScript are similar, but different.

                                                    Unfortunately, just because something is standardized and went through the wringer doesn’t mean it isn’t hot steaming garbage.

                                                    This is true, but that’s why I qualified what this post is about. The user’s perspective is something else entirely.

                                                    Most of those features didn’t exist when Java applets first came out in 1995.

                                                    CSS was in development at the time, and shipped in 1996, it’s true. But regardless of the start, that kept being true. They could have added support, but they did not. It’s effectively the same.

                                                    https://caniuse.com/ is a monument to this fact.

                                                    CanIUse, to me, is more about when you can adopt new features. They ship in different browsers at different times, but eventually, a lot of stuff is the same. Crossplatform web development has never been easier.

                                                    Runtimes don’t all need to be integrated, and we handily managed to keep the runtimes for JVM and Flash maintained for more than a decade, by letting interested parties support them.

                                                    Yet they still were full of vulnerabilities. This was due to the disconnect I talk about in the article. It also doesn’t address the inherent complexity in coordinating two runtimes compared to one.

                                                    enables malware

                                                    This was already possible with JS, wasm doesn’t fundamentally change things here

                                                    and side-channel attacks,

                                                    This article is clickbait nonsense. It says that this could happen, but ignores that everyone involved with WebAssembly is acutely aware of these issues, and is not moving forward until they’re addressed. Heck, before Meltdown/Spectre was announced, I was in a room with one of the main designers of WebAssembly, and someone brought up SharedArrayBuffer for some reason. He said “yeah so you shouldn’t rely on that and I can’t talk about why”. Then we all found out why.

                                                    You’re letting your disdain bias you against the facts.

                                                    while it’s proponents kinda ignore the issue and forge ahead.

                                                    TC39 is not the body that standardizes WebAssembly.

                                                    We’re all going to be stuck with the outcome of this, and folks promoting the technology for their own career advancement or aesthetics are doing so, seemingly to me, without enough care for the ramifications of what they’re pushing.

                                                    This kind of slander is why I rarely post to lobste.rs anymore. I’m out.

                                                    1. 2

                                                      This was already possible with JS, wasm doesn’t fundamentally change things here

                                                      It makes things easier, and the general increase in performance allows more interesting and obtrusive categories of malware than we saw with JS.

                                                      Heck, before Meltdown/Spectre was announced, I was in a room with one of the main designers of WebAssembly, and someone brought up SharedArrayBuffer for some reason.

                                                      There’s no sane way to have multiple threads and shared memory primitives of which I’m aware that don’t enable timing attacks at this time. The option seems to be to remove them entirely, and the Github link shows that at least a few people are hesitant to do that.

                                                      TC39 is not the body that standardizes WebAssembly.

                                                      Thank you for the correction–I don’t know if there is a lot of bleedover between the groups. If there is, my concern remains.

                                                      This kind of slander is why I rarely post to lobste.rs anymore. I’m out.

                                                      That’s my honest opinion, slander wasn’t my intent. This pattern is being repeated everywhere in our industry. If you don’t think it applies in your case, please correct me.

                                                      1. 12

                                                        That’s my honest opinion, slander wasn’t my intent.

                                                        Making an unsubstantiated accusation in a public forum is slander, even if you happen to believe the accusation to be true.

                                                        And to be clear, you accused promoters of wasm of self-interestedly putting career/aesthetics above the common good. You made no allowance for the idea that they might actually have decent reasons for believing and acting as they do. If they disagree with you on wasm, then they are simply a bad person.

                                                        Putting all of that behind a “it seems to me” doesn’t actually change what you are saying. If you meant something else, I strongly suggest rewording. If not, then please don’t post such attacks on Lobsters.

                                                        1. 3

                                                          Please consider the original phrasing–there’s a reason I picked it:

                                                          We’re all going to be stuck with the outcome of this, and folks promoting the technology for their own career advancement or aesthetics are doing so, seemingly to me, without enough care for the ramifications of what they’re pushing.

                                                          I state one thing as fact: we’re stuck with the outcome of the wasm debate.

                                                          I state the rest as opinion: the set of people promoting the technology, who are doing so for their own career advancement or aesthetics, seem to be doing so without enough care for the ramifications of widespread wasm adoption it seems to me.

                                                          There is a much more direct way of slandering people if that’d been my goal.

                                                          1. 5

                                                            Sidestepping the question of whether it’s slander: it’s non-constructive and counterproductive to speculate about the intentions and motivations of the people you are discussing with. It’s poisoning the well.

                                                        2. 6

                                                          That’s my honest opinion

                                                          It’s an accusation, not a matter of opinion.

                                                      2. 6

                                                        Browser vendors (and hell, let’s be real here: we mean Google, Apple, Microsoft, and that’s basically it these days)

                                                        I’m sure you know you’re writing to a Mozilla employee. Does saying “you’re not even a real browser vendor” really help your argument?

                                                        (I’ve worked at Mozilla. Loved it, but competing against some of the largest and most well-funded corporations in the world is hard, and it can be frustrating to see what they get away with. Jabs like this pile up and demoralize you.)

                                                        1. 2

                                                          In my haste I plain forgot to list Mozilla. One of many glaring oversights I’ve made today.

                                                          That said, my point is that there are really only 4 vendors that matter, since the vast, vast majority of browsers are powered using one of 3 or 4 engines.

