1. 3

    It’s not clear why TCO needs to be supported by JVM if the optimization is already done by the JVM code generator. Clojure must be fine in that respect.

    1. 4

      Exactly; there’s no reason a good (JIT-)compiler can’t do that. However, Clojure does not do that. It relies on hacks like recur to have the programmer manually inform the runtime that they want tail calls.

      1. 4

        The JVM can support tail recursion but not generalized tail calls. (JVM bytecode does not allow goto to cross method boundaries.) But I don’t think the author actually understands this level of nuance and instead just says “JVM bad” and ignores that many other non-lisps (like Lua) do in fact have TCO.

        1. 2

          The author says “the JVM does not support it [generalized tail recursion], … so, I always view any functional language targeting the JVM with great suspicion”. In my reading, this is far enough away from “JVM bad”.

          Some Lisp users are very fond of their abstractions and telling them “it has TCO, you just have to use recur” might not sway them that much.

          1. 3

            Fair; I honestly didn’t finish reading the article because the tone felt too cheerleader-ish at the top, and because I hate it when articles tell other people what they should do.

      1. 21

        These statements annoy me:

        Heck, if you ask some people, Rust is less secure than a GC’ed language for web apps if you use any crates that have unsafe code - which includes Actix, the most popular web framework, because unsafe code allows things like deferencing raw pointers.

        I can’t help but think calling the unsafe keyword unsafe was a potential marketing error. Actually, within the rust community it helps to keep the portions of unsafe -marked code lower.

        But many people short circuit to the conclusion that code with the unsafe keyword must be, indeed, unsafe. Maybe, they should think of it as expert or free code that relaxes some constraints (and by far not all, you have still more checks than in normal C++).

        In terms of Rust unsafe, Java/ruby is full of unsafe code since some crucial safety guarantees in these languages are weaker. Obviously, there is a lot of unsafe rust code in the Rust std lib and especially in low level libraries. If this code is carefully vetted, this is all good. Rust allows you to focus extra attention on the small blocks of unsafe code.

        Will I avoid unsafe code when I can? Yes. Should popular libraries make prudent use of unsafe if it results in large benefits? Absolutely. Is that dangerous? Not more than in other languages without these restrictions but yeah, it requires great care that you can avoid if you avoid unsafe.

        1. 8

          It’s an especially annoying considering that performance-critical parts can always be written in unsafe ways, GC’d language or not. A prime example is uwsgi for Python.

          1. 5

            @matklad Thank you for pointing out weak parts in my post. I wanted to post this as a separate reply to your reply but lobste.rs prevents me from multiple replies in short succession??

            Having to mark certain snippets of code as unsafe is a great tool – that not all languages have. The less unsafe you use, the easier it is to achieve the security, of course, without being a genius or having lots of people helping out.

            We agree that unsafe code should be avoided and carefully weight against advantages. I personally thing that well-reviewed libraries are a good place for unsafe code with huge performace benefits: crossbeam, …

            To quote from async-std security:

            Writing a highly perfomant async core library is a task involving some instances of unsafe code.

            To clarify my remarks on the comparison to “GC’d languages”:

            A) The quote compares safety of Rust to “GC’d” languages and says that Rust is maybe less unsafe because it uses “unsafe” code in its libraries.

            I’d argue that there is no completely “safe” web app stack in any language that I am aware of. (and then you’d have to deal with compiler errors, operating systems, …)

            If you look at NodeJS or Ruby on Rails, the interpreters and the HTTPS stacks contain lots of native code that isn’t verified by a smart compiler for safety guarantees. Correct me if my assumptions are wrong. I’d not be surprised if a Rust web app with actix contained a lot less “unsafe” code (in the Rust meaning) than an app built with these other stacks.

            Of course, maybe more importantly, counting unsafe code lines is only a proxy argument because we cannot measure security: One line of unsafe code can destroy the safety of the whole application in crucial ways as can a compiler or std library bug. And a library like actix with six usages of unsafe could be completely secure. Or not.

            B) I didn’t say what I meant with “crucial safety guarantees”, it was misleading. What I had in mind was more than only basic memory safety. The initial quote was about security. The argument was that Rust was less secure than “GC’d’ languages. I don’t believe that Rust code is usually less secure than that of GC’d languages and the expressive type system and guarantees that go beyond basic memory safety contribute to that.

            I hope that makes sense. I wish I could make my point clearer in less words ;)

            1. 5

              Thanks for the clarification! I think we are in a broad agreement here. In a narrow sense, unsafe is a sharp tool, easily misused, and dangerous even in the hands of an expert. However, it does improve the overall system’s security.

              I violently agree with your point about full-stack safety of web apps. On the one hand, Rust’s unsafe (unlike Python’s ctypes) is available to “application programmer”, and pulls in the less safe direction. On the other hand, safe Rust is available to “systems programmer” (which again is unlike ctypes), and this massively improves the safety of lower levels of the stack, which feels like a bigger deal.

              I also agree that Rust’s other type-system niceties improve application level correctness (and hence security) in comparison to current crop of popular static or dynamic languages.

              That being said, I expect in the web domain specifically, application-level security (csrf tokens, protection against SQL injection, not storing passwords in plain text, etc) is a relatively bigger issue than execution-environment security. And here I expect a lot depends on maturity. I am not an expert in web dev, and, at this point I think I’ll be able to develop overall more secure web app with Django, as that should be much more hardened against misuse by web-security-naive programmers.

              1. 1

                Interesting point about what is “available” to the “application programmer.” I guess the “available” is in terms of convenience and just writing unsafe somewhere is very convenient.

                I, for myself, was never tempted to use unsafe but I neither wrote a low-level lib nor should I assume that I am the standard… I might be overcareful. And I can already shoot myself in the foot with misunderstanding atomic variables in safe code already ;)

            2. 4

              But many people short circuit to the conclusion that code with the unsafe keyword must be, indeed, unsafe.

