1. 2

    Does rust have a feature (or working group) related to dispatching jobs onto multicore or heterogeneous/accelerator devs (GPU/DSP/etc)? C++20 may get executors, is there an analogous feature for rust that’s present or under development?

    1. 1

      Others may know more details, but one of the go-to tools I’ve seen used for multicore parrellelism is rayon. I have no idea what the GPU story is, though.

    1. 9

      From what I’ve heard, there have been similar complaints in the past.

      I’m going to eventually have to submit patches to libclang myself, but I have no idea how the approval process over there is like.

      IMO it’s not bad. Arguably in some cases it’s too easy (no automated regression test suite to gate your commits). But I suspect if you’re adding features to libclang they’ll be well received. You can browse other changes reviewed on https://reviews.llvm.org to see how they’ve gone.

      PM me if you want any help getting your change reviewed/accepted. I’m not a code owner so I could review your change but it makes more sense for one of the owners to approve it.

      1. 2

        Thanks for the tips. Not sure when I’m going to get around to trying to contribute though.

      1. 7

        I have a hard time breaking my dependency on gvim and rg. I usually use gdb or lldb. I have used atom occasionally, which was a fairly nice experience. But I don’t use it often for C/C++. I’ve heard good things about CLion, but I have only kicked the tires on it.

        Test tools – sanitizers are indispensable: UBSan, ASan, MSan and to some extent TSan. I use lit a lot (w/llvm) and occasionally CPPUnit or Google Test.

        1. 2

          A single person can run many nodes, right? Can someone run multiple nodes with the same backing storage? Does this affect redundancy?

          1. 2

            The whitepaper describes mitigations for Sybil attacks. Original Storj designs had some mitigations for this IIRC though not this PoW/Kademlia tree scheme.

            The concern I would have is not Sybil attacks, but centralization related to Storj Labs’ satellites. It will be interesting to see whether other non-SL satellites become trusted by the network in practice.

            1. 1

              A single person can run many nodes, yes. You can choose to run multiple nodes with the same backing storage, but our node selection algorithm chooses nodes based on IP route, geographic, and identification redundancy. You may not receive more data just because you have more nodes. Our recommendation is a node per hardware failure domain (probably one node per hard drive).

            1. 1

              USING VLA’S IS ACTIVELY STUPID!

              I feel like I am wading into a controversy here, but was it unrealistic to expect stuff like this to be less frequent after Linus’ hiatus? Among his more outrageous comments, this one’s pretty mild. But I wonder if it occurs to him to dampen his responses a bit.

              1. 8

                That quote is from several months before his temporary absence.

                1. 3

                  Wed, 7 Mar 2018 10:09:56 -0800

                  I looked at the date but somehow misread it as recent. Thanks, you’re right. Apologies for the confusion.

              1. 8

                At work:

                • got in 30mins early to run a task before others arrived.
                • today at around 10am PST https://www.presidency.ucsb.edu should be live to the world on an updated Drupal7 platform, migrated from a custom php application. This has been a massive 3+ year project.
                • babysit project launches today and hope everything goes well.

                At home:

                • cook some dinner maybe goto class in the evening. REST :D
                1. 3

                  https://www.presidency.ucsb.edu

                  When I click on the first link How Different is Trump’s Press Secretary Sarah Sanders?, I get a 404. But if I remove the beta subdomain from the link then it works.

                  1. 3

                    Hi – thanks. I think you’re seeing DNS in transition! :D

                    if you clear your browser cache it should be resolving fine now, SSL was just provisioned via LetsEncrypt like 10 mins ago so the dust is still settling.

                    Thanks for the feedback!

                  2. 1

                    I remember how it looked before. This is a big improvement!

                    It would be kinda cool if speeches and things were made available as raw data, especially if it had metadata and all the “other stuff” isolated / decomposed (crowd reactions, gestures, titles and greetings, etc).

                  1. 3

                    final entity is something that can not be changed.

                    Well, it’s probably more accurate to say that immutable things are ones that cannot be changed. final names in Python are ones that can’t (shouldn’t be) assigned to. In this case DAYS_IN_A_WEEK is referring to an immutable int. But it could just as well be an object with methods that mutate underlying members. So it’s great to pair final with immutable things like tuples or namedtuples (or attrs )

                    1. 1

                      It needs an external tool to validate your code? That’s not very convincing to me. How is this going to work with runtime generated code?

                      1. 4

                        That’s how Python typing is. Python is dynamically typed, but the devs are working on adding gradual typing via syntax extensions and a static type checker (mypy), but they’ve stated that typing will always be optional and not cover every case.

                        1. 2

                          It needs an external tool to validate your code?

                          It’s the canonical type checking feature for Python. It leverages the language standard for type hints. One could imagine that perhaps CPython or other interpreters could eventually gain a feature to execute these type checks. Though I suspect that it would still be an independent execution/pass, as it is with mypy.

                          How is this going to work with runtime generated code?

                          Does this mean that you have a use case for generating python source code at runtime, or something else? If you are generating python source, you could add a step to send it to mypy first, if you were so inclined.

                        1. 16

                          Dell XPS 13 9350 (over two years old now). Previous two were ThinkPad X series. None of them with 15” displays, though.

                          My main problem with cheap laptops, and even some expensive “consumer market” laptops is flimsy keyboards with poor key travel or (worse) flex in the top of the chassis when typing (I’m a relatively heavy typist.)

                          Plus I value a docking station or a USB type C cable where I can quickly plug in/out at my desk.

                          (Your priorities may vary, of course.)

                          If you’re on a budget, I recommend looking for something high specced and a couple of years old. My laptop before this one was bought used (two years old) and had belonged to the CTO of a high frequency trading company. Was optioned up completely when new, so build quality and specs were still way above anything available new at that price.

                          1. 5

                            I have had the XPS 13 9343 for around ~three years I think. I think it’s great.

                            If you’re on a budget

                            I bought this particular one refurb from Amazon for ~$900. I feel like I gambled and got lucky.

                            After having used this one for so long, I think I’d prefer a laptop with more memory. Everything else has been excellent.

                            1. 1

                              I bought my laptop used as well. It was in person and the person let me test it, so it didn’t feel like a huge gamble, but it was more time consuming.

                            2. 4

                              Another (new) xps user. Enjoying it so far, had a Zenbook before this and was cheap components by comparison. I’ve only had mine for 3 months, so far far I’m very happy.