                                                          1. 2

                                                            That makes more sense. Thanks for clarifying.

                                                      1. 1

                                                        I’m wondering if you could, instead of using eval to make functions with the right names, allocate some function objects and assign strings to their name (or is it func_name?) attribute? Or is that one read-only? I remember some of the attributes of function objects are read-only but not all of them are.

                                                        1. 2

                                                          In Python 2.7, you can do this by constructing a new code object and assigning it to a function’s func_code attribute. The function’s func_name is ignored by the traceback generation. Still, no eval necessary!

                                                          Running this:

                                                          from types import CodeType
                                                          
                                                          def make_raiser(name, lineno, filename, type_to_raise):
                                                              def raises():
                                                                  raise type_to_raise()
                                                              co = raises.func_code
                                                              raises.func_name = name
                                                              raises.func_code = CodeType(
                                                                  co.co_argcount,
                                                                  co.co_nlocals,
                                                                  co.co_stacksize,
                                                                  co.co_flags,
                                                                  co.co_code,
                                                                  co.co_consts,
                                                                  co.co_names,
                                                                  co.co_varnames,
                                                                  filename,
                                                                  name,
                                                                  lineno - 1,
                                                                  co.co_lnotab,
                                                                  co.co_freevars,
                                                                  co.co_cellvars,
                                                              )
                                                              return raises
                                                          
                                                          foo = make_raiser('foo', 3, 'foo.rs', lambda: IndexError(0))
                                                          bar = make_raiser('bar', 4, 'bar.rs', foo)
                                                          bar()
                                                          

                                                          with python2.7 gives me this output:

                                                          $ python2 maketraceback.py 
                                                          Traceback (most recent call last):
                                                            File "maketraceback.py", line 27, in <module>
                                                              bar()
                                                            File "bar.rs", line 4, in bar
                                                            File "foo.rs", line 3, in foo
                                                          IndexError: 0
                                                          

                                                          For Python3, there’s one extra argument to the CodeType constructor, so it’s just:

                                                          from types import CodeType
                                                          
                                                          def make_raiser(name, lineno, filename, type_to_raise):
                                                              def raises():
                                                                  raise type_to_raise()
                                                              co = raises.__code__
                                                              raises.__name__ = name
                                                              raises.__code__ = CodeType(
                                                                  co.co_argcount,
                                                                  co.co_kwonlyargcount,
                                                                  co.co_nlocals,
                                                                  co.co_stacksize,
                                                                  co.co_flags,
                                                                  co.co_code,
                                                                  co.co_consts,
                                                                  co.co_names,
                                                                  co.co_varnames,
                                                                  filename,
                                                                  name,
                                                                  lineno - 1,
                                                                  co.co_lnotab,
                                                                  co.co_freevars,
                                                                  co.co_cellvars,
                                                              )
                                                              return raises
                                                          
                                                          foo = make_raiser('foo', 3, 'foo.rs', lambda: IndexError(0))
                                                          bar = make_raiser('bar', 4, 'bar.rs', foo)
                                                          bar()
                                                          

                                                          and output looks the same:

                                                          $ python3 maketraceback3.py 
                                                          Traceback (most recent call last):
                                                            File "maketraceback3.py", line 29, in <module>
                                                              bar()
                                                            File "bar.rs", line 4, in bar
                                                            File "foo.rs", line 3, in foo
                                                          IndexError: 0
                                                          
                                                          1. 1

                                                            Yes, this is what I’m planning for the next post :)

                                                          1. 10

                                                            From the readme:

                                                            You probably noticed the peculiar default line length. Black defaults to 88 characters per line, which happens to be 10% over 80. This number was found to produce significantly shorter files than sticking with 80 (the most popular), or even 79 (used by the standard library). In general, 90-ish seems like the wise choice.

                                                            This is a table stakes deal breaker for me. I know, I know, I’m likely old fashioned. I prefer old school. :-)

                                                            1. 6

                                                              It is a default though, you can pass --line-length to it.

                                                              1. 1

                                                                departing from established standards because you feel like it is a pretty bad sign in general. as are --long-gnu-style-options, but that’s a different issue.

                                                              2. 2

                                                                I just counted the length of lines over 266 Lua files [1], calculating the 95th percentile [2] of line length. Only 4% had a 95 percentile of 89 or higher; 11% had a 95th percentile of 80 or higher. And just because, 4% had 95th percentiles of 80 and 81. For maximum line lengths:

                                                                • 42% with longest line of 79 characters or less
                                                                • 46% with longest line of 80 characters or less
                                                                • 56% with longest line of 88 characters or less

                                                                Longest line found: 204 characters

                                                                [1] I don’t use Python, so I’m using what I have. And what I have are multiple Lua modules I’ve downloaded.

                                                                [2] That is, out of all the lines of code, 95% of line lengths are less than this length.

                                                                1. 1

                                                                  https://en.wikipedia.org/wiki/88_(number)

                                                                  I can’t help it but read it as a fascist code, or at least I start thinking about whether it could be on every occasion I see this number (not totally unfounded, because where I live it is used this way every now and then). I don’t think they meant to use it this way, so I think it’s fine (more than that, good, because it devalues the code by not treating the numebr as taboo).

