1. 4

    It’s all easy to tell people to switch from X to Y (browser, OS, antivirus, etc.) but you can’t just go preaching when the alternatives aren’t quite the same. Sure you have Firefox (or any other flavour) and while I’d love to fully switch, it isn’t quite there yet. You can tell people to switch to some Linux distro or to install LineageOS but that comes with losing certain features or apps (try doing gamedev from Linux for example).

    And Firefox won over IE because it was better not for the fact IE back in the XP days was crap with its ActiveX madness. And same with the general switch to Chrome, it performed better.

    The bottom line for me is: make better alternatives to cover the general use case and people WILL switch (because their “techy” friend installs it for them) but they probably won’t just to get away from privacy issues if it gives them less headaches.

    1. 7

      same with the general switch to Chrome, it performed better

      Most people did not care that it performed “better”.

      They just saw the ads. On every google page. Including the search front page.

      1. 6

        Pretty sure Chrome grew its popularity when Firefox became quite sluggish, together with its strong presence in smartphones.

        1. 8

          Yeah, it is easy to forget how amazing Chrome was versus the competition in 2008. Other browsers were covered in garbage and layers of UI, Chrome was minimalist. When other browsers would crash when you went to a bad webpage, chrome just lost a tab due to the process separation. Even at initial release, Chrome was much faster than the competition. It also had the omnibar which felt like the “right way”.

        2. 3

          Watch the Google Chrome announcement video

          They compare it side-by-side with Internet Explorer. It shows that, for JavaScript, Chrome was around 100 times faster. For rendering it was around 3 times faster. The tab isolation, simpler user experience etc was also a serious win.

          These types of improvements did matter to a lot of people.

          1. 2

            The ads gave Google an opportunity to win people over, but ads alone don’t convince anyone to commit to a product. IMO by the time Chrome ads started popping up on Google properties, Chrome had already won.

            When Chrome came out it had superior UX to Firefox on every front. Performance, extensions, sync, transparent auto-updates, omnibar: everything was better and simpler for the 90% use-case. I specifically remember switching my parents and grandparents to Chrome because they kept getting stuck on old versions of Firefox and/or extensions would randomly stop working (namely ABP; about once a quarter I would get a call complaining that “the ads are back”). Chrome solved that problem for me.

            I’m a big fan of Mozilla but Firefox has always been a funky browser for nerds. It dominated IE because Microsoft had made zero technical investments for years and years. Firefox has made great strides competing with Chrome, but it hasn’t made any huge leaps and it still has rough edges. I think Mozilla as an organization struggles to put out products that are uncompromisingly great for the non-technical user.

            1. 2

              It dominated IE because Microsoft had made zero technical investments for years and years.

              Uh, when did Firefox “dominate IE”? Even after major EU legal wins, etc, Firefox was second until Chrome came with an even bigger backer that the regulators hadn’t smacked yet and ate everyone’s lunch.

              1. 1

                Uh, maybe it was too strong a word. But the market-share numbers are distorted by the incapability of corporate IT to move off IE at that time. That’s why the lifecycles of IE 6/7/8 were so drawn out.

                My recollection of that era is that anyone who understood what a browser was and had the ability to choose whichever one they wanted was using Firefox.

              2. 2

                Wow, I had forgotten auto-update, that might have been the most important feature!

                When Chrome was released, it actually lacked both extensions and sync, but the per-tab process and auto-update were killer features – plus general performance.

                1. 1

                  When Chrome was released, it actually lacked both extensions and sync

                  It got them in 2010, shortly before the first release for macOS, which is probably what I’m remembering as the initial release. It didn’t surpass Firefox and IE in market share until 2012.

              3. 2

                Most people did not care that it performed “better”.

                I don’t think this is true. At the time, both IE and FF were very slow and frustrating for people. A crash in either would take down the entire browser. “Updating their browser” was something their tech friends would tell them to do, and they wouldn’t do. Chrome was automatically updated, simpler, faster, more stable (re: crashing) and it was less complicated (at least in UI – omnibar, better on smaller screen). I think it won due to fitness for purpose, not ads.

              4. 6

                What about Firefox “isn’t quite there”?

                1. 5

                  Firefox is not “quite there” because developers today mostly create Chrome apps, and consider other browsers as an afterthought. On desktop, and even more on Android, I often need to switch back to Chrome because the app I’m using doesn’t work on Firefox or is way too slow.

                  Technically it’s very easy to get a website to work on any browser, but we don’t create websites anymore, often even plain text articles are “apps”, with JS all over the place and this is mostly designed to work on Chrome only.

                  1. 1

                    Firefox isn’t quite there because developers don’t target it. Developers don’t target Firefox because it isn’t quite there.

                    I understand and agree with your point, but this isn’t really something Mozilla can do much about (other than actually gaining back market share).

                  2. 4

                    I’ve tried to adopt Firefox seriously many times over the years, but every time the support for multi-user didn’t cut it for me.

                    I maintain two profiles in Chrome, a professional and a personal one. I’ve tried to replicate it with Firefox profiles, then later with containers, but the UX is not fitting my use case.

                    1. 2

                      Firefox lacks Chrome’s --app switch for example. That launches a window without the tab bar and the URL bar (essentially, only a webview). It’s super-sweet. Firefox does not support it out of the box, and all solutions I found involved setting up a separate profile. Chrome allows me to have these “apps” in the same profile, so they have access to the same extensions, I can open tabs from them, in my main browser window.

                      It’s a stupidly powerful feature if you have a few webapps you want to treat as apps instead of tabs.

                      1. 12

                        That sounds like a very very specific feature though, that maybe 1% of the people might use.

                        For the rest, Firefox is a perfectly good browser which (so far) seems to follow better privacy practices than Chrome.

                        1. 2

                          That sounds like a very very specific feature though, that maybe 1% of the people might use.

                          You’d be surprised how many people use this. Makes it so much easier to use a website as an app, and unlike the common Electron apps, allows one to use extensions with it. But even if only 1% used it, for that 1%, Firefox is not quite there.

                          Also, Electron. Tons of stuff is built on it, and it uses Chrome under the hood.

                          Firefox is a perfectly good browser which (so far) seems to follow better privacy practices than Chrome.

                          Yeah, like those experiments, or DNS-over-HTTPS which sends all DNS requests to Cloudflare. Or the integrated Pocket. Those might spy on me less, but it’s only marginally better.

                          1. 2

                            I hope for your sake that it’s way more than 1% usage. Google has a history of removing features that not many people use [1].

                            [1] I still prefer using Google Maps over anyone else but over time, I’ve had features I use removed due to lack of utilization. It’s annoying. Second only to the UI constantly changing.

                            1. 1

                              I believe a place that chrome apps are more commonly used is enterprise. It basically gives an easy way to put your internal CRUD webapp on the start menu with an icon and if you use the extended support some additional features. I suspect this is what keeps –app alive more than the at-home users use of it.

                              I have seen orgs with 30+ “chrome apps” in the default image. Actually probably the biggest category of apps on those deploys. Nevermind of course Chromebooks.

                            2. 1

                              But even if only 1% used it, for that 1%, Firefox is not quite there.

                              That’s nonsense. 1% might use it, and that’s probably an overestimate. For how many of them is it a dealbreaker? Even fewer. Probably far fewer. It’s a really insignificant feature.

                              Yeah, like those experiments

                              I don’t know what this means, could you elaborate?

                              or DNS-over-HTTPS which sends all DNS requests to Cloudflare.

                              DNS-over-HTTPS does not send all DNS requests to Cloudflare, and even if it did it would still be more secure than insecure DNS which sends all DNS requests to anyone listening, including Cloudflare if they wanted to.

                              Or the integrated Pocket.

                              Don’t like it? Don’t use it. I fail to see how this is ‘spying’ on you.

                              1. 0

                                It’s a really insignificant feature.

                                For you, yes. For me, it is essential. It doesn’t matter how many use it, for those who do, Firefox is not quite there. For everyone else, it might be, good for them.

                                I don’t know what this means, could you elaborate?

                                Look for Firefox studies. Granted, you have to opt in to them right now (like you used to be able to opt in to logging into Chrome), but then you’re opting in to pretty much all studies. This is just a step away from what Chrome’s doing now, and sending your browsing data to third parties, disguised as studies is even less honest.

                                DNS-over-HTTPS does not send all DNS requests to Cloudflare, and even if it did it would still be more secure than insecure DNS which sends all DNS requests to anyone listening, including Cloudflare if they wanted to.

                                Err, yes, it does send all DNS requests originating from Firefox through Cloudflare. It does fall back to regular DNS, but if enabled, it first goes through them. Not saying I trust my ISPs DNS servers, but I do trust my ISP to be far less competent at mining my data than Cloudflare.

                                1. 2

                                  Firefox studies are completely opt-in. They’re in an options window most people apparently never open. To compare this to Google forcing you to send them all your browsing data if you so much as log into GMail through their browser is ridiculous.

                                  DNS over HTTPS

                                  Doesn’t even look like this is out of nightly, it’s a feature you have to enable through the about:config page… I mean come on man, you cannot seriously be arguing this is a breach of privacy. They’re both completely opt-in.