                              1. 2

                                Thanks. I’m looking at the XPS15. the non-touch model is a strong contender.

                                1. 4

                                  Have an xps15 with Linux, no trouble whatsoever and it’s an amazingly nice experience.

                                  1. 3

                                    Maybe I just got a bad release, because I’ve usually had good luck with Dells, but my XPS 15 had tons of thermal problems. The battery started swelling and popped off the trackpad! It was a refurb unit off eBay (but Dell certified), so who knows.

                                  2. 3

                                    After dragging my heels forever, I finally settled on an XPS last week as a replacement for the endless series of 2011 Macbook Pros I’ve been wearing out for the past 10 years (2007 Macbooks before that). I don’t like buying new hardware, so ended up with a 4K 9550 / i7 quad / 32 GB RAM from eBay.

                                    The machine is almost everything I was hoping for, including the touchpad, with one exception: the panel response time is so bad you could measure it with a sand timer. Looking around, it seems this is a long-running complaint with XPS. I’m chatting to the seller to see if he repasted the machine because there was some trick to make the panel behave sanely, but otherwise, looks like this is not the Macbook replacement I’ve been dreaming of :(

                                    Currently travelling with my trusty beaten up “hobo” Macbook Pro and its barely functional keyboard – it’s almost impossible to beat this machine, and it’s increasingly looking like its final replacement is going to be yet another 2011 Macbook Pro

                                    Note that many of the XPS 13 models have soldered disk / RAM.

                                  3. 2

                                    @lorddimwit

                                    If you are willing to spend as much, the XPS 15” is great. For a cheaper option, consider Dell’s Inspirons. https://www.dell.com/en-us/shop/dell-laptops/new-inspiron-15-7000/spd/inspiron-15-7580-laptop/dncwwc120h. They used to be of awful quality but the new series is decent (15” 1080p IPS, metallic body, thin bezels, great linux support, reliable build quality, comes with dual-drives - SSD and HDD together). I’ve been using one myself since over a year now. But don’t expect more than 3 hours of battery life for serious work, webcam is garbage, and the aluminium edges will cut your wrists.

                                  1. 2

                                    Can it just be a general loader? Or a binfmt_misc loader?

                                    1. 2

                                      I originally took that approach with a binfmt module, but it requires some invasive changes to the kernel and it would be the only reason for those changes, so I moved away from that. It can be a binfmt_misc handler though.

                                      1. 1

                                        Kernel maintainers might accept the changes, though. Worth a shot?

                                        1. 2

                                          Needs to be filled out more but inclusion in mainline is the goal.

                                    1. 1

                                      Author says a common class of gadgets uses such and such registers. Says avoid them in favor of other registers. Maybe the gadget type with those registers is common because the registers themselves are common from compiler choices. Switching registers might lead to gadgets just using those registers instead. Or are there x86-specific reasons that using different registers will do entirely different things you can’t gadget?

                                      Other than that confusion, slides look like great work. Especially on ARM.

                                      1. 15

                                        Author here. Thanks for having a look! It was fun to do this talk.

                                        Yes, there are X86 specific reasons that other registers don’t result in ROP gadgets. If you look at Table 2-2 in the Intel 64 and IA-32 Architectures Software Developer’s Manual you can see all of the ModR/M bytes for each register source / dest pair, and other places in that section describe how to encode the ModR/M bytes for various instructions using all of the possible registers. When I surveyed the gadgets in the kernel and identified which intended instructions resulted in C3 bytes that were used as returns in gadgets, there were a large number of gadgets that were terminating on the ModR/M byte encoding the BX series registers. You are correct that these gadgets are common because the compiler frequently chooses to use the BX series registers, and the essence of my change to clang is to encourage the compiler to choose something else. By shifting RBX down behind R14, R15, R12 and R13 the compiler will choose these registers before RBX, and therefore reduce the incidence of the use of RBX resulting in a C3 ModR/M byte. We can see that this works because just shifting the BX registers down the list results in fewer unique gadgets.

                                        To directly answer your inquiry, gadgets arising from using R14, R15, R12, R13 instead (now that they will be more common) are not a problem. The REX prefix is never C3, and we can look at the ModR/M bytes encoding operations using those registers, and none of them will encode to C3. When I look at gadgets that arise from instructions using these registers, they don’t get their C3 bytes from the instruction encoding - they get them from constants where the constant encodes to a C3, so the register used is irrelevant in these cases. So moving RBX down behind R14, R15, R12 and R13 doesn’t result in more gadgets using those registers.

                                        There are other register pairs that result in a C3 ModR/M byte. Operations between RAX and R11 can result in a C3 ModR/M byte, but these are less common when we survey gadgets in the kernel (~56 in the kernel I have here now). RAX and R11 were already ahead of RBX in the default list anyway, so moving RBX down the list does not result in more gadgets using R11. If you ask why we haven’t moved R11 down next to RBX, the answer is that gadgets using R11 this way are not that numerous, so it hasn’t risen to the top of the heap of most-common-sources-of-gadgets (and therefore has not got my attention). There are many other sources of gadgets that can be fixed and will have a larger impact on overall gadget counts and diversity.

                                        I hope this clarifies that part of the talk. :-)

                                        1. 3

                                          Thank eveyone for the answers. Thank you in particular for this very-detailed answer that clarifies how x86’s oddities are creating the attack vectors.

                                          The reason I wanted to know is that I planned to design around high-end ARM chips instead of x86 where possible because I believed we’d see less ISA-related attacks. Also, certain constructions for secure code might be easier to do on RISC with less performance hit. Your slides seem to support some of that.

                                          1. 2

                                            To be fair, x86 doesn’t create the attack vectors, but does make any bugs much easier to exploit.

                                            ARM doesn’t have nearly the same problem - you can always ROP into a jump to THUMB code on normal ARM instructions, but these entry points are usually more difficult to find than an 0xc3.

                                          2. 1

                                            I’m curious to learn more about ROP. I’d like to examine adding support for another target to ROPgadget.py. So what designates a gadget? Any sequence of instructions ending in a return? How do attackers compose functionality out of gadgets? By hand, or is there some kind of a ‘compiler’ for them?

                                            1. 3

                                              You might be interested in the ROP Emporium’s guide. Off the top of my head the only automatic tools I know of are ropper and angrop.