                                                                  1. 1

                                                                    Personally I don’t like line break at 80 or 90 with python, as the 4-spaces indent quickly uses up a lot of horizontal space. For example, if you write unittest-style unit tests, before you write any assignment or call, you have already lost 8 spaces.

                                                                    class TestMyFunctionality(unittest.TestCase):
                                                                        def setUp(self):
                                                                            # ....
                                                                        def test_foo(self):
                                                                            x = SomeModule.SomeClass(self.initial_x, get_dummy_data(), self.database_handle)
                                                                    

                                                                    Of course you could start introducing line breaks, but that quickly leads to debates on “hanging indent”, lisp-style-indent, etc. or you end up with a lot of vanity variables for local variables.

                                                                    With lisp-style indent I mean the following snippet, that (if it was the way the autoformatter would do it would convince me to accept a 80 character line length limit)

                                                                    class TestMyFunctionality(unittest.TestCase):
                                                                        def setUp(self):
                                                                            # ....
                                                                        def test_foo(self):
                                                                            x = SomeModule.SomeClass(self.initial_x,
                                                                                                     get_dummy_data(),
                                                                                                     self.database_handle)
                                                                    

                                                                    Whereas I find the “hanging indent” style makes understanding the structure of the syntax tree so much more difficult.

                                                                    class TestMyFunctionality(unittest.TestCase):
                                                                        def setUp(self):
                                                                            # ....
                                                                        def test_foo(self):
                                                                            x = SomeModule.SomeClass(
                                                                                    self.initial_x,
                                                                                    get_dummy_data(),
                                                                                    self.database_handle)
                                                                    
                                                                  1. 12

                                                                    So, this might be a good time to float an idea:

                                                                    None of this would be an issue if users brought their own data with them.

                                                                    Imagine if users showed up at a site and said “Hey, here is a revokable token for storing/amending information in my KV store”. The site itself never needs to store anything about the user, but instead makes queries with that auth token to modify their slice of the user’s store.

                                                                    This entire problem with privacy and security would go away, because the onus would be on the user to keep their data secure–modulo laws saying that companies shouldn’t (and as a matter of engineering and cost-effectiveness, wouldn’t) store their own copies of customer data.

                                                                    Why didn’t we do this?

                                                                    1. 17

                                                                      http://remotestorage.io/ did this. I’ve worked with it and it’s nowhere near usable. There are so many technical challenges (esp. with performance) you face on the way that result of you basically having to process all user data clientside, but storing the majority of data serverside. It gets more annoying when you attempt to introduce any way of interaction between two users.

                                                                      We did try this, saw that it’s too hard (and for some services an unsolved problem) and did something else. There’s no evil corporatism in that, nor is it a matter of making profit, even if a lot of people especially here want to apply that imagination to everything privacy-related. It’s human nature.

                                                                      1. 2

                                                                        basically having to process all user data clientside

                                                                        If I go to a site, grant that site a token, couldn’t that server do processing server side?

                                                                        It gets more annoying when you attempt to introduce any way of interaction between two users.

                                                                        Looking at remotestorage it appears there’s no support for pub/sub, which seems like a critical failing to me. To bikeshed an example, this is how I see something like lobste.rs ought to be implemented:

                                                                        • User data is stored in servers (like remotestorage) called pods, which contain data for users. A person can sign up at an existing pod or run their own, fediverse-style.

                                                                        • These pods support pub/sub over websocket.

                                                                        • A particular application sits on an app server. That app server subscribes to a list of pods for pub/sub updates, for whatever users that have given that application permission. On top of these streams the app server runs reduce operations and keeps the result in cache or db. A reduce operation might calculate something like, give me the top 1000 items sorted by hotness (a function of time and votes), given streams of user data.

                                                                        • A user visits the site. The server serves the result instantly from its cache.

                                                                        • Additionally the pub/sub protocol would have to support something like resuming broken connections, like replay messages starting from point T in time.

                                                                        Anyway, given this kind of architecture I’m not sure why something like lobste.rs for example couldn’t be created - without the performance issues you ran into.

                                                                        1. 2

                                                                          If I go to a site, grant that site a token, couldn’t that server do processing server side?

                                                                          If your data passes through third-party servers, what’s the point of all of this?

                                                                          The rest of your post is to me, with all due respect, blatant armchair-engineering.

                                                                          • The pub/sub stuff completely misses the point of what I am trying to say. I’m not talking about remotestorage.io in particular.

                                                                          • Lobste.rs is a trivial usecase, and not even an urgent one in the sense that our centralized versions violate our privacy, because how much privacy do you have on a public forum anyway? Let’s try something like Facebook. When I post any content at all, that content will have to be copied to all different pods, making me subject to the lowest common denominator of both their privacy policies and security practices. This puts my privacy at risk. Diaspora did this. It’s terrible.

                                                                          • Let’s assume you come up with the very original idea of having access tokens instead, where the pods would re-fetch the content from my pod all the time instead of storing a copy. This would somewhat fix the risk of my privacy (though I’ve not seen a project that does this), but:

                                                                            • Now the slowest pod is a bottleneck for the entire network. Especially stuff like searching through public postings. How do you implement Twitter moments, global or even just local (on a geographical level, not on network topology level) trends?
                                                                            • Fetching the data from my pod puts the reader’s privacy at risk. I can host a pod that tracks read requests, and, if the system is decentralized enough, map requests from pods back to users (if the request itself doesn’t already contain user-identifying info)

                                                                          See also this Tweet, from an ex-Diaspora dev

                                                                          1. 1

                                                                            If your data passes through third-party servers, what’s the point of all of this?