                                  DNS over HTTPS sends your DNS traffic to a DNS-over-HTTPS provider. I’m sure it’s possible to change which provider it is. I wouldn’t be surprised if Google switched DNS in Chrome to go to 8.8.8.8 by default anyway. Certainly they widely encourage people to do so without telling them that this gives Google again all their browsing history, and more besides.

                                  1. 1
                                    1. 1

                                      Firefox studies are completely opt-in

                                      So was Chrome’s login until recently. I’m not going to trust a for-profit corporation to respect my privacy forever. Especially when those studies are marketed as harmless things, yet, send a whole lot of data to third parties (not even to Mozilla, but third parties).

                                      I’m sure it’s possible to change which provider it is

                                      It is, but there are currently two public DNS-over-HTTPS providers: Cloudflare and Google. Yay. You can run your own, yes, but not even 0.1% of users will ever do that. Besides you can also disable Chrome’s login thing if you really want to, with a flag: go to chrome://flags/#account-consistency, and set it to disabled.

                                      It’s an internal flag, and may or may not go away, but for the moment, it gets the job done, and I get to keep –app too.

                                      1. 1

                                        So was Chrome’s login until recently.

                                        It isn’t now. Now is what matters.

                                        I’m not going to trust a for-profit corporation to respect my privacy forever.

                                        Then why are you trusting Google to respect your privacy, given that they have never done so and Mozilla have nearly always done so. Mozilla has always acted in good faith wrt. privacy. Google has not. Yet you defend Google and attack Mozilla. Why?

                                        Especially when those studies are marketed as harmless things, yet, send a whole lot of data to third parties (not even to Mozilla, but third parties).

                                        So don’t enable them then. They’re completely optional and opt-in. I don’t understand why you think being able to opt into something is anywhere near comparable to being forced to give data.

                                        It is, but there are currently two public DNS-over-HTTPS providers: Cloudflare and Google. Yay. You can run your own, yes, but not even 0.1% of users will ever do that.

                                        So don’t enable it then. How is it Mozilla’s fault there aren’t more DNS-over-HTTPS providers? Get your ISP to provide it.

                                        Besides you can also disable Chrome’s login thing if you really want to, with a flag: go to chrome://flags/#account-consistency, and set it to disabled.

                                        It’s opt-out, in other words. Opt-out = might as well be mandatory for most users. On the other hand, opt-in = might as well not exist for most users. Most users are never ever going to enable anything opt-in and never ever going to disable anything opt-out.

                                        It’s an internal flag, and may or may not go away, but for the moment, it gets the job done, and I get to keep –app too.

                                        I’ve already explained how you can get the same functionality as --app in Firefox: go fullscreen, disable toolbars.

                                        1. 1

                                          Now is what matters.

                                          Now I can disable the sign-off in Chrome and Chromium. Chromium doesn’t send my data to Google. They both support the feature I want. If now is all that matters, then there is zero argument in favour of Firefox, as Chromium does precisely what I want, and am already using it.

                                          Thank you.

                            3. 3

                              Firefox and Chrome have different sets of features. They overlap significantly but not exactly. It’s easy to cherry-pick features either of them have that the other doesn’t. That doesn’t mean that Firefox isn’t a perfectly acceptable replacement for Chrome.

                              I have no clue why you’d want to launch a window without a tab bar and URL bar. Oh no, a couple of bars at the top of my screen, that’s far worse than sending all my browsing history to Google.

                              1. 1

                                That doesn’t mean that Firefox isn’t a perfectly acceptable replacement for Chrome.

                                It is, if you don’t need the features it does not have. If you do, it is a deal breaker. (No size fits all and all that)

                                I have no clue why you’d want to launch a window without a tab bar and URL bar.

                                And I have no clue why you’d want to launch more than one browser window with tab and URL bars. But, to illustrate: I have two screens, and on my secondary, I have Mastodon & Discord open, in a frame-less chrome window. Whatever link I click there, if it leads away from the domain, it opens in a new tab. I never leave the “app” itself. Why would I need a tab and an URL bar there? Those just make it too easy to navigate away. Not having them removes that problem, and also makes them look almost like a native app, which is great.

                                Small thing, yes, but so convenient that I’d rather patch Chrome to remove the login requirement than to figure out how to do the same with firefox. The former is considerably easier.

                                If you don’t need this feature, sure, use Firefox or whatever.

                                (Note: I’m not saying Chrome is better. It isn’t. I’m saying Firefox lacks useful features Chrome has, and as such, is not quite there for those of us who want those features. I’d love to switch way from Chrome, but haven’t found a browser that supports the extensions I use, and app windows. As soon as I find one, I’ll be jumping ship. I’m pretty sure it won’t be Firefox though.)

                                1. 2

                                  FF actually had the “apps” feature before Chrome even was released.

                                  Sadly it was killed off.

                                  1. 1

                                    Yeah, I remembered Firefox having it, and arrived at the same page, and was even more disappointed :/

                                    Mind you, Prism isn’t the same - it’s separate from the main browser, chrome’s –app is not (and that’s the great thing about it; I can get the separate think with Firefox with a kiosk add-on, but that’s not what I’m aiming for).

                                    1. 1

                                      It actually felt very similar, I would go so far as to say most of the way Chrome’s –app was inspired by the Prism extension. It used the same core in a different XULrunner and could be created just like you do in Chrome from the menu. Created desktop icons, had unique window idents, the whole deal. It had to be a bit more separate because back then there wasn’t process isolation per tab in FF, and one of prisms major goals was to avoid crashing the main browser.

                                  2. 0

                                    In Firefox in full screen mode you can hide toolbars (includes URL bar and tab bar). I use this to watch full screen videos sometimes. You don’t have to have it actually covering your full screen either, if you use a proper window manager like dwm that can resize windows that ask to be fullscreen.

                                    I really mean no offence when I say this, but your argument is bad. You can’t have everything you want. If you prioritise ‘app windows’ over security and privacy that’s your call, of course, but it’s a bad argument to claim that Firefox isn’t a satisfactory replacement for Chrome because it doesn’t have ‘app windows’. By that logic, Chrome is a wholly unsatisfactory replacement for Firefox, for the reason that it’s insecure crap that gives all my browsing data to Google…

                                    1. 1

                                      You just said they made a bad argument… then in literally the next sentence admitted that for their requirements it was a good argument… they DO prioritize ‘app windows’.

                                      Their argument was simply that it isn’t a “perfectly acceptable replacement” within the requirements they laid forth of “having app window support”. This makes their argument well reasoned and coherent. If you want to attack one of their premises, you can do that – but that is another argument.

                                      You then go on to attack the premise and claim their requirement is not an actual requirement, and can be replaced with some set of outside tooling. I don’t believe you proved your case on that front based on the short point you made about dwn. They referenced other features as well.

                                      I personally have unsuccessfully tried to replace chrome apps a number of times with FF or even other browsers. I never got it working the way I wanted it – window identification issues mostly, and in a few cases webapps not playing well with being forcefully resized. So currently I use chrome only for these “apps” and I use FF as my primary browser.

                                      As for Chrome not being a satisfactory replacement for FF for you – that also seems to be true. With your implied premise of being opposed to Google’s data collection practices, obviously Chrome is unacceptable for you. That argument is also coherent with those premises. I won’t say you have a “bad argument” because within the premises you implied, it is a good one. You value different things – neither argument is bad or wrong.

                                      1. 1

                                        In short: their argument was a response to a question asking why Firefox was not generally suitable as a replacement for Chrome. In that context it’s bad.

                                        1. 0

                                          That doesn’t mean that Firefox isn’t a perfectly acceptable replacement for Chrome.

                                          Your high bar of “perfectly acceptable” was simply not met. It lacks features the poster needs. If you claim features don’t matter then what does exactly?

                                          1. 1

                                            In short: their argument was a response to a question asking why Firefox was not generally suitable as a replacement for Chrome. In that context it’s bad.

                                      2. 1

                                        But I don’t run those windows full screen - they’re clamped to a screen half, so fullscreen is not an option. Been there, tried it. I could change my WM, but that’s another workaround that doesn’t work, because then I’d have to switch to one that can resize fullscreen apps, and still do everything my current one does. No thanks. I’ll patch the login stuff out of Chrome instead.

                                        And yes, Chrome is crap. But I can work around its most recent stupid far more easily than I can add app windows to Firefox. So Chrome is still a better browser for me, unfortunately.

                                        Again, I’m not saying Firefox is not a satisfactory replacement for most people. I’m saying it is not suitable for me, that there are things in Chrome that Firefox does not have, yet, people depend on, and for those people, Firefox is not quite there yet.

                                        1. 0

                                          But I don’t run those windows full screen - they’re clamped to a screen half, so fullscreen is not an option. Been there, tried it. I could change my WM, but that’s another workaround that doesn’t work, because then I’d have to switch to one that can resize fullscreen apps, and still do everything my current one does. No thanks. I’ll patch the login stuff out of Chrome instead.