                                          3. 5

                                            Switching registers might lead to gadgets just using those registers instead. Or are there x86-specific reasons that using different registers will do entirely different things you can’t gadget?

                                            If I understand this correctly, it’s because the ebx register causes opcodes to be created that contain a return instruction, i.e., opcodes that are useful in ROP. So by avoiding ebx as much as possible, you also avoid creating collateral ROP gadgets with early returns. This issue only happens because x86/amd64 have variable-length opcodes.

                                            1. 4

                                              As far as I understand, the register allocation trick is indeed x86-specific. The point is to avoid C3 bytes because these will polymorph into the RET instruction when used in unaligned gadgets. See the “polymorphic gadget” and ‘register selection’ sections in the slide set.

                                            1. 4

                                              It’s all easy to tell people to switch from X to Y (browser, OS, antivirus, etc.) but you can’t just go preaching when the alternatives aren’t quite the same. Sure you have Firefox (or any other flavour) and while I’d love to fully switch, it isn’t quite there yet. You can tell people to switch to some Linux distro or to install LineageOS but that comes with losing certain features or apps (try doing gamedev from Linux for example).

                                              And Firefox won over IE because it was better not for the fact IE back in the XP days was crap with its ActiveX madness. And same with the general switch to Chrome, it performed better.

                                              The bottom line for me is: make better alternatives to cover the general use case and people WILL switch (because their “techy” friend installs it for them) but they probably won’t just to get away from privacy issues if it gives them less headaches.

                                              1. 7

                                                same with the general switch to Chrome, it performed better

                                                Most people did not care that it performed “better”.

                                                They just saw the ads. On every google page. Including the search front page.

                                                1. 6

                                                  Pretty sure Chrome grew its popularity when Firefox became quite sluggish, together with its strong presence in smartphones.

                                                  1. 8

                                                    Yeah, it is easy to forget how amazing Chrome was versus the competition in 2008. Other browsers were covered in garbage and layers of UI, Chrome was minimalist. When other browsers would crash when you went to a bad webpage, chrome just lost a tab due to the process separation. Even at initial release, Chrome was much faster than the competition. It also had the omnibar which felt like the “right way”.

                                                  2. 3

                                                    Watch the Google Chrome announcement video

                                                    They compare it side-by-side with Internet Explorer. It shows that, for JavaScript, Chrome was around 100 times faster. For rendering it was around 3 times faster. The tab isolation, simpler user experience etc was also a serious win.

                                                    These types of improvements did matter to a lot of people.

                                                    1. 2

                                                      The ads gave Google an opportunity to win people over, but ads alone don’t convince anyone to commit to a product. IMO by the time Chrome ads started popping up on Google properties, Chrome had already won.

                                                      When Chrome came out it had superior UX to Firefox on every front. Performance, extensions, sync, transparent auto-updates, omnibar: everything was better and simpler for the 90% use-case. I specifically remember switching my parents and grandparents to Chrome because they kept getting stuck on old versions of Firefox and/or extensions would randomly stop working (namely ABP; about once a quarter I would get a call complaining that “the ads are back”). Chrome solved that problem for me.

                                                      I’m a big fan of Mozilla but Firefox has always been a funky browser for nerds. It dominated IE because Microsoft had made zero technical investments for years and years. Firefox has made great strides competing with Chrome, but it hasn’t made any huge leaps and it still has rough edges. I think Mozilla as an organization struggles to put out products that are uncompromisingly great for the non-technical user.

                                                      1. 2

                                                        It dominated IE because Microsoft had made zero technical investments for years and years.

                                                        Uh, when did Firefox “dominate IE”? Even after major EU legal wins, etc, Firefox was second until Chrome came with an even bigger backer that the regulators hadn’t smacked yet and ate everyone’s lunch.

                                                        1. 1

                                                          Uh, maybe it was too strong a word. But the market-share numbers are distorted by the incapability of corporate IT to move off IE at that time. That’s why the lifecycles of IE 6/7/8 were so drawn out.

                                                          My recollection of that era is that anyone who understood what a browser was and had the ability to choose whichever one they wanted was using Firefox.

                                                        2. 2

                                                          Wow, I had forgotten auto-update, that might have been the most important feature!

                                                          When Chrome was released, it actually lacked both extensions and sync, but the per-tab process and auto-update were killer features – plus general performance.

                                                          1. 1

                                                            When Chrome was released, it actually lacked both extensions and sync

                                                            It got them in 2010, shortly before the first release for macOS, which is probably what I’m remembering as the initial release. It didn’t surpass Firefox and IE in market share until 2012.

                                                        3. 2

                                                          Most people did not care that it performed “better”.

                                                          I don’t think this is true. At the time, both IE and FF were very slow and frustrating for people. A crash in either would take down the entire browser. “Updating their browser” was something their tech friends would tell them to do, and they wouldn’t do. Chrome was automatically updated, simpler, faster, more stable (re: crashing) and it was less complicated (at least in UI – omnibar, better on smaller screen). I think it won due to fitness for purpose, not ads.

                                                        4. 6

                                                          What about Firefox “isn’t quite there”?

                                                          1. 5

                                                            Firefox is not “quite there” because developers today mostly create Chrome apps, and consider other browsers as an afterthought. On desktop, and even more on Android, I often need to switch back to Chrome because the app I’m using doesn’t work on Firefox or is way too slow.

                                                            Technically it’s very easy to get a website to work on any browser, but we don’t create websites anymore, often even plain text articles are “apps”, with JS all over the place and this is mostly designed to work on Chrome only.

                                                            1. 1

                                                              Firefox isn’t quite there because developers don’t target it. Developers don’t target Firefox because it isn’t quite there.

                                                              I understand and agree with your point, but this isn’t really something Mozilla can do much about (other than actually gaining back market share).

                                                            2. 4

                                                              I’ve tried to adopt Firefox seriously many times over the years, but every time the support for multi-user didn’t cut it for me.

                                                              I maintain two profiles in Chrome, a professional and a personal one. I’ve tried to replicate it with Firefox profiles, then later with containers, but the UX is not fitting my use case.

                                                              1. 2

                                                                Firefox lacks Chrome’s --app switch for example. That launches a window without the tab bar and the URL bar (essentially, only a webview). It’s super-sweet. Firefox does not support it out of the box, and all solutions I found involved setting up a separate profile. Chrome allows me to have these “apps” in the same profile, so they have access to the same extensions, I can open tabs from them, in my main browser window.