                                                                            It decouples data and app logic. Which makes it harder for an application to leverage its position as middle man to the data you’re interested in. Doing stuff like selling your data or presenting you with ads. Yet you put up with it because you are still interested in the people there. Because if data runs over a common protocol you’re free to replace the application-side of things without being locked in. For example, I bet there’s some good content on Facebook but I never go there because I don’t trust that company with my data. I wish there were some open source, privacy friendly front end to the Facebook network available, that would let me interact with people there, without sitting on Facebook’s servers, and open source. Besides that, if an application changes its terms of use, maybe you signed up trusting the application, but now you’re faced with a dilemma of rejecting the ToS and losing what you still like about the application, or accepting new crappy terms.

                                                                            The rest of your post is to me, with all due respect, blatant armchair-engineering.

                                                                            Ha! Approaching a design question by first providing an implementation without discussion seems pretty backwards to me. Anyway, as far as I’m concerned I’m just talking design. Specifically I’m criticizing what I perceive as a deficiency in remotestorage’s capabilities. And arguing that a decentralized architecture doesn’t have to be slow, is at least as good as a centralized architecture, and better, in many regards, for end users.

                                                                            Let’s try something like Facebook. When I post any content at all, that content will have to be copied to all different pods,

                                                                            No, I was saying that this would be published to subscribing applications. There could be a Facebook application. And someone else could set up a Facebook-alternative application, with the same data, but a different implementation. Hey, you could even run your own instance of Facebook-X application.

                                                                            making me subject to the lowest common denominator of both their privacy policies and security practices.

                                                                            If you grant an application access to your data, you grant it access to your data. I don’t see a way around that puzzle in either a centralized or decentralized architecture. If anything, in a decentralized architecture you have more choices. Which means you don’t have to resign yourself to Facebook’s security and privacy policies if you want to interact with the “Facebook” network. You could move to Facebook-X.

                                                                            Now the slowest pod is a bottleneck for the entire network. Especially stuff like searching through public postings. How do you implement Twitter moments, global or even just local (on a geographical level, not on network topology level) trends?

                                                                            What I was describing was an architecture where pods just store data. Apps consume and present it. If I have an app, and I subscribe to X pods, there’s no reason I have to wait for the slowest pod’s response in order to construct a state that I can present users of my app.

                                                                            So for something like search, or Twitter moments, you would have an application that subscribes to whatever pods it knows about. Those pods publish notifications to the app over web socket, for example whenever a user tweets. Your state is a reduction over these streams of data. Let’s say I store this in an indexed lookup like ElasticSearch. So every time a user posts a tweet, I receive a notification and add it to my instance of ElasticSearch. Now someone opens my app, maybe by going to my website. They search for X. The app queries the ElasticSearch instance. It returns the matching results. I present those results to the user’s browser.

                                                                            Fetching the data from my pod puts the reader’s privacy at risk.

                                                                            Hmm, I’m not sure if we’re on the same page. In the design I laid out, the app requests this data, not the pod.

                                                                            1. 2

                                                                              With respect, “social media” and aggregator sites are red herrings here. They cant be made to protect privacy by their very nature.

                                                                              I’m more thinking about, say, ecommerce or sites that aren’t about explicitly leaking your data with others.

                                                                              1. 1

                                                                                “With respect, “social media” and aggregator sites are red herrings here. They cant be made to protect privacy by their very nature.”

                                                                                Sure they can. Starting with Facebook, they can give privacy settings per post defaulting on things like Friends Only. They could even give different feeds for stuff like Public, Friends Only, or Friends of Friends. They can use crypto with transparent key management to protect as much of the less-public plaintext as possible. They can support E2E messaging. They can limit discovery options for some people where they have to give you a URL or something to see their profile. Quite a few opportunities for boosting privacy in the existing models.

                                                                                Far as link aggregators, we have a messaging feature that could be private if it isn’t already. Emails and IP’s if not in public profile. The filters can be seen as a privacy mechanism. More to that point, though, might be things like subreddits that were only visible to specific, invited members. Like with search, even what people are looking at might be something they want to keep private. A combo of separation of user activities in runtime, HTTPS and little to no log retention would address that. Finally, for a hypothetical, a link aggregator might also be modified to easily support document drops over an anonymity and filesharing service.

                                                                      2. 9

                                                                        Because the most formidably grown business of late are built on the ability to access massive amounts of user data at random. Companies simply don’t know how to make huge money on the Internet without it.

                                                                        1. 3

                                                                          We did. They’re called browser cookies.

                                                                          The real problems are around an uneducated consumption-driven populous: Who can resist finding out “which spice girl are you most like?” – but would we be so willing to find out if it meant we get a president we wouldn’t like?

                                                                          It is very hard for people to realise how unethical it is to hold someone responsible for being stupid, but we crave violence: We feel no thrill that can compare serving food, working in an office, or driving a taxi. Television and Media give us this violence, an us versus them; Hillary versus Urine Hilarity or The Corrupt Incumbent versus a Chance to Make America Great Again, or even Kanye versus anybody and everybody.

