how many comments of yours do you think are policing what people post here? 10%, 20%? Before you respond with something along the lines of “eternal september” or “hacker news” just know I’ve lurked at HN for almost as long as its been around and I had a computer in the late 80s.

I agree. I did at least learn from your link that Arnnon Geshuri, Vice President of HR at Tesla, was a senior one at Google that some reports said was involved in the price fixing and abusive retention of labor here. That’s a great hire if your an honest visionary taking care of employees who enable your world-changing vision. ;)

Forgive my extreme mathematical naivety, but a = (a / b) * b + a % b doesn’t make much sense to me. Given (a / b) * b will always equal a, doesn’t this imply that a % b is always 0?

while I agree with you in this case, I don’t particularly like the “I speak for everyone” stance you seem to be taking here.

Do you think an additional CVE tag would make sense? Given there’s upvotes some people seem to be interested.

Yeah, I’d rather not have them at all. Maybe a detailed, tech write-up of discovery, implementation, and mitigation of new classes of vulnerability with wide impact. Meltdown/Spectre or Return-oriented Programming are examples. Then, we see only the deep stuff with vulnerability-listing sites having the regular stuff for people using that stuff.

seems like a CVE especially arbitrary code execution is worth posting. my 2 cents

I’m an operations professional who set up the AWS infrastructure for a “hip, well-funded startup,” and I’m here to join the 3/20 club.

I did get the color of the Node.js SDK right, which I’m proud of, having never noticed the logo consciously.

https://github.com/ryanbr/fanboy-adblock/blob/master/fanboy-cookiemonster.txt

Integrated in at least uBlock Origin as “Fanboy’s Cookiemonster List”.

hey at least they asked right?

cause it’s totally impossible to just set an option in your web browser to not save cookies (….well it used to be possible, but it’s not anymore because then you can never get past these nag boxes)

I use the SK-8845. It’s a pretty good keyboard, but I still miss the one in my old ThinkPad T500. The SK-8845 has some flaws:

• It’s missing a windows key.
• The touchpad is glitchy. I haven’t quite figured out how it’s glitchy, but it does things I don’t expect sometimes.
• The “back” and “forward” buttons are hardcoded in the firmware to send alt-left/alt-right.

I’ve been considering converting a ThinkPad T500 keyboard/touchpad to USB for a while, but never quite had the motivation to do it.

DuckduckGo is my go to search.

It is simple and doesn’t have the Google bloat to it and thise smart searches like where you can generate a md5 hash for example in a search query or do number system conversions is pretty cool

Searx is a fairly nice meta search engine.

Finally there are still all sorts of specialized search options. In this category I would start with Amazon and Wikipedia.

DuckDuckGo has a feature called “bangs” that let you access them. Overview here. Even if not using DDG, their list might be a nice reference of what to include in a new, search engine.

the URL bar itself now performs a search when you put something that’s not a URL in it

Compared to “commonplace” things like cars and antibiotics? Internet, GPS, maglevs, a vast array of surgical techniques, the absence of smallpox…

Compared to “works but government and academia only” things like satellites and compilers? Hololens, quantum computers, drones, railguns, graphene, carbon nanotubes, metamaterials…

Compared to “wildly experimental and probably won’t ever happen” things like tokamak and nuclear airplanes? Probably a lot of classified shit. Antimatter experiments at LHC. Arguably a lot of work with AI

I think it is reasonable to say that the reworking of daily life has slowed.

The stove, the refrigerator and the car changed the routine of life tremendously.

The computer might be more impressive by any number of measures but it didn’t rework daily life so much as add another layer on top of ordinary life. We still must cook meals and drive around.

The linear extension of the car and the stove would be the auto-chef and the flying/auto-driving car.

Both things are still further than is sometimes claimed by the press but the seem a bit closer than 2012. However, the automation offered by externally available power, which began in the 1800s, definitely has reached a point of diminishing returns.