                                                                It’s a stupidly powerful feature if you have a few webapps you want to treat as apps instead of tabs.

                                                                1. 12

                                                                  That sounds like a very very specific feature though, that maybe 1% of the people might use.

                                                                  For the rest, Firefox is a perfectly good browser which (so far) seems to follow better privacy practices than Chrome.

                                                                  1. 2

                                                                    That sounds like a very very specific feature though, that maybe 1% of the people might use.

                                                                    You’d be surprised how many people use this. Makes it so much easier to use a website as an app, and unlike the common Electron apps, allows one to use extensions with it. But even if only 1% used it, for that 1%, Firefox is not quite there.

                                                                    Also, Electron. Tons of stuff is built on it, and it uses Chrome under the hood.

                                                                    Firefox is a perfectly good browser which (so far) seems to follow better privacy practices than Chrome.

                                                                    Yeah, like those experiments, or DNS-over-HTTPS which sends all DNS requests to Cloudflare. Or the integrated Pocket. Those might spy on me less, but it’s only marginally better.

                                                                    1. 2

                                                                      I hope for your sake that it’s way more than 1% usage. Google has a history of removing features that not many people use [1].

                                                                      [1] I still prefer using Google Maps over anyone else but over time, I’ve had features I use removed due to lack of utilization. It’s annoying. Second only to the UI constantly changing.

                                                                      1. 1

                                                                        I believe a place that chrome apps are more commonly used is enterprise. It basically gives an easy way to put your internal CRUD webapp on the start menu with an icon and if you use the extended support some additional features. I suspect this is what keeps –app alive more than the at-home users use of it.

                                                                        I have seen orgs with 30+ “chrome apps” in the default image. Actually probably the biggest category of apps on those deploys. Nevermind of course Chromebooks.

                                                                      2. 1

                                                                        But even if only 1% used it, for that 1%, Firefox is not quite there.

                                                                        That’s nonsense. 1% might use it, and that’s probably an overestimate. For how many of them is it a dealbreaker? Even fewer. Probably far fewer. It’s a really insignificant feature.

                                                                        Yeah, like those experiments

                                                                        I don’t know what this means, could you elaborate?

                                                                        or DNS-over-HTTPS which sends all DNS requests to Cloudflare.

                                                                        DNS-over-HTTPS does not send all DNS requests to Cloudflare, and even if it did it would still be more secure than insecure DNS which sends all DNS requests to anyone listening, including Cloudflare if they wanted to.

                                                                        Or the integrated Pocket.

                                                                        Don’t like it? Don’t use it. I fail to see how this is ‘spying’ on you.

                                                                        1. 0

                                                                          It’s a really insignificant feature.

                                                                          For you, yes. For me, it is essential. It doesn’t matter how many use it, for those who do, Firefox is not quite there. For everyone else, it might be, good for them.

                                                                          I don’t know what this means, could you elaborate?

                                                                          Look for Firefox studies. Granted, you have to opt in to them right now (like you used to be able to opt in to logging into Chrome), but then you’re opting in to pretty much all studies. This is just a step away from what Chrome’s doing now, and sending your browsing data to third parties, disguised as studies is even less honest.

                                                                          DNS-over-HTTPS does not send all DNS requests to Cloudflare, and even if it did it would still be more secure than insecure DNS which sends all DNS requests to anyone listening, including Cloudflare if they wanted to.

                                                                          Err, yes, it does send all DNS requests originating from Firefox through Cloudflare. It does fall back to regular DNS, but if enabled, it first goes through them. Not saying I trust my ISPs DNS servers, but I do trust my ISP to be far less competent at mining my data than Cloudflare.

                                                                          1. 2

                                                                            Firefox studies are completely opt-in. They’re in an options window most people apparently never open. To compare this to Google forcing you to send them all your browsing data if you so much as log into GMail through their browser is ridiculous.

                                                                            DNS over HTTPS

                                                                            Doesn’t even look like this is out of nightly, it’s a feature you have to enable through the about:config page… I mean come on man, you cannot seriously be arguing this is a breach of privacy. They’re both completely opt-in.

                                                                            DNS over HTTPS sends your DNS traffic to a DNS-over-HTTPS provider. I’m sure it’s possible to change which provider it is. I wouldn’t be surprised if Google switched DNS in Chrome to go to 8.8.8.8 by default anyway. Certainly they widely encourage people to do so without telling them that this gives Google again all their browsing history, and more besides.

                                                                            1. 1
                                                                              1. 1

                                                                                Firefox studies are completely opt-in

                                                                                So was Chrome’s login until recently. I’m not going to trust a for-profit corporation to respect my privacy forever. Especially when those studies are marketed as harmless things, yet, send a whole lot of data to third parties (not even to Mozilla, but third parties).

                                                                                I’m sure it’s possible to change which provider it is

                                                                                It is, but there are currently two public DNS-over-HTTPS providers: Cloudflare and Google. Yay. You can run your own, yes, but not even 0.1% of users will ever do that. Besides you can also disable Chrome’s login thing if you really want to, with a flag: go to chrome://flags/#account-consistency, and set it to disabled.

                                                                                It’s an internal flag, and may or may not go away, but for the moment, it gets the job done, and I get to keep –app too.

                                                                                1. 1

                                                                                  So was Chrome’s login until recently.

                                                                                  It isn’t now. Now is what matters.

                                                                                  I’m not going to trust a for-profit corporation to respect my privacy forever.

                                                                                  Then why are you trusting Google to respect your privacy, given that they have never done so and Mozilla have nearly always done so. Mozilla has always acted in good faith wrt. privacy. Google has not. Yet you defend Google and attack Mozilla. Why?

                                                                                  Especially when those studies are marketed as harmless things, yet, send a whole lot of data to third parties (not even to Mozilla, but third parties).

                                                                                  So don’t enable them then. They’re completely optional and opt-in. I don’t understand why you think being able to opt into something is anywhere near comparable to being forced to give data.

                                                                                  It is, but there are currently two public DNS-over-HTTPS providers: Cloudflare and Google. Yay. You can run your own, yes, but not even 0.1% of users will ever do that.

                                                                                  So don’t enable it then. How is it Mozilla’s fault there aren’t more DNS-over-HTTPS providers? Get your ISP to provide it.