              The short-circuiting might be wrong, but I personally don’t disagree with the conclusion. Unsafe code is hard, even widely battle tested things like SmallVec get CVEs. So, in practice, rust with unsafe does have memory safety issues due to bugs (although it’s important to keep in mind that Rust CVE have a somewhat lower bar, as theoretical, and not only practical, unsoundness counts).

              In terms of Rust unsafe, Java/ruby is full of unsafe code since some crucial safety guarantees in these languages are weaker.

              I am not sure I exactly understand what you are saying here. I think I agree with the general idea, but I disagree with the specific wording. In the context of Rust, unqualified safe/unsafe refers to memory safety, and, in terms of memory safety, Rust, Ruby, and Java are roughly equivalent (roughly because there’s extensions/ffi/native runtime angle). Things like iterator invalidation are not covered by the safety terminology.

              1. 9

                Frankly, if we hadn’t had years of the Rust Evangelion Strike Force shitting on C and C++ for their use of unsafe pointers and whatnot, this might fly.

                This charity wasn’t extended to references and some of the nice pointer types in C++ that solve memory safety issues, so why should we give unsafe a pass now?

                Sorry your language doesn’t actually match its marketing.

                1. 24

                  Your ax grinding is absurd. It is possible to entertain two different problems simultaneously:

                  • People get too excited about new technology like Rust and oversell its benefits by stating misleading things like “Rust can’t have memory safety bugs.” (I personally have been pretty consistent and vocal about clarifying this particular point.)
                  • People get too curmudgeony and undersell Rust’s benefits by pointing to existence of unsafe as proof positive that Rust is no better than [insert other language here].

                  Really, it’s not difficult to see how both of these problems can exist simultaneously. Just because the first exists doesn’t mean we can’t also talk about the second.

                  Your consistent anti-RESF ax grinding is really just as bad as RESF zealots, if not worse. And yours has been going on for years too.

                  1. 7

                    You didn’t say a damn thing when the user I replied to said “oh ho ho Rust is no less safe than Java or Ruby, if you just vet the code”. This is the same argument as neckbeards going “C is safe if you just write the code carefully!”. It’s pretty obvious when you give a pass to one but not the other.

                    Again, for context:

                    In terms of Rust unsafe, Java/ruby is full of unsafe code since some crucial safety guarantees in these languages are weaker. Obviously, there is a lot of unsafe rust code in the Rust std lib and especially in low level libraries. If this code is carefully vetted, this is all good.

                    Kettle meet pot, and you’re experienced enough (grats on ripgrep) that you should know when shilling is happening.

                    Anyways: my grinding has been consistent, for years, because the RESF has been obnoxious, for years.

                    I have observed no patterns of this behavior behind other C/C++ replacements. The D folks are underappreciated and chill. The Zig people don’t spam message boards and bug trackers asking to rewrite things in Zig. The Nim community, to my observation, don’t show up in every comment section to talk about how impossible is is to write safe software in C and how Nim is the answer, every time C shows up. Go people seemingly are too busy shipping useful utilities to even talk very much about Go being better than C–even at the height of Google’s shilling of it.

                    And every time this gets brought up, people like you show up to motte-and-bailey it and go “oh no no, who are those other ruffians, we’re just a kind and inclusive and loving community, oh we’d never say anything bad about another language, perish the thought!” This is a real problem, and just because y’all either can’t or won’t acknowledge it doesn’t mean the damage hasn’t been done to people outside your blessed tribe.

                    ~

                    The hell of it is, I think Rust is a neat language with some neat features. I think it has some cool things going for it, even though the Rust talking-point bingo is predictable (almost as much as Elixir bingo). I can list the ideas I like from it, and if my workflow looked like it needed Rust more than what I’m already doing, I’d be excited to switch.

                    I just don’t like a community whose evangelism seemingly requires pervasive and persistent propaganda and, at times, lying. It shows a lack of moral character and engineering rigor that makes me concerned for the long-term health of the ecosystem.

                    1. 12

                      You didn’t say a damn thing when the user I replied to said “oh ho ho Rust is no less safe than Java or Ruby, if you just vet the code”.

                      Because that isn’t a sensational thing to say? It’s nowhere near the same as the “neckbeard C programmer” you alluded to.

                      Kettle meet pot, and you’re experienced enough (grats on ripgrep) that you should know when shilling is happening.

                      Anyways: my grinding has been consistent, for years, because the RESF has been obnoxious, for years.

                      Is this some kind of joke? And you aren’t obnoxious? If that isn’t the kettle calling the pot black, then I don’t know what it is.

                      It’s one thing to respond and clarify things said by the “RESF” (and other claims made by zealots), but you go far beyond that and consistently engage in this meta flame war.

                      I have observed no patterns of this behavior behind other C/C++ replacements.

                      Well, what patterns of behavior have you observed among C/C++ programmers? The D, Nim and Zig communities aren’t nearly as big as Rust’s. And Go doesn’t really bring any new big ideas to the mainstream, so I really wouldn’t expect people to get that excited about it. That’s a feature of Go IMO. You also have immense pressure against talking about Go anyway, lest you be shouted down by PL zealots. (Zealots zealots everywhere, yet you seem to love to grind against one particular group in particular. How… obnoxious?)

                      And every time this gets brought up, people like you show up to motte-and-bailey it and go “oh no no, who are those other ruffians, we’re just a kind and inclusive and loving community, oh we’d never say anything bad about another language, perish the thought!” This is a real problem, and just because y’all either can’t or won’t acknowledge it doesn’t mean the damage hasn’t been done to people outside your blessed tribe.

