1. 94

    Static or dynamic refers to whether the webserver serves requests by reading a static file off disk or running some dynamic code (whether in process or not). While the word “dynamic” can apply broadly to any change, reusing a term with a well-understood definition in this context to refer to unrelated changes like SSL cert renewal and HTTP headers is really confusing. Late in the article it refers to “the filesystem API used to host static files” so it’s clear the author knows the definition. It’s unfortunate that the article is written in this way; it’s self-fulfilling that misusing a clear and well-established term just results in confusion. Maybe a better metaphor for the points it’s trying to make would be Stewart Brand’s concept of pace layering.

    1. 12

      Yeah I agree, I think the article is generally good, but the title is misleading.

      My summary is “We should try to make dynamic sites as easy to maintain as static sites”, using sqlite, nginx, whatever.

      The distinction obviously exists – in fact the article heavily relies on the distinction to make its point.

      I agree with the idea of moving them closer together (who wouldn’t want to make dynamic sites easier to maintain?) But I think there will be a difference no matter what.

      Mainly that’s because the sandboxing problem (which consists of namespace isolation and resource isolation) is hard on any kernel and on any hardware. When you have a static site, you don’t need to solve that problem at all.

      We will get better at solving that problem, but it will always be there. There are hardware issues like Spectre and Meltdown (which required patches to kernels and compilers!), but that’s arguably not even the hardest problem.


      I also think recognizing this distinction will lead to more robust architectures. Similar to how progressive enhancement says that your website should still work without JS, your website’s static part should still work if the dynamic parts are broken (the app servers are down). That’s just good engineering.

      1. 3

        Funnily enough, sqlite + nginx is what I use for most of my smaller dynamic websites, usually wish a server process as well.

        EDIT: Reading further, yeah, almost all of my side projects use that setup, outside of some Phoenix stuff, and I’ve definitely noticed those projects requiring not very much maintenance at all.

        1. 7

          What’s also a bit funny is that sqlite and nginx are both extremely old school, state machine-heavy, plain C code.

          Yet we reach for them when we want something reliable. I recommend everyone look at the source code for both projects.

          This reminds me of these 2 old articles:

          https://tratt.net/laurie/blog/entries/how_can_c_programs_be_so_reliable.html

          http://damienkatz.net/2013/01/the_unreasonable_effectiveness_of_c.html

          (And I am not saying this is good; I certainly wouldn’t and can’t write such C code. It’s just funny)

          1. 6

            I did not know that nginx can talk to sqlite by itself. Can you share your setup?

            1. 1

              For me, I don’t use nginx talking directly to SQLite, I just use it as a reverse proxy. It’s just that it makes it easy to set up a lot of websites behind one server, and using SQLite makes it easy to manage those from a data storage standpoint.

              1. 1

                I see, yes that makes sense. I use it that way too.

        2. 10

          You articulated that without using expressions that would be inappropriate in the average office setting. I admire you for that.

          The whole act of reusing a common, well-understood content-related term to instead refer to TLS certs and HTTP headers left me ready to respond with coarse language and possibly question whether OP was trolling.

          The idea that maybe we’re comparing a fast layer to a slow layer is somewhat appealing, but I don’t think it quite fits either. I think OP is muddling content and presentation. Different presentations require differing levels of maintenance even for the same content. So if I publish a book, I might need to reprint it every few hundred years as natural conditions cause paper to degrade, etc. Whereas if I publish the same content on a website, I might need to alter the computer that hosts that content every X days as browsers’ expectations change.

          That content doesn’t change. And that’s what we commonly mean when we say “a static website.” The fact that the thing presenting the content needs to change in order to adequately serve the readers doesn’t, in my view, make the content dynamic. And I don’t think it moves it from a slow layer to a faster one either.

          1. 5

            This is a reasonable criticism, but I think it’s slightly more complicated than that — a collection of files in a directory isn’t enough to unambiguously know how to correctly serve a static site. For instance, different servers disagree on the file extension → mimetype mapping. So I think you need to accept that you can’t just “read a static file off disk”, in order to serve it, you also need other information, which is encoded in the webserver configuration. But nginx/apache/etc let you do surprisingly dynamic things (changing routing depending on cookies/auth status/etc, for instance). So what parts of the webserver configuration are you allowed to use while still classifying something as “static”?

            That’s what I’m trying to get at — a directory of files can’t be served as a static site without a configuration system of some sort, and actual http server software in order to serve a static site. But once you’re doing that sort of thing, how do you draw a principled line about what’s “static” and what isn’t?

            1. 7

              Putting a finer point on the mimetype thing, since I understand that it could be seen as a purely academic issue: python2 -m SimpleHTTPServer and python3 -m http.server will server foo.wasm with different mimetypes (application/wasm and application/octet-stream) Only the wasm bundle served by the python3 version will be executed by browsers, due to security constraints. Thus, what the website does, in a very concrete way, will be dependent not on the files, but on the server software. That sounds like a property of a “dynamic” system to me — why isn’t it?

              You could say, ok, so a static website needs a filesystem to serve from and a mapping of extensions to content types. But there are also other things you need — information about routing, for instance. What domain and port is the content supposed to be served on, and at what path? If you don’t get that correct, links on the site likely won’t work. This is typically configured out of band — on GitHub pages, for instance, this is configured with the name of the repo.

              So you need a extension to mimetype mapping, and routing information, and a filesystem. But you can have a static javacsript file that then goes and talks to the sever it was served from, and arbitrarily changes its behavior based on the HTTP headers that were returned. So really, if you want a robust definition of what a “static” website is, you need to pretty completely describe the mapping between HTTP requests and HTTP responses. But isn’t “a mapping between HTTP requests and HTTP responses” just a FP sort of way of describing a dynamic webserver?

              If you disagree with some part of this chain of logic, I’m curious which part.

              1. 6

                All the configuration parts and “dynamic” nature of serving files in a static site are about that: serving them, how the file gets on my computer. But at the end of the day, with a static site the content of the document I get is the same as the content on the filesystem on the server. And with a dynamic site it is not. That is the difference. It’s about what is served.

                All this talk about mime types and routing just confuses things. One can do the same kinds of tricks with a file system and local applications. For instance: changing the extension, setting default applications, etc. can all change the behavior you observe by opening a file. Does that mean my file system is dynamic too? Isn’t everything dynamic if you look at it that way?

                1. 5

                  It seems very odd to be talking about whether or not WASM gets executed to make a point about static websites.

                  When the average person talks about a static site, they are talking about a document-like site with some HTML, some CSS, maybe some images. Yes, there may be some scripting, but it’s likely to be non-essential to the functionality of the site. For these kinds of sites, in practice MIME types are basically never something you as the site author will have to worry about. Every reasonable server will serve HTML, CSS, etc. with reasonable MIME types.

                  Sure, you can come up with some contrived example of an application-like site that reliant on WASM to function and call it a static site. But that is not what the phrase means in common usage, so what point do you think you are proving by doing so?

                  1. 4

                    You can also misconfigure nginx to send html files as text/plain, if that is your point. python2 predates wasm, it’s simply a wrong default -today-.

                    1. 3

                      What about that is “misconfigured”? It’s just configuration, in some cases you might want all files to be served with a particular content type, regardless of path.

                      My point is that just having a set of files doesn’t properly encode the information you need to serve that website. That, to me, seems to indicate that defining a static site as one that responds to requests by “reading static files off disk” is at the very least, incomplete.

                      1.  

                        I think this discussion is kind of pointless then.

                        Ask 10 web developers and I bet 9 would tell you that they will assume a “normal” or “randomly picked” not shit webserver will serve html/png/jpeg/css files with the correct header so that clients can meaningfully interpret them. It’s not really a web standard but it’s common knowledge/best practice/whatever you wanna call it. I simply think it’s disingenious to call this proper configuration then and not “just assuming any webserver that works”.

                    2. 2

                      I found your point (about the false division of static and dynamic websites) intuitive, from when you talked about isolation primitives in your post. (Is a webserver which serves a FUSE filesystem static or dynamic, for example? What if that filesystem is archivemount?)

                      But this point about MIME headers is also quite persuasive and interesting, perhaps more so than the isolation point, you should include it in your post.

                      Given this WASM mimetype requirement, what happens when you distribute WASM as part of a filesystem trees of HTML files and open it with file://? Is there an exception, or… Is this just relying on the browser’s internal mimetype detection heuristics to be correct?

                      1. 2

                        Yeah, I probably should have included it in the post — I might write a follow up post, or add a postscript.

                        Loading WASM actually doesn’t work from file:// URLs at all! In general, file:// URLs are pretty special and there’s a bunch of stuff that doesn’t work with them. (Similarly, there are a handful of browser features that don’t work on non-https origins). If you’re doing local development with wasm files, you have to use a HTTP server of some sort.

                        1. 3

                          Loading WASM actually doesn’t work from file:// URLs at all!

                          Fascinating! That’s also good support for your post! It disproves the “static means you can distribute it as a tarball and open it and all the content is there” counter-argument.

                          1. 1

                            This is for a good reason. Originally HTML pages were self-contained. Images were added, then styles and scripts. Systems were made that assumed pages wouldn’t be able to just request any old file, so when Javascript gained the ability to load any file it was limited to only be able to load files from the same Origin (protocol + hostname + port group) to not break the assumptions of existing services. But file:// URLs are special, they’re treated as a unique origins so random HTML pages on disk can’t exfiltrate all the data on your drive. People still wanted to load data from other origins, so they figured out JSONP (basically letting 3rd-party servers run arbitrary JS on your site to tell you things because JS files are special) and then browsers added CORS. CORS allowed servers to send headers to opt in to access from other origins.

                            WebAssembly isn’t special like scripts are, you have to fetch it yourself and it’s subject to CORS and the same origin policy so loading it from a file:// URL isn’t possible without disabling security restrictions (there are flags for this, using them is a bad idea) but you could inline the WebAssembly file as a data: URL. (You can basically always fetch those.)

                      2. 2

                        What domain and port is the content supposed to be served on, and at what path? If you don’t get that correct, links on the site likely won’t work.

                        These days when getting a subdomain is a non-issue, I can’t see why anyone would want to use absolute URLs inside pages, other than in a few very special cases like sub-sites generated by different tools (e.g. example.com/docs produced by a documentation generator).

                        I also haven’t seen MIME type mapping become a serious problem in practice. If a client expects JS or WASM, it doesn’t look at the MIME type at all normally because the behavior for it is hardcoded and doesn’t depend on the MIME type reported by the server. Otherwise, for loading non-HTML files, whether the user agent displays it or offers to open it with an external program by default isn’t a big issue.

                        1. 3

                          MIME bites you where you least expect it. Especially when serving files to external apps or stuff that understands both xml and json and wants to know which one it got. My last surprise was app manifests for windows click-once updates which have to have their weird content-type which the app expects.