                                                                                  Besides you can also disable Chrome’s login thing if you really want to, with a flag: go to chrome://flags/#account-consistency, and set it to disabled.

                                                                                  It’s opt-out, in other words. Opt-out = might as well be mandatory for most users. On the other hand, opt-in = might as well not exist for most users. Most users are never ever going to enable anything opt-in and never ever going to disable anything opt-out.

                                                                                  It’s an internal flag, and may or may not go away, but for the moment, it gets the job done, and I get to keep –app too.

                                                                                  I’ve already explained how you can get the same functionality as --app in Firefox: go fullscreen, disable toolbars.

                                                                                  1. 1

                                                                                    Now is what matters.

                                                                                    Now I can disable the sign-off in Chrome and Chromium. Chromium doesn’t send my data to Google. They both support the feature I want. If now is all that matters, then there is zero argument in favour of Firefox, as Chromium does precisely what I want, and am already using it.

                                                                                    Thank you.

                                                                      3. 3

                                                                        Firefox and Chrome have different sets of features. They overlap significantly but not exactly. It’s easy to cherry-pick features either of them have that the other doesn’t. That doesn’t mean that Firefox isn’t a perfectly acceptable replacement for Chrome.

                                                                        I have no clue why you’d want to launch a window without a tab bar and URL bar. Oh no, a couple of bars at the top of my screen, that’s far worse than sending all my browsing history to Google.

                                                                        1. 1

                                                                          That doesn’t mean that Firefox isn’t a perfectly acceptable replacement for Chrome.

                                                                          It is, if you don’t need the features it does not have. If you do, it is a deal breaker. (No size fits all and all that)

                                                                          I have no clue why you’d want to launch a window without a tab bar and URL bar.

                                                                          And I have no clue why you’d want to launch more than one browser window with tab and URL bars. But, to illustrate: I have two screens, and on my secondary, I have Mastodon & Discord open, in a frame-less chrome window. Whatever link I click there, if it leads away from the domain, it opens in a new tab. I never leave the “app” itself. Why would I need a tab and an URL bar there? Those just make it too easy to navigate away. Not having them removes that problem, and also makes them look almost like a native app, which is great.

                                                                          Small thing, yes, but so convenient that I’d rather patch Chrome to remove the login requirement than to figure out how to do the same with firefox. The former is considerably easier.

                                                                          If you don’t need this feature, sure, use Firefox or whatever.

                                                                          (Note: I’m not saying Chrome is better. It isn’t. I’m saying Firefox lacks useful features Chrome has, and as such, is not quite there for those of us who want those features. I’d love to switch way from Chrome, but haven’t found a browser that supports the extensions I use, and app windows. As soon as I find one, I’ll be jumping ship. I’m pretty sure it won’t be Firefox though.)

                                                                          1. 2

                                                                            FF actually had the “apps” feature before Chrome even was released.

                                                                            Sadly it was killed off.

                                                                            1. 1

                                                                              Yeah, I remembered Firefox having it, and arrived at the same page, and was even more disappointed :/

                                                                              Mind you, Prism isn’t the same - it’s separate from the main browser, chrome’s –app is not (and that’s the great thing about it; I can get the separate think with Firefox with a kiosk add-on, but that’s not what I’m aiming for).

                                                                              1. 1

                                                                                It actually felt very similar, I would go so far as to say most of the way Chrome’s –app was inspired by the Prism extension. It used the same core in a different XULrunner and could be created just like you do in Chrome from the menu. Created desktop icons, had unique window idents, the whole deal. It had to be a bit more separate because back then there wasn’t process isolation per tab in FF, and one of prisms major goals was to avoid crashing the main browser.

                                                                            2. 0

                                                                              In Firefox in full screen mode you can hide toolbars (includes URL bar and tab bar). I use this to watch full screen videos sometimes. You don’t have to have it actually covering your full screen either, if you use a proper window manager like dwm that can resize windows that ask to be fullscreen.

                                                                              I really mean no offence when I say this, but your argument is bad. You can’t have everything you want. If you prioritise ‘app windows’ over security and privacy that’s your call, of course, but it’s a bad argument to claim that Firefox isn’t a satisfactory replacement for Chrome because it doesn’t have ‘app windows’. By that logic, Chrome is a wholly unsatisfactory replacement for Firefox, for the reason that it’s insecure crap that gives all my browsing data to Google…

                                                                              1. 1

                                                                                You just said they made a bad argument… then in literally the next sentence admitted that for their requirements it was a good argument… they DO prioritize ‘app windows’.

                                                                                Their argument was simply that it isn’t a “perfectly acceptable replacement” within the requirements they laid forth of “having app window support”. This makes their argument well reasoned and coherent. If you want to attack one of their premises, you can do that – but that is another argument.

                                                                                You then go on to attack the premise and claim their requirement is not an actual requirement, and can be replaced with some set of outside tooling. I don’t believe you proved your case on that front based on the short point you made about dwn. They referenced other features as well.

                                                                                I personally have unsuccessfully tried to replace chrome apps a number of times with FF or even other browsers. I never got it working the way I wanted it – window identification issues mostly, and in a few cases webapps not playing well with being forcefully resized. So currently I use chrome only for these “apps” and I use FF as my primary browser.

                                                                                As for Chrome not being a satisfactory replacement for FF for you – that also seems to be true. With your implied premise of being opposed to Google’s data collection practices, obviously Chrome is unacceptable for you. That argument is also coherent with those premises. I won’t say you have a “bad argument” because within the premises you implied, it is a good one. You value different things – neither argument is bad or wrong.

                                                                                1. 1

                                                                                  In short: their argument was a response to a question asking why Firefox was not generally suitable as a replacement for Chrome. In that context it’s bad.

                                                                                  1. 0

                                                                                    That doesn’t mean that Firefox isn’t a perfectly acceptable replacement for Chrome.

                                                                                    Your high bar of “perfectly acceptable” was simply not met. It lacks features the poster needs. If you claim features don’t matter then what does exactly?

                                                                                    1. 1

                                                                                      In short: their argument was a response to a question asking why Firefox was not generally suitable as a replacement for Chrome. In that context it’s bad.