                                                                          How can we make a decision to share our data? We can never be informed of how it will be used against us.

                                                                          The GDPR does something very interesting: It says you’re not allowed to use someones data in a way they wouldn’t want you to.

                                                                          I wish it simply said that, but it’s made somewhat complicated by a weird concept of “data” It’s clear that things like IP addresses aren’t [by themselves] your data, and even a name like John Smith isn’t data. Software understands data but not the kind of “data” that the GDPR is talking about. Pointing to “you” and “data” is a fair thick bit of regulation if you don’t want to draw a box around things and prevent sensible people from interpreting the forms of “data” nobody has yet thought of.

                                                                          But keep it simple: Would that person want you doing this? Can you demonstrate why you think that is and convince reasonable people?

                                                                          I’m doing a fair bit of GDPR consulting at the moment, and whilst there’s a big task in understanding their business, there’s also a big task getting them to approach their compliance from that line of questioning: How does this make things better for that person? Why do they want us to do this?

                                                                          We’re not curing cancer here, fine, but certainly there are degrees.

                                                                          1. 2

                                                                            Browser cookies is something that crossed my mind after I suggested this, but my experience as a web dev makes me immediately suspect of them as durable stores. :)

                                                                            I agree with your points though.

                                                                          2. 2

                                                                            This still doesn’t solve problems with tracking, because companies have already started to require GDPR opt-in to use their products (even when using the product doesn’t necessarily require data tracking), or to use their products without a degraded user experience.

                                                                            See cloudflare, recaptcha, facebook, etc.

                                                                            “You can’t use this site without Google Analytics having a K/V-auth-token”, “We will put up endless ‘find-the-road-sign’ captchas if we can’t track you”, etc.

                                                                            1. 6

                                                                              It’s a mistake to think you can “GDPR opt-in”. You can’t.

                                                                              You have to prove that the data subject wants this processing. One way to do this is to ask for their consent and make them as informed as possible about what you’re doing. But they can decide not to, and they can even decide to revoke their consent at any time until you’ve actually finished the processing and erased their data.

                                                                              These cookie/consent banners are worse than worthless; a queer kind of game people like Google are playing to try to waste time of the regulators.

                                                                              We will put up endless ‘find-the-road-sign’ captchas if we can’t track you

                                                                              I’ve switched to another search engine for the time being. It’s faster, the results are pretty good, and I don’t have to keep fiddling with blocking that roadblock on Google’s properties.

                                                                          1. 1

                                                                            I agree, polling is much better. I check my phone every 5 minutes to see if something has happened.

                                                                            Push notifications are only a symptom.

                                                                            1. 1

                                                                              I check my phone every 5 minutes to see if something has happened.

                                                                              I hope you don’t mean that literally, as if you did, I’d think having the phone do this for you would be a better option?

                                                                              1. 1

                                                                                My point is that I get push notifications less frequently than I would feel compelled to “poll” the phone myself. 5 minutes is an exaggeration.

                                                                            1. 3

                                                                              currently 1 developer and 2 community managers

                                                                              Am i the only one who is bothered by this? Its understandable for commercial projects, but i can’t imagine what a manager for an open source community is doing.

                                                                              1. 4

                                                                                Manager and community manager are very different roles. A community manager is anyone who manages the community through interaction. That can mean writing news posts, writing release notes, publishing a roadmap, responding to user questions on forums or IRC, moderating, and more. I can easily see how a Linux distribution could use two part time people to do all of those things.

                                                                                1. 2

                                                                                  Not sure why you think this is problematic. The concept of forum moderators, though not quite the same, has been around since forever.

                                                                                1. 13
                                                                                  • Semver allows me to break compatibility in major releases. The author recommends not to, and to support old interfaces for years. The latter is out of the question for hobby projects. The package manager of the language I use (e.g. Cargo, npm) is able to deal with this just fine. Apt is not.
                                                                                  • Cargo or npm allow me to lock all versions in my dependency tree and to restrict version ranges. Especially the latter is necessary for API breakages (in compliance with semver) to not be a problem. Again, it’s only apt that is not able to deal with this. Cargo or npm can resolve this conflict automatically and find appropriate versions, or do version splits if necessary. In Debian packaging, version splits are a manual task done by a person, which, to me, is the actual friction here.

                                                                                  As an application developer I don’t see why I should need to work around the deficiencies of distribution’s package management systems, especially when those deficiencies are admitted by the author. I am not convinced that I, as developer, should bother with Debian. All of the arguments in “why Debian?” are from the perspective of an end user.

                                                                                  The existence of Debian “stable” is actually a reason why I avoid Debian as a developer. Because what Debian considers “stable” comes at a price I don’t want to pay.

                                                                                  In that sense I reasonate with the post by Joey Hess much more than with this one. Because I really think it’s the distros who have a problem here. Not me. I can just statically link everything, put the resulting binary in a PPA and never need to bother with any of this.

                                                                                  1. 12

                                                                                    Everything made a lot more sense to me when I started to think about the fact that the npm model assumes that code is being deployed by a team of full-time developers who are paid to stay on the upgrade treadmill and work thru all the integration issues of pulling in different pieces that have never been tested together. In this context, you can’t afford to wait for a stable release of a whole distro; you’ve got the bandwidth and expertise and test infrastructure to handle making it work with just the pieces you know you need. But forcing the end-user to be responsible for that kind of integration would be a nightmare.

