I don’t think the fines for violating GDPR are large enough to make Facebook think twice about ignoring it. Short of dissolving Facebook and seizing its assets under civil forfeiture, no civil or criminal penalty seems severe enough to force it to consider the public good.

I heavily used coroutines in Python 2 via twisteds inlineCallback decorator. It was awesome.

This is only the first link, but there are others, like http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html

For me, this only means that only Android ROM’s like LineageOS are usable.

There is also something to be said when these ‘backdoor APIs’/bugs are being inserted behind the doors vs in the daylight.

I’m sure you are aware of the distinction, but not sure why you seem to condone it.

there’s an entirely domain of expertise dedicated to reverse engineering what no-source-available code does

OK, but the cost of determining whether something is malicious is incredibly high for closed-source software compared to open source. Prohibitively so, for the vast majority of users.

Any technique you can use to audit closed source software, you can use to audit open source software, right? But you also have the source code, the commit history including who committed what, diffs between versions, code comments, etc.

Plus there’s the social factor. If somebody at Microsoft adds a backdoor to Windows, outsiders might notice the unusual network traffic, but they have no chance to see the code. All the committers to Windows are under NDA and can be pressured to be quiet. Whereas adding a backdoor to Linux would mean sneaking it past a bunch of people whose only unifying motive is to produce a good OS, and keeping them all from noticing it indefinitely. It’s a much harder task.

So open source makes it much harder to add back doors and much easier to find them. It’s not perfectly safe, but it sounds a heck of a lot safer.

You are technically right in saying that there are domains of expertise dedicated to reverse engineering closed source, and these folk tend to be really good.

Making this the argument towards trusting closed source is moot. There is plenty of closed source that isn’t actively reversed, and audited, which is used heavily. Tax software, Search engines, you name it …

As Ken Thompson showed, this argument is also wrong in that even if you can see the source, the binary that’s actually running could have been diddled in some way. And it’s not even that hard to get backdoors into source without people noticing, as Heartbleed and the Underhanded C Contest and so on show.

Still, you can’t really reverse engineer something as huge as Windows.

EDIT: Even if you were able to reverse engineer it, you can’t really modify it, unless you break the EULA. Even then, it’s a play of cat and mouse - you hack Windows to change its behaviour and then Microsoft patches it, so you need to find another hack.

I suggest mentioning 3rd party evaluations instead of RE. People or organizations you trust get the source, vet it, and sign its hash. That was how security evaluations at government have been done since 90’s. It can be pretty cheap if software isnt humongous.

Interestingly, still necessary for FOSS since that gets so little review. Like in closed-source, most users just trust a 3rd party saying it’s good.

This isn’t really true, there’s an entirely domain of expertise dedicated to reverse engineering what no-source-available code does, and folks who do this for a living are really good.

This is like saying terrorism is okay because there’s an entire domain of expertise dedicated to stop people from blowing up a schoolbus with a martyr vest and these experts (at least some of them) are quite good at it.

Open source and free software are superior to closed source proprietary software. All else being equal, there is no reason to use a closed software over an open one.

Just because you can mitigate the awfulness does not make something good.

There is something mind-numbing about HN that makes it difficult to be a part of that community.

It’s the size.

Lobste.rs feels better because it’s still small, but if we grow, this feel will dwindle. There’s nothing wrong about it, it’s just how communities evolve.

There are some topics on lobste.rs that are completely predictable, but not many.

The author of the article is pointing out genuine misuse of assert() in the program. Asserts are used explicitly to catch “impossible” program states, thus helping the debugging and development process. They are meant to be redundant. If an assertion fails, it shows that you have a bug in your code. The fact that the original authors of the code are using these as a way to check user input, as well as check if something that has side effects has succeeded, shows that they have a fundamental misunderstanding of what asserts are actually used for.

Assert is disabled with NDEBUG. The Debug vs Release issue the author is talking about seems more like an IDE thing.

This is more than an “IDE thing”. Programs depend on these compile-time definitions to include or exclude special debug information - like asserts or compile-time warnings. This source was abusing the use of asserts, which as a side effect, made DEBUG/NDEBUG symbols effectively useless, as the behavior of the program would depend on only ever being in “debug” mode.