                          1. 2

                            If a client expects JS or WASM, it doesn’t look at the MIME type at all normally because the behavior for it is hardcoded and doesn’t depend on the MIME type reported by the server.

                            This is incorrect. Browsers will not execute WASM from locations that do not have a correct mimetype. This is mandated by the spec: https://www.w3.org/TR/wasm-web-api-1/

                            You might not have seen this be a problem in practice, but it does exist, and I and many other people have ran into it.

                            1. 1

                              Thanks for the pointer, I didn’t know that the standard requires clients to reject WASM if the MIME type is not correct.

                              However, I think the original point still stands. If the standard didn’t require rejecting WASM with different MIME types but some clients did it on their own initiative, then I’d agree that web servers with _different but equally acceptable behavior could make or break the website. But if it’s mandated, then a web server that doesn’t have a correct mapping is incorrectly implemented or misconfigured.

                              Since WASM is relatively new, it’s a more subtle issue of course—some servers/config used to be valid, but no longer are. But they are still expected to conform with the standard now.

                          2. 1

                            You don’t need any specific mimetype for WASM, you can load bytes however you want and pass them to WebAssembly.instantiate as an ArrayBuffer.

                        2. 2

                          The other replies have explained this particular case in detail, but I think it’s worth isolating the logical fallacy you’re espousing. Suppose we believe that there are two distinct types of X, say PX and QX. But there exist X that are simultaneously PX and QX. Then those existing X are counterexamples, and we should question our assumption that PX and QX were distinct. If PX and QX are only defined in opposition to each other, then we should also question whether P and Q are meaningful.

                        1. 10

                          Huh. Everybody is missing the simplest difference I know: statefulness.

                          A static website does no computation on the content of what it chooses to serve, just selection of what best matches the request. No state is necessarily changed on the server, although almost everyone likes to retain logs and such.

                          A dynamic website is one that computes something based on the requests it receives and alters the data that it returns dependent on the computation and the state of the server process(es). State is necessarily updated in general, although any given request might be essentially static.

                          1. 2

                            I think you’re conflating two things here: statelessness, and not doing any computations on the request.

                            You can have something that’s stateless, but does computation on the request to generate a response — for instance, a web server that doesn’t talk to a database or filesystem, but does do some computation on the path or request parameters to generate a response.

                            You can also have a something that’s stateful, but where computation is not done on the content. A key-value store would be an example of this.

                            Which of these are you suggesting is the definition of a static website? One, the other, or both?

                            The comment about statefulness is why I included the bit about TLS certs: if your definition of a static website is one that is stateless, that means that sites served over HTTPS cannot be static, since the TLS cert is state (at least, in the case where you auto-renew it). If you disagree with that characterization, I’d be curious why — I don’t see a principled reason not to think of TLS certs as “state”.

                            1. 10

                              if your definition of a static website is one that is stateless, that means that sites served over HTTPS cannot be static

                              If you’re going to make that argument, why not just go all the way and point out that the hardware you run a site on is itself inherently stateful, thus statelessness in software is a fools errand?

                              In my mind there’s a reason we attempt (with varying levels of success) to build layers of abstraction which hide the details of lower layers where they aren’t relevant.

                              1. 0

                                I think there’s a significant difference, in that a HTTP site can be easily served on a server running with a readonly disk, whereas a HTTPS site can’t, unless you’re fine with getting a new certificate every time you reboot your server. Clearly, everything about how computers operate is “stateful”, but there’s a difference between state that is kept in memory, and state that is persisted to disk — that difference is usually what people are talking about when they talk about a web server being “stateful”, so I assumed it’s what you meant as well.

                                1. 1

                                  Assuming Let’s Encrypt certs, you only need to renew every ~12 weeks, so it’d be reasonable if read-only is a hard requirement to burn new certs onto a CD or whatever with a different computer every 10ish weeks.

                              2. 2

                                If the key-value store is updated by requests, then it is the state; if it is never updated by a request, then it’s not state.

                                If something in the request is used to compute which stored response to give, then it could be replaced by asking for the stored response directly, and is similar to not knowing how the filesystem is storing a file. Have the client compute the request fully and send a request for the key; unless the point of the request is actually to change state on the server, or the server is embedding a cryptographic secret.

                                If the request is used to compute a new answer for the response and there is no state maintained on the server, in most cases this should be done client-side. I suppose the primary exception would be when the client wants to gain access to a secret – but if the secret is not updated, why not ship it in the client?

                                So, no, I don’t think I’m conflating here: a static website doesn’t change its state as a result of a request, so repeating a request will get you the same response predictably. It could be replaced by a read-only filesystem sitting on the client, assuming infinite storage. A dynamic website changes state as a result of a request, so it could only be replaced by a read-write local filesystem if it only had one client in the universe.

                                I think your TLS question is nearly irrelevant because, as you acknowledged, a TLS cert with a Not After timestamp in the year 9999 is feasible; and as I think you implied and I will state outright: whether you answering over HTTP, HTTPS, HTTP2, HTTP3 or an AX.25 radio network is not relevant to whether we think that the web server is static or not.

                            1. 13

                              Good article, one nitpick:

                              Most sites only need ~99.99% availability, since you get significantly diminishing returns as soon as you’re more reliable than your end user’s ISP or home network. Most internet users have less than 99.99% availability just from their ISP having problems or their cat eating their ethernet cable or whatever — why try to be orders of magnitude more available than that, when it won’t make a significant dent in the uptime as it’s experienced by the end user?

                              Any given user may be down 0.01% of the time, but it could be a different 0.01% for each user! I haven’t run the numbers, but I’d guess that you wouldn’t need all that many users before someone experienced your downtime.

                              1. 7

                                Feels weird to chime in into this dialog, but I think you are reading this “wrong”.

                                The claim as I see it is Amdahl’s law: if the user experiences 10 hours of downtime per year, of which 9 is due to cable-chewing cats and 1 due to planned app downtime, than eliminating 100% of app downtime would lead to only 10% reduction in downtime from the user’s perspective.

                                It seems that you read this as a different claim of P(A|B) = P(A) + P(B) - P(AB) sort (something about app downtime not mattering if there’s cat downtime at this same instant).

                                1. 1

                                  Yeah, that’s a more sensible read than mine.

                                2. 7

                                  Yeah, this is true — and relatedly, now that we’re living in this strange world where most people have at least two independent internet connections at their home (traditional ISP + cell provider), the maximum availability that each individual user has to the internet is a lot better these days.

                                  I still think that the vast majority of sites don’t need more than 99.99% availability, but it can be a complicated tradeoff. That section of this article was mostly aimed at:

                                  • Explaining some tools that people can use to think about this (converting availability to downtime budget, thinking about end-to-end availability as well as just the parts you control)
                                  • Trying to get people to consider whether they actually need super high availability — in my experience, SREs who have significant experience (both at large and small companies) basically always aim for lower availability than laypeople tend to, and there are very good reasons for this :)
                                  1. 6

                                    99.99% is roughly 9 hours per year, which, sorry to burst everyone’s bubble, hasn’t been met by most google services or amazon website in its full function, let alone AWS or GCP, which had higher annual downtime than that.

                                    By extension, the same or higher downtimes have affected virtually all websites hosted at these services.

                                    It’s quite telling people brag about their high availability kubernetes clusters and whatnot, when in fact that usually results in more fragile systems that are always going down due to incidents. “But that was because…”

                                    It’s not the case that most websites don’t need. It’s more like not even the big guys succeed to deliver that level of service. If people would be more honest about the uptimes of their services, we would come to the conclusion that in reality, the vast majority of the websites is more like 99.9% uptime if not less.

                                    1. 2

                                      most people … ISP + cell provider

                                      Apparently true for US: https://www.census.gov/library/stories/2018/08/internet-access.html

                                      I wonder about global south, though.

                                  1. 17

                                    Modern browsers don’t cache requests to CDNs across multiple domains, since that can be used to track users — this means that even if someone has already downloaded the library you’re including from the CDN on one website, they’ll have to download it again when they visit your website.

                                    This is still news to a lot of developers. It bears repeating.

                                    What I do is just download the library that I want and include the files in my repo, just like any other source file. I usually do this in a directory called vendored or 3p, and be sure to include the version number of the package that I downloaded in the filename. This takes maybe 60 seconds more work than including the CDN version, which seems worth it to me for the privacy, robustness, and speed benefits.

                                    I’m with you up to here. I’ve heard the treat-dependencies-as-source approach before. I don’t think it’s realistic for a couple of reasons:

                                    1. JavaScript dependencies listed on npm are a common malware vector. Expecting everyone to read all of the source of all their dependencies themselves and understand it before they copy/paste it into their source is not going to be as effective as an npm audit report.
                                    2. I’ve inherited a couple of projects that are set up like this. It tends to be fairly error-prone. If someone leaves off a version number or forgets a sub-dependency then you spend a day tearing your hair out trying to fix a version conflict or just look up the right version of the API documentation. Tools like LibMan for .NET automate this process for a marginally better developer experience, but it isn’t as robust as npm, which will make sure the right versions of sub-dependencies and peer dependencies are installed.

                                    npm can be a frustrating tool to use to be sure, but your proposal strikes me as only marginally more secure than using a CDN and with some significant drawbacks.

                                    1. 5

                                      I agree that vendoring dependencies isn’t always the right way to go about things, but as an alternative to pulling things in from a CDN, it’s usually what people want. If I’m pulling in more than a couple dependencies, or dealing with a dependency graph, then I use a real package manager. But for something like pulling in jQuery or lodash and building on top of it, NPM doesn’t really buy you anything but complexity.

                                      I don’t think there are people out there loading a giant dependency graph from CDNs — typically that’s something people only do for small projects, and so my suggestion here was implicitly assuming that scale — it’s “what you should do instead of pulling from a CDN”, not “how you should manage your dependencies in general” :)

                                      1. 4

                                        Installing directly from NPM can also improve your JavaScript dev experience since TypeScript can load type definitions automatically for many packages. If those packages are not in a standardized place, then you likely won’t get as much help from your other tools.

                                        I have a tendency to use a bundling tool and then just specify the packages part of the vendored chunk. It usually has very similar benefits with caching, but it can be overall fewer bytes, fewer open concurrent connections, and it works with more standardized tooling.

                                        1. 2

                                          I don’t think there are people out there loading a giant dependency graph from CDNs

                                          They do, unfortunately. WordPress and ecommerce sites are especially liable to ballooning JS dependencies. What starts out as just “jQuery or lodash” multiplies with plugins and other common dependencies like Bootstrap. It’s what jsdelivr’s combine fearure is for.

                                          Context is everything. If it’s just you or you and a team of people who have agreed to JavaScript austerity, it makes sense to do as you say. But as general advice, I still disagree.

                                          1. 2

                                            NPM doesn’t really buy you anything but complexity.