                                                                                    1. 3

                                                                                      The npm model works because it’s being deployed on top of a stable Debian system.

                                                                                      1. 2

                                                                                        I’m late to the party, but can you elaborate on this?

                                                                                    2. 1

                                                                                      The package manager of the language I use (e.g. Cargo, npm) is able to deal with this just fine. Apt is not.

                                                                                      Apt is perfectly able to cope with complex versioned dependencies, including “not compatible with libs < this version” and “this random point release actually changed the API so all the dependencies need to care about it, even though the developer claims otherwise”.

                                                                                      Exactly what feature do you think apt is missing?

                                                                                      1. 3

                                                                                        Version range restrictions (particularly upper bounds) are the default in Cargo and npm, while in apt they are only used if actually necessary. They’re not necessary if no breakage happens. That is the friction in apt for actually using semver to its full extent.

                                                                                        It’s more of a policy or best practice question than a technical one, but it doesn’t matter.

                                                                                    1. 3

                                                                                      I wish more folks involved in packaging for Linux distros were familiar with Homebrew. Obviously not everything Homebrew does is applicable to Debian, but the ability for folks to show up and easily contribute new versions with a simple PR is game changing. Last night I noticed that the python-paramiko package in Debian is severely out of date, but the thought of trying to learn the various intricacies of contributing to Debian well enough to update it is turns me right off.

                                                                                      1. 15

                                                                                        As an upstream dev of code that’s packaged with Homebrew, I have noticed that Homebrew is by far the sloppiest of any packagers; there is basically no QA, and often the packagers don’t even read the instructions I’ve provided for them. I’ve never tried it myself, but it’s caused me a lot of headaches all the same.

                                                                                        1. 2

                                                                                          I just looked at the packaging information for paramiko and I have more questions than before:

                                                                                          How does this setup even work in case of a security vulnerability?

                                                                                          1. 4

                                                                                            Unfortunately, Debian has still a strong ownership model. Unless a package is team-maintained, an unwilling maintainer can stall any effort to update a package, sometimes actively, sometimes passively. In the particular case of Paramiko, the maintainer has very strong opinions on this matter (I know that first hand).

                                                                                            1. 1

                                                                                              Strong opinions are not necessarily bad. Does he believe paramiko should not be updated?

                                                                                            2. 3

                                                                                              How does this setup even work in case of a security vulnerability?

                                                                                              Bugs tagged as security problems (esp. if also tagged with a CVE) get extra attention from the security team. How that plays out depends on the package/bug, but it can range from someone from the security team prodding the maintainer, all the way to directly uploading a fix themselves (as a non-maintainer upload).

                                                                                              But yeah in general most Debian packages have 1-2 maintainers, which can be a bottleneck if the maintainer loses interest or gets busy. For packages with a lot of interest, such a maintainer will end up replaced by someone else. For more obscure packages it might just languish unmaintained until someone removes the package from Debian for having unfixed major issues.

                                                                                          1. 19

                                                                                            A major reason I use Debian is that, as a user, I consider 90% of software lifecycles to be utterly insane and actively hostile to me, and Debian forces them into some semblance of a reasonable, manageable, release pattern (namely, Debian’s). If I get the option to choose between upstream and a Debian package, I will take the latter every single time, because it immediately has a bunch of policy guarantees that make it friendlier to me as a user. And if I don’t get the option, I will avoid the software if I possibly can.

                                                                                            (Firefox is the only major exception, and its excessively fast release cadence and short support windows are by far my biggest issue with it as a piece of software.)

                                                                                            1. 5

                                                                                              I never really understood why short release cycles is a problem for people, but then I don’t use Debian because of their too long ones. For example, the majority of Firefox’s releases don’t contain user-visible changes.

                                                                                              Could you elaborate what your problems with Firefox on Debian are? Or why software lifecycles can even be hostile to you?

                                                                                              1. 8

                                                                                                I’m with you. I update my personal devices ~weekly via a rolling release model (going on 10 years now), and I virtually never run into problems. The policies employed by Debian stable provide literally no advantage to me because of that. Maybe the calculus changes in a production environment with more machines to manage, but as far as personal devices go, Debian stable’s policies would lead to a net drain on my time because I’d be constantly pushing against the grain to figure out how to update my software to the latest version provided by upstream.

                                                                                                1. 3

                                                                                                  I’ve had quite a few problems myself, mostly around language-specific package managers that break something under me. This is probably partly my fault because I have a lot of one-off scripts with unversioned dependencies, but at least in the languages I use most (Python, Perl, R, shell, etc.), those kinds of unversioned dependencies seem to be the norm. Most recent example: an update to R on my Mac somehow broke some of my data-visualization scripts while I was working on a paper (seemingly due to a change in ggplot, which was managed through R’s own package manager). Not very convenient timing.

                                                                                                  For a desktop I mostly put up with that anyway, but for a server I prefer Debian stable because I can leave it unattended with auto-updates on, not having to worry that something is going to break. For example I have some old Perl CGI stuff lying around, and have been happy that if I manage dependencies via Debian stable’s libdevel-xxx-perl packages instead of CPAN, I can auto-update and pull in security updates without my scripts breaking. I also like major Postfix upgrades (which sometimes require manual intervention) to be scheduled rather than rolling.