                      Given that I’m a moderator in the Rust community and that I have shut down PL flame war discussions in official Rust spaces, it would be pretty weird of me to say that we never say anything bad about another language, now wouldn’t it?

                      And it has been acknowledged. That’s why I always do my best to clarify claims that are too bold. Do I get every single one? No. But then again, I don’t spend my time responding to every single one of your ridiculous comments either.

                      I just don’t like a community whose evangelism seemingly requires pervasive and persistent propaganda and, at times, lying. It shows a lack of moral character and engineering rigor that makes me concerned for the long-term health of the ecosystem.

                      This is a giant load of conspiracy-like bullshit. For someone who is so keen to call out bullshit and shilling, you sure do like to sling a lot of it yourself.

                      1. 8

                        I’m not sure the community is actively funded to evangelize. Could it just be that using rust makes people want to share their enthusiasm?

                        1. 2

                          It’s certainly possible. Maybe people just really liked Java, C#, and Go too.

                        2. 6

                          You didn’t say a damn thing when the user I replied to said “oh ho ho Rust is no less safe than Java or Ruby, if you just vet the code”. This is the same argument as neckbeards going “C is safe if you just write the code carefully!”. It’s pretty obvious when you give a pass to one but not the other.

                          I mean, yes? @burntsushi is a member of the Rust community, of course it’s going to bother him a bit more when someone like you is attacking that community vs someone in that community (politely!) making a debatable claim. That’s basic human social skills, not him being a hippocrite.

                          Kettle meet pot, and you’re experienced enough (grats on ripgrep) that you should know when shilling is happening. […] And every time this gets brought up, people like you show up to motte-and-bailey it and go “oh no no, who are those other ruffians, we’re just a kind and inclusive and loving community, oh we’d never say anything bad about another language, perish the thought!” This is a real problem, and just because y’all either can’t or won’t acknowledge it doesn’t mean the damage hasn’t been done to people outside your blessed tribe.

                          I know you’ve been trying to be less angersock and more friendlysock, so I’m just going to say this straight: you’re being an obnoxious jerk right now.

                          1. 4

                            Agreed. This is like mom and dad fighting. Both are respected members of the community. Obviously it’s okay to disagree, but I expect both to be examples of what it means to be a good citizen.

                            I have a bias here. However my commentary should be applied broadly. Let’s demonstrate an eagerness to give each other the benefit of the doubt. Our community is known for being effective and compassionate regardless of disagreements. I’m committed to that because of lobster leaders like you have both demonstrated that it works here.

                            Thank you both for being candid. I look forward to the constructive conversation this exchange will lead to.

                            1. 2

                              Yeah, again, sorry for setting a bad example. :(

                            2. 2

                              I know you’ve been trying to be less angersock and more friendlysock, so I’m just going to say this straight: you’re being an obnoxious jerk right now.

                              Yeah, you got me there–fair point. I’ll go cool off.

                        3. 1

                          I totally agree. There’s more than a little bit of trying to have it both ways here, and observers are too smart for that.

                        4. 1

                          I can’t help but think calling the unsafe keyword unsafe was a potential marketing error.

                          Isn’t there a comparison to unsafe in C#? The same arguments were made back in the early 2000s about that and it made for many tirades and comments.

                          I think Rust user’s domain requirements might provide longevity to the use of unsafe, it has disappeared from discussions in the C# space. It’s to the point where many C# programmers would give you a puzzled look if you mentioned unsafe existed.

                        1. 3

                          Does anyone here work with SDR or DSP for signals? I enjoy Lobsters but there hasn’t seemed to be much content around signal processing or electronics, happy to see some come by!

                          1. 2

                            I do. And yes, this content is rare, but there do tend to be some really cool submissions once in a while. You can perhaps try searching with hardware or science or reversing tags with some luck.

                            I am on a passive lookout, and tend to upvote any good content in this domain.

                            1. 2

                              What libraries/environments do you usually use? My experience is almost entirely GNU Radio and I feel like I should at least try a few other options to see what they do well.

                              1. 1

                                These days, I tend to do more FPGA programming, I use:

                                1. scipy.signal and GNU Octave for developing filters
                                2. Some HDL libs
                                3. Faust2 : In the past
                                4. dassp: Recently

                                Overall, I agree that there needs to be a tag for : DSP, image processing, stream processing, data processing. It’s not enough to classify this with a python tag or number 4 with a rust tag alone.

                          1. 15

                            My answer is selfdock. I started it 5 years ago, and it’s been feature complete for almost as long. I was tired of Docker being slow for local development, besides doing everything wrong with disk, memory and security. I wanted to make it fast and right from the ground up. This thing is so lean that it doesn’t even use a heap.

                            Besides being daemonless and not requiring root, like all modern contenders, it does away with images, and instead uses a pre-unpacked read-only root filesystem for speed. It can run docker images if you unpack them first.

                            1. 6

                              Gosh… I wish I discovered that 5 years ago :/ . I love the concept, unfortunately, now I’m using podman which does the same thing, with full docker compatibility.

                              One question though, isn’t your project using an SUID binary?

                              1. 4

                                Yes, it’s a suid binary, but it doesn’t give you root. That would be a bug, unlike with docker. It drops the effective user id before spawning the process to run in the container.

                              2. 2

                                This is really cool. Worth it’s own post.

                                1. 4

                                  I’ve been a happy user for ~5 years. In the last 20 years of heavily using email, it’s been overall the best mail user agent I’ve seen. Strongly recommended.

                                  Some things that set mu4e apart for me: Super fast search and UX, ability to handle multiple email addresses transparently, ability to use Org mode capture templates and good support for viewing HTML emails. There’s many more good reasons, if we want to get geekier, for example the ability to use procmail (spam, auto sorting, etc), the ability for offline mails, very good GPG support, and much more^^

                                  The initial configuration is a little bit of work, but it’s paying off for years to come. If you’re looking for a setup apart from the docs, here’s my config: https://github.com/munen/emacs.d/blob/master/configuration.org#mu4e

                                  1. 3

                                    I’d second this.