                                          So in other words the problem is that you’re using a crap window manager. How is that Firefox’s fault? You choose to use a crap WM, that’s fine, but don’t go around threads about browsers crapping on Firefox just because you make poor choices elsewhere in your setup.

                                          You can’t patch anything out of Chrome. Doesn’t work like that. You can patch Chromium, but Chromium isn’t Chrome.

                                          And yes, Chrome is crap. But I can work around its most recent stupid far more easily than I can add app windows to Firefox. So Chrome is still a better browser for me, unfortunately.

                                          No, you cannot work around Chrome sending all your browsing data to Google. Chrome is built from the ground up to send your browsing data to Google. It’s untrusted proprietary software. You cannot work around that.

                                          Again, I’m not saying Firefox is not a satisfactory replacement for most people. I’m saying it is not suitable for me, that there are things in Chrome that Firefox does not have, yet, people depend on, and for those people, Firefox is not quite there yet.

                                          You were defending the comment that said ‘It’s all easy to tell people to switch from X to Y (browser, OS, antivirus, etc.) but you can’t just go preaching when the alternatives aren’t quite the same. Sure you have Firefox (or any other flavour) and while I’d love to fully switch, it isn’t quite there yet.’ I’m sorry, but that’s a broad statement about Firefox that suggests it’s missing important core browsing features. Not that it’s missing some tiny obscure feature you personally use but which most people have never heard of and wouldn’t want anyway.

                                          (and which you can emulate in Firefox if you use a decent window manager)

                                          1. 2

                                            So in other words the problem is that you’re using a crap window manager.

                                            No, my problem is that Firefox does not implement a feature I use. My window manager is fine, thank you very much. That fact that the only way to make an app emulate a feature I use is to work it around in WM, by ignoring a full screen request and doing something else is not a solution. That is a crude hack.

                                            You can’t just go around telling people “Go use a different browser and a different WM”. That’s about the same level of good advice as “Tired of systemd? Just go use OpenBSD!”. It doesn’t work like that.

                                            You can patch Chromium, but Chromium isn’t Chrome.

                                            Yeah, but I can patch it out from Chromium. Or disable with a flag. And still keep –app, and won’t have to switch to a whole new WM. If I used firefox, my task would be a whole lot harder.

                                            You were defending the comment that said ‘It’s all easy to tell people to switch from X to Y (browser, OS, antivirus, etc.) but you can’t just go preaching when the alternatives aren’t quite the same. Sure you have Firefox (or any other flavour) and while I’d love to fully switch, it isn’t quite there yet.’

                                            And I stand by my defense: you can’t tell people to change, when the alternatives lack important features. It just happens YOU don’t consider the same features important. I’ll give you an analogy:

                                            • I’m tired of systemd, for reason X.
                                            • Use OpenBSD.
                                            • But OpenBSD does not support my hardware.
                                            • It is your fault for making poor hardware choices, it is easy to run OpenBSD on proper hardware.

                                            That’s how you sound like now.

                                            1. 2

                                              No, my problem is that Firefox does not implement a feature I use. My window manager is fine, thank you very much. That fact that the only way to make an app emulate a feature I use is to work it around in WM, by ignoring a full screen request and doing something else is not a solution. That is a crude hack.

                                              It’s not a crude hack. It’s a normal expected feature of any window manager: to be able to resize windows.

                                              1. 1

                                                It’s not a crude hack. It’s a normal expected feature of any window manager: to be able to resize windows.

                                                Not fullscreen ones. Very few can resize those.

                                                1. 1

                                                  Most window managers are bad, I guess. Most things are bad.

                                  3. 1

                                    How do you use this feature? It sounds interesting, but it’s never occurred to me. When you say ‘webapps’, do you mean browser extensions or things that would ordinarily be packaged as android/iOS apps? Or something else entirely?

                                    1. 4

                                      It is even simpler than you are thinking. Basically when you create a “app” out of a website what happens is you get a shortcut that does the following:

                                      • opens a browser instance with no browser ui components, it is just the page loaded in a window.
                                      • gives that window a custom id (so your window manager can tell it apart from other windows for rules and such)
                                      • gives it a taskbar entry
                                      • gives it an icon
                                      • puts a link to it in your menu system if supported
                                      • puts a link to it on your desktop if supported

                                      I use a ton of them, right now I am running in “app” mode:

                                      • IRCCloud
                                      • WhatsApp Web
                                      • Google Keep
                                      • Google Music
                                      • Fastmail Inbox
                                      • Pocketcasts
                                      • Todoist
                                      • Trello
                                      • Tweetdeck
                                      • Dungeon Crawl Web Tiles
                                      • Youtube.TV

                                      I run these as “apps” because I have rules that put them on certain desktops or monitors, and I like them having their own taskbar entries.


                                      I actually use Firefox as my main browser – and one of my annoyances with you these chrome “apps” is that if I click a link from like IRCCloud – it always opens in chrome because well – it is already IN chrome. I wish I could set them up to use the system default browser.

                                      1. 2

                                        The latter, things that would be packaged as android/ios/electron apps. I use slack, discord, mastodon like this, because I want them always-on, without accidentally navigating away, but links still opening in my main window (on another screen), and with my extensions available so I can tweak my experience, block trackers, and so on. Since I want these always on, and separate from my main browser, there is zero purpose for a tab or url bar on them. They feel much more like an app than a browser window would, yet, I have more control than if I ran a (non-free, usually) native app.

                                        1. 1

                                          I segregate websites that are not good actors but that I still use (Facebook, LinkedIn, Instagram) using single-site browsers, via Fluid. Fluid uses a completely different local storage instance for every “app” you create, so you don’t have to worry about being tracked around. This allows me to ratchet up the level of privacy I ask for from my browser without worrying about breaking functionality on those web “apps” I use.

                                          As much as I despise it, this is also why I use the Electron versions of Spotify and Slack.

                                      2. 1

                                        I was going to say the memory footprint and its overall smoothness but I don’t have data to back that up, so it’s just a feeling.

                                        I try to go back to FF out of principle but I guess there is something in Chrome which keeps winning me over.

                                      3. 1

                                        Of course Firefox is “there”; it’s been “there” for longer than Chrome’s even existed.

                                        1. 1

                                          make better alternatives to cover the general use case and people WILL switch (because their “techy” friend installs it for them)

                                          This strategy has never worked.

                                        1. 65

                                          This blogpost is a good example of fragmented, hobbyist security maximalism (sprinkled with some personal grudges based on the tone).

                                          Expecting Signal to protect anyone specifically targeted by a nation-state is a huge misunderstanding of the threat models involved.

                                          Talking about threat models, it’s important to start from them and that explains most of the misconceptions in the post.

                                          • Usable security for the most people possible. The vast majority people on the planet use iOS and Android phones, so while it is theoretically true that Google or Apple could be forced to subvert their OSs, it’s outside the threat model and something like that would be highly visible, a nuclear option so to speak.
                                          • Alternative distribution mechanisms are not used by 99%+ of the existing phone userbases, providing an APK is indeed correctly viewed as harm reduction.
                                          • Centralization is a feature. Moxie created a protocol and a service used by billions and millions of people respectively that provides real, measureable security for a lot of people. The fact is that doing all this in a decentralized way is something we don’t yet know how to do or doing invites tradeoffs that we shouldn’t make. Federation atm either leads to insecurity or leads to the ossification of the ecosystem, which in turn leads to a useless system for real users. We’ve had IRC from the 1990s, ever wonder why Slack ever became a thing? Ossification of a decentralized protocol. Ever wonder why openpgp isn’t more widespread? Noone cares about security in a system where usability is low and design is fragile. Ever tried to do key rotation in gpg? Even cryptographers gave up on that. Signal has that built into the protocol.

                                          Were tradeoffs made? Yes. Have they been carefully considered? Yes. Signal isn’t perfect, but it’s usable, high-level security for a lot of people. I don’t say I fully trust Signal, but I trust everything else less. Turns out things are complicated when it’s about real systems and not fantasy escapism and wishes.

                                          1. 34

                                            Expecting Signal to protect anyone specifically targeted by a nation-state is a huge misunderstanding of the threat models involved.

                                            In this article, resistance to governments constantly comes up as a theme of his work. He also pushed for his tech to be used to help resist police states like with the Arab Spring example. Although he mainly increased the baseline, the tool has been pushed for resisting governments and articles like that could increase perception that it was secure against governments.

                                            This nation-state angle didn’t come out of thin air from paranoid, security people: it’s the kind of thing Moxie talks about. In one talk, he even started with a picture of two, activist friends jailed in Iran in part to show the evils that motivate him. Stuff like that only made the stuff Drew complains about on centralization, control, and dependence on cooperating with surveillance organization stand out even more due to the inconsistency. I’d have thought he’d make signed packages for things like F-Droid sooner if he’s so worried about that stuff.