                                                                                                  1. 2

                                                                                                    Yeah I don’t deal with R myself, but based on what my wife tells me (she works with R a lot), I’m not at all surprised that it would be a headache to deal with!

                                                                                                2. 7

                                                                                                  Every time a major update happens to a piece of software, I need to spend a bunch of time figuring out and adapting to the changes. As a user, my goal is to use software, rather than learn how to use it, so that time is almost invariably wasted. If I can minimize the frequency, and ideally do all my major updates at the same time, that at least constrains the pain.

                                                                                                  I’ve ranted about this in a more restricted context before.

                                                                                                  My problem with Firefox on Debian is that due to sheer code volume and complexity, third-party security support is impossible; its upstream release and support windows are incompatible with Debian’s; and it’s too important to be dropped from the distro. Due to all that, it has an exception to the release lifecycle, and every now and then with little warning it will go through a major update, breaking everything and wasting a whole bunch of my time.

                                                                                                  1. 4

                                                                                                    Due to all that, it has an exception to the release lifecycle, and every now and then with little warning it will go through a major update, breaking everything and wasting a whole bunch of my time.

                                                                                                    I had this happen with Chromium; they replaced the renderer in upstream, and a security flaw was found which couldn’t be backported due to how insanely complicated the codebase is and the fact that Chromium doesn’t have a proper stable branch, so one day I woke up and suddenly I couldn’t run Chromium over X forwarding any more, which was literally the only thing I was using it for.

                                                                                                    1. 2

                                                                                                      Ha, now I understand why I use emacs. It hasn’t changed the UX in years, if not decades.

                                                                                                    2. 4

                                                                                                      Because you need to invest into upgrading too much of your time. I maintain 4 personal devices with Fedora and I almost manage to upgrade yearly. I am very happy for RHEL at work. 150 servers would be insane. Even with automation. Just the investment into decent ops is years.

                                                                                                      1. 2

                                                                                                        For me there is an equivalence between Debian stable releases and Ubuntu LTE ones, they both run at around 2 years.

                                                                                                        But the advantage (in my eyes) that Debian has is the rolling update process for the “testing” distribution, which gets a good balance between stability and movement.

                                                                                                        We are currently switching our servers from Ubuntu LTE to Debian stable. Driven mostly by lack of confidence in the future trajectory of Ubuntu.

                                                                                                    1. 6

                                                                                                      I think this is a misguided blaming of the language when the programmer is at fault. If you are catching an exception in JavaScript, verify the type of exception before continuing. This is just a straightforward necessity when you don’t have a language with static types.

                                                                                                      So there are two programmer errors in the example: the typo of ‘sedn’ and the absence of a branching for the ‘nouser’ exception.

                                                                                                      I get that it’s not fun and the overall point is that JavaScript should handhold the programmer a bit better, but hey, it’s JavaScript and we’re used to Stockholm syndrome.

                                                                                                      1. 4

                                                                                                        In Python and Ruby the popular linters will point this kind of code out for catching all exceptions. There’s got to be an equivalent in JS.

                                                                                                        1. 1

                                                                                                          I think verifying the type of the exception is difficult in practice. It is not a uniform practice to use granular “subclasses” so the instanceof operator can’t really help with application-specific or library-specific errors. You end up with very ad-hoc set of codes or flag properties that are just in no way comprehensive, stable, or reliable. I think the best you can do is what bounce does which is detect the 6 known programmer errors, but now we’re basically accepting the fact that what javascript itself provides is just not sufficient to properly categorize.

                                                                                                        1. 10

                                                                                                          How to make OSS maintainers cry: Make a talk at a large conference where you publicly shame their software by name. Make sure to include screenshots of GitHub discussions with the maintainer’s username visible. Tell people that the project you just ripped into has a booth at the same conference, tell them to check the booth out.

                                                                                                          Put some slides inbetween to tell everybody it’s just a joke.

                                                                                                          Oh, and pick a title for your talk that makes it sound like you’re the victim.

                                                                                                          1. 2

                                                                                                            I watched the video again after reading this comment, and I have to say, it doesn’t seem so bad to me. Yes, it makes fun of particular packages, but it’s really not in a nasty way, and the examples it presents are public anyway. It’s also quite funny in many places, and I think the fact that it’s intended as humorous is pretty obvious.

                                                                                                          1. 3

                                                                                                            Step-by-step I’m rewriting vdirsyncer in Rust. Right now I’m trying to (unsuccessfully) debug a segfault that happens only in the legacy Ubuntu Trusty environment of Travis (switching to Ubuntu Precise helps), but not in an equivalent local VM: https://github.com/pimutils/vdirsyncer/pull/698

                                                                                                            Apart from that:

                                                                                                            • I’ve just returned from FOSDEM and I try to figure out what I could work on next
                                                                                                            • A bit of studying. One exam still left for this semester
                                                                                                            • Working
                                                                                                            1. 3

                                                                                                              Neat idea. How about making your .bash_history file a named pipe and have the script read from that, instead of using PROMPT_COMMAND?

                                                                                                              1. 4

                                                                                                                I did this at a hackathon. I found it kept having weird sync issues with a lot of shells open, but didn’t have time to fully investigate.

                                                                                                                1. 1

                                                                                                                  Won’t this block your shell after a while if the reading process somehow dies?