We may experience further progress through computers, AI and such. But this seems to hampered by a “complexity barrier” - an equivalent amount of daily life automation as various technologies offered earlier through power now requires systems that are much more computationally complex. Folding towels really does turn out to be the hard part of washing, etc and even with vast advances in computational ability, we may still be at diminishing returns.

There have been significant advances since then (for instance, in medical treatments like cancer therapies and surgery—life expectancy in the US has risen from 70 to 79 since 1960), but nothing revolutionary, that would seem remotely as magical as the developments across the first half of the century.

Relevant: https://www.reddit.com/r/AskReddit/comments/15yaap/if_someone_from_the_1950s_suddenly_appeared_today/c7qyp13/

My first suggestion would be to install VirtualBox, put your distro of choice inside that, and then run it full screen most of the time.

This is my life right now. It is decidedly second class; all the corporate-mandated bloatware is still there wasting utterly ludicrous amounts of memory and CPU time, but at least I don’t have to look at it and I can use a decent window manager and terminal environment. I certainly consider this preferable to the Bash-on-Windows features (and far, far better than Cygwin).

Can’t install VirtualBox. This is a workspace, think something like remote desktop. See above for a link.

You could also try the Windows 10 Linux stuff. I haven’t tried it (because I don’t use windows) but those who do say it is pretty great.

WSL is good, but not great. I’ve been using it semi-seriously on my home machine for the past year and half and it’s better than it was, but I’m consistently disappointed in all the terminal emulators. The only setup I’m happy with is running urxvt on Xming. You will be disappointed in file system speed, but that seems to be a Windows thing regardless of WSL.

I’ve never had a problem doing anything with systemd myself - I think a lot of the hate towards it stems from the attitude of the project owners, and how they don’t make any effort to cooperate with other projects (most notably, IMO, the Linux kernel folks). Here’s a couple of interesting mailing list messages that demonstrate that:

• https://lkml.org/lkml/2014/4/2/415
• https://lkml.org/lkml/2017/7/6/577

It’s even more fun when you consider how many of these websites then set the cookies that you’d actually have to opt in…

How do you do this with uBlock Origin? I didn’t see a setting about GDPR or cookie/consent blocking.

These embargoed and NDA’d vulnerabilities need to die. The system is broken.

edit: Looks like cperciva of FreeBSD wrote a working exploit and then emailed Intel and demanded they end embargo ASAP https://twitter.com/cperciva/status/1007010583244230656?s=21

I don’t use that particular testing framework, but the thing I’d expect to gain by using it is better test failure messages. I use testify at work for almost precisely that reason. require.Equal(t, valueA, valueB) provides a lot of value, for example. I tried not to use any additional test helpers in the beginning, probably because we have similar sensibilities. But writing good tests that also have good messages when they fail got pretty old pretty fast.

The former probably gives a much better failure message (e.g. something like “expected value ‘200’ but got value ‘500’”, rather than “assertion failed”).

That’s obviously not inherent to the complicated testing DSL, though. In general, I’m a fan of more expressive assert statements that can give better indications of what went wrong; I’m not a big fan of heavyweight testing frameworks or assertion DSLs because, like you, I generally find they badly obfuscate what’s actually going on in the test code.

yeah, with the caveats listed by others, I sort of thing this is a particularly egregious example of strange library usage/design. in theory, anyone (read: not just engineers) is supposed to be able to write a BDD spec. However, for that to be possible, it should be written in natural language. Behat specs are a good example of this: http://behat.org/en/latest/. But this one is just a DSL, which misses the point I think…

I think it’s all good as rules of thumb, but I see two potential downsides.

First, there’s a key phrase that I think indicates some limitations:

It’s not a general purpose BMP library. It only supports 24-bit true color, ignoring most BMP features such as palettes.