                                            It just does the thing you’re manually doing. The problem with NPM/Yarn IMHO is that it has a shitty default: it always uses ^ for the version constraint rather than allowing you to configure it or (a way better strategy) using ~. Caret means “give me whatever the latest of this is other than the next major because everyone uses SemVer properly and nothing ever goes wrong”. Tilde means “I want patch updates but not major or minor versions because I’m a realist and people don’t use SemVer correctly and/or cannot predict every possible breaking change”

                                            Why can’t I do this?

                                            yarn add jquery --tilde
                                            

                                            and then it could end up like

                                            {
                                              "dependencies": {
                                                "jquery": "~2.0.0"
                                              }
                                            }
                                            

                                            The JS ecosystem makes package management harder than it needs to be. Even Bundler does a better job at this.

                                            1. 1

                                              Totally. You can use the @ syntax, but you still have to look up the version number on https://semver.npmjs.com and then:

                                              npm install --save jquery@~2.0.0
                                              

                                              Would love to be able to:

                                              npm install --save jquery@~latest
                                              

                                              …or something like it to install the latest version and peg it to the latest patch. Another crappy default is not adding an engines field automatically. I’ve seen so many newcomers to npm waste time on npm installation errors that turn out to be caused by environment incompatibility.

                                              I cringe that I’m recommending npm at all, but I have yet to encounter anything that’s substantially better. Bower found a middle road of complexity long ago before they got shamed for the overlap with npm and fell into disuse.

                                        1. 29

                                          “Do not use Syncthing” seems like a strange takeaway from this post. Syncthing explicitly does not claim to be a backup program, and using it without backups seems like a recipe for disaster, as is using any computer program without backups.

                                          I am curious if there is a Syncthing bug here, and would like to see a postmortem of this from the Syncthing folks — it’s hard to tell what exact setting were used in this case. But this story definitely doesn’t rise to the level of “Do not use Syncthing” for me, it’s more “be wary that Syncthing may behave in unexpected ways and have backup plans in place”.

                                          1. 1

                                            How do you think Dropbox stands in comparison[1]? Do people not comfortably use Dropbox as an implicit backup for their files, especially as it supports file history?

                                            [1] aside from it being centralized and proprietory, that is; asked from the standpoint of reliability.

                                            1. 3

                                              Syncthing also has file history, but you must enable it per-share.

                                              I think you were very cavalier about your files. You assumed you understood how Syncthing was going to react to the manual changes you made, but you didn’t have a backup plan, really, for if it did not. I’m sorry you got burned, but now you know better, and it doesn’t have to happen again. Think about how much expense this incurred for you, and buy a backup disk. Start doing regular backups, the slow and boring way, because it will save you from the next misunderstanding.

                                              1. 3

                                                I personally would not trust Dropbox as a backup solution, especially given that you can only go back 180 days without buying a addon for which the price is “Contact Sales”.

                                                I’m sure many people do rely on Dropbox for backups, I think that’s probably a bad idea that will cause a reasonable fraction of those people undue suffering down the line.

                                                1. 2

                                                  Plus you are only one account compromise away from losing access to your files.

                                                2. 2

                                                  I think Dropbox represents a fine backup strategy provided it’s used as one factor in a multi-factor backup plan.

                                                  So, for example. I use Backblaze for my off site backups. You could use Dropbox instead. When paired with the onsite backups I have (A regularly scheduled HyperBackup job from my Synology NAS to a 5TB USB drive) I feel pretty confident that my data is safe.

                                                3. 1

                                                  There clearly isn’t a bug, and you make a great point about SyncThing not being a backup tool, it explicitly requires a carefully thought out and very rigorous backup regime to ensure no data is lost.

                                                  It’s a great tool, but with great power comes great responsibility, and it’s not clear to me that a lot of people will do the right thing.

                                                  1. 1

                                                    There’s quite the leap from “not claiming to be a backup program” to active destruction of data due to negligence in the program’s design.

                                                    A synchronization tool isn’t excused from destroying data due to design faults.

                                                    1. 2

                                                      A synchronization tool isn’t excused from destroying data due to design faults.

                                                      No, but is there a verified design fault at play here?

                                                      1. 2

                                                        Yes. If I read the article correctly, it does handle corner cases - such as disk full - poorly.

                                                  1. 4

                                                    This article seems to be based on a flawed understanding of floating point numbers. The author complains that “sin(x) gives me different results in different versions of Node”. What the author does not demonstrate in the article is the understanding that floating point numbers are approximations themselves, i.e. a given pattern of bits does not represent a precise number, but rather some range of numbers. Consequently, sin(x) is not well defined because x itself is not well defined.

                                                    1. 2

                                                      a given pattern of bits does not represent a precise number, but rather some range of numbers.

                                                      Do you have a source for this? I don’t think this is correct - my understanding is that while every floating point number has an infinite number of numbers that will round to the same value, a given pattern of bits has a single canonical value that it represents.

                                                      As the author points out, while floating point operations like addition/etc can exhibit surprising results, they are well defined, in that any two floating point numbers have a specific floating point number that is their sum. The fact that addition/subtraction/etc have this property, but sin/etc do not is somewhat interesting.

                                                      1. 1

                                                        It’s not so much that the numbers themselves are approximations; it’s that the formulas used to compute trig functions are infinite series. The more terms you add up, the more accurate the result, but the longer it takes. I’m not an expert on current FP code, but I doubt it keeps grinding out terms until the result stops changing. Instead there’s a balance between speed and accuracy. And of course different implementations have different trade-offs.

                                                        1. 1

                                                          There used to be LUT accelerated solution in i387 and i486+ CPUs. Since SSE2 there are fast trigonometric functions (faster and simpler to call I think) than the i387 floating point solutions. Switching between these implementations may result in different results. Software solutions are available, based on the Taylor series of the functions, but those are multiple magnitudes slower, and I doubt that node would rely on those.

                                                          Also floating point numbers do have a canonical value per se, but floating point arithmetic is an approximation, and it is expected to be treated as such.

                                                          1. 2

                                                            For sine in particular, because a transcendental constant is involved, we have what Kahan called The Table-Maker’s Dilemma: How do we round the result?

                                                        2. 1

                                                          Even the sum may change in a way “unexpected” by the author:

                                                          Even the conversion between the binary and decimal representation of a floating point binary number is (as in printf/scanf) an approximation, and this may change with node version (if they ship their solution and don’t use libc). Theoretically even a microcode update may effect floating point operations (although not likely).

                                                          Thus even by having the same Math.js deployed everywhere there are a multitude of variables at play on lower levels. Here cross-platform differences have been generously ignored.

                                                      1. 8

                                                        I’d have a test like: t.equal(ss.gamma(11.54), 13098426.039156161);

                                                        record scratch

                                                        OK, that’s your problem right there. It’s well known that you don’t write tests like this: instead you always leave some margin for error in FP equality assertions.

                                                        There’s difference between precision and accuracy. Just because IEEE doubles give you 52(?) bits of mantissa doesn’t mean those bits are all correct down to the LSB. And in cross platform code, like anything JS, you can’t even trust those bits will be 100% consistent from one platform/version to the next.

                                                        If you make assertions like that test, you’re basically asserting that the implementation of every math function you call remains exactly the same, which is a bad idea. You’re testing stuff that’s not part of the contract of the API, basically.

                                                        1. 12

                                                          Did you read the rest of the post? It explains this, just less condescendingly. You write that “It’s well known” not to write tests like this, but where exactly are people supposed to learn that? Posts like this seem like as good a place as any.

                                                          1. 4

                                                            Yeah, for sure. It nearly always comes off as gatekeepey and obnoxious to write “It’s well known that …” (comparable to the “It’s obvious that …” in a lot of math textbooks), and even when it doesn’t, it is never to the benefit of the reader. So cut it out if you do it!

                                                            I learned something from this blog post because I’ve run into this exact behavior when writing unit tests. I used the epsilon approach to dealing with it mostly because that was the only way that made sense to me – glad to know that is a reasonable approach, and good to know about the others

                                                            1. 1

                                                              Well, I was told about floating point arithmetic’s gotchas at least on 8 different courses on the university. Is learning what you are doing gatekeeping? Such is life. ¯_(ツ)_/¯

                                                              1. 4

                                                                No, learning is not gatekeeping. It’s the tone one uses to express that learned knowledge what can be perceived as gatekeeping. Some people are great at enthusiastically sharing their knowledge with others, which is completely different than simply stating “it is well known”, which sounds very much like “you should have already known this”.

                                                                About this topic in particular, i think it is totally reasonable to conclude that floating point operations are stable and well defined given the admittedly limited experience of noting that Math.sin(x) has always returned the same value when called with the same argument. It’s learning by doing, and that’s how many many people learn programming. Only when the result changes, because of a different browser or Node version, this assumption would be challenged, which i think is what the blog post is trying to convey :)

                                                            2. 3

                                                              I did read it; see my reply to @hwayne. I think the author misunderstands the nature of FP math: complex operations are always approximations, and roundoff errors always occur. (Trig functions are mostly computed as Taylor series, and there’s always a decision of how many terms to add before stopping.)

                                                              Sorry for sounding snarky. This is a bit of a pet peeve of mine, but I shouldn’t have climbed on my high horse so readily.

                                                              1. 1

                                                                where exactly are people supposed to learn that?

                                                                In just about any course on floating-point arithmetic. This error is not even a quirk of a hardware implementation. It shows that this person has never seen how errors propagate through FP operations, how FP works in the abstract (with all those (1 + ε) factors). It’s fundamental knowledge. Similarly, I wouldn’t expect an article about strcpy(3) causing buffer overflow in some situations or the discovery of two zeros in FP to get this much attention.

                                                                Posts like this seem like as good a place as any.

                                                                Learning programming from blog posts is a terrible idea, akin to learning programming from Stack Overflow answers. That’s how you learn trivia, not systematic knowledge. It’s also how you assimilate a lot of misinformation. Well-reviewed books (or lectures) are the way.

                                                              2. 5

                                                                He explicitly discusses epsilons in the article.

                                                                1. 4

                                                                  Yes, but only as a workaround for when you can’t afford to lug a custom JS reimplementation of the entire math library around with you. IMHO that’s the wrong way to look at it. Asking for accuracy down to the last bit in complex FP operations is not realistic. (For example, what happens if someone in the future finds a bug in that JS math lib, or an optimization, but can’t deploy it because it’ll break every use of it that expects perfect precision?)

                                                                  1. 3

                                                                    This is why the generally accepted modus operandi is to use binary coded decimal arithmetic for financial calculations, where “exact” solutions are needed (and usually only addition/subrtraction/mutiplication and in extreme cases division are used), and floating point arithmetic is used for engineering (as in real engineering, not ad-tech and div layout engineering) , where working with tolerances has been the norm since centuries.

                                                              1. 10

                                                                I was expecting a little more than “it doesn’t use semantic html” to qualify it as a “Fractal of Bad Design.” I get that that’s not good, but this article hasn’t really convinced me that i shouldn’t use Flutter Web, just given me a reason to be somewhat more wary of it than I would be otherwise.