                                                                                                                  1. 1

                                                                                                                    Yep. Equally PROMPT_COMMAND could cause delays/hangs depending on connectivity to the remote system.

                                                                                                                  2. 1

                                                                                                                    That’s a very creative idea that I hadn’t thought of. I did want to avoid interfering with the client system’s history mechanism though.

                                                                                                                    1. 1

                                                                                                                      Ah, good point!

                                                                                                                  1. 4

                                                                                                                    Ever typed anything like this?

                                                                                                                    $ grp somestring somefile
                                                                                                                    -bash: grp: command not found
                                                                                                                    

                                                                                                                    Sigh. Hit ‘up’, ‘left’ until at the ‘p’ and type ‘e’ and return.

                                                                                                                    Yeah, but I finnd using “up” “Ctrl-a” “Ctrl-d” “grep” easier, especially as an emacs user.

                                                                                                                    Generally speaking that would say that’s the biggest “hidden” feature of bash: emacs bindings by default. And that’s not only limited to movement commands like C-a, C-e, C-p, M-b, etc. You can kill lines or words with C-k or M-d, and yank them back in when needed with C-y. There’s even an “infinite kill-king” (by far the coolest name for a editor feature), to replace the last yanked section with the next item in the kill-ring. Of course, not everything is implemented, so theres no hidden mail client or M-x butterfly, but if you already are used to the default emacs editor binding, you get used to this quickly. And afaik, all tools that require GNU readline can do this. I just tested it out with Python, and it seemed to work.

                                                                                                                    I also recall reading something about vi-bindings in the bash manpage, but I can’t testify on how useful harmful, annoying or useless they are.

                                                                                                                    1. 6

                                                                                                                      Emacs bindings by default is also one of the biggest hidden features of MacOS: the bindings work in all GUI text fields.

                                                                                                                      1. 1

                                                                                                                        Wow, I learned something new today. Prompted by your comment, I found this table comparing emacs bindings, OSX’s version of emacs bindings, and the more traditional Mac-style bindings for various operations.

                                                                                                                        Looks like emacs’s M- bindings are mapped to ctrl-opt- on MacOS, which isn’t super convenient (e.g. I don’t see myself getting in the habit of using ctrl-opt-f over opt-rightarrow to move forward a word), but most of the C- bindings are convenient enough.

                                                                                                                        1. 1

                                                                                                                          I just discovered this a few days ago by accident because I have it set in GTK so I can use the bindings in my browser. I had to use a colleague’s (who is on macOS) browser and I just used them without thinking and only later realised ‘hey, wait a minute, why did that work?’.

                                                                                                                          1. 1

                                                                                                                            This is a major reason why I stay on OS X. I’m pretty sure I could reconfigure some Linux to get most of this, but probably not all of the niceness of text fields

                                                                                                                            Would love to be proven wrong though

                                                                                                                            1. 3

                                                                                                                              I haven’t used GNOME for a while now, but I remember there being an option somewhere to used emacs keybindigs. And as it seems, all you need nowadays is to install the GNOME tweak tools, to activate it.

                                                                                                                              (Alternatively, just use Emacs as your OS, heard they’ve got good support for emacs keybindings)

                                                                                                                              1. 2

                                                                                                                                Just FYI: That page is outdated, being written for 2.x era Gnome. Now the Emacs Input toggle is under the Keyboard & Mouse section.

                                                                                                                          2. 3

                                                                                                                            Yeah, won’t disagree. Occasionally, I find myself reaching for the caret because it comes to mind first.

                                                                                                                            I’m an avid vi user, but the vi bindings on the command line never take for me. I always go back to the emacs ones.

                                                                                                                            1. 3

                                                                                                                              I use vi vindings and love them! I also never use ^ because I prefer interactive editing.

                                                                                                                              It’s really nice that they work in Python and R as well as bash (because Python and R both use readline).

                                                                                                                              In fact I think a large part of the reason that my OCaml usage trailed off is that the REPL utop doesn’t support readline. It only has emacs bindings!

                                                                                                                              For those who don’t know, here is the beginning of my .inputrc:

                                                                                                                              $ cat ~/.inputrc 
                                                                                                                              set editing-mode vi
                                                                                                                              
                                                                                                                              set bell-style visible    # no beep
                                                                                                                              
                                                                                                                              1. 2

                                                                                                                                Deleting words with C-w is also very helpful ime.

                                                                                                                                1. 1

                                                                                                                                  I use fc for that. Opens your $EDITOR with the last command in a file, the edited command will be run

                                                                                                                                1. 2

                                                                                                                                  The AOSP keyboard has both “Gesture Typing” and Emoji Support, I don’t think AnySoftKeyboard was necessary here.

                                                                                                                                  1. 2

                                                                                                                                    I’m pretty sure gesture typing requires a proprietary library. I have LineageOS 14.1 without Google apps, there’s no gesture typing.

                                                                                                                                    1. 1

                                                                                                                                      I’m not entirely sure, but I had to explicitly enable it in the keyboard settings.

                                                                                                                                      It also seems that my keyboard is called “AOSP Keyboard” but idk how much that means.

                                                                                                                                      1. 1

                                                                                                                                        Yeah, AOSP Keyboard, but if you have gapps installed, it will load a proprietary shared library that implements gesture typing.