                                    Super fast search

                                    This is one of the major wins. Mu’s Xapian backend chews through heaps of email and gives incredible search results. I’d completely skipped any type of filing to folders; it just works.

                                    The only reason I’m not using it right now is that we lost the war on HTML email and bottom posting, so I’ve surrendered and gone to Outlook so my coworkers stop asking me why my email comes out funny on their phones.

                                    If anyone knows a good set of hooks to make mail-mode transform to “quasi-nice HTML” – turn > into a blockquote, maybe * and _ to <b> and <u>, etc., I’d love to see it.

                                    1. 2

                                      Hi owen

                                      Thanks for bringing up this valid concern. I’ve heard it often before, but personally have not encountered an issue. To share my experience and setup, I quickly created a screencast and a blog post that shows how I work with HTML emails: https://200ok.ch/posts/2020-05-27_using_emacs_and_mu4e_for_emails_even_with_html.html

                                      All the best and good email consumption/writing(;

                                      Update: And now I’ve just read that you’re talking about the opposite waylol

                                      Well, there’s a built-in way to transform Org to HTML, but I haven’t used it: https://github.com/djcb/mu/blob/master/mu4e/org-mu4e.el

                                      Update 2: If I understand you correctly, your issue was that people read mails on their phone and that you used fixed with mails (maybe 74 chars). That’s easily fixed by using format flowed. The config for that is a one liner in mu4e.

                                      1. 1

                                        Thanks for the screencast and blog post: they look like they will still be worth a peek to try to improve my environment! I’ll also have to take a look at org-mu4e as well – funny enough, I used mu4e-org a ton to get emails in my agenda… wish I’d have thought about going the other direction ;-)

                                        That’s easily fixed by using format flowed. The config for that is a one liner in mu4e.

                                        Two problems:

                                        1. f=f just doesn’t work with the MUAs I’m emailing to (Outlook, some Android mail users). 998-wide lines, as in the proposal there, were OK, but:
                                        2. Beyond the “funny phone” problem the real problem is that the users I communicate with almost always expect a very specific thing: HTML emails generated by Outlook, period. Plain text emails were never workable because the use of highlights/tables/etc. was essentially stripped out.

                                        But I’m definitely going to check out org-mu4e though to see if it fits. It probably won’t take a ton to line it up to look like Outlook…and if I can get close enough it might be worth it.

                                        1. 2

                                          Thank you for the information that format=flowed by default doesn’t work well with some clients like Outlook. The additional configuration of setting the maximum allowed width seems like a good workaround. I just confirmed that it works with Outlook 365 (in my tests).

                                          FWIW, based on my experience, f=f works well at least with Apple Mail and iOS.

                                          As for mail threads that let HTML prevail on responding whilst sending plain text, that’s probably going to be a hard problem, indeed. I might be lucky, because in my experience people with HTML mailers don’t start threads. Especially not with Outlook (365) which doesn’t seem to have the capability to quote from the previous mail. And without quoting, longer mail threads become completely unintelligible quite fast. Having said that, I do understand that some people prefer to communicate in this manner all the time anyway^^

                                          In any case, all the best, and thank you, again for the additional information on f=f!🙏

                                    2. 3

                                      Super fast search

                                      That is not my experience. Even things like bu (Unread messages) take ~5 seconds. notmuch on the other hand has always been super fast. Maybe I’m doing something wrong?

                                      I like the UI of mu4e more fwiw.

                                      1. 2

                                        bu is near instant for me, as are other queries. I’ve got a mail archive of just short of 40k messages. Maybe you’ve got significantly more?

                                        munen@lambda:~% time mu find flag:unread >& /dev/null
                                        mu find flag:unread >&/dev/null  0.00s user 0.00s system 94% cpu 0.009 total
                                        
                                        munen@lambda:~% find Maildir -type f | wc -l
                                        39240
                                        
                                        1. 3

                                          I’ve got a mail archive of just short of 40k messages

                                          I’ve got around 165K, not significantly more. Calling mu from the CLI is instantaneous. It is when I call it from Emacs that it takes ~5 seconds. The issue is likely on the Emacs. I have a similar experience in the three machines I’ve setup mu4e in.

                                          $ time mu find flag:unread >& /dev/null
                                          
                                          real    0m0.016s
                                          user    0m0.006s
                                          sys     0m0.010s
                                          puercopop@PuercoDesktop:~
                                          $ find Maildir -type f | wc -l
                                          165508
                                          
                                          1. 1

                                            I don’t have nearly as many mails as you so I’m not certain, but you can try bumping up gc-cons-threshold and read-process-output-max:

                                            (setq gc-cons-threshold 100000000
                                                  read-process-output-max (* 1024 1024))
                                            
                                            1. 2

                                              Thanks, that did it. The gc-cons-threshold took it down to 2 seconds and the read-process-output-max to instant. Looks like I only need to update the read-process-output-max

                                      2. 1

                                        I managed to get this up just yesterday for my work gmail account. I haven’t managed to figure out how to setup multiple gmail accounts by using the recommended contexts just yet. The contexts example is a bit naive and doesn’t talk about separating Maildirs for each account refresh rates etc.

                                        So far the look and feel of mu4e is very good I must say.

                                      1. 2

                                        Is it open source?

                                        1. 11

                                          I wish it was easier to self host, I really do. I tried 3 times over the last 2 months to host jitsi. It’s a ridiculously complicated web of software, and impossible for anyone new to this to figure out how it’s all supposed to work when it doesn’t.