As you start adding features, this design approach may rapidly become intractable. It’s most suitable for libraries that are minimalist in the other sense, and unfortunately, we live in an extremely complicated world where such libraries often aren’t actually useful. It’s all great ideals, but if taken as absolute gospel, I suspect it will strongly interfere with getting stuff done.

Second, for instance, I don’t like how the author has bmp_size return 0 in the case of an error. I know it’s a C-ism that’s very difficult to work around in C, but that’s a totally valid size to pass to calloc, which may return a totally valid non-NULL pointer, and bmp_init may then scribble over totally arbitrary memory. (Or it might segfault. “Might” is the operative word here. When a segfault is the best possible outcome, something has gone badly, badly wrong.) This approach forces the caller to check, which is unfriendly and error-prone. Of course, I don’t actually know a better way in C to handle it; returning a negative signed value won’t work because of conversion rules (though trying to allocate almost SIZE_MAX bytes of memory will probably fail).

Similarly,

…the library returns the power of two number of uint32_t it needs to allocate….

Why? The caller will definitely forget to 1ULL << z eventually, and then they’ll have far, far too small a table for the number of elements they want to put in it (which, by the way, the library also has no way to signal). I guess it saves the library from an “error state”, but at the cost of obfuscating its own interface and pushing the check for that error state (which, of course, didn’t actually go away) into the application where it will need to be written many times and thus have many opportunities to be done incorrectly.

…I guess I’m complaining that C isn’t Rust here. =/ But in both these cases, I wonder if a less “minimalist” interface might have been less error-prone to actually use, and (hopefully) uses of a library greatly outnumber implementations thereof, and thus should be a preferable target for minimization.

Guideline #2 (No dynamic memory allocations) can have a significant effect on error detection.

If the library allocates memory then it can use structure marking to detect use after free, uninitialized variables, and other programming errors.

Here is a quick sketch of a version that uses structure marking. I added bmp_try_bytes so that the resulting bitmap can be written to a file.

enum bmp_error_code //definition omitted for brevity  
struct bmp_data; //incomplete type  
bmp_error_code bmp_try_create(long width, long height, struct bmp_data **result);  
bmp_error_code bmp_try_set(struct bmp_data *, long x, long y, unsigned long color);  
bmp_error_code bmp_try_get(const struct bmp_data *, long x, long y, unsigned long *color);  
bmp_error_code bmp_try_free(struct bmp_data **);
bmp_error_code bmp_try_get_bytes(const struct bmp_data *, size_t *bytes, void **bytes);

I think the problem with this idea is that many optimisations rely on something being undefined behaviour.

In any case, the result is not just “unknowable” - there is no result. If I have two signed integer values for which the sum exceeds the largest possible signed integer value, and I add them together, there is not some unknown value that is the result. There is in fact a known value which is the result but which cannot be represented by the type which the result of the operation needs to be expressed in. What does it mean to “not bother optimising” here? Yes, the compiler could decide that the result of such an operation should be an indeterminate value, rather than undefined behaviour, but that will inhibit certain optimisations that could be possible even in cases where the compiler cannot be sure that the indeterminate value will actually ever result.

No. There is nothing about C that requires compilers behave irrationally. The problem is that (1) the standard as written provides a loophole that can be interpreted as permitting irrational compilation and (2) the dominant free software compilers are badly managed ( as someone pointed out, it’s not as if they have paying customers who will select another product). There’s a great example: a GCC UB “optimization” was introduced that broke a lot of code by assuming an out of bound access to an array could not happen. It also broke a benchmark - creating an infinite loop. The GCC developers specifically disabled the optimization for the benchmark but not for other programs. The standard does not require this kind of horrible engineering, but it doesn’t forbid it.

There is no fundamental reason. It’s just a lot of work and no optimizing compiler is implemented that way right now.

I guess they’ll have to create a new company in Saudi that’s a wholly owned subsidiary but is a Saudi company and so on and so forth.

Or they just don’t trade in Saudi Arabia.