                                            1. 5

                                              A problem with the “nation-state” rhetoric that might be useful to dispel is the idea that it is somehow a God-tier where suddenly all other rules becomes defunct. The five-eyes are indeed “nation state” and has capabilities that are profound; like the DJB talk speculating about how many RSA-1024 keys that they’d likely be able to factor in a year given such and such developments and what you can do with that capability. That’s scary stuff. On the other hand, this is not the “nation state” that is Iceland or Syria. Just looking at the leaks from the “Hacking Team” thing, there are a lot of “nation states” forced to rely on some really low quality stuff.

                                              I think Greg Conti in his “On Cyber” setup depicts it rather well (sorry, don’t have a copy of the section in question) and that a more reasonable threat model of capable actors you do need to care about is that of Organized Crime Syndicates - which seems more approachable. Nation State is something you are afraid of if you are political actor or in conflict with your government, where the “we can also waterboard you to compliance” factors into your threat model, Organized Crime hits much more broadly. That’s Ivan with his botnet from internet facing XBMC^H Kodi installations.

                                              I’d say the “Hobbyist, Fragmented Maximalist” line is pretty spot on - with a dash of “Confused”. The ‘threats’ of Google Play Store (test it, write some malware and see how long it survives - they are doing things there …) - the odds of any other app store; Fdroid, the ones from Samsung, HTC, Sony et al. - being completely owned by much less capable actors is way, way higher. Signal (perhaps a Signal-To-Threat ratio?) perform an good enough job in making reasonable threat actors much less potent. Perhaps not worthy of “trust”, but worthy of day to day business.

                                            2. 18

                                              Expecting Signal to protect anyone specifically targeted by a nation-state is a huge misunderstanding of the threat models involved.

                                              And yet, Signal is advertising with the face of Snowden and Laura Poitras, and quotes from them recommending it.

                                              What kind of impression of the threat models involved do you think does this create?

                                              1. 5

                                                Who should be the faces recommending signal that people will recognize and listen to?

                                                1. 7

                                                  Whichever ones are normally on the media for information security saying the least amount of bullshit. We can start with Schneier given he already does a lot of interviews and writes books laypeople buy.

                                                  1. 3

                                                    What does Schneier say about signal?

                                                    1. 10

                                                      He encourages use of stuff like that to increase baseline but not for stopping nation states. He adds also constantly blogged about the attacks and legal methods they used to bypass technical measures. So, his reporting was mostly accurate.

                                                      We counterpoint him here or there but his incentives and reo are tied to delivering accurate info. Moxie’s incentives would, if he’s selfish, lead to locked-in to questionable platforms.

                                              2. 18

                                                We’ve had IRC from the 1990s, ever wonder why Slack ever became a thing? Ossification of a decentralized protocol.

                                                I’m sorry, but this is plain incorrect. There are many expansions on IRC that have happened, including the most recent effort, IRCv3: a collectoin of extensions to IRC to add notifications, etc. Not to mention the killer point: “All of the IRCv3 extensions are backwards-compatible with older IRC clients, and older IRC servers.”

                                                If you actually look at the protocols? Slack is a clear case of Not Invented Here syndrome. Slack’s interface is not only slower, but does some downright crazy things (Such as transliterating a subset of emojis to plain-text – which results in batshit crazy edge-cases).

                                                If you have a free month, try writing a slack client. Enlightenment will follow :P

                                                1. 9

                                                  I’m sorry, but this is plain incorrect. There are many expansions on IRC that have happened, including the most recent effort, IRCv3: a collectoin of extensions to IRC to add notifications, etc. Not to mention the killer point: “All of the IRCv3 extensions are backwards-compatible with older IRC clients, and older IRC servers.”

                                                  Per IRCv3 people I’ve talked to, IRCv3 blew up massively on the runway, and will never take off due to infighting.

                                                  1. 12

                                                    And yet everyone is using Slack.

                                                    1. 14

                                                      There are swathes of people still using Windows XP.

                                                      The primary complaint of people who use Electron-based programs is that they take up half a gigabyte of RAM to idle, and yet they are in common usage.

                                                      The fact that people are using something tells you nothing about how Good that thing is.

                                                      At the end of the day, if you slap a pretty interface on something, of course it’s going to sell. Then you add in that sweet, sweet Enterprise Support, and the Hip and Cool factors of using Something New, and most people will be fooled into using it.

                                                      At the end of the day, Slack works just well enough Not To Suck, is Hip and Cool, and has persistent history (Something that the IRCv3 group are working on: https://ircv3.net/specs/extensions/batch/chathistory-3.3.html)

                                                      1. 9

                                                        At the end of the day, Slack works just well enough Not To Suck, is Hip and Cool, and has persistent history (Something that the IRCv3 group are working on […])

                                                        The time for the IRC group to be working on a solution to persistent history was a decade ago. It strikes me as willful ignorance to disregard the success of Slack et al over open alternatives as mere fashion in the face of many meaningful functionality differences. For business use-cases, Slack is a better product than IRC full-stop. That’s not to say it’s perfect or that I think it’s better than IRC on all axes.

                                                        To the extent that Slack did succeed because it was hip and cool, why is that a negative? Why can’t IRC be hip and cool? But imagine being a UX designer and wanting to help make some native open-source IRC client fun and easy to use for a novice. “Sisyphean” is the word that comes to mind.

                                                        If we want open solutions to succeed we have to start thinking of them as products for non-savvy end users and start being honest about the cases where closed products have superior usability.

                                                        1. 5

                                                          IRC isn’t hip and cool because people can’t make money off of it. Technologies don’t get investment because they are good, they get good because of investment. The reason that Slack is hip/cool and popular and not IRC is because the investment class decided that.

                                                          It also shows that our industry is just a pop culture and can give a shit about good tech .

                                                          1. 4

                                                            There were companies making money off chat and IRC. They just didn’t create something like Slack. We can’t just blame the investors when they were backing companies making chat solutions whose management stayed on what didn’t work in long-term or for huge audience.

                                                            1. 2

                                                              IRC happened before the privatization of the internet. So the standard didn’t lend itself well for companies to make good money off of it. Things like slack are designed for investor optimization, vs things like IRC being designed for use and openness.

                                                              1. 2

                                                                My point was there were companies selling chat software, including IRC clients. None pulled off what Slack did. Even those doing IRC with money or making money off it didn’t accomplish what Slack did for some reason. It would help to understand why that happened. Then, the IRC-based alternative can try to address that from features to business model. I don’t see anything like that when most people that like FOSS talk Slack alternatives. Then, they’re not Slack alternatives if lacking what Slack customers demand.

                                                                1. 1

                                                                  Thanks for clarifying. My point can be restated as… There is no business model for federated and decentralized software (until recently , see cryptocurrencies). Note most open and decentralized tech of the past was government funded and therefore didn’t face business pressures. This freed designets to optimise other concerns instead of business onrs like slack does.

                                                          2. 4

                                                            To the extent that Slack did succeed because it was hip and cool, why is that a negative? Why can’t IRC be hip and cool?

                                                            The argument being made is that the vast majority of Slack’s appeal is the “hip-and-cool” factor, not any meaningful additions to functionality.

                                                            1. 6

                                                              Right, as I said I think it’s important for proponents of open tech to look at successful products like Slack and try to understand why they succeeded. If you really think there is no meaningful difference then I think you’re totally disconnected from the needs/context of the average organization or computer user.

                                                              1. 3

                                                                That’s all well and good, I just don’t see why we can’t build those systems on top of existing open protocols like IRC. I mean: of course I understand, it’s about the money. My opinion is that it doesn’t make much sense to insist that opaque, closed ecosystems are the way to go. We can have the “hip-and-cool” factor, and all the amenities provided by services like Slack, without abandoning the important precedent we’ve set for ourselves with protocols like IRC and XMPP. I’m just disappointed that everyone’s seeing this as an “either-or” situation.

                                                                1. 2

                                                                  I definitely don’t see it as an either-or situation, I just think that the open source community typically has the wrong mindset for competing with closed products and that most projects are unapproachable by UX or design-minded people.

                                                          3. 3

                                                            Open, standard chat tech has had persistent history and much more for decades in the form of XMPP. Comparing to the older IRC on features isn’t really fair.

                                                            1. 2

                                                              The fact that people are using something tells you nothing about how Good that thing is.

                                                              I have to disagree here. It shows that it is good enough to solve a problem for them.

                                                              1. 1

                                                                I don’t see how Good and “good enough to solve a problem” are related here. The first is a metric of quality, the second is the literal bare minimum of that metric.

                                                        2. 1

                                                          Alternative distribution mechanisms are not used by 99%+ of the existing phone userbases, providing an APK is indeed correctly viewed as harm reduction.

                                                          I’d dispute that. People who become interested in Signal seem much more prone to be using F-Droid than, say, WhatsApp users. Signal tries to be an app accessible to the common person, but few people really use it or see the need… and often they are free software enthusiasts or people who are fed up with Google and surveillance.

                                                          1. 1

                                                            More likely sure, but that doesn’t mean that many of them reach the threshold of effort that they do.

                                                          2. 0

                                                            Ossification of a decentralized protocol.

                                                            IRC isn’t decentralised… it’s not even federated

                                                            1. 3

                                                              Sure it is, it’s just that there are multiple federations.