                                                                                2. 1

                                                                                  But I don’t run those windows full screen - they’re clamped to a screen half, so fullscreen is not an option. Been there, tried it. I could change my WM, but that’s another workaround that doesn’t work, because then I’d have to switch to one that can resize fullscreen apps, and still do everything my current one does. No thanks. I’ll patch the login stuff out of Chrome instead.

                                                                                  And yes, Chrome is crap. But I can work around its most recent stupid far more easily than I can add app windows to Firefox. So Chrome is still a better browser for me, unfortunately.

                                                                                  Again, I’m not saying Firefox is not a satisfactory replacement for most people. I’m saying it is not suitable for me, that there are things in Chrome that Firefox does not have, yet, people depend on, and for those people, Firefox is not quite there yet.

                                                                                  1. 0

                                                                                    But I don’t run those windows full screen - they’re clamped to a screen half, so fullscreen is not an option. Been there, tried it. I could change my WM, but that’s another workaround that doesn’t work, because then I’d have to switch to one that can resize fullscreen apps, and still do everything my current one does. No thanks. I’ll patch the login stuff out of Chrome instead.

                                                                                    So in other words the problem is that you’re using a crap window manager. How is that Firefox’s fault? You choose to use a crap WM, that’s fine, but don’t go around threads about browsers crapping on Firefox just because you make poor choices elsewhere in your setup.

                                                                                    You can’t patch anything out of Chrome. Doesn’t work like that. You can patch Chromium, but Chromium isn’t Chrome.

                                                                                    And yes, Chrome is crap. But I can work around its most recent stupid far more easily than I can add app windows to Firefox. So Chrome is still a better browser for me, unfortunately.

                                                                                    No, you cannot work around Chrome sending all your browsing data to Google. Chrome is built from the ground up to send your browsing data to Google. It’s untrusted proprietary software. You cannot work around that.

                                                                                    Again, I’m not saying Firefox is not a satisfactory replacement for most people. I’m saying it is not suitable for me, that there are things in Chrome that Firefox does not have, yet, people depend on, and for those people, Firefox is not quite there yet.

                                                                                    You were defending the comment that said ‘It’s all easy to tell people to switch from X to Y (browser, OS, antivirus, etc.) but you can’t just go preaching when the alternatives aren’t quite the same. Sure you have Firefox (or any other flavour) and while I’d love to fully switch, it isn’t quite there yet.’ I’m sorry, but that’s a broad statement about Firefox that suggests it’s missing important core browsing features. Not that it’s missing some tiny obscure feature you personally use but which most people have never heard of and wouldn’t want anyway.

                                                                                    (and which you can emulate in Firefox if you use a decent window manager)

                                                                                    1. 2

                                                                                      So in other words the problem is that you’re using a crap window manager.

                                                                                      No, my problem is that Firefox does not implement a feature I use. My window manager is fine, thank you very much. That fact that the only way to make an app emulate a feature I use is to work it around in WM, by ignoring a full screen request and doing something else is not a solution. That is a crude hack.

                                                                                      You can’t just go around telling people “Go use a different browser and a different WM”. That’s about the same level of good advice as “Tired of systemd? Just go use OpenBSD!”. It doesn’t work like that.

                                                                                      You can patch Chromium, but Chromium isn’t Chrome.

                                                                                      Yeah, but I can patch it out from Chromium. Or disable with a flag. And still keep –app, and won’t have to switch to a whole new WM. If I used firefox, my task would be a whole lot harder.

                                                                                      You were defending the comment that said ‘It’s all easy to tell people to switch from X to Y (browser, OS, antivirus, etc.) but you can’t just go preaching when the alternatives aren’t quite the same. Sure you have Firefox (or any other flavour) and while I’d love to fully switch, it isn’t quite there yet.’

                                                                                      And I stand by my defense: you can’t tell people to change, when the alternatives lack important features. It just happens YOU don’t consider the same features important. I’ll give you an analogy:

                                                                                      • I’m tired of systemd, for reason X.
                                                                                      • Use OpenBSD.
                                                                                      • But OpenBSD does not support my hardware.
                                                                                      • It is your fault for making poor hardware choices, it is easy to run OpenBSD on proper hardware.

                                                                                      That’s how you sound like now.

                                                                                      1. 2

                                                                                        No, my problem is that Firefox does not implement a feature I use. My window manager is fine, thank you very much. That fact that the only way to make an app emulate a feature I use is to work it around in WM, by ignoring a full screen request and doing something else is not a solution. That is a crude hack.

                                                                                        It’s not a crude hack. It’s a normal expected feature of any window manager: to be able to resize windows.

                                                                                        1. 1

                                                                                          It’s not a crude hack. It’s a normal expected feature of any window manager: to be able to resize windows.

                                                                                          Not fullscreen ones. Very few can resize those.

                                                                                          1. 1

                                                                                            Most window managers are bad, I guess. Most things are bad.

                                                                            3. 1

                                                                              How do you use this feature? It sounds interesting, but it’s never occurred to me. When you say ‘webapps’, do you mean browser extensions or things that would ordinarily be packaged as android/iOS apps? Or something else entirely?

                                                                              1. 4

                                                                                It is even simpler than you are thinking. Basically when you create a “app” out of a website what happens is you get a shortcut that does the following:

                                                                                • opens a browser instance with no browser ui components, it is just the page loaded in a window.
                                                                                • gives that window a custom id (so your window manager can tell it apart from other windows for rules and such)
                                                                                • gives it a taskbar entry
                                                                                • gives it an icon
                                                                                • puts a link to it in your menu system if supported
                                                                                • puts a link to it on your desktop if supported

                                                                                I use a ton of them, right now I am running in “app” mode:

                                                                                • IRCCloud
                                                                                • WhatsApp Web
                                                                                • Google Keep
                                                                                • Google Music
                                                                                • Fastmail Inbox
                                                                                • Pocketcasts
                                                                                • Todoist
                                                                                • Trello
                                                                                • Tweetdeck
                                                                                • Dungeon Crawl Web Tiles
                                                                                • Youtube.TV

                                                                                I run these as “apps” because I have rules that put them on certain desktops or monitors, and I like them having their own taskbar entries.


                                                                                I actually use Firefox as my main browser – and one of my annoyances with you these chrome “apps” is that if I click a link from like IRCCloud – it always opens in chrome because well – it is already IN chrome. I wish I could set them up to use the system default browser.