Surely you don’t go 1 month, or more, back in this scan?

I do this as well. The comments are like half the value of lobste.rs for me, so I appreciate being able to follow them.

Interesting, I am going to give it a try.

I am curious to know the comment rate. ~15-20 comments per hour (based on the last 3 hours), not so high for the previous hours.

Is lobste.rs site/traffic data accessible to users? I bet we could come up with a few interesting ways to curate our information based on some trends. And a few memes of course.

Years ago there were a lot of modems and network devices (routers, etc.) where the Tx and Rx LEDs (or equivalent) had sufficiently fast response times that you could actually read the data going through the device [cite]–no special software required.

The novelty is in leaking the information covertly with some sort of control. Observing a user’s screen isn’t exactly the same.

Previously nothing would work in standard Signal without GCM, it required patches to get messaging working and even with the patches voice wouldn’t work. Standard Signal should now work without GCM and voice works too (via the new WebRTC code). Battery life will be worse as it can’t use a shared GCM connection for the push notifications, but how much worse depends.

I use Copperhead OS. There is a port of signal called Noise. It works without play services and is available on F-Droid. Its packaged and maintained by Copperhead.

Can’t promise it will work for you, but here is the link: Noise (Signal-compatible encrypted messaging app) - https://f-droid.org/app/co.copperhead.noise

Technically UDP is 11 months older than TCP. :)

What you may mean is, TCP is more specific than UDP.

Quoting a colleague of mine:

You can potentially implement TCP over UDP, but not the other way round.

It’s been a while since I’ve seen this, but looking over it now, it is talking about shapes and a social phenomenon. Obviously this is a metaphor for the influence of race on neighborhood selection, and some of those points might be racially uncomfortable, but it certainly isn’t encouraging anything problematic (in fact, I think it’s doing the opposite).

What about polygons who don’t identify as their shape?

If you’re being genuine, then the answer is this: you can’t really choose your racial identity, at least not in a social sense (have people see you/treat you as that identity). I’m white, I cannot identify as Black. Like, I can say the words “I identify as Black”, but I’m not really doing anything meaningful of the sort. Similarly, a Black woman can’t identify as non-black and suddenly have the world open up to her.

If you are making a “but why can’t I identify as <gender-i-perceive-as-made-up-or-inconsistent>” “joke”, then that’s transphobic. Trust me, I’d know.

Or polygons who move for career opportunities and don’t care about the shape of their neighbors?

As a social commentary you’re missing the point. Look up all of the different forms of housing discrimination that Black communities have had to face throughout the previous generations, especially how many polarized neighborhoods there are (The Case for Reparations for an overview with solid research and personal experiences). So really the article is saying that even small amounts of racial bias can have a large impact on how communities self-regulate to becemoe racially homogenous. And the fact that some people in otherwise segregated areas (ie, communities where more racial bias is present) would choose to live in a neighborhood otherwise entirely another race, doesn’t really effect that point.

Is it oversimplified? Maybe, but that’s only because of the way we are assigning it to a social stance. It is a powerful visualization of how far even small racial biases can go. You shouldn’t be so dismissive.

What about polygons who don’t identify as their shape?

I’m gonna bite, despite agreeing with Irene’s comment that this is almost never asked in earnest, and I’m not convinced it is here.

The reality is, society at large treats you as they perceive you. If they perceive you as a square, you’ll get treated like a square. If they perceive you as a triangle, likewise. In all the respects that “identify as a shape” can actually map onto reality — this doesn’t apply to race, but does apply to gender — people usually make efforts to change the way they’re perceived. They’re often successful at this, and as a result (going back to the analogy), the shape that identifies as a circle (regardless of what shape they started as) is perceived as a circle and treated as such.

For shapes who identify as neither square nor triangle, it again comes down to how they’re perceived. Shapes tend to want to fit other shapes into either the ‘square’ or ‘triangle’ pigeonholes, even in spite of strong evidence that the pigeonholes don’t completely describe the shapes available.