                                                          1. 2

                                                            If it would have been Google, would people react the same way? I feel there’s a constant hanger around Microsoft, that is generally localized around its OS, but the Azure teams and this acquisition is showing great advances for Microsoft and hopefully a better future for everyone!

                                                            1. 2

                                                              I think people would be much more upset if it had been Google, but really both companies have historically short attention spans.

                                                              The problem is that products which would be great successes if run as independent entities are frequently seen as distractions or failures inside large corporations like Google or Microsoft. And if they do decide to maintain an acquired product, the amount of value they need to juice from it is dramatically higher than would be needed by an independent org.

                                                            1. 2

                                                              But there’s also TypeScript which has bivariant inputs and outputs which will never warn you.

                                                              As of TypeScript 2.6, inputs are checked contravariantly in strict mode: https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-6.html

                                                              1. 1

                                                                Scary how often viruses like this are showing up in linux! I think this is the beginning of a new time.. and we’re going to have to change the way we do things to stay safe.

                                                                1. 7

                                                                  These incidents (at least in the NPM context) are good endorsements for the goals of Ryan Dahl’s deno, which runs code sandboxed by default.

                                                                  1. 4

                                                                    sandboxing is good but i don’t want to run malicious code at all, even if it’s properly contained! We need better review too.

                                                                    1. 2

                                                                      I’d go a little bit further than that. We need to extend the security architecture of our package managers. For example, architectures like TUF, notary/Docker Content Trust, or PEP-458 are great starting points.

                                                                    2. 5

                                                                      This is more of an NPM virus, not a linux specific one.

                                                                    1. 4

                                                                      It is really surprising he didn’t find jbuilder which is the build system that seems to be displacing all the other build systems in OCaml and has a passable learning curve.

                                                                      Maybe because he uses Reason syntax, which is probably not supported very well, if at all.

                                                                      1. 3

                                                                        It’s called Dune now: https://github.com/ocaml/dune

                                                                        1. 1

                                                                          Dune has no releases yet, so for now it still is jbuilder.

                                                                        2. 1

                                                                          Dune supports Reason syntax out of the box and will pick up all *.re files automatically.

                                                                        1. 6

                                                                          The internet search experience suffered a setback when the major browsers abandoned the separate search box for the combined address/search box. Only FireFox retains this feature, where your default search engine is the first choice in a list.

                                                                          In the days before Alta Vista became better than Yahoo, and then Google crushed all other search options, there were meta-search engines that combined, filtered, and formatted results from several search engines of your choice. IIRC Magellan was one of these. I’ve toyed with the idea of reviving this idea for my own use. Google and Bing are pretty similar, but not perfectly similar, and provide different results depending on whether you are signed-in or anonymous. DDG usually provides different enough results to be important. There’s a lot of room for innovation in meta-search.

                                                                          Finally there are still all sorts of specialized search options. In this category I would start with Amazon and Wikipedia. There are also sites like noodle.com, specializing in education related searches.

                                                                          1. 5

                                                                            DuckduckGo is my go to search.

                                                                            It is simple and doesn’t have the Google bloat to it and thise smart searches like where you can generate a md5 hash for example in a search query or do number system conversions is pretty cool

                                                                            1. 2

                                                                              Duckduckgo owns, its my configured default search on all devices. When i need something specific from Google, i use the bang feature for google, !g.

                                                                              1. 2

                                                                                I never knew that was a bang available, my word. Is there a !b for bing too? (Update: there is wow)

                                                                              2. 0

                                                                                So essengially DDG has a great interface and is actually way more useful.

                                                                                1. 4

                                                                                  Let’s be honest, though: the results are not as good as Google for many/most queries.

                                                                                  1. 3

                                                                                    I don’t know. I switched to DDG at home and I’ve always been able to find what I’m looking for. I still use Google at work so I’m able to compare and contrast. About the only place where Google is better (in my opinion) is in image search, and that may be due to how Google displays them vs. DDG.

                                                                                    1. 4

                                                                                      Here’s a concrete example. Let’s say I’m trying to remember the name of the project that integrates Rust with Elixir NIFs.

                                                                                      First result for me for the query “elixir rust” on Google is the project in question: https://github.com/hansihe/rustler

                                                                                      After scrolling through three pages of DDG results, that project doesn’t seem to be listed or referenced at all, and there are several Japanese and Chinese-language results despite the fact that I have my location set to “United States”. I will forgive all the results about guitar strings since DDG doesn’t have tracking data to determine that I’m probably not interested in those (although the usage of the word “rust” in those results is in the term “anti-rust” which seems like a bad result for my query).

                                                                                      That query is admittedly obtuse, but that’s what I’ve become accustomed to using with Google. These results feel generally characteristic of my experience using DDG. I end up using the !g command a lot rather than trying to figure out how to reframe my query in a way that DDG will understand.

                                                                                      1. 2

                                                                                        I think you did that wrong. You were specifically interested in NIF but left that key word off. Even Lobsters search engine, which is often really off for me, gets to Rustler in the first search when I use these: elixir rust nif. Typing it into DDG like this gives me Rustler at Page 1, Result 2.

                                                                                        Just remember these high-volume, low-cost engines are pretty dumb when not backed by a company the size of Google or Microsoft. You gotta tell them the words most likely to appear together. “NIF” was critical in that search. Also, remember that you can use quotes around a word if you know for sure it will appear and minus in front of one to eliminate bogus results. Put “site:” in front if you’re pretty sure which place or places you might have seen it. Another trick is thinking of other ways to say something that authors might use. These tricks 1990’s-early2000’s searches get me the easy finds I submit here.

                                                                                        1. 0

                                                                                          I disagree that “NIF” was essential to that query. There are a fair number of articles and forum posts on Google about the Rustler library. It’s one of the primary contexts that those two languages would be discussed together. DDG has only one of those results as far as I see. Why? Even if I wasn’t looking for Rustler specifcally, I should see discussions of how those two languages can be integrated if I search for them together.

                                                                                          1. 2

                                                                                            There are a fair number of pages where Elixir and Rust will show up without Rustler, too. Especially all the posts about new languages. NIF is definitely a keyword because you’re wanting a NIF library specifically instead of a page about Rust and Elixir without NIF. It’s a credit to Google’s algorithms that it can make the extra connection to Rustler pushing it on the top.

                                                                                            That doesn’t mean I expect it or any other search engine to be that smart. So, I still put every key word in to get consistently accurate results. Out of curiosity, I ran your keywords to see what it produces. The results on the top suck. DuckDuckGo is usually way better than that in my daily use. However, instead of three pages in, DuckDuckGo has Rustler on page 1, result 6. Takes about 1 second after hitting enter to get to it. Maybe your search was bad luck or something.

                                                                                        2. 1

                                                                                          I did exactly that search and found it at the 5th position.

                                                                                          While “elixir rust github” put it at 1st position. Maybe you have some filters? I have it set to “All Regions”.

                                                                                      2. 2

                                                                                        Google has so many repeated results for me that I feel they have worse quality for most of my queries than ddg or startpage. Maybe I’ve done something wrong and gotten myself into a weird bubble, but these days I find myself using Google less and less.

                                                                                        1. 1

                                                                                          Guess so. I have been using it at uni though for a long time and gotten atleast what I needed.

                                                                                          But I admit that googs has more in their indexes.

                                                                                    2. 5

                                                                                      Searx is a fairly nice meta search engine.

                                                                                      1. 4

                                                                                        Finally there are still all sorts of specialized search options. In this category I would start with Amazon and Wikipedia.

                                                                                        DuckDuckGo has a feature called “bangs” that let you access them. Overview here. Even if not using DDG, their list might be a nice reference of what to include in a new, search engine.

                                                                                        1. 1

                                                                                          the URL bar itself now performs a search when you put something that’s not a URL in it

                                                                                          1. 1

                                                                                            I thought that was clear. What I like about the old style dedicated search box is it that its is so easy to switch between search engines.

                                                                                            1. 3

                                                                                              I believe that you can use multiple search engines in an omnibar by assigning each search engine a keyword, and typing that keyword (and then space) before your search.

                                                                                              1. 1

                                                                                                Or if you use DuckDuckGo, you can use !bangs to pivot to another search engine or something else.

                                                                                              2. 2

                                                                                                With keyword searching (a feature I first used in Opera, and which is definitely present in Firefox; I can’t speak to any other browsers), it’s “so easy” to switch between search engines—in fact, far easier than with a separate search box. I type “g nephropidae” to search Google, or “w nephropidae” for Wikipedia, “i nephropidae” for image search, or even “deb nephropidae” for Debian package search (there’s no results for that one).

                                                                                                1. 2

                                                                                                  This is not completely obvious from the user experience. Without visual cues, much available functionality is effectively hidden. You must have either taken the initiative to research this, someone told you, or you stumbled upon it some other way. This also effectively requires you to have CLI-like commands memorized, the exact opposite of what GUIs purport to do. And adding new search engines? That’s non-obvious.