                                          First attempt was using the magical ‘curl |bash’ method on debian, which installed but I could never get 3-way video chat to work reliably.

                                          Second attempt was with their docker-compose project. After much effort trying different branches and config changes (both officially documented, and suggested in various issue comments in their repo), I ended up with something where 2-way video chat didn’t work reliably, and 3-way didn’t work at all.

                                          Third attempt was installing packages from AUR and hoping that I could figure out how it’s all supposed to work together so that I could get it to actually function. I got less far than the previous two attempts.

                                          1. 7

                                            Probably not much of a help to you but for others, NixOS just got support in release 20.03 and you should be able to use it like so:

                                            services.jitsi-meet = {
                                              enable = true;
                                              videobridge.openFirewall = true;
                                            };
                                            
                                            1. 3

                                              Thanks. I don’t use NixOS, but maybe this is a great time to try it.

                                              1. 3

                                                The PR wasn’t merged yet, as far as I can see:

                                                https://github.com/NixOS/nixpkgs/pull/82920

                                                Also the option search did not show the jitsi options.

                                                That said, the reviewers are being diligent but the PR is shaping up being super nice! The current blocker is to have some meaningful tests for the PR, which is difficult because you need to fake video input, do some screenshots, compare them or something like that.

                                                I did rip the relevant parts from the PR and make them available separately here in my nur-packages repo.

                                                1. 1

                                                  Ah bugger, sorry for some reason I thought it got merged a while ago!

                                              2. 3

                                                I got it working using on my second attempt using docker-compose and traefik as a reverse proxy. I could write a blog post about my setup if you think that could be of any help.

                                                Haven’t tried 3-way calls, yet…

                                                1. 2

                                                  That is a good thing to test since the two way calls don’t involve the brige. Which you probably know.

                                                  For me, I could reproduce problems by even just open the same conference in chrome/chromium three times or more. Only with the correct setup, I’d see the video feeds for all tiles in gallery view.

                                                  1. 1

                                                    I did not know the bridge was not involved! I will test 3-way calls today.

                                                  2. 1

                                                    Open 3 tabs and you should have 3-way calls.

                                                  3. 3

                                                    Jitsi Meet is easy to install on e.g. Debian by adding the correct repo (deb https://download.jitsi.org stable/) and installing the jitsi-meetpackage. This will pull in the required packages (jicofo, jitsi-meet-web, jitsi-meet-web-config, jitsi-meet-prosody) and suggests installing a turn server (jitsi-meet-turnserver). On installation you’ll be asked about what domain you want to use (give it a FQDN, i.e. somewhere.example.com instead of somewhere). Open up the firewall to UDP:10000 for Jitsi and whatever you use for XMPP,/BOSH/TURN/TURNS (I submitted a PR to get them to use the IANA-assigned ports for TURN/TURNS as that currently is a bit of a mess) but after that my experience is that it just works.

                                                    1. 2

                                                      The basic features of jitsi works ok. Try debugging jibri (Xorg server with a custom linux kernel module for audio loopback, starting chromium, starting the javascript web client, recorded with ffmpeg and using PJSUA for providing an SIP stack) video encoding errors or enabling Web Tokens and that is another story.

                                                      As long as it work out of the box and you do not have to seek in the internals, it is easy.

                                                      1. 1

                                                        Yes! I didn’t think this wasn’t too difficult (sure could be a bit easier). Here are some tips we use: https://j11g.com/2020/05/04/jitsi-finetuning-and-customization-tips/

                                                      2. 2

                                                        The official guide is fairly easy to follow IMO, and I never had issues on 3-way calls after installing it on debian buster: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart

                                                        Jibri (the optional recording/streaming component) however is a lot more painful. It requires java 8 (or else video recording doesn’t terminate properly. Use of Java 8 causes cert issues on jicofo if you use let’s encrypt as the adoptopenjdk8 certstore doesn’t have LE), lots of cert tweakery (the one I mentioned about adoptopenjdk8 earlier, if you use self signed certs, chrome itself doesn’t like self signed certs so you’ll either have to trust the cert or run chrome in an insecure way), a kernel with alsa loopback capture support (can’t remember the name of the kernel module, but basically -cloud kernels don’t work, and I had no success with getting it to work in a container) etc.

                                                          1. 1

                                                            I hadn’t seen that. Thanks for sharing, I’ll read up on it. Maybe I’ll make a 4th attempt soon :)

                                                          2. 1

                                                            That is the whole thing: it is not a Web (HTTP) software: it is an XMPP software: a different protocol for which jitsi-meet is a web-to-xmpp gateway. :)

                                                            1. 1

                                                              I managed to get Jitsi Meet working first time with the quick install instructions, however, I ended up spending days trying to get the JWT auth working which was incredibly frustrating.

                                                              In the end I scrapped my first attempt and found a post on the Jitsi forums which had step-by-step instructions for token auth with Ubuntu 18.04 and it worked like a charm. Here’s the link for anyone in a similar situation.

                                                              1. 1

                                                                I am running a debian setup and it works fine with up to 6 parties. I have not tried more yet, but I see no reason why it should not work.

                                                                The thing is that you need more RAM. I started with a small vpc at hetzner cloud and it works for 1on1 Chat, but only because jitsi uses peer-to-peer for those. The moment a third party joins, you need at least 8GB ram. I upgraded my instance and it works fine now.

                                                                1. 1

                                                                  but I could never get 3-way video chat to work reliably.

                                                                  Did you check the videobridge logs? The main difference between between 2 and 3 way calls is that the latter are using the videobridge and I had to fiddle around a bit with the way Jitsis Debian packaging handled hostnames and certificates. I have an ansible playbook for Jitsi Meet on Debian buster which I could clean up if that would be of any interest.