                                                                1. 10

                                                                  If accessibility isn’t a good enough reason then what is?

                                                                  1. 5

                                                                    It depends on the circumstances - difference circumstances have different requirement - sometimes I’m making a tool just for myself, so I don’t care that screen readers or userstyles don’t work. Also, the article doesn’t mention it, but Flutter does seems to care at least somewhat about accessibility, and Flutter Web is still in beta, so it seems quite possible that this will improve in the future. I’m not sure what the roadmap looks like (since I’ve never used flutter), but it seems likely that accessibility will improve in the future. Flutter also seems pretty open about the limitations of Flutter Web:

                                                                    Not every HTML scenario is ideally suited for Flutter at this time. For example, text-rich flow-based content such as blog articles benefit from the document-centric model that the web is built around, rather than the app-centric services that a UI framework like Flutter can deliver. However, you can use Flutter to embed interactive experiences into these websites.

                                                                    1. 1

                                                                      What I was expecting was a more in-depth report based on experience, rather than a “I looked at it for a few minutes and here are my first impressions”, which is what this post seems to be.

                                                                      It’s almost unimaginable to release something like this in 2020 and not have a11y support, so I did a quick search and it seems like accessibility is possible with flutter. I don’t know how well that works in practice (I never even heard of “Flutter” before I read this post) and it’s entirely possible that it’s really bad, but it’s not even mentioned in this post which leaves me with the impression that the author doesn’t know either.

                                                                    2. 10

                                                                      I agree. I think this is major flaw, and I think it’s suspicious that google has put out a major tool that essentially breaks automation.

                                                                      But ‘fractal of bad design’ implies significant and unique design mistakes that culminate into something much more serious, across a multitude of surfaces.

                                                                      And and top of that, the conclusion of

                                                                      Flutter is a misguided attempt to achieve the impossible: quality cross platform experiences

                                                                      Is I think a little hyperbolic, especially when the article doesn’t tackle any topic related to cross platform considerations at all.

                                                                      Classic clickbait, but that shouldn’t take away from the concerns illustrated

                                                                    1. 12

                                                                      friendlysock, for the amount that i see you complain about keeping lobste.rs purely technical, and not including other things, it seems like this submission might show that that’s not your primary concern there. is there a good reason you linked to this page (with no technical content and autoplaying audio), rather that, say, the github repo?

                                                                      1. 9

                                                                        It’s art and is whimsical, and it links directly to its source, which has kind of a neat minimalist way of handling things like animation.

                                                                        You might have missed the Github link in the menu. :)

                                                                        1. 6

                                                                          my understanding is that the usual sort of protocol for this sort of thing is to link directly to source code, rather than the product itself.

                                                                          would you consider whimsical art generally on topic for lobste.rs?

                                                                          1. 8

                                                                            We have a tag for art, and this is art that relies on computers to draw and has source. If it fails to spark sufficient joy it gets flagkilled.

                                                                            I don’t feel that art is really the cancerous plague that marketing or politics can be…if you feel so moved, start a meta thread. :)

                                                                            1. 5

                                                                              Every time someone links directly to source code, there’s comments complaining that they don’t understand what something is.

                                                                        1. 1

                                                                          I don’t really agree with a person’s “preferred name” is their name, their “legal name” is something else.

                                                                          1. 24

                                                                            I tend to assume the best decisions are made close to where the most information is available, and vice versa.

                                                                            Why would a state bureaucracy, none of whose members have necessarily met the person in question, have a better idea than the human living with it?

                                                                            1. 17

                                                                              I disagree with your disagreement. I’ll take the example of my mother. She dislikes her legal name, and in 99% of circumstances drops her first name entirely and goes by her second name. Everybody knows her by her second name and she only uses her birth name where she legally needs to. She could change it so that her legal name and actual name lined up, but she has sentimental reasons for not doing so owing to who she was named after.

                                                                              Her “preferred name” is her name as far as everybody is concerned, and her “legal name” is something else.

                                                                              You also have the case of actors, who, for various reasons, need to avoid sharing stage names. Through use, their stage name often ends up becoming simply their name, as that’s what everybody addresses them as outside of a legal context.

                                                                              1. 4

                                                                                I feel like both of our viewpoints are valid to some extent — I could argue that her name is still her name, she just goes by another name, and most people are simply unaware of her real name?

                                                                                And yes, the case with the actors is quite a common one, such that here in Germany you can register your artist name (Künstlername) easily and it will be put on both the ID card and passport, so that you can use it and identify yourself with it just like you can with your normal name.

                                                                                1. 7

                                                                                  What makes the name a few bureaucratic entities have in their system her “real name”, one that she herself quite possibly rarely sees, over the name(s) that she and everyone in her day-to-day life refer to her as? Is it because it’s on her birth certificate? Is it because it’s the name some of these entities use? What if any of those were different from one another? What if she had two or more legal names in different countries?

                                                                                  In my country, your legal name is whatever you say it is, and you can change that whenever you want (provided you’re not trying to commit fraud or something). You may have some minor difficulty with certain institutions (passport office, banks, etc.) who want proof of this, but they generally just want to see that you’ve used the name elsewhere already (power bill, etc.) and your declaration that it is, in fact, your name. When would you define a name as a person’s “real name” in this situation? As soon as they start using it? Once the commonly-interacted-with entities have been notified of it? The majority of them? All of them?

                                                                                  For example, someone I worked with at one point used to have a double-barrel surname. They got fed up of systems mangling it in various ways, so they dropped the hyphen, taking the first part as a middle name and the second part as a new surname. There’s probably various systems they don’t interact with anymore that still have the old name in their systems, but it’s been changed in most places they deal with regularly. What’s their “real name” to you?

                                                                                  As the main article, the linked-to Falsehoods list, and other commenters have said, people have different names in different contexts, and you can’t just assume you can take a name from one context and use it in another. Really, you should ask for a name for whatever you’re using it for, and state as much. Most systems (or websites, at least) already understand this when it comes to payment - people just need to realise “billing” and “rest of the world” aren’t the only two contexts.

                                                                                  1. 2

                                                                                    people just need to realise “billing” and “rest of the world” aren’t the only two contexts.

                                                                                    My favorite thing is when an e-commerce site has apparently separate names associated with your account as a whole, your billing address, and your shipping address, but they turn out to be not actually separate.

                                                                                    For example: I purchased a gift for my mom recently from a dealer that specializes in that particular thing, and gave my name for both the account name and the billing address, but used her name and address as the shipping address. The initial “we’ve received your order but not begun processing it yet” email had my name in it, but subsequent emails have all had hers.

                                                                                  2. 5

                                                                                    in Germany you can register your artist name (Künstlername) easily and it will be put on both the ID card and passport, so that you can use it and identify yourself with it just like you can with your normal name.

                                                                                    That’s pretty damn awesome.

                                                                                    In Sweden changing your given names is a matter of an (online) form and a small fee.

                                                                                    Your last name is a bit more expensive to change, as it has to be checked against “known names” (such as ancient noble names) but is still a matter of a e-id submission and payment of a fee.

                                                                                    1. 2

                                                                                      In Sweden changing your given names is a matter of an (online) form and a small fee.

                                                                                      That’s pretty awesome, I wish the government here would embrace online forms more. I don’t know how it works here but it should be fairly easy and inexpensive for people to change their names if they have a good reason for it (and it’s not done for fraud).

                                                                                      Your last name is a bit more expensive to change, as it has to be checked against “known names” (such as ancient noble names) but is still a matter of a e-id submission and payment of a fee.

                                                                                      I figure they also do checks to make sure you don’t name yourself anything weird (Hitler, Stalin, Mao?). Also, I know that some countries (France?) have white lists for names that are allowed, and I wonder if that still applies if you’re the one choosing it? Because it would kind of suck if your preferred name wasn’t “allowed” for some reason.

                                                                                      1. 2

                                                                                        The rules are here (in Swedish): https://www.skatteverket.se/privat/folkbokforing/namn/bytaefternamn.4.76a43be412206334b89800020669.html

                                                                                        It’s been liberalized these last years. Double surnames used to be verboten. Some stuff is new, such as the possibility to change surnames to a more gender-preferred form (in the case of languages where that’s an option).

                                                                                        Note that there’s quite a long wait time however.

                                                                                        Regarding “offensive” names, that’s definitely a rule. A famous case involved parents wanting to give their daughter the names “Adolfina Stalina”. They were denied.[1] But there’s a famous example of basic free-form poetry with first names (although the person seems to have tired of being the butt of internet jokes and changed it to Salkert): https://twitter.com/inalvsmat/status/414156476849340417

                                                                                        [1] it’s possible the person could choose those names as an adult. The case hinged on wether these names could cause the person difficulties while she was a child.

                                                                                    2. 5

                                                                                      No, plenty of people are aware of her legal name, but even for them, that’s not her name in any meaningful sense and it would be weird to refer to her by it. The only people who refer to her by her legal name are bank officials, healthcare professionals, and civil servants, all of whom are quickly corrected.

                                                                                      Take a look at it from this perspective: if you were given a name at birth, but practically everybody knows and refers you by another name, even those who know your birth name, which one is in practical terms more your actual name? Arguably, it would be the name people actually use to refer to you regardless of what your birth certificate might say.

                                                                                      The idea of people having a fixed legal name is quite a modern one.

                                                                                      Quick addendum. Here’s another interesting case, and I fall into this. I have what might appear to be two legal names, or rather I have one legal name, which has two forms in two different languages. I make active use of both forms depending on the circumstances. I used the Irish form of my name in personal circumstances and the English form in professional circumstances, not least because of there being a preponderance in the world of people who don’t understand that not every language is English.

                                                                                      1. 1

                                                                                        Just to chime in on that addendum, since I originally omitted this from my comment: I also have two written forms of my name, in Gaelic and English. It’s just easier to use the English one in contexts where you’re going to be meeting new people more often than not and they’re unlikely to know the language. Both are my name though.

                                                                                        (It’s also my experience that people are happy to, and pretty good at, trying to guess the pronunciation of words, except when it comes to names, in which case they jump straight for the most incomprehensible one.)

                                                                                      2. 2

                                                                                        Last I checked it was absolutely not easy.

                                                                                        cf https://www.anwalt.de/rechtstipps/der-weg-zum-kuenstlernamen_040484.html - in German

                                                                                        Gegenüber der Behörde sind die Angaben über den Künstlernamen glaubhaft zu machen. Das bedeutet, dass man gegenüber der Behörde glaubhaft machen muss, dass man überregional unter diesem Künstlernamen bekannt ist.

                                                                                        Which basically means you should be “well-known by that name and not only locally” and the internet didn’t really count. Maybe today it’s different if you can prove you have a million of followers on any social media thing.

                                                                                        I’m not ruling out that a few nerds did that with their online nicknames, but I never heard anyone following through.