That’s an option for many people dealing with the GDPR: If you don’t have a website in Europe, or a business in Europe, and you don’t trade in European data, then the GDPR doesn’t apply to you. However Facebook – even if they weren’t in Ireland does trade in European data by selling advertisements to European businesses.

They could choose not to- they could refuse to do any business with any company in Europe. This kind of structuring would probably make them safe, but it’s not realistic: There’s simply too much money in Europe.

So I’m surprised that easyDNS can serve UK customers without collecting taxes - they must be violating UK law, right?

I would imagine there is an amount of “Okay, so come and get it” involved with the VAT taxes and other laws. There’s no mechanism for enforcement of that decision if you hold no assets within EU member states. Now, the EU could attempt to block access to that website, but we all know how effective that is.

If you can’t hit someone with a stick what incentive do they have to follow your orders? Especially if there is no reward for doing so other than a pat on the head? Doubly so if following those orders is a pain in the butt.

Normally, I’d say this is off-topic for lobste.rs

This is something I sincerely do not understand.

Why it’s off-topic if its tags are [law] and [privacy]?

What do you mean?

I’m doing GDPR consulting at the moment.

it participates in open source vendor lock-in by requiring Docker

Can you explain what is “vendor lock-in” about Docker?

Isn’t Docker now part of an “open container initiative” or something?

AFAIK, it’s usually not too difficult to de-Dockerify something.

“Works” and “every” obviously require scare quotes, at the very least, but I don’t think the overall point is wrong. Electron succeeded (as far as it has succeeded, at any rate, which IMO is certainly too far to be dismissed) because there are massive numbers of incurious web programmers in the world, and Electron enables them to ship an application that will at least execute on several distinct, popular OSs without having to learn anything at all about those OSs or any languages or concepts other than Javascript.

Do you see a different high-level reason for its success?

In terms of content and moderation, each instance would be kind of like a “view” over the aggregate data. If you want stricter moderation you could sign up for one instance over another. Each instance could also cater to a different crowd with different focuses, e.g. Linux vs. BSD vs. business-friendly non-technical vs. memes vs. …. Stories not fitting an instance could be blocked by the instance owner. Of course you could also get the catch-all instance where you see every type of story; it might feel like HN.

The current Lobsters has a very specific focus and culture, and also locked into a specific moderation style. Federating it would allow a system closer to Reddit and its subreddit system where each instance has more autonomy, yet the content from the federated instances would all be aggregated.

So of course such a system wouldn’t be a one-to-one replacement for Lobsters but a superset. Ideally an individual instance could be managed and moderated such that it would feel like the Lobsters of today.

Biggest argument in favor is probably for people that want to leech off of the quality submissions/culture here but who don’t want to actively participate in the community or follow its norms. That and the general meme today of “federated and decentralized is obviously better than the alternative”.

Everybody wants the fruit of tilled gardens, but most people don’t want to put in the effort to actually do the work required to keep them running.

The funny thing is that we’d probably just end up with a handful (N < 4) of lobster peers (after the novelty wears off), probably split along roughly ideological lines:

• Lobsters for people that want a more “open” community (signups, etc.) and with heavier bias towards news and nerdbait
• Lobsters for social-justice and progressive people
• Lobsters for edgelords and people who complain about “social injustice”
• Lobsters Classic, this site

And sure, that’d scratch some itches, but it’d probably just result in fracturing the community unnecessarily and creating the requirement for careful monitoring of what gets shared between sites. As a staunch supporter of Lobsters Classic, though, I’m of course biased.

I’d be quite interested to see lobsters publish as ActivityPub/OStatus (so I could, for instance, use a mastodon account to follow users / tags / all stories). I don’t see any reason to import off-site activity; one of the key advantages of lobsters is that growth is managed carefully.

It won’t go away entirely if the one, special person who happens to own this system decides to make it go away for whatever reason of their own. It won’t die off if this specific instance gets sold or given to someone who can’t handle it and who runs it into the ground.