                                                                1. 9

                                                                  One of the issues I’ve seen with this is that people that are in favor of better work/life balance may not also be in favor of using their work time effectively. A team may accumulate a work debt and then have to trash work/life balance in order to pay it off–but efforts to just work more efficiently and aggressively before things get to that point are often dismissed because of things like this manifesto.

                                                                  1. 7

                                                                    I think our industry is notorious for overworking young people and causing burnout. I always thought one reason to insist on sane working hours is that you can then expect more features per engineer per week. I think consistently delivering and maintaining good boundaries if anything is a mark of professionalism.

                                                                    1. 5

                                                                      The pressure always come from business needs. In any given scenario, who is to decide that the workers are too slow instead of the managers setting unrealistic deadlines and too much pressure?

                                                                      1. 21

                                                                        As an executive in a public listed company, I can tell you if one of my managers tell me the reason they missed a target is because their workers are “too slow” I will fire the manager.

                                                                        That is literally the only reason I hired a manager in the first place, and if they can’t take responsibility for the decisions they made to whip/trash work/life balance or set “unrealistic deadlines”, then they are not doing the job I hired them for and I will find someone else.

                                                                        Reading HN, Reddit, and even Lobsters, it seems like working for some real shitty managers is common. I have no idea why people work for shitty managers. Maybe they have low self-esteem, or maybe they have little confidence in their employability that they feel “lucky” to have a job where they’re treated like shit. Maybe they think this is normal and/or necessary. It’s not necessary.

                                                                        1. 7

                                                                          A lot of this is normalized by the cultural spaces in which these jobs exist. “Startup Culture” and “Corporate culture” are dogwhistles for “ways to convince workers to work more for less”. It’s easier to pay a couple HR to whip the workers and maintain the ranks than to grow technical teams and so endless flows of bullshit are employed both at a company level and systemic level to keep them docile and obedient until they are in burnout and decide to leave for their next company, believing they are free and indipendent professionals that are sticking it to the man by resigning and finding a new job, while they are just improving the ability of a company to work with a high-turnover.

                                                                          1. 2

                                                                            A lot of this is normalized by the cultural spaces in which these jobs exist.

                                                                            Reminds me of this article by Dan Luu on normalization of deviance:

                                                                            https://danluu.com/wat/

                                                                          2. 6

                                                                            I have no idea why people work for shitty managers.

                                                                            A lot of areas have mostly jobs with shitty managers. It’s hard to get good jobs. For many, it’s hard to get jobs period. It also seems like it’s easy for shitty managers to get their jobs in such situations.

                                                                            1. 7

                                                                              Also, statistics: Good managers keep their happy team while shitty managers have more churn (leaving, burnout, fired, etc). Thus, even if there are more good than bad managers, open positions are more likely under shitty managers.

                                                                              1. 2

                                                                                Strictly it depends on the parameters you choose. What proportion of good vs bad and what level of hiring for each class. The opposite conclusion is quite possible while keeping the inequality “more good than bad managers”.

                                                                            2. 2

                                                                              It’s almost impossible to keep only having good managers, even when I was lucky enough to have one, they either eventually resigned or moved to another position, and I got a shitty manager instead.

                                                                              I can’t stand abusive managers, but incompetent ones are almost impossible to avoid in this business where people get promoted into management because they know a programming language well.

                                                                          3. 2

                                                                            One of the issues I’ve seen with this is that people that are in favor of better work/life balance may not also be in favor of using their work time effectively.

                                                                            They may not be, but then again they may be. The flip side is that overworking leads to poor efficiency, leading to overworking, leading to all kinds of complications.

                                                                            A team will always accumulate technical debt, I haven’t seen one otherwise. Working less doesn’t mean work less aggressively. The manifesto doesn’t even hint at that. It’s advocating for better work/life balance, not passive work. It even says, “to us it is just a job, but we still do it well”.

                                                                            Sorry, but I see this remark being a very casual counterpoint that is polarizing.

                                                                            1. 4

                                                                              I mentioned work debt, not technical debt–the key difference (which I failed to articulate at the time) being that while technical debt matters to the engineers, work debt matters to the business. Not having a DRY admin page codebase is technical debt; not having an admin page at all is work debt. Lots of engineers in my experience are woefully oblivious to work debt.

                                                                              Working aggressively is about getting the same amount of work done in a shorter amount of time, an analogy being to the mechanical definition of power (work over time taken). The problem is that people elect to work less (thus decreasing their work power) and then the work debt comes due and suddenly it’s time gun the engineering engine and either the work doesn’t get done (and everybody gets canned and replaced with engineers who are better about how they spend their time) or the work gets done at the cost of additional stress for the devs.

                                                                              Basically, the failure mode I’ve seen is:

                                                                              • Team commits to “work/life balance”.
                                                                              • Everything is fine, team is trundling along.
                                                                              • Some business demand comes up which increases the work debt.
                                                                              • At this point, there is usually a window where working (for analogy) an extra 30 minutes a day (not even outside work hours…just doing 30 more minutes of paying down work debt instead of browsing the net or refactoring things to make them match dependabot’s complaints or whatever) would pay off the work debt and give slack back to the team.
                                                                              • However, some or all of the team members (for a variety of reasons) refuse to do this.
                                                                              • Deadline for the work debt draws nearer.
                                                                              • Team must rush to meet work debt (or heads roll).
                                                                              • Team is unhappy, blames it on work/life balance–when
                                                                              • Repeat.

                                                                              As much light and ink has been spent on the problem of burnout in tech, we definitely (due to cultural and historical reasons) oddly seem unable to address the (real) problem of malingering.

                                                                              1. 2

                                                                                I still feel like your argument is unclear. You are saying choosing better work/life balance could lead to ineffective work (browsing the net or refactoring as opposed to making that admin page). I find it a bit hard to believe that this happens because people believe in the 501-manifesto (I could be wrong). It’s more of an example of mis-prioritization of tasks.