                                                                                                  1. 1

                                                                                                    I use YubNub to get large library of such keywords that is the same on every device.

                                                                                            1. 25

                                                                                              I did a PhD in maths where I had to do a lot of algebraic geometry, so I’m comfortable with category theory and its concepts and applications. I’ve never seen those ideas being used in nontrivial or useful ways in programming, and by now think that either me or a lot of other people are missing some point. I’m not sure which.

                                                                                              Category theory became popular in mathematics, and especially algebraic geometry, because it provided a “one higher level” from which to look upon the fields and see that a lot of the ideas we were working with were actually a shadow of a single more abstract idea. For example, the direct products of groups, rings, fields, vector spaces and so on were understood as different incarnations of the category-theoretic product. This helped to standardize a lot of arguments, and give names to some concepts differing groups had been grappling with in isolation before. Grothendieck was able to wield these abstract notions so deftly that he could use them to “take compass bearings” and figure out in what directions he should go. That is unbelievably powerful.

                                                                                              In programming, I can see how one would model the state of a program as a monad. A monad is basically defined around the idea that we can’t always undo whatever we just did, so that makes sense. I’ve also read a fair number of Haskell programmers and their explanations of how category theory fits into programming. None of it seems to even have the promise of the same levels of usefulness as we’ve seen in mathematics, and a lot of it seems to be actively harmful by raising jargon barriers around trivial ideas.

                                                                                              1. 8

                                                                                                That is a great story, I would definitely read more of your writing about math if you shared it somewhere.

                                                                                                1. 4

                                                                                                  I too have encountered category theory during my maths degree (never managed to get the PhD, though), and I also agree that category theory in programming seems very out of place. The most interesting application I’ve seen for it is in homological algebra, but I’m pretty sure no programmer has any interest in abelian categories. The most prototypical functor for me is the Galois functor, which programmers have no need for.

                                                                                                  The result is that when I see computer people talk about category theory, it’s all utterly foreign to me. They tell me I should like it because I like mathematics, but I do not. I’ve made some effort to understand why they like it and have never been very convinced by it, as unconvinced as you seem yourself.

                                                                                                  1. 4

                                                                                                    I’ve also read a fair number of Haskell programmers and their explanations of how category theory fits into programming.

                                                                                                    I’d be interested in your take on this discussion, in particular the first comment by Gershom Bazerman, as well as his post here. It seems like he has a good perspective on it, but I don’t have the mathematical knowledge to really confirm that one way or the other. Or maybe you’ve already read this particular stuff and dismissed it; in either case it’d be handy to get a sense of what you think to place it in context, if you’re willing.

                                                                                                    Here is another post which your comment reminded me of, which I wish I had the mathematical ability to fully understand; I’d also love to hear what you think about that as well.

                                                                                                    I’m really not trying to challenge anything you said about the misapplication of CT in Haskell/programming in general (if I haven’t emphasized this enough at this point, I don’t think I’m qualified to do so), I’m just always interested in adding more data to my collection, hoping that at some point I’ll have built up the mathematical maturity to understand the different positions better.

                                                                                                    None of it seems to even have the promise of the same levels of usefulness as we’ve seen in mathematics, and a lot of it seems to be actively harmful by raising jargon barriers around trivial ideas.

                                                                                                    As a programmer who barely understands category theory, all I can say is that I’ve personally found the small number of concepts I’ve encountered useful, and, most importantly, more useful than anything else out there (which I’ll generalize as “design patterns and other vague, poorly specified stuff”) for providing a basis for designing modular structures to base programs on. I find that the most basic concepts presented in category theory map well to the kind of abstraction present in programming, and I’d love to get a better sense of where you find the jargon barriers to be and how we could eliminate those (and fwiw I think this is a general problem in programming, not limited to Haskell nerds dropping category theory terms into their discussions). In particular I’ve found concepts like Monoid, Monad, and Functor to be useful–especially in understanding how they interrelate and can be used together. They’ve enhanced my ability to think conceptually and logically about the kinds of structures I deal with in programming all the time, even where I may not be applying these structures directly in whatever program I’m considering. I may be doing it wrong, but insofar as I’ve developed the correct intuition around these things, they seem useful to me.

                                                                                                    So I can readily accept that we have not been able (and maybe never will be able!) to harness category theory at the level Grothendieck did, but it seems like right now it’s yielding results, and part of the value is simply in the exploration and application of a different rigor to programming as a practice. Maybe in ten or twenty years we’ll look back at the folly of applying category theory to programming, but I rather think it’s more likely that we’ll see it as a step on the path toward discovering something deeper, more rigorous and powerful, and more beautiful than what we can imagine for designing programs right now.

                                                                                                    Or maybe we’ll go back to being obsessed with design patterns and UML. If that’s the case I hope I’ll have quit and gone into being an organic farmer in Vermont or something.

                                                                                                    1. 1

                                                                                                      I’m interested in hearing more about this as well. It’s been a long-standing question for me whether continuing to investigate category theory would help me write better programs. I have no background in higher math, but my understanding/assumption has been that category theory is relevant to programming insofar as it facilitates composition.

                                                                                                      As I see it, the fundamental problem of software design is economically accommodating change. We try to facilitate this by selectively introducing boundaries into our systems in the hopes that the resulting structures can be understood, modified, and rearranged as atomic units. I don’t think it’s controversial to say that our overall success at this is mixed at best.

                                                                                                      The promise of category theory seems to be that, rather than relying on hearsay (design patterns) or our own limited experience, we can inform our choices of where to introduce boundaries from a more fundamental, abstract space where the compositional properties of various structures are rigorously understood.

                                                                                                      But like I said, this is very much an open question for me. I would love to be convinced that, although there is clearly some overlap, the fields of category theory and software design are generally independent and irrelevant to each other.

                                                                                                    1. 5

                                                                                                      Going to try to pick up Elm again, for the purpose of writing a game. Tried last year, let’s see if it goes better this time…

                                                                                                      1. 3

                                                                                                        Just out of curiosity, any arguments to favor Elm over Reason?

                                                                                                        1. 2

                                                                                                          I like Reason, but it doesn’t enforce purity. IMO that’s the big reason to use Elm instead.

                                                                                                          1. 1

                                                                                                            Ecosystem mainly - though Reason certainly seems very interesting as well!

                                                                                                          2. 2

                                                                                                            Elm is great! I really liked the new error messages in the latest 0.18. They’re a bit overdue for an updated version though.

                                                                                                          1. 11

                                                                                                            Meta discussion: what’s up with all these people advocating against Net Neutrality? Maybe I didn’t listen to too many different opinions a few years ago, but I’m fairly certain that if anyone wanted to try oppose NN, it was seeming obvious that they were a ISP shill. A few months I saw some looney Anarcho-Capitalist (ie. a radical right-wing (market) libertarian) advocate for it, which I belived to be a new low for their group, but since then I’ve been seeing more and more people popping out of seeming nowhere, trying to convince people that ISPs would still provide equal service to everyone (or “better”), even if the darn government wouldn’t make them do so (even if it weren’t profitable for them - but since when do private businesses care about that?).

                                                                                                            Is my perspective limited? Has this been a longer trend? If not, what is the cause for this recent shift?

                                                                                                            1. 7

                                                                                                              Some people distrust the government so much, they argue against their own interests just to “keep the government out”

                                                                                                              1. 4

                                                                                                                Your perspective is limited. An argument against “Net Neutrality” has existed for quite some time.

                                                                                                                [EDIT]: Source (note the blurb at the top though): https://www.eff.org/deeplinks/2009/09/net-neutrality-fcc-perils-and-promise — As far as I can tell, it’s basically the same partisan argument (on both sides) that’s being repeated today. If I were a betting man, I’d say arguments against it go back even further, but I’ve spent enough time on it already.

                                                                                                                1. 1

                                                                                                                  I’m not doubting that there was an argument, the very concept of people supporting Net Neutrality without even an argument would be ludicrous. All I’m asking is why lately tere have been, or at least appear to have been, more prominent.

                                                                                                                  1. 0

                                                                                                                    I’d say the EFF is pretty prominent.

                                                                                                                    Anyway, it doesn’t seem more prominent to me than any other time this issue has come up (and it has, several times).

                                                                                                                2. 2

                                                                                                                  I don’t argue against it, but I do think many of the hypothetical scenarios people come up with are far fetched and not representative of why ISPs are opposing net neutrality (and those falsely constructed hypothetical doomsday scenarios are why so many people care in the first place).

                                                                                                                  NN is definitely better for the consumer, but if we don’t have it, we won’t lose our first amendment rights or have to pay extra for full speed access to lobste.rs. Realistically, the change will not be very drastic at all.

                                                                                                                  1. 2

                                                                                                                    Realistically, the change will not be very drastic at all.

                                                                                                                    This is a strangely confident assertion to make in the current political climate.

                                                                                                                    1. 2

                                                                                                                      I’m very confident about the goals behind corporate lobbying: create a friendly regulatory environment, then push profits right up to the line, but not so far as to create a public/regulatory backlash (because that ruins profits, temporarily).