                                                                                    3. 8

                                                                                      For a transgender person, their preferred name is absolutely their name, and given the serious obstacles in many places to name changes (cost, requirements to post in newspapers, requiring approval from a judge, or even just having not done so yet) their legal name is likely to not be their name.

                                                                                      1. 5

                                                                                        Any chance you can elaborate as to why?

                                                                                        1. 3

                                                                                          To me, a person’s legal name is their name, any other names someone or the people around them come up with (nick names, abbreviations, pseudonyms, affectionate names) are just aliases for the real name. I do agree, however, that more websites could skip asking for real name information and just ask for an alias (nickname), both for data protection reasons, and for convenience — there might be a lot of Patricks, but nobody else is going to pick a weird nickname like xfbs.

                                                                                          1. 12

                                                                                            To me, a person’s legal name is their name

                                                                                            And what of people whose name a legal system can’t or won’t represent?

                                                                                            And which legal name? Ones legal name can easily differ between regimes. Or even during time in a regime. Or have multiple legal names, in a single regime.

                                                                                            1. 3

                                                                                              And what of people whose name a legal system can’t or won’t represent?

                                                                                              What do you mean by that? I can think of two cases: either at birth, the name is rejected (for example, Adolf Hitler is a banned name in many jurisdictions) or someone has a name written in another writing system (then you’d have to write it phonetically?).

                                                                                              And which legal name? Ones legal name can easily differ between regimes. Or even during time in a regime. Or have multiple legal names, in a single regime.

                                                                                              What does the regime have to do with your name?

                                                                                              1. 9

                                                                                                What does the regime have to do with your name?

                                                                                                Ideally, nothing. In practice, it is your regime that sets up the laws for allowing or disallowing certain names.

                                                                                                For example, in France, breton names are routinely rejected by the current “regime” because they are not written according to the orthographic rules of the french language. Yet, breton is the language of people that have been living in the territory of the French state since before this state even existed. Heck, if I was born four years sooner my current name would be illegal (a Catalan name in fascist Spain). I would be extremely offended of being forced to use my legal, completely artificial, name.

                                                                                                The fact that something is “legal” does not make it legitimate. Some laws suck; and enforcing a “legal name” policy may suck as a result. Let us not increase the suckiness of the world by adopting this policy.

                                                                                                Another clear example is transgender people who live in countries where changing their name accordingly is illegal.

                                                                                                1. 7

                                                                                                  And what of people whose name a legal system can’t or won’t represent?

                                                                                                  What do you mean by that?

                                                                                                  Those are two good cases. Here are some more:

                                                                                                  • Names that don’t fit your language’s phonetics and cannot be transliterated accurately
                                                                                                  • Names that aren’t phonetic (logograms, sign)
                                                                                                  • Names with accents or “invalid” punctuation marks
                                                                                                  • Names from a persecuted group or language

                                                                                                  What does the regime have to do with your name?

                                                                                                  In an ideal world, very little.

                                                                                                  However, legal names are one way a regime makes their populace legible. As an example, my legal name is different in China (李毅) than it is in Taiwan (李逵) than it is in Australia (David Ryland Scott Robinson) than it is in the United States (Scott D Robinson and David Ryland Scott Robinson).

                                                                                              2. 10

                                                                                                I get the impression that your particular legal name is probably not markedly dissimilar from the name you are most commonly known by in real life – that is, you probably go by your legal first name or a shortened form of it – because I think it’s easy for someone who has no real problems with their legal name to view it as the one unequivocally “real” name that everyone has.

                                                                                                I, on the other hand, not entirely uncommonly for someone from my region, have three names: two given names and a surname, and (this is the not entirely uncommon part) I have never gone by my first name in any capacity except official/formal ones, and then only grudgingly or until I was able to state my preferred name. I introduce myself to people as Secondname Lastname. My immediate and extended family, friends, and lovers have all called me by my second name (or a common shortened form of it, in the case of friends and lovers). Even as a child when my parents were upset with me and would scoldingly call me by my “full” name, they never included the first name. Many people who I’ve known since becoming an adult (and whom I thus got to introduce myself to, instead of them learning my name from an instructor calling roll and me informing them of my preferred name) are surprised when they find out, such as by seeing my debit card when we’re paying at a restaurant, that the name they know me by isn’t my first name. On top of all this, lately I’ve even come to identify more with the nickname form of my second name than the name itself.

                                                                                                So at least in my case, my legal name is basically just an identifier that is starting to feel increasingly arbitrary, that I was saddled with at birth, and that doesn’t reflect the name by/with which I actually identify. And I’m not even trans or a member of some other group for whom the burden of their legal name is even more onerous; in that case it probably would actually be worth all the heartburn to change my legal name instead of just being mildly annoyed at all the things in my life that have my full legal name on them, and websites that address me as Firstname (or even better, the ol’ all-caps-because-it-passed-through-a-mainframe-on-the-way-to-the-frontend FIRSTNAME) instead of Secondname or Sec.

                                                                                                At least Amazon lets me bill things to Firstname Lastname but ship them to Sec Lastname…

                                                                                                1. 6

                                                                                                  All of these comments are really amazing, I think I learned a lot. You have a good point there, I know of two similar cases, one is that I rarely bother to fill out my middle name anywhere even though it is technically part of my legal name, for brevity and because I don’t use it much. Also, I have a relative who, similar to you I suppose, has always been known by his second name.

                                                                                                  I guess someone’s legal name still is their name, and that is important for a number of reasons, such as accountability, but the heuristic that people want to be addressed by their first name does not always hold. It doesn’t hold in Russia or the Netherlands (where people have diminutive forms of their names that they might want to use), not all countries might have a concept of first or last names, as we learned some people might not have names after all (one person mentioned Ashkenazi-jewish boys, who traditionally don’t get one until they are 8). Some people might have legal names that are not easily pronounceable (because they might use a different writing system). And, obviously, some people might have issues with their legal name for other reasons (such as a Spanish or French regime not allowing them to use the name they want, or if they are trans or something like that and their country doesn’t let them pick a name of the gender they prefer).

                                                                                                2. 8

                                                                                                  I often mention this tweet in discussions like this one. For those who don’t want to read a tweet, it’s a lawyer complaining that a person with a Hispanic-style name like “Miguel Fernando Lopez Ortiz”, who goes by “Mike”, can be disadvantaged in the legal system because the governmant’s own “legal name” systems can’t handle this type of name well and may turn it into a huge number of aliases (“Miguel Ortiz ALIAS Miguel Lopez ALIAS Miguel Fernandez ALIAS Mike Ortiz ALIAS Mike Lopez…”), and the existence of a large number of aliases in records for a person is often treated as evidence of criminal intent (“why does he go by all these different names, if not to hide what he’s doing”).

                                                                                                  What’s your solution to that?

                                                                                                  Or to the fact that my “legal name” is one that’s hard for many systems to represent correctly, even though it’s a fairly common case? I was given the same name as my father, so I legally have a “Junior” in my name; I’ve been listed in various systems, including quite official ones, under FIRST LASTJR (wrong), FIRSTJR LAST (wrong), FIRST MIDDLEJR LAST (wrong), etc.

                                                                                                  1. 3

                                                                                                    Oh, wait. It took me a while to understand that. So, in the US, it is common to have multiple given names (middle names) but hispanic people have multiple last names, so his first name is Miguel and his last names are “Fernando Lopez Ortiz”, and so the system has to create aliases because any one of those last names are technically valid, and that looks suspicious because it looks like he’s known under multiple, different names when actually they are all his one, regular, legal name?

                                                                                                    What’s your solution to that?

                                                                                                    I’ve no idea, perhaps fix the system? Legal systems should be able to deal with people from other cultures properly anyways, so they should be able to represent “alien” names (especially in the US I suppose, where everyone is “alien” unless they are natives).

                                                                                                    Also, I did not know that the “junior” thing is actually part of a legal name! I thought people in the US just named themselves after their father (something that I don’t think is very common here in Germany, or Europe, but I might be wrong) and then used “junior” and “senior” to disambiguate.

                                                                                                    1. 3

                                                                                                      In naming traditions descended from Spanish culture, it’s common to have a composite first part to the name (so “Miguel Fernando” would be the given name, and should not be split into “Miguel” and “Fernando”). And it is common to have two family/surnames, one taken from each parent. Traditionally the first surname is taken from the father’s first surname, and the second is taken from the mother’s first surname; when sorting, the first surname is used first (so “Miguel Fernandez Lopez Ortiz” sorts under “L” by surname, not “O”).

                                                                                                      And that’s without getting into more complex situations like a saint’s name.

                                                                                                  2. 3

                                                                                                    that’s very cool and not at all reductive to say especially considering you live in a country that has a proven track record of denying representation to people whose real name isn’t their legal name and who want to set the record straight

                                                                                                    1. 1

                                                                                                      that’s very cool and not at all reductive to say especially considering you live in a country […]

                                                                                                      Be nice.

                                                                                                  3. 1

                                                                                                    Is @twee both your “preferred name” and name?

                                                                                                    1. 4

                                                                                                      It’s my preferred name for internet accounts, a point that I believe was addressed in the article:

                                                                                                      It almost certainly doesn’t identify them uniquely, and importantly, it need not bear any relation to their “legal name”. As software engineers, we are descendents of a proud heritage of hackers who often take great pleasure in assigning and using names, called “handles”, which are completely unrelated to their given or legal names.

                                                                                                      In real life people don’t refer to me as “twee”. But I’m not sure how that relates to @xfbs’s statement, which was what I don’t quite understand. Apologies if that’s just confusion on my part.

                                                                                                      1. 2

                                                                                                        @xfbs followed up with their perspective. I don’t agree with it.

                                                                                                        But, to my response, I was drawing the difference between “preferred name” and “name.”

                                                                                                  4. 4

                                                                                                    In UK law, “legal name” isn’t really something that exists - insomuch as it does, it’s the same thing as a “preferred name. You might have a name registered with specific legal entities (the DVLA, the Home Office, the HMRC), and those are often more strictly regulated - for instance, the homeoffice will deny passport applications where the name is a swearword. Quoting Home Office guidelines: “The name by which a person wishes to be known is a matter for the individual.”

                                                                                                    1. 4

                                                                                                      This is actually quite common in the Netherlands. For example, my name is Martin, but this is not my legal name, which is different and has two middle names. I don’t really publish this name on the internet (as a small barrier for potential identity theft), but usually it’s fancy names given to you during your baptism. It’s perhaps a bit less common for kids born today, but the majority of people over 30 have it.

                                                                                                      Most Dutch forms distinguish between your colloquial every-day name and full legal name when this matters.

                                                                                                      I actually got in to some problems with this after I moved abroad, I introduced myself as Martin (which is what everyone calls me, including my mother) but then later it turned out I wasn’t “Martin” at all; for example my ISP refused to help me as I said “Hi, this is Martin speaking, [..]” on the phone (English pedanticness, sigh). My (English) girlfriend at the time also filled in some council tax forms etc. with my colloquial name, and had some problems using this as a “proof of address”.