                                                                                I rather have this scenario, where someone or a group gets burnt because they chose to badly prioritize their tasks than everybody gets to overwork blindly.

                                                                                1. 2

                                                                                  My arguments/positions:

                                                                                  • Work/life balance is sometimes used as a cover for malingerers.
                                                                                  • Work/life balance is sometimes used to resist efforts to work more efficiently.
                                                                                  • We as an industry focus on tech debt and work/life balance and ignore the very real issue of not clearing work debt, which in turn makes life harder for us.

                                                                                  EDIT: Clarified “real” to be “very real”, so as to not sound dismissive towards tech debt and balance.

                                                                                2. 2

                                                                                  Isn’t the idea of Agile / Scrum / whatever to be able to account for new business needs (“work debt”).

                                                                                  In any case, it’s not the team’s responsibility to make sure work debt doesn’t accumulate, it’s management’s. Comitting to “501” works both ways - you work your 40 hours a week but you give all that time to the company.

                                                                                  1. 1

                                                                                    Work debt has an inflow (management) and an outflow (engineering). If engineering isn’t clearing out work, the normal pace of inflow will cause accumulation.

                                                                                    We can certainly complain about management dumping a gigantic pile of work and jamming the pipes, but I see almost no attention being paid to “hey, engineering, y’all need to work faster.”

                                                                              1. 1

                                                                                Oops! Fixed.

                                                                                1. 2

                                                                                  Not sure it’s the version you’d use, but: https://github.com/huytd/pomoday-v2

                                                                                  1. 1

                                                                                    It is, it’s just a mess right now, sorry ;(

                                                                                1. 39

                                                                                  I thought someone missed the satire tag at first.

                                                                                  1. 28

                                                                                    I agree. Also this blog post is beyond surreal. They are (in polite words) actually threatening people to use cookies or, otherwise we can expect them to use even worse techniques (fingerprinting)? And we should take a ‘solution’ from one of the co-inventors of this terrible surveillance model?

                                                                                    At any rate, I am happy to see that they are apparently worried by Mozilla and Apple’s recent actions.

                                                                                    1. 8

                                                                                      Meh. After you’ve seen enough of it, Machiavellian doublespeak stops being “surreal” and just looks trite. By now, this is exactly what I expect from Alphabet Inc.

                                                                                      1. 9

                                                                                        New motto: “Don’t be honest.”

                                                                                        1. 2

                                                                                          Doublespeak is trite, Trite needn’t be right. That we should actively fight.

                                                                                          Sorry for nitpicking.

                                                                                    1. 7

                                                                                      I for one use permissive licenses in the hope that one day an aerospace company will use my code and it will end up in orbit.

                                                                                      1. 10

                                                                                        Maybe they already do? With a permissive license you have good chances of never finding out.

                                                                                        1. 3

                                                                                          And how would the GPL change that?

                                                                                          1. 2

                                                                                            Because the aerospace company would have to publish their code.

                                                                                            1. 11

                                                                                              s/publish/provide to customers/

                                                                                              1. 6

                                                                                                No. It is not required to publish GPL code of the modified version if it remains private (= not distributed).

                                                                                                So you have the same chances of never finding out about usage in either case (but the virality of GPL might actually decrease the odds).

                                                                                                1. 1

                                                                                                  I was referring to this aspect of the license:

                                                                                                  But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL.

                                                                                                  Whether or not that would come into play with the hypothetical aerospace company in question is beside the point.

                                                                                                2. 0

                                                                                                  Or not.

                                                                                              2. 1

                                                                                                https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic

                                                                                                I guess what you mean is better chances of finding out?

                                                                                              3. 7

                                                                                                I found out that my open source code was being used in nuclear missiles. It did not make me feel good.

                                                                                                1. 2

                                                                                                  What license were you using?

                                                                                                  1. 2

                                                                                                    GPL

                                                                                                    1. 2

                                                                                                      Interesting that you could have discovered this, would presume such things would be quite secretive. I guess there’s nothing you can do to stop them using it either?

                                                                                                      1. 2

                                                                                                        It was a shock. And nope, nothing could be done. In fact, I suspect that Stallman would say restricting someone from using software for nuclear weapons (or torture devices or landmines or surviellance systems) would be a violation of the all important issue of software freedom.

                                                                                                          1. 1

                                                                                                            It would be an interesting argument to try to make. The FSF already recognizes the AGPL – which explicitly does not grant Freedom Zero as defined by the FSF – as a Free Software license, and the general argument for that is one of taking a small bit of freedom to preserve a greater amount over time. A similar argument could be made about weapons (i.e., that disallowing use for weapons purposes preserves the greatest amount of long-term freedom).

                                                                                                            1. 1

                                                                                                              … Stallman would say … violation of the all important issue of software freedom

                                                                                                              Restricting use on ethical basis is quite difficult to implement for practical reasons.

                                                                                                              1. 1

                                                                                                                That’s not really the issue. One of the things I dislike about FSF/Stallman is that they claim, on moral principal, that denying a software license to , let’s say, Infant Labor Camp and Organ Mart Inc. would be wrong. I think that “software freedom” is pretty low down on the list of moral imperatives.

                                                                                                                1. 1

                                                                                                                  Being able to (legally) restrict the use of my creative output (photographs in my case) is the reason I retain the “all rights reserved” setting on Flickr. I’d hate to see an image of mine promote some odious company or political party, which is what can happen were I to license it using Creative Commons.

                                                                                                      2. 2

                                                                                                        How did you find out?

                                                                                                        1. 2

                                                                                                          They asked me to advise them.