Some shapes identify as the binary opposite to that which they started out at, but for many reasons — often class related — they can’t do everything others can to present as their identified shape. This doesn’t just mean the square identifying as a triangle gets treated as a square — they get perceived as a square “trying to be” a triangle, and the treatment Shape Society™ offers them is far, far worse.

In short, the social commentary is entirely adequate for what it’s describing, and your tangent is pretty tangential, but I hope maybe this helps elucidate something.

I was really impressed with the javascript, and went for it, missed the visualization tag (probably lost focus by the time I got down to v). But fair point.

I am not going to argue over the math tag, but if people here think it doesn’t deserve a math tag, I will remove it. I thought it was somehow deserved.

Perhaps culture.

I definitely thought so.

So simple, yet profound.

Beaware of the local minima you are settling down in.

I have spent the last couple of days wrangling with generators and co-routines in Python2. I wish the project I’m working on was started in Python3 (considering it’s 2 years old). Python3 is light years ahead in terms of async programming features baked in.

You can start calculating by looking at Python 3.0’s release date (in 2008) and then wonder why it hasn’t been adopted within 8 years. But I think of this differently.

The first viable candidate for a Python 3 migration is Python 3.4. It’s the release you pick, when you want to maintain a 2 and 3 compatible code base, which is what many libraries need to do. And it is kind of known in the community that 3.0 had a few regressions in terms of stability and speed over 2.7 (never used 3.0 so this is hearsay, nevertheless even that hearsay would keep me from migrating 2.7->3). Now Python 3.4 was released in 2012. which is basically 4 years ago. 4 years is a long time, but it definitely isn’t 10 years.

The problem with Python 3 is, of course, that Python 2 is “good enough”.

Indeed, and during Python 3’s development and release cycle, Python 2.7 also saw improvements, patches, etc. which means, that it didn’t immediately started to decay, like any other unmaintained software would.

Now, if you run Python on a Desktop, it was definitely possible to use Python 3.4 as it was released. But if you run Python on servers, you are bound by the release schedule of your distribution. So until you migrated from Debian wheezy to Debian jessie, you were essentially bound [$] to Python 2. Coincidentally, 2015 was the year when I started to hear many success stories at Python conferences on the hallway tracks: “We did it”, or “I was surprised how easy it was”. For many, now is the time that many passionate Python devs realize: Ah, I finally could use Python 3, let’s see if my code will work on it. And suprise, surprise it works.

[$] And since Python is often used in linux distributions, you are not as likely to manually roll out an official release but stick to the distribution-provided one. If you would run Haskell for example, you would probably have a independent update cycles for your linux distribution and Haskell.

clean Unicode/bytes distinction

The author argues it isn’t clean, and it’s actually obnoxious, counterintuitive, and frustrating.

In an attempt to make their strings more “international” they turned them into difficult to use types with poor error messages. Every time you attempt to deal with characters in your programs you’ll have to understand the difference between byte sequences and Unicode strings.

If we have a string and a bytes type then when we [concatenate them] we get an error, and [using .format()] we get a repr formatted byte string.

I agree with the author on this, even if the rest is classic Zed Shaw angry rambling. It’s a huge pain in the ass. Go has a clean unicode / bytes distinction, python3 does not. Or maybe it does, and I’m just a foolish peasant for wanting to write scripts in python without screwing around with unicode.

I would divide Python unicode users into three groups:

1. For English speaking beginners and those writing simple scripts that don’t need unicode, Python 2 wins by a mile.
2. For non-English speaking beginners, Python 3 definitely wins, but probably not by all that much as most non-English speakers are used to painful internationalization issues (I know, this isn’t fair, but it’s true).
3. For projects which have to consider unicode from the start, Python 3 is better. However, the lack of compatibility with older Python 2 libraries is so painful that it cancels out any benefit that you can get from better unicode support.

IMO, Python 3 has been a huge failure, and while I’m sure it’s painful for the core development team, it should be dropped sooner rather than later.

But what do you think Python3 is killing?

It’s clearly killing python2, but programmers, instead of redeveloping their python2 knowledge inside python3 are considering other, more durable languages.

I’ve still got C and perl programs more than twenty years old that are running in production (and on the Internet).