                                                                                                      Now I just fill in my legal name everywhere, which is hard to pronounce for most non-Dutch people and I have to tell them to just call me Martin; it would be helpful everyone if I could just fill in both 🤷‍♂️ When I went to the A&E after I broke my arm a few years ago I could see it was my turn just by the look of of puzzlement and horror every time the staff called me out for triage, x-rays, and doctor consultancy, heh.

                                                                                                      Granted, all of this is probably a pretty rare thing if you’re working on a system somewhere in the US, but generally speaking names are hard (“falsehoods people believe about names”) with many different edge cases and while I don’t really care how you call me, some people place a high value on this kind of thing.

                                                                                                      1. 3

                                                                                                        off topic, but i do get a kick out of the way most native english speakers recoil at dutch names like rutger, martijn, thijs etc.

                                                                                                        1. 2

                                                                                                          That’s actually really fascinating! I’ve never heard about that here in Germany. So where do these colloquial names originate, also from your parents or do they develop during childhood?

                                                                                                          1. 3

                                                                                                            That’s actually really fascinating! I’ve never heard about that here in Germany.

                                                                                                            It does exist in German(y) as well. As has been pointed out in another reply to you, it’s usually a shortened version of your full first name. In German it’s called the “Rufname”. To give a traditional German example, my neighbor (who has passed the 70 since quite a while) has “Wilhelm” as his first name. His wife, just as everybody else, calls him by “Willi”. Anywhere he needs to give an official address, he of course uses the full form of the name, and it’s what is placed on his mailbox.

                                                                                                            1. 3

                                                                                                              (Not the person you responded to but also from the Netherlands.)

                                                                                                              The colloquial name is the name your parents give you, usually the ‘official’ name is just a longer/more traditional name that that name was derived from.

                                                                                                              So for example my name is Daan but my ‘official’ name is Daniël, for someone called Tom it would be Thomas etc.

                                                                                                              1. 3

                                                                                                                From the parents. In @daanvdk’s examples the names are somewhat similar and the initials match, but note that differences can be larger. E.g. my sister’s official first name is Catharina, but her colloquial name is Karin.

                                                                                                                1. 2

                                                                                                                  Usually it’s just a shorter less fancy version of the full name. e.g. Johannus is John, Johan, Sjonnie, etc.

                                                                                                                2. 2

                                                                                                                  Yeah, that’s about how I would imagine it, with the problems you mentioned.

                                                                                                                  I’m not a big fan of not being able to choose anything, but looking at the possible problems until there’s a global shift or unification in how people use names I guess some of us have to live with using the legal name for all paperwork anyway.

                                                                                                                  Again, I’ve heard stories of people getting problems when airline tickets didn’t have their full legal names. so where do you draw the line? Is it worth having your non-legal name on the power bill and credit card, but airline tickets must be legal name again? Isn’t this a bit like having different online identities and not trying to leak information so they can’t be correlated? I guess people will just have to try if it works, and in your case, give up at some point.

                                                                                                                3. 4

                                                                                                                  The name I use day-to-day is not my legal name. In fact, the name on my email, my book, and all my published articles is not my legal name, either. Most people don’t even know I have a different legal name. The only time I use my legal name is for government correspondence.

                                                                                                                  1. 3

                                                                                                                    so what about the case where one person has multiple different legal names in different legal systems? which one is their “name”?

                                                                                                                    i downvoted this as troll since this comment is low-effort, doesn’t offer any useful insight (why do you disagree with this?), and i honestly don’t see how it’s possible to come to this conclusion after having thought about this even a little bit.

                                                                                                                  1. 8

                                                                                                                    This has been posted a couple times, but I think is too long to get much traction, which is a shame, since it’s a great read - some highlights:


                                                                                                                    Checking code deeply requires understanding the code’s semantics. The most basic requirement is that you parse it. Parsing is considered a solved problem. Unfortunately, this view is naïve, rooted in the widely believed myth that programming languages exist.


                                                                                                                    Many (all?) compilers diverge from the standard. Compilers have bugs. Or are very old. Written by people who misunderstand the specification (not just for C++). Or have numerous extensions. The mere presence of these divergences causes the code they allow to appear. If a compiler accepts construct X, then given enough programmers and code, eventually X is typed, not rejected, then encased in the code base, where the static tool will, not helpfully, flag it as a parse error.

                                                                                                                    The tool can’t simply ignore divergent code, since significant markets are awash in it. For example, one enormous software company once viewed conformance as a competitive disadvantage, since it would let others make tools usable in lieu of its own. Embedded software companies make great tool customers, given the bug aversion of their customers; users don’t like it if their cars (or even their toasters) crash. Unfortunately, the space constraints in such systems and their tight coupling to hardware have led to an astonishing oeuvre of enthusiastically used compiler extensions.


                                                                                                                    If divergence-induced parse errors are isolated events scattered here and there, then they don’t matter. An unsound tool can skip them. Unfortunately, failure often isn’t modular. In a sad, too-common story line, some crucial, purportedly “C” header file contains a blatantly illegal non-C construct. It gets included by all files. The no-longer-potential customer is treated to a constant stream of parse errors as your compiler rips through the customer’s source files, rejecting each in turn. The customer’s derisive stance is, “Deep source code analysis? Your tool can’t even compile code. How can it find bugs?”


                                                                                                                    The award for most widely used extension should, perhaps, go to Microsoft support for precompiled headers. Among the most nettlesome troubles is that the compiler skips all the text before an inclusion of a precompiled header. The implication of this behavior is that the following code can be compiled without complaint:

                                                                                                                    I can put whatever I want here. It doesn’t have to compile. If your compiler gives an error, it sucks. #include <some-precompiled-header.h>


                                                                                                                    Do bugs matter? Companies buy bug-finding tools because they see bugs as bad. However, not everyone agrees that bugs matter. The following event has occurred during numerous trials. The tool finds a clear, ugly error (memory corruption or use-after-free) in important code, and the interaction with the customer goes like thus:

                                                                                                                    “So?”

                                                                                                                    “Isn’t that bad? What happens if you hit it?”

                                                                                                                    “Oh, it’ll crash. We’ll get a call.” [Shrug.]

                                                                                                                    If developers don’t feel pain, they often don’t care. Indifference can arise from lack of accountability; if QA cannot reproduce a bug, then there is no blame. Other times, it’s just odd:

                                                                                                                    “Is this a bug?”

                                                                                                                    “I’m just the security guy.”

                                                                                                                    “That’s not a bug; it’s in third-party code.”

                                                                                                                    “A leak? Don’t know. The author left years ago…”

                                                                                                                    1. 3

                                                                                                                      This is a good one too:

                                                                                                                      “Why is it when I run your tool, I have to reinstall my Linux distribution from CD?”

                                                                                                                      This was indeed a puzzling question. Some poking around exposed the following chain of events: the company’s make used a novel format to print out the absolute path of the directory in which the compiler ran; our script misparsed this path, producing the empty string that we gave as the destination to the Unix “cd” (change directory) command, causing it to change to the top level of the system; it ran “rm -rf *” (recursive delete) during compilation to clean up temporary file

                                                                                                                      I recall Mozilla seemed to put a lot support into Elsa/Elkhound and some of McPeeks other stuff (a static analyzer something to do with pork?). I often wondered about that. Lately I’ve been forced to use a static analysis service to scan binaries, has the industry given up on source code static analysis?

                                                                                                                      1. 1

                                                                                                                        Well, Mozilla created Rust because they felt it was the only viable way forward I guess.

                                                                                                                        Oh, also Facebook created Infer: https://fbinfer.com/

                                                                                                                        1. 1

                                                                                                                          Rust started as a personal project that then eventually got funded by Mozilla Research. Not sure that counts as “created”.

                                                                                                                          1. 1

                                                                                                                            I think it counts. Rust in its current form, influenced by Mozilla’s needs, is pretty far from GH’s original Rust which was (my impression) a C-ified OCaml.

                                                                                                                            EDIT: although I should correct myself on Infer, technically FB acquired it when they bought Monoidics.

                                                                                                                        2. 1

                                                                                                                          has the industry given up on source code static analysis?

                                                                                                                          If anything, there’s more going on in that field than there used to be. There’s lots of products to choose from. The number that have low noise is higher than before. Now, we also have tools like RV-Match built on a formal semantics of C, tools like Facebook’s Infer that work on massive codebases, and academics continuing to build better prototypes. The latter were converging on common foundations, too. Other than algorithms, powerful hardware that can scale up or out is cheaper than ever with clouds having some, too.

                                                                                                                          It’s the golden age of static analysis. Building on above combined with automated, test generation is what I’d have focused my work on had not the crisis shifted my priorities a bit.

                                                                                                                      1. 9

                                                                                                                        Something that I’ve been thinking about a lot is that the way that most software is distributed is really hostile to modifications - this post touches on that, but doesn’t go very deep into it. A question I’ve been asking recently is - what would a package manger that’s designed with end-users patching software as a first-class concern look like? And a somewhat more challenging version for some systems - what would it look like to allow end-users to patch their kernels as a first-class concern?

                                                                                                                        NixOS has the start to an answer for this (fork the nixpkgs repo, make whatever changes you like), but it still doesn’t seem ideal. I guess maybe gentoo is a sort of answer to this as well, but it doesn’t seem like gentoo answers the question of “how do you keep track of the changes that you’ve made”, which is I think a really important part of systems like this (and the thing that’s missing in most current package managers support for patching)

                                                                                                                        1. 13

                                                                                                                          Note you don’t need to fork nixpkgs to edit individual packages, you can just add them to an overlay with an override eg I was trying to debug sway recently so I have:

                                                                                                                          (sway.overrideDerivation (oldAttrs: {
                                                                                                                                src = fetchFromGitHub {
                                                                                                                                  owner = "swaywm";
                                                                                                                                  repo = "sway";
                                                                                                                                  rev = "master";
                                                                                                                                  sha256 = "00sf8fnbj8x2fwgfby6kcrxjxsc3m6w1yr63kpq6hv94k3p510nz";
                                                                                                                                };
                                                                                                                              }))
                                                                                                                          

                                                                                                                          One of the guix devs gave a talk called Practical Software Freedom (slides) where the core point was that it’s not enough to have foss licensing if editing code is so much of a pain that noone does it. It looks like guix has a pretty nice workflow for editing installed packages, and since the tooling is all scriptable I bet you could streamline it even more - eg add a command for “download the source, fork it to my personal repo, add the fork to my packages list”.

                                                                                                                          1. 6

                                                                                                                            I only very briefly used guix, but its kernel configuration system is also just scheme. It’s so much nicer than using any of the kernel configurators that come with the kernel, and I actually played around with different configurations rather than opting to play it safe which is what I normally do since it’s such a faff if I accidentally compile out support for something important.