                                                                                1. 2

                                                                                  The latter, things that would be packaged as android/ios/electron apps. I use slack, discord, mastodon like this, because I want them always-on, without accidentally navigating away, but links still opening in my main window (on another screen), and with my extensions available so I can tweak my experience, block trackers, and so on. Since I want these always on, and separate from my main browser, there is zero purpose for a tab or url bar on them. They feel much more like an app than a browser window would, yet, I have more control than if I ran a (non-free, usually) native app.

                                                                                  1. 1

                                                                                    I segregate websites that are not good actors but that I still use (Facebook, LinkedIn, Instagram) using single-site browsers, via Fluid. Fluid uses a completely different local storage instance for every “app” you create, so you don’t have to worry about being tracked around. This allows me to ratchet up the level of privacy I ask for from my browser without worrying about breaking functionality on those web “apps” I use.

                                                                                    As much as I despise it, this is also why I use the Electron versions of Spotify and Slack.

                                                                                2. 1

                                                                                  I was going to say the memory footprint and its overall smoothness but I don’t have data to back that up, so it’s just a feeling.

                                                                                  I try to go back to FF out of principle but I guess there is something in Chrome which keeps winning me over.

                                                                                3. 1

                                                                                  Of course Firefox is “there”; it’s been “there” for longer than Chrome’s even existed.

                                                                                  1. 1

                                                                                    make better alternatives to cover the general use case and people WILL switch (because their “techy” friend installs it for them)

                                                                                    This strategy has never worked.

                                                                                  1. 7

                                                                                    The points are good, but I certainly don’t want inotify features to be gating the VFS layer. IMO inotify is good at what it does. If you want to know about absolutely everything going on for a given filesystem, maybe you want to implement the filesystem itself (fuse, e.g.).

                                                                                    1. 11

                                                                                      IIRC (and I was involved in higher level filesystem libraries when this stuff was going into the kernel - but that was a long time ago) dnotify and inotify were designed with the constraint that they couldn’t impose a significant performance penalty, the logic being that the fs operations were more important than the change notification. If watching changes is as important or more important than io performance another mechanism like a fuse proxy fs or strace/ptrace makes sense.

                                                                                      1. 3

                                                                                        fuse is how tup keeps track of dependencies, although I think it also will attempt to use library injection when that’s not availible.

                                                                                        1. 1

                                                                                          That’s awesome. I’ve tried experimenting with ptrace/strace to ensure correct dependency declaration and it’s a real pain to get right.

                                                                                          1. 1

                                                                                            I have yet to try it out, but I’m definitely using it in my next project.

                                                                                      2. 2

                                                                                        Thing is, FUSE is slower, buggy (I’ve had kernel panics) and less flexible. A native way to track file system operations in a lossless manner would be really nice to have on linux.

                                                                                        1. 2

                                                                                          I just picked this up as well while on vacation.

                                                                                          I’ve been enjoying working through Project Euler doing the solutions in Rust.

                                                                                          Creating actual working code with Rust has been a lot of fun!

                                                                                        1. 7

                                                                                          Cory always scares me.

                                                                                          1. 21

                                                                                            This was from 2012. Arguably, we’re already there. Tons of popular computers run signed bootloaders and won’t run arbitrary code. Popular OS vendors already pluck apps from their walled garden on the whims of freedom-optional sovereignties.

                                                                                            The civil war came and went and barely anyone took up arms. :(

                                                                                            1. 5

                                                                                              It’s not like there won’t always be some subset of developer- and hacker-friendly computers available to us. Sure, iPhones are locked down but there are plenty of cheap Android phones which can be rooted, flashed with new firmware, etc. Same for laptops, there are still plenty to choose from where the TPM can be disabled or controlled.

                                                                                              Further, open ARM dev boards are getting both very powerful and very cheap. Ironically, it might even be appropriate to thank China and its dirt-cheap manufacturing industry for this freedom since without it, relatively small runs of these tiny complicated computers wouldn’t even be possible.

                                                                                              1. 9

                                                                                                This is actually the danger. There will always be a need for machines for developers to use, but the risk is that these machines and the machines for everyone else (who the market seems to think don’t “need” actual control over their computers) will diverge increasingly. “Developer” machines will become more expensive, rarer, harder to find, and not something people who aren’t professional developers (e.g. kids) own.

                                                                                                We’re already seeing this happen to some extent. There are a large number of people who previously owned PCs but who now own only locked down smartphones and tablets (moreover, even if these devices aren’t locked down, they’re fundamentally oriented towards consumption, as I touched on here).

                                                                                                Losing the GPC war doesn’t mean non-locked-down machines disappearing; it simply means the percentage of people owning them will decline to a tiny percentage, and thus social irrelevance. The challenge is winning the GPC war for the general public, not just for developers. Apathy makes it feel like we’ve already lost.

                                                                                                1. 0

                                                                                                  Arguably iPhones are dev friendly in a limited way. if you’re willing to use Xcode, you can develop for your iPhone all you want at no charge.

                                                                                                  1. 7

                                                                                                    Develop for, yes, within the bounds of what Apple deems permissible. But you can’t replace iOS and port Linux or Android to it because the hardware is very locked down. (Yes, you might be able to jailbreak the phone through some bug, until Apple patches it, anyway.)

                                                                                                    Mind you, I’m not bemoaning the fact or chastising Apple or anything. They can do what they want. My original point was just that for every locked-down device that’s really a general-purpose computer inside, there are open alternatives and likely will be as long as there is a market for them and a way to cheaply manufacture them.

                                                                                                    1. 4

                                                                                                      Absolutely! Even more impressive is that with Android, Google has made such a (mostly) open architecture into a mass market success.

                                                                                                      However it’s interesting to note that on that very architecture, if you buy an average Android phone, it’s locked down with vendorware such that in order to install what you want you’ll likely have to wipe the entire ecosystem off the phone and substitute an OSS distribution.

                                                                                                      I get that the point here is that you CAN, but again, most users don’t want the wild wild west. Because, fundamentally, they don’t care. They want devices (and computers) that work.

                                                                                                      1. 6

                                                                                                        Google has made such a (mostly) open architecture into a mass market success.

                                                                                                        Uh, I used to say that until I looked at the history and the present. I think it’s more accurate that they made a proprietary platform on an open core a huge success by tying it into their existing, huge market. They’ve been making it more proprietary over time, too. So, maybe that’s giving them too much credit. I’ll still credit them with their strategy doing more good for open-source or user-controlled phones than their major competitors. I think it’s just a side effect of GPL and them being too cheap to rewrite core at this point, though.