                                                                                                        2. 2

                                                                                                          For ethical reasons or for fear of some possible liabilities somewhere down the line?

                                                                                                          1. 11

                                                                                                            What a question. I didn’t want to be a mass murderer.

                                                                                                      1. 2

                                                                                                        Relatedly, Tridactyl or Vimium might scratch this itch for you. I’ve used them and previous extensions (Vimperator, VimFX, VimVixen) for over a decade and love them.

                                                                                                        1. 1

                                                                                                          Thanks for the recommendation.

                                                                                                          I am trying out Tridactyl, and so far it doesn’t seem close to what I talked here about. For example, I can’t seem to find a way to sift through story threads, or open them easily in a new tab, or upvote/downvote, any easier using Tridactyl.

                                                                                                          1. 3

                                                                                                            You’ll need to do a little customisation to get what you want out of Tridactyl.

                                                                                                            E.g.

                                                                                                            :set searchurls.lobsters https://lobste.rs/search?utf8=%E2%9C%93&q=%s&what=stories&order=relevance
                                                                                                            :bind gs fillcmdline tabopen lobsters
                                                                                                            :bind gu tabopen https://lobste.rs/stories/new
                                                                                                            

                                                                                                            etc.

                                                                                                            As for opening threads and upvote/downvoting, you’ll want to look at :help hint and :hint -c [css selector]. For Hacker News, I have bind ;c hint -c [class*="expand"],[class="togg"] which makes minimising comments easy.

                                                                                                            Hope that helps.

                                                                                                        1. 3

                                                                                                          After digging around a little more after recent post here I found the link submitted here to be the most accessible introduction to Kalman Filter online so far. The others are:

                                                                                                          1. Recently famous: bzarg. A more prettier version of the pdf link above, but somehow doesn’t capture the intuition as well.
                                                                                                          2. More thorough: UT Austin group
                                                                                                          3. Extended Kalman Filter: Tutorial

                                                                                                          Enjoy!

                                                                                                          1. 1

                                                                                                            Like it. However, what if there are more features when I enable Script? Like the google sheets example, should I expect to be notified of that?

                                                                                                            1. 4

                                                                                                              For the shebang, it’s best to use #!/usr/bin/env python3, which is more flexible.

                                                                                                              For some reason, you have shitloads of trailing whitespace on lines 1 and 8, plus you need a newline at the end of the file. Line 42 has mixed spaces and tab indent, which is bad mojo. Using an IDE with a PEP8 / py3 linter can help out a lot!

                                                                                                              elif args.base in ['pi', 'PI', 'Pi']: can be replaced with elif args.base.lower() == 'pi':, same goes for the others. That way “taU” would work as well without making you enumerate every permutation of cases.

                                                                                                              base = float(args.base) and some other stuff can throw exceptions you aren’t handling; it wouldn’t be hard to add some try: on those with very clear error messages and clean exits when an exception happens (i.e. can’t convert the string to a float for any reason). You did a good job so far of making sure there’s just one operation in each try/except, keep that up!

                                                                                                              1. 1

                                                                                                                Trailing whitespace, something to do with copy&paste from terminal to browser.

                                                                                                                I don’t see many reasons to allow taU.

                                                                                                                Thanks for the feedback!

                                                                                                              1. 12

                                                                                                                I would actually wait until GDPR to kick in before deleting Facebook, or any other online account for that matter, so that keeping user information even after a user has requested deletion is simply against the law.

                                                                                                                1. 2

                                                                                                                  I don’t think the fines for violating GDPR are large enough to make Facebook think twice about ignoring it. Short of dissolving Facebook and seizing its assets under civil forfeiture, no civil or criminal penalty seems severe enough to force it to consider the public good.

                                                                                                                  1. 17

                                                                                                                    don’t think the fines for violating GDPR are large enough

                                                                                                                    Actually, they are very large:

                                                                                                                    Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher [0]

                                                                                                                    Based on 2017 revenue [1] of $40B, that’s $1.6 Billion Dollars

                                                                                                                    But it’s not just the fines. The blowback from the stock hit and shareholder loss, as well as cascading PR impact, is a high motivator too.

                                                                                                                    [0] https://www.gdpreu.org/compliance/fines-and-penalties/ [1] https://www.statista.com/statistics/277229/facebooks-annual-revenue-and-net-income/

                                                                                                                    1. 3

                                                                                                                      0.04 << 1 until you can quantify the cascading PR impact. It will not effect their day-to-day operations from an economic standpoint.

                                                                                                                      I would be curious to know how many people have actually taken action on their FB usage based on the recent CA news outbreak. I am willing to bet it’s miniscule.

                                                                                                                      1. 1

                                                                                                                        1.6 billion dollars vs deleting the data of one user who wants to leave?

                                                                                                                        1. 1

                                                                                                                          The fines are per distinct issue (not number of people affected). If Facebook breaches GDPR with multiple issues, then Facebook could get hit by a large percentage of their annual revenues.

                                                                                                                  1. 3

                                                                                                                    A backport like this (perhaps all backports) should come with a warning that says, “If possible, switch to version_N+1 before using this”. Allow me to explain:

                                                                                                                    This feature makes co-routines palatable in Python2. About 1.5 years ago, like @joelgrus I was stung hard by this missing feature in Python2. I guess I learned the hard way, and every project I have started since then is in Python3 (There is NO reason not to).

                                                                                                                    My point being, if this library was available back then, I would have used it. And I may not have switched to Python3 yet, and that would have been a sad thing, as I would have been missing out on the other goodies.

                                                                                                                    1. 2

                                                                                                                      I heavily used coroutines in Python 2 via twisteds inlineCallback decorator. It was awesome.

                                                                                                                    1. 2

                                                                                                                      Vague but exciting ..

                                                                                                                      Perhaps through annotation?