                                                                                                                            1. 2

                                                                                                                              How often do you find your overlays breaking something in strange ways? My impression is that most packages don’t come with tests or other guardrails to give early warning if I break something. Is that accurate?

                                                                                                                              1. 3

                                                                                                                                I haven’t had any problems so far. I guess if you upgrade a package and it changes the api then you might be in trouble, but for the most part it seems to just work.

                                                                                                                            2. 6

                                                                                                                              One thing this brought to mind was @akkartik’s “layers” script: http://akkartik.name/post/wart-layers

                                                                                                                              The post is short, but the money quote is here:

                                                                                                                              We aren’t just reordering bits here. There’s a new constraint that has no counterpart in current programming practice — remove a feature, and everything before it should build and pass its tests

                                                                                                                              If we then built software such that reordering commits was less likely to cause merge conflicts, you could imagine users having a much easier time checking out a simpler version of the system and adding their functionality to that if the final version of the system was too complex to modify.

                                                                                                                              1. 4

                                                                                                                                I’ve gotten close with rpm and COPRs. I can fairly quickly download a source RPM, use rpmbuild -bp to get a prepped source tree where I can build a patch, track it, and add it back to the spec, then push it to a COPR which will build it for me and give me a yum repository I can add to any machines I want. Those pick up my changed version of the package instead of the upstream with minimal config fiddling.

                                                                                                                                It’s not quite “end users patching as a first class concern” but it is really nice and in that ballpark.

                                                                                                                                1. 3

                                                                                                                                  At that point the package system would just be a distributed version control system, right?

                                                                                                                                  1. 1

                                                                                                                                    Interesting point! And I guess that’s kinda the approach that Go took from the start, with imports directly from GitHub. Except, ideally, you’d have a mutable layer on top. So something like IPFS, where you have the mutable IPNS namespace that points to the immutable IPFS content-addressed distributed filesystem.

                                                                                                                                    Still, unlike direct links to someone elses GitHub repo, you would want to be able to pin versions. So you would want to point to your own namespace, and then you could choose how and when to sync your namespace with another person’s.

                                                                                                                                    1. 3

                                                                                                                                      This is how https://www.unisonweb.org/ works. Functions are content-addressed ie defined by the hash of their contents, with the name as useful metadata for the programmer. The compiler has a bunch of builtin refactoring tools to help you splice changes into an existing graph of functions.

                                                                                                                                      1. 2

                                                                                                                                        Just watched the 2019 strangeloop talk. Absolutely brilliant. Only drawback I see is that it doesn’t help with code written in other languages. So dependency hell is still a thing. But at least you’re not adding levels to that hell as you write more code (unless you add more outside dependencies).

                                                                                                                                  2. 2

                                                                                                                                    what would a package manger that’s designed with end-users patching software as a first-class concern look like?

                                                                                                                                    If you just want to patch your instance of the software and run it locally, it is very straightforward in Debian and related distributions, using apt-src. I do it often, for minor things and pet peeves. Never tried to package these changes and share them with others, though.

                                                                                                                                    1. 1

                                                                                                                                      All the stuff package managers do doesn’t seem to help (and mostly introduces new obstacles for) the #1 issue in modifying software: “where are the sources?” It should be dead easy to figure out where the sources are for any program on my system, then to edit them, then to run their tests, then to install them. Maybe src as the analogue to which?

                                                                                                                                      I appreciate npm and OpenBSD to a lesser extent for this. Does Gentoo also have a standard place for sources?

                                                                                                                                      1. 1

                                                                                                                                        I believe Debian is trying to streamline this with Salsa. That’s the first place I look when I’m looking for source code of any package on my system.

                                                                                                                                      2. 1

                                                                                                                                        what would a package manger that’s designed with end-users patching software as a first-class concern look like?

                                                                                                                                        A DVCS. (It’s Christmas, “Away in a package manger, no .dpkg for a bed…”)

                                                                                                                                        We drop in vendor branches of 3rd party libraries into our code as needed.

                                                                                                                                        We hack and slash’em as needed.

                                                                                                                                        We upstream patches that we believe upstream might want.

                                                                                                                                        We upgrade when we want, merging upstream into our branch, and the DVCS (in our case mercurial) tells us what changed up stream vs what changed locally. Some of the stuff that changed upstream is our patches of improvements on them, so 99% of the time we take the upstream changes, and 0.9% of time take our changes and 0.1% of the time have to think hard. (ps: 99% of stats including this one are made up (from gut feel) on the spot. What makes these stats special is I admit it.)

                                                                                                                                        A related topic is the plague of configuration knobs.

                                                                                                                                        Every time any programming asks, “What should these configuration value be? He says, dunno, make it an item (at best) in the .conf file or at worst, in the UI.”

                                                                                                                                        The ‘net effect is the probability of the exact configuration ever having been tested by anyone else on the planet is very very very low and a UI that you’d either need a Phd to drive (or more likely is full of wild arsed guesses)

                                                                                                                                        A good habit is, unless there is a screaming need, by default put config items in a hidden (to the user) file and that is not part of the user documentation.

                                                                                                                                        If anybody starts howling that they need to alter that knob, you might let them into the secret for that knob, and consider moving it into a more public place.

                                                                                                                                      1. 10

                                                                                                                                        I’d love to see a crate that combines the usability of LALRPOP’s format with the expressivity of PEG parsers, for when I want to quickly hack together a prototype of something involving a parser, or for cases where optimization is not as important.

                                                                                                                                        Check out my library, rust-peg. It’s a PEG-based parser generator as a Rust procedural macro, with Rust code and Rust types embedded in the grammar for you to build an AST. It’s designed to give you reasonable-looking parse errors by default, with facilities to tweak what gets reported, and the ability to extract positions / spans to include in your AST. Input can be &str or &[u8] without a lexer, or it integrates with an external lexer by handling any &[T] or your own type that you implement a few traits for.

                                                                                                                                        1. 2

                                                                                                                                          Oh, cool! I’ll check it out next time I want to parse something, that does look pretty nice :)

                                                                                                                                        1. 2

                                                                                                                                          i use it for resizing splits in vim, mostly - i find tasks like that easier with a mouse.

                                                                                                                                          1. 1

                                                                                                                                            is it true that always_inline always causes a function to be inlined? my impression is that it’s up to the compiler still, and in some/many cases things marked always_inline aren’t inlined, but i haven’t actually investigated this at all…

                                                                                                                                            1. 2

                                                                                                                                              There are various things that will prevent the compiler from inlining even in the presence of “always_inline”. For example:

                                                                                                                                              • recursive functions
                                                                                                                                              • C varargs
                                                                                                                                              • dynamic alloca()

                                                                                                                                              You can look at the LLVM source code to see what causes it to disable inlining. :)

                                                                                                                                            1. 8

                                                                                                                                              I have plenty of complaints about PowerShell, but passing structured data around … isn’t among my complaints.

                                                                                                                                              If UNIX standardized on whatever was the JSON of the early 70s for IPC, would it have survived and thrived?

                                                                                                                                              1. 2

                                                                                                                                                The concrete format could be replaced easily, especially if it’s only used within pipelines. Flip the switch and all utilities switch from (say) JSON to YAML. If people stored some data that they’d get out of pipelines, just provide some conversion utility.

                                                                                                                                                Of course, there are going some leaky abstractions somewhere, but having every utility use its own custom text format is definitely more friction.

                                                                                                                                                The only strong counterargument that I can think of is that processing a structured format sometimes has a considerable overhead.

                                                                                                                                                1. 5

                                                                                                                                                  I like S-expressions for this task. It seems like most things can be represented with trees. They’re not trivially easy to work with using “primitive” editors that you might have found on early Unices, but they’re far more readable than XML and they also can be used as a programming language syntax, which is a testament to their usefulness. I couldn’t see myself using a programming language that uses YAML as a syntax.

                                                                                                                                                  That said, nearly anything standardized is better than plain text. So long as you can edit it as plain text and it encodes some high-level structure, I think it could be useful for this application. PowerShell might take the structure idea a little too far, but you can still (mostly) pretend that it’s just a regular Unix shell.

                                                                                                                                                  1. 3

                                                                                                                                                    Now my code needs to handle 2 input and output formats, depending on what it’s connected to. No thanks.

                                                                                                                                                    1. 6

                                                                                                                                                      not necessarily - it could be handled by something like libxo. not that that doesn’t have it’s own problems, but libraries do exist :)

                                                                                                                                                      1. 2

                                                                                                                                                        You might not have to if there are suitable tools available to convert between the common formats.

                                                                                                                                                  1. 26

                                                                                                                                                    One flipside of this is that, as a consultant, I’m incentivized to not talk publicly about my rates. If they’re publicly available, then companies can use that in bargaining against me. I try to charge as much as the company is willing to pay. Let’s say that’s 10 dollars a day.¹ If they know that I normally charge clients 8 dollars, they know I’m probably willing to settle for 8 dollars, and they can refuse unless I lower to the standard rate. They’re confident I’ll lower my rate than lose the business entirely, saving them money.

                                                                                                                                                    The downside to this is that consultants don’t know how much other consultants charge. There was a Twitter thread a while back where a high-profile speaker raised her keynote fee to 5k plus T&E, and several people chimed in that she was vastly undercharging.

                                                                                                                                                    ¹ (no I’m not charging 10 dollars a day, it’s at least 15.)

                                                                                                                                                    1. 6

                                                                                                                                                      If you think that your salary is too low, there’s also an incentive to not let your prospective next employers know. I know I’ve made that mistake once, and it won’t help you to get good offers.

                                                                                                                                                      1. 1

                                                                                                                                                        Yeah. It’d be nice to disown my comment about my salary just so this couldn’t happen to me. Is that an option, @pushcx?

                                                                                                                                                        1. 1

                                                                                                                                                          The disown link appears next to my comments if I go to “Your Threads.”

                                                                                                                                                          1. 1

                                                                                                                                                            Interesting, I don’t see it. I’ll check the codebase for what causes it to appear.

                                                                                                                                                            1. 1

                                                                                                                                                              Looks like it is time bound? Would make sense as I also can’t disown some comments anymore from two days ago. But I certainly had this button after creating them for some time. But it should be at least 1 day to trigger ?!

                                                                                                                                                              Edit: It doesn’t make any sense, I can still disown comments from 29 days ago, but not from 2?

                                                                                                                                                              1. 2

                                                                                                                                                                It’s deleteable for a period (currently 14 days), then disownable. Disowning is seen as a way to let people walk away from old conversations without turning those discussions into an unreadable mess, not as a way to post anonymously.

                                                                                                                                                      2. 6

                                                                                                                                                        yeah, definitely - i think i didn’t write this as clearly as i could have - the point i was trying to make is that how and with who you talk about your salary matters, and talking about it 1:1 with a co-worker is probably much more useful than just dumping how much you make on twitter. this is a good example of why that can be.