                                                                                                                      It’s a game, and as long as they’re playing it, they’re not going to piss you off squabbling over kilo/mega/giga-bytes when the money is in video streaming (exa/zetta-bytes). Case in point: you really can’t hit Comcast’s data cap without streaming HD video – that’s on purpose.

                                                                                                                      1. 2

                                                                                                                        They’ve made crazy-high profits for decades using monopolistic tactics with poor service, high costs, and so on. Any public anger at their tactics had to be balanced against drawbacks of not having telecom service at all. So, they tolerated it for lack of other options. The telecoms reinforced that with consolidation that kept things bad until government action forced competition and/or speed increases.

                                                                                                                        With all evidence to contrary, I don’t know how you are talking like they’ll stop pushing profits at point where it creates backlash. The backlash alone won’t do anything given the public doesnt choose the FCC heads: politicians paid off by telecoms do. So, they keep trying to cause more profitable problems for consumers because executive incentives, barrier for competitors, lobbying, and weak regulations all let them do it.

                                                                                                                        And yes, they did piss me off with the caps that my non-HD, 2-person household ran through in a month on top of probably-intentionally, shitty meters that said I was using gigabytes of data when stuff was powered off. A strong backlash combined with a consumer-friendly regulator made them back off… not with admissions of wrongdoing… to simply raise the cap. The cap that they invented out of thin air to begin with. If new regulator changes things, they might try that stuff again or something worse like their plan to sell our info.

                                                                                                                1. 4

                                                                                                                  It’s confusing to me that the Haskell community would be resistant to the pipe operator since it’s IMO it’s been pretty successful in Elixir, Elm, F#, and OCaml. Maybe symptomatic of something unhealthy about the Haskell community in general.

                                                                                                                  1. 1

                                                                                                                    Yeah it’s great and haskell often forgets people like to program to do things.

                                                                                                                    1. 2

                                                                                                                      Avoid success at all cost taken a lil’ too far.

                                                                                                                    2. 1

                                                                                                                      The Haskell community is prone to err on the side of centralization to avoid fragmentation (unlike Lisps that are scattered into incompatible ecosystems, making writing anything practical much more of a chore than it should be) and has deep and ideological aversion to duct tape instead of proper fix. In this case: Flow functions are slightly more intuitive and IDE-friendly, but they do not address Haskell legacy usability problems in depth (a library is not a proper place for fixing the language), thus the community is very reluctant to use this.

                                                                                                                      I don’t see anything unhealthy about this, it is a conscious and rational choice (that has its downsides, yes).

                                                                                                                      1. 1

                                                                                                                        Not the threat model this functionality is addressing.

                                                                                                                        1. 2

                                                                                                                          What does it address though? I mean seriously, do you really think you can resist in really dangerous situations?

                                                                                                                          1. 1

                                                                                                                            It’s protecting you against the police, who operate under a legal framework which prevents them from beating you with a rubber hose but not from obtaining your fingerprints.

                                                                                                                            1. 2

                                                                                                                              I am too cynic to comment on that. I just wish the world was this easy.

                                                                                                                              1. 1

                                                                                                                                I left the caveat out for the sake of brevity, but like I said the threat model this functionality is addressing is not one where the attacker can utilize any means necessary. Is there any practical system which can address that scenario?

                                                                                                                          2. 1

                                                                                                                            This brings up a good point though, is it true that, let’s say TSA agents, can force you to unlock your phone with your fingerprint but not with a passcode? Honest question.

                                                                                                                            1. 3

                                                                                                                              I don’t know about TSA, but it’s true that cops can.

                                                                                                                              As far as I know, fingerprints aren’t protected under the fifth amendment but passwords are: http://mashable.com/2014/10/30/cops-can-force-you-to-unlock-phone-with-fingerprint-ruling/#g3MF5oyDTOqN

                                                                                                                        1. 11

                                                                                                                          It was inevitable.

                                                                                                                          If only it made him complete a quest with a random character in adventure mode before continuing to update his system. :D

                                                                                                                          This is one good reason why I always use full, explicit paths in my scripts.

                                                                                                                          1. 12

                                                                                                                            This is one good reason why I always use full, explicit paths in my scripts.

                                                                                                                            but then they are not portable

                                                                                                                            1. 8
                                                                                                                              qbit@slip[0]:~λ which bash
                                                                                                                              /usr/local/bin/bash
                                                                                                                              qbit@slip[0]:~λ
                                                                                                                              
                                                                                                                              1. -2

                                                                                                                                Just always use /bin/bash and don’t care about distros/BSDs that don’t care enough about their users to place bash there. Problem solved for 99% of users. ;)

                                                                                                                                1. 10

                                                                                                                                  or you know, ignore developers that don’t care about their downstream packagers and users to learn about /usr/bin/env? Problem solved for 99% of users caring about cross platform software.

                                                                                                                                  1. 3

                                                                                                                                    Not all distros may have env in /usr/bin, so not necessarily an improvement over the extremely common /bin/bash. Then there’s the problem of what /usr/bin/env df might return…

                                                                                                                                    1. 12

                                                                                                                                      On NixOS, env is the only thing in /usr/bin, so that’s at least one distro that developers can avoid breaking by using it.

                                                                                                                                      1. 7

                                                                                                                                        IME, globally /usr/bin/env is more likely to exist than /bin/bash. The person who has this dwarf fortress issue seems to have done foolish things to get df to be dwarf fortress so I don’t think this situation is a valid motivator for something that is closer to being a standard (/usr/bin/env) than something that’s not (/bin/bash).

                                                                                                                                        1. 1

                                                                                                                                          As long as neither /bin/bash nor /usr/bin/env are standards, there can be issues. In addition to this, there is no agreed upon registry for reservation of the names of the executables.

                                                                                                                                2. 1

                                                                                                                                  Keep in mind, for this to happen, the user probably changed the system default PATH to put Dwarf Fortress first. sudo usually scrubs the environment to default settings unless you’ve taken steps.

                                                                                                                                  1. 10

                                                                                                                                    Read the comments on the answer. He dropped a symlink into /usr/local/bin to make the command available to him. /usr/local/bin/df ?

                                                                                                                                    1. 1

                                                                                                                                      I don’t get this. Did he override the linux df in /usr/local/bin?

                                                                                                                                      1. 1

                                                                                                                                        The original df is in /bin. He placed another df to /usr/local/bin. The default PATH on Ubuntu has /usr/local/bin before /bin, so his df gots executed instead of the system one.

                                                                                                                                      2. 1

                                                                                                                                        Why would they use df? Did they not know of the other df? Or did they just not care? I don’t care if someone else set the PATH variable and it isn’t your fault, at best it is confusing, at worst someone messes up an install/copy/backup script, with potential to hose their system.

                                                                                                                                        1. 3

                                                                                                                                          Not all the world is Unix. I can’t confirm with cursory searches, but given the character set choice (CP437) I strongly suspect that Windows was the original platform.

                                                                                                                                          1. 1

                                                                                                                                            It was

                                                                                                                                  1. 3

                                                                                                                                    To a great extent this does exist. Sandboxing has helped prevent these types of attacks for many years now. That’s how iOS works on Apple products. A rouge ransomware app couldn’t encrypt the whole phone because it can’t reach the whole phone. The better question is why haven’t desktop operating systems, specifically Windows, caught up yet?

                                                                                                                                    1. 2

                                                                                                                                      Windows Store apps are already sandboxed and have been from the start, but that store has not become a broadly appealing distribution platform for lots of different reasons.

                                                                                                                                      It’s the same situation with macOS and the Mac App Store, but Apple has done a somewhat better job at getting people on board with their store.

                                                                                                                                      This is one of the many reasons more people are using tablets and phones as their primary computing devices. The compatibility and UX legacy on the desktop is a goddamn mess.

                                                                                                                                    1. 17

                                                                                                                                      This fucks bisect, defeating one of the biggest reasons version control provides value.

                                                                                                                                      Furthermore, there are tools to easily take both approaches simultaneously. Just git merge —squash before you push, and all your work in progress diffs get smushed together into one final diff. And, for example, Phabricator even pulls down the revision (pull request equivalent) description, list of reviewers, tasks, etc, and uses that to create a squash commit of your current branch when you run arc land.

                                                                                                                                      1. 7

                                                                                                                                        I’m surprised to hear so many people mention bisect. I’ve tried on a number of occasions to use git bisect and svn bisect before that, and I don’t think it actually helped me even once. Usually I run into the following problems:

                                                                                                                                        • there is state that is essential to exercising the test case I’m interested in which isn’t in source control (e.g. configuration files, databases, external services) and the shape of the data in these places needs to change to exercise different versions of the code
                                                                                                                                        • the test case passes/fails at different points in the git history for reasons unrelated to the problem that I’m investigating

                                                                                                                                        I love the idea of git bisect but in practice it’s never been worth it for me.

                                                                                                                                        1. 14

                                                                                                                                          Your second bullet point suggests to me bisect isn’t useful to you in part because you’re not taking good enough care of your history and have broken points in it.