                                                                                                      2. 2

                                                                                                        I like to think that companies providing OSes are a bit like states. They have to find a boundary over how much liberty over safety they should set, and that’s not an easy task.

                                                                                                      3. 3

                                                                                                        This is not completely true. There are some features you can’t use without an Apple developer account which costs $100/yr. One of those features is NetworkExtension.

                                                                                                        1. 2

                                                                                                          friendly in a limited way.

                                                                                                          OK, so you can take issue with “all you want” but I clearly state at the outset that free development options are limited.

                                                                                                  2. 6

                                                                                                    Over half a million people or 2 out of 100 Americans died in the Civil War. There was little innocent folks in general public could do to prevent it or minimize losses Personally, I found his “civil war” to be less scary. The public can stamp these problems out if they merely care.

                                                                                                    That they consistently are apathetic is what scares me.

                                                                                                    1. 5

                                                                                                      Agreed 100%.

                                                                                                      I have no idea what to do. The best solution I think is education. I’m a software engineer. Not the best one ever, but I try my best. I try to be a good computing citizen, using free software whenever possible. Only once did I meet a coworker who shared my values about free software and not putting so much trust in our computing devices - the other 99% of the time, my fellow devs think I’m crazy for giving a damn.

                                                                                                      Let alone what people without technical backgrounds give a damn about this stuff. If citizens cared and demanded freedom in their software, that would position society much better to handle “software eating the world”.

                                                                                                      1. 6

                                                                                                        The freedoms guaranteed by free software were always deeply abstruse and inaccessible for laypeople.

                                                                                                        Your GNOME desktop can be 100% GPL and it will still be nearly impossible for you to even try to change anything about it; even locating the source code for any given feature is hard.

                                                                                                        That’s not to say free software isn’t important or beneficial—it’s a crucial and historical movement. But it’s sad that it takes so much expertise to alter and recompile a typical program.

                                                                                                        GNU started with an ambition to have a user desktop system that’s extensible and hackable via Lisp or Scheme. That didn’t really happen, outside of Emacs.

                                                                                                        1. 6

                                                                                                          Your GNOME desktop can be 100% GPL and it will still be nearly impossible for you to even try to change anything about it; even locating the source code for any given feature is hard.

                                                                                                          I tried to see how true that is with a random feature. I picked brightness setting in the system status area. Finding the source for this was not so hard, it took me a few minutes (turns out it is JavaScript). Of course it would have been better if there was something similar to browser developer tools somewhere.

                                                                                                          Modifying it would probably be harder since I can’t find a file called brightness.js on my machine. I suppose they pack the JavaScript code somehow…

                                                                                                          About 10 years ago (before it switched to ELF) I used Minix3 as my main OS for about a year. It was very hackable. We did something called “tracking current” (which apparently is still possible): the source code for the whole OS was on the disk and it was easy to modify and recompile everything. I wish more systems worked like this.

                                                                                                          1. 6

                                                                                                            Remember when the One Laptop Per Child device was going to have a “view source” button on every activity?

                                                                                                            1. 1

                                                                                                              Oh yes, that would have been so nice…

                                                                                                    2. 3

                                                                                                      Cory always brings so much more work that needs to be done to the table.

                                                                                                    1. 2

                                                                                                      This is great! Are you aware of any desktop tools like that?

                                                                                                      1. 2

                                                                                                        The constituent compiler/toolchain tools are what’s in use under the covers. gcc/clang/objdump etc.

                                                                                                      1. 1

                                                                                                        willing to bet the recent issue with YouTube Piracy filter blocking MIT courses and the Blender Foundation are the result of The Machine being the ultimate decider.

                                                                                                        Yeah, I suppose he’s right. I can imagine someone executing a query to tell YT about net value for particular videos and being concerned about some outliers. “zero-point-eight percent of our traffic comes from videos that the participant hasn’t opted in to any monetization. It’s in our T&C that we can make this a requirement. Let’s just do it — we are subsidizing these videos. These users probably just neglected to opt-in and some of their content ‘went viral’.”

                                                                                                        This kind of conversation would sound pretty rational and maaaaaaaybe someone would pipe up with “but what if they didn’t forget to opt-in, they intentionally didn’t opt-in?” If anyone thought that, it was likely dismissed pretty quickly.

                                                                                                        1. 2

                                                                                                          There’s a lot of convoluted logic and repetition that I’d like to eliminate, but there are no tests to help me not break things.

                                                                                                          It’s great that you’ve identified the problem – work on this first! Create tests for the existing code. Unfortunately the best way that you can validate that the tests’ expected results are accurate is by interviewing the team that created the existing code.

                                                                                                          IMO if your team thinks that refactoring the existing code is a good way to go, the best move is to make these tests first. You will inevitably create incomplete test cases and discover gaps after you start refactoring. But the good news is that you will force yourself and your team to go through the exercise of evaluating “what is the intent of the existing design?” I predict that you will end up with net fewer bugs as a result.

                                                                                                            1. 4

                                                                                                              Can anyone help me understand why Metal was designed? Apple’s a heavy hitter in Khronos, right? So what was it that they felt like they couldn’t accomplish with OGL/OCL? Are there non-Mac targets that support Metal?

                                                                                                              1. 6

                                                                                                                OpenGL is a tired old API that is too high level for high performance graphics work. At the time when Metal was being developed folks were working on lower level APIs to expose the GPU more, like Mantle and DirectX 12, and Metal was Apple’s offering. I believe Mantle eventually evolved into Vulkan, but for some reason Apple is continuing to promote Metal. It’s a nicer API for Swift users, but that’s about it. I would have preferred that they’d make a safe API over Vulkan for Swift like Vulkano, they seem to be under some weird impression that they’ll be able to trap devs in their platform with their own, proprietary API. Or maybe they just can’t bear to give up all the sunk cost.

                                                                                                                1. 2

                                                                                                                  they seem to be under some weird impression that they’ll be able to trap devs in their platform with their own, proprietary API

                                                                                                                  Is it not working quite well for Microsoft with DirectX?

                                                                                                                2. 1

                                                                                                                  As I vaguely recall, it started on ios as a way to utilize their graphics chips faster and more efficiently (lower overhead).