                                                                                                                                                        1. 3

                                                                                                                                                          Twitter has such a variety of content and outrage that it’s not a great place often for many things, but for fora (such as this) that focus on actionable stuff for practitioners I think these datapoints can still be can be illuminating.

                                                                                                                                                          Unionization is a pipedream in tech I think is a flawed idea in many ways but the first step to any sort of progress is people share their salary information. Limiting that information to your coworkers is I think a good way to breed resentment and upset a working environment, and also kinda reinforces a sort of provincialism that is already systemic in the tech industry: a bunch of GOOG or MSFT folks in NYC or SF or Seattle kvetching about their perf bonuses and kitchenette cutbacks to each other may be missing the bigger picture of flyover country and other nations.

                                                                                                                                                        2. 3

                                                                                                                                                          This is a really good point. I’ve noticed that recruiters are very aggressive in asking your current compensation. They would love to be able to look up your twitter handle and figure out how much you’re making, so they can figure out the lower bound that will make you switch jobs. Instead of putting it out on twitter, share information with your peers through private channels. Unlike consulting, general jobs have enough information through tools like levels.fyi to know what you’re worth, so posting about it on public channels is harmful to you

                                                                                                                                                          1. 3

                                                                                                                                                            Information asymmetry prevents efficient price discovery and leads to one party making more money from the other. :)

                                                                                                                                                            1. 1

                                                                                                                                                              as a consultant, I’m incentivized to not talk publicly about my rates. If they’re publicly available, then companies can use that in bargaining against me.

                                                                                                                                                              Then thank you for taking a risk with this comment!

                                                                                                                                                              no I’m not charging 10 dollars a day, it’s at least 15.

                                                                                                                                                              I see what you did there ;)

                                                                                                                                                            1. 2

                                                                                                                                                              If any online service provided by the top 10 public companies by market capitalization were completely offline for two hours, it would be forgotten within a week.

                                                                                                                                                              um, really? I feel like people would notice for instance:

                                                                                                                                                              • AWS
                                                                                                                                                              • GCP
                                                                                                                                                              • Visa

                                                                                                                                                              going down for 2 hours, and I’m sure Alibaba would be noticed as well, although I’m less sure of what they do (but don’t they run payment infrastructure? I think people would notice that)

                                                                                                                                                              1. 4

                                                                                                                                                                Lots of good things were originally unintended or semi-intended results of technical limitations. The /usr split is still a good idea today even if those technical limitations no longer exist. It’s not a matter of people not understanding history, or of people not realising the origins of things, but that things outgrow their history.

                                                                                                                                                                Rob’s email is, in my opinion, quite condescending. Everyone else is just ignorantly cargo-culting their filesystem hierarchy. Or perhaps not? Perhaps people kept the split because it was useful? That seems a bit more likely to me.

                                                                                                                                                                1. 19

                                                                                                                                                                  I’m not sure it is still useful.
                                                                                                                                                                  In fact, some linux distributions have moved to a “unified usr/bin” structure, where /bin, /sbin/, and /usr/sbin all are simply symlinks (for compatibility) to /usr/bin. Background on the archlinux change.

                                                                                                                                                                  1. 2

                                                                                                                                                                    I’m not sure it is still useful.

                                                                                                                                                                    I think there’s a meaningful distinction there, but it’s a reasonable decision to say ‘there are tradeoffs for doing this but we’re happy with them’. What I’m not happy with is the condescending ‘there was never any good reason for doing this and anyone that supports it is just a cargo culting idiot’ which is the message I felt I was getting while reading that email.

                                                                                                                                                                    In fact, some linux distributions have moved to a “unified usr/bin” structure, where /bin, /sbin/, and /usr/sbin all are simply symlinks (for compatibility) to /usr/bin. Background on the archlinux change.

                                                                                                                                                                    I’m not quite sure why they chose to settle on /usr/bin as the one unified location instead of /bin.

                                                                                                                                                                    1. 14

                                                                                                                                                                      That wasn’t the argument though. There was a good reason for the split (they filled up their hard drive). But that became a non-issue as hardware quickly advanced. Unless you were privy to these details in the development history of this OS, of course you would copy this filesystem hierarchy in your unix clone. Cargo culting doesn’t make you an idiot, especially when you lack design rationale documentation and source code.

                                                                                                                                                                      1. 2

                                                                                                                                                                        … it’s a reasonable decision to say ‘there are tradeoffs for doing this but we’re happy with them’. What I’m not happy with is the condescending ‘there was never any good reason for doing this and anyone that supports it is just a cargo culting idiot’ which is the message I felt I was getting while reading that email.

                                                                                                                                                                        Ah. Gotcha. That seems like a much more nuanced position, and I would tend to agree with that.

                                                                                                                                                                        I’m not quite sure why they chose to settle on /usr/bin as the one unified location instead of /bin

                                                                                                                                                                        I’m not sure either. My guess is since “other stuff” was sticking around in /usr, might as well put everything in there. /usr being able to be a single distinct mount point that could ostensibly be set as read-only, may have had some bearing too, but I’m not sure.
                                                                                                                                                                        Personally, I think I would have used it as an opportunity to redo hier entirely into something that makes more sense, but I assume that would have devolved into endless bikeshedding, so maybe that is why they chose a simpler path.

                                                                                                                                                                        1. 3

                                                                                                                                                                          My guess is since “other stuff” was sticking around in /usr, might as well put everything in there. /usr being able to be a single distinct mount point that could ostensibly be set as read-only, may have had some bearing too, but I’m not sure.

                                                                                                                                                                          That was a point further into the discussion. I can’t find the archived devwiki entry for usrmerge, but I pulled up the important parts from Allan.

                                                                                                                                                                          Personally, I think I would have used it as an opportunity to redo hier entirely into something that makes more sense, but I assume that would have devolved into endless bikeshedding, so maybe that is why they chose a simpler path.

                                                                                                                                                                          Seems like we did contemplate /kernel and /linker at one point in the discussion.

                                                                                                                                                                          What convinced me of putting all this in /usr rather than on / is that I can have a separate /usr partition that is mounted read only (unless I want to do an update). If everything from /usr gets moved to the root (a.k.a hurd style) this would require many partitions. (There is apparently also benefits in allowing /usr to be shared across multiple systems, but I do not care about such a setup and I am really not sure this would work at all with Arch.)

                                                                                                                                                                          https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022629.html

                                                                                                                                                                          Evidently, we also had an request to symlink /bin/awk to /usr/bin/awk for distro compatability.

                                                                                                                                                                          This actually will result in more cross-distro compatibility as there will not longer be differences about where files are located. To pick an example, /bin/awk will exist and /usr/bin/awk will exist, so either hardcoded path will work. Note this currently happens for our gawk package with symlinks, but only after a bug report asking for us to put both paths sat in our bug tracker for years…

                                                                                                                                                                          https://lists.archlinux.org/pipermail/arch-dev-public/2012-March/022632.html

                                                                                                                                                                          And bug; https://bugs.archlinux.org/task/17312

                                                                                                                                                                    2. 18

                                                                                                                                                                      Sorry, I can’t tell from your post - why is it still useful today? This is a serious question, I don’t recall it ever being useful to me, and I can’t think of a reason it’d be useful.

                                                                                                                                                                      1. 2

                                                                                                                                                                        My understanding is that on macOS, an OS upgrade can result in the contents of /bin being overwritten, while the /usr/local directory is left untouched. For that reason, the most popular package manager for macOS (Homebrew) installs packages to /usr/local.

                                                                                                                                                                        1. 1

                                                                                                                                                                          I think there are cases where people want / and /usr split, but I don’t know why. There are probably also arguments that the initramfs/initrd is enough of a separate system/layer for unusual setups. Don’t know.

                                                                                                                                                                          1. 2

                                                                                                                                                                            It’s nice having /usr mounted nodev, whereas I can’t have / mounted nodev for obvious reasons. However, if an OS implements their /dev via something like devfs in FreeBSD, this becomes a non-issue.

                                                                                                                                                                            1. 2

                                                                                                                                                                              Isn’t /dev an own mountpoint anyways?

                                                                                                                                                                              1. 1

                                                                                                                                                                                It is on FreeBSD, which is why I mentioned devfs, but idk what the situation is on Linux, Solaris and AIX these days off the top of my head. On OpenBSD it isn’t.

                                                                                                                                                                                1. 2

                                                                                                                                                                                  Linux has devtmpfs per kernel default.

                                                                                                                                                                        2. 14

                                                                                                                                                                          The complexity this introduced has far outweighed any perceived benefit.

                                                                                                                                                                          1. 13

                                                                                                                                                                            I dunno, hasn’t been useful to me in the last 20 years or so. Any problem that it solves has a better solution in 2020, and probably had a better solution in 1990.

                                                                                                                                                                            1. 6

                                                                                                                                                                              Perhaps people kept the split because it was useful? That seems a bit more likely to me.

                                                                                                                                                                              Do you have a counter-example where the split is still useful?

                                                                                                                                                                              1. 3

                                                                                                                                                                                The BSDs do have the related /usr/local split which allows you to distinguish between the base system and ports/packages, which is useful since you may want to install different versions of things included in the base system (clang and OpenSSL for example). This is not really applicable to Linux of course, since there is no ‘base system’ to make distinct from installed software.

                                                                                                                                                                                1. 3

                                                                                                                                                                                  Doesn’t Linux have the same /usr/local split? It’s mentioned in the article.

                                                                                                                                                                                  1. 5

                                                                                                                                                                                    I tend to rush for /opt/my-own-prefix-here (or per-package), myself, mainly to make it clear what it is, and avoid risk of clobbering anything else in /usr/local (like if it’s a BSD). It’s also in the FHS, so pedants can’t tell you you’re doing it wrong.

                                                                                                                                                                                    1. 4

                                                                                                                                                                                      It does - this is generally used for installing software outside the remit of the package manager (global npm packages, for example), and it’s designated so by the FHS which most distributions follow (as other users have noted in this thread), but it’s less prominent since most users on Linux install very little software not managed by the package manager. It’s definitely a lot more integral in BSD-land.

                                                                                                                                                                                      1. 3

                                                                                                                                                                                        […] since most users on Linux install very little software not managed by the package manager

                                                                                                                                                                                        The Linux users around me still do heaps of ./configure && make install; but, I see your point when contrasted against the rise of PPAs, Docker and nodenv/rbenv/pyenv/…

                                                                                                                                                                                        1. 3

                                                                                                                                                                                          Yeah, I do tons of configure make install stuff, sometimes of things that are also in the distro - and this split of /usr/local is sometimes useful because it means if I attempt a system update my custom stuff isn’t necessarily blasted.

                                                                                                                                                                                          But the split between /bin and /usr/bin is meh.

                                                                                                                                                                                    2. 1

                                                                                                                                                                                      That sounds sensible. Seems like there could be a command that tells you the difference. Then, a versioning scheme that handles the rest. For example, OpenVMS had file versioning.