                                                                                                                                          I bisect things several times a month, and it routinely saves me hours when I do. By not keeping history clean as others have talked about, you ensure bisect is useless even for those developers who do find it useful. :(

                                                                                                                                          1. 6

                                                                                                                                            Right: meaningful commit messages are important but a passing build for each commit is essential. A VCS has pretty limited value without that practice.

                                                                                                                                            1. 1

                                                                                                                                              It does help that your commits be at clean points but isn’t really necessary - you don’t need to run your entire test suite. I usually will either bisect with a single spec or isolate the issue to a script that I can run against bisect. And as mentioned in other places you can just bisect manually.

                                                                                                                                          2. 6

                                                                                                                                            You can run bisect in an entirely manual mode where git checks out the revision for you to tinker with and before marking the commit as good or bad.

                                                                                                                                            1. 3

                                                                                                                                              There are places where it’s not so great, and there are places where it’s a life-saving tool. I work (okay, peripherally… mostly I watch people work) on the Perl 5 core. Language runtime, right? And compatibility is taken pretty seriously. We try not to break anyone’s running code unless we have a compelling reason for it and preferably they’ve been given two years' warning. Even if that code was written in 1994. And broken stuff is supposed to stay on branches, not go into master (which is actually named “blead”, but that’s another story. I think we might have been the ones who convinced github to allow a different default branch because having it fail to find “master” was kind of embarrassing).

                                                                                                                                              So we have a pretty ideal situation, and it’s not surprising that there’s a good amount of tooling built up around it. If you see that some third-party module has started failing its test suite with the latest release, there’s a script that will build perl, install a given module and all of its dependencies, run all of their tests along the way, find a stable release where all of that did work, then bisect between there and HEAD to determine exactly what merge made it started failing. If you have a snippet of code and you want to see where it changed behavior, use bisect.pl -e. If you have a testcase that causes weird memory corruption, use bisect.pl --valgrind and it will tell you the first commit where perl, run with your sample code, causes valgrind to complain bitterly. I won’t say it works every time, but… maybe ¾ of the time? Enough to be very worth it.

                                                                                                                                            2. 0

                                                                                                                                              This fucks bisect, defeating one of the biggest reasons version control provides value.

                                                                                                                                              No it doesn’t. Bisect doesn’t care what the commit message is. It does care that your commit works, but I don’t think the article is actually advocating checking in broken code (despite the title) - rather it’s advocating committing without regard to commit messages.

                                                                                                                                              Just git merge —squash before you push, and all your work in progress diffs get smushed together into one final diff.

                                                                                                                                              This, on the other hand, fucks bisect.

                                                                                                                                              1. 3

                                                                                                                                                Do you know how bisect works? You are binary searching through your commit history, usually to find the exact commit that introduced a bug. The article advocates using a bunch of work in progress commits—very few of which will actually work because they’re work in progress—and then landing them all on the master branch. How exactly are you supposed to binary search through a ton of broken WIP commits to find a bug? 90% of your commits “have bugs” because they never worked to begin with, otherwise they wouldn’t be work in progress!

                                                                                                                                                Squashing WIP commits when you land makes sure every commit on master is an atomic operation changing the code from one working state to another. Then when you bisect, you can actually find a test failure or other issue. Without squashing you’ll end up with a compilation failure or something from some jack off’s WIP commit. At least if you follow the author’s advice, that commit will say “fuck” or something equally useless, and whoever is bisecting can know to fire you and hire someone who knows what version control does.

                                                                                                                                                1. 1

                                                                                                                                                  Do you know how bisect works?

                                                                                                                                                  Does condescension help you feel better about yourself?

                                                                                                                                                  The article advocates using a bunch of work in progress commits—very few of which will actually work because they’re work in progress—and then landing them all on the master branch. How exactly are you supposed to binary search through a ton of broken WIP commits to find a bug? 90% of your commits “have bugs” because they never worked to begin with, otherwise they wouldn’t be work in progress!

                                                                                                                                                  I don’t read it that way. The article mainly advocates not worrying about commit messages, and also being willing to commit “experiments” that don’t pan out, particularly in the context of frontend design changes. That’s not the same as “not working” in the sense of e.g. not compiling.

                                                                                                                                                  It’s important that most commits be “working enough” that they won’t interfere with tracking down an orthogonal issue (which is what bisect is mostly for). In a compiled language that probably means they need to compile to a certain extent (perhaps with some workflow adjustments e.g. building with -fdefer-type-errors in your bisect script), but it doesn’t mean every test has to pass (you’ll presumably have a specific test in your bisect script, there’s no value in running all the tests every time).

                                                                                                                                                  Squashing WIP commits when you land makes sure every commit on master is an atomic operation changing the code from one working state to another.

                                                                                                                                                  Sure, but it also makes those changes much bigger. If your bisect ends up pointing to a 100-line diff then that’s not very helpful because you’ve still got to manually hunt through those changes to find the one that made the actual difference - at that point you’re not getting much benefit from having version control at all.

                                                                                                                                            1. 1

                                                                                                                                              Not a fantastic interview, but Herzog is someone worth listening to.

                                                                                                                                              1. 2

                                                                                                                                                Such a comment is even better if it includes links proving he’s worth listening to. Got any for readers here?

                                                                                                                                                1. 6

                                                                                                                                                  As far as proving he’s worth listening to, I would start with his body of work before reading an interview.

                                                                                                                                                  If you have a way of watching 3D movies, I’d recommend Cave of Forgotten Dreams. Watching that film is the most moving experience I’ve had in VR by far. Otherwise, some of the films he’s known for are Grizzly Man, Encounters at the End of the World, and Aguirre, the Wrath of God.

                                                                                                                                                  1. 2

                                                                                                                                                    I would say listen to the science friday interview last year. He has some very good insights into humanity.

                                                                                                                                                    http://www.sciencefriday.com/segments/seeking-humanity-in-volcanoes-with-werner-herzog/

                                                                                                                                                    I would have to back up xtian here and say his body of work stands on its own. Its hard to prove anyone is “worth listening to”. All I can say is he has some very valid and interesting viewpoints that most technological people might not want to confront. Think Black Mirror perhaps, only not as dystopian.

                                                                                                                                                    Perhaps this interview will suffice as proof: https://www.wired.com/2016/07/warner-herzog-lo-and-behold/

                                                                                                                                                    1. 1

                                                                                                                                                      Although not entirely serious, I love his appearance in Rick and Morty https://www.youtube.com/watch?v=Rw1cdRew-Zg

                                                                                                                                                  1. 13

                                                                                                                                                    I rail against this frequently.

                                                                                                                                                    In the interest of fostering discussion^W^Wcomplaining with an audience (but maybe some discussion will result!), here are a few trends, not mentioned in the article, that are profoundly user-unfriendly and which I would very much like to see die:


                                                                                                                                                    Interface mutability. My partner uses an iPhone. She was not happy to start using her iPhone, because she had to take time to learn how to use it that she could have spent doing literally anything else, most of which she would have found more productive. (The jump from a landline touch-tone phone to a clamshell cell phone is like climbing a curb compared to the Everest of figuring out a smartphone interface.) But okay, now she’s figured out how to use it, all is well, right? Well, obviously not, because I’m here complaining about it. Some years later, Apple pushed iOS 7 to her phone, and it rearranges, redesigns and shuffles everything. Now she has to relearn how to use her phone to no discernible benefit, because Apple decided the previous interface was insufficiently shiny and/or confusing. What the fuck. How many millions or billions of dollars of damage did Apple due to the world’s economy with that change? Because I got to experience secondhand at least a few hours of wasted time and frustration due to it.

                                                                                                                                                    And of course, it doesn’t end there: she recently had to update her laptop (from OS X Lion to Sierra) because, as a medical professional, operating systems without security support obviously won’t fly. And so now she has to relearn how to use her computer. While the learning curve for new Mac OS versions is shallower than the iOS <7→7 curve, Sierra performs terribly on her (nominally supported) laptop. I’m hoping upgrade to an SSD will resolve that for at least a few more years, but if not (or eventually regardless), she’ll have to buy a new laptop not because she needs new features or the old one is wearing out but essentially because Apple mandated it. Great.

                                                                                                                                                    While my computer interface (bash, wmii/i3, vim) has been essentially stable for the better part of a decade, the barriers to entry to such an interface are formidable indeed, and the capabilities aren’t sufficient for everyone; my partner, for instance, needs to run proprietary medical record programs, which provide only Windows and Mac OS versions.

                                                                                                                                                    (I don’t mean to single Apple out here, by the way; it’s just the example I’ve most recently had significant exposure to. Nearly every interface vendor is guilty. I go to some lengths to insulate myself from popular computing for precisely these sorts of reasons.)


                                                                                                                                                    Inconsistency. The article touches on this in the realm of the web (“is this a button? A link? A static label?”), but it’s a cancer that has spread to native interfaces, as well. Is a given element a button? A link? A static label? Who the hell knows? I can’t figure out without clicking on it, and who knows what happens when I do that. The webapp-ification of native interfaces is partly to blame here (way back when the web was actually a web of static pages linked by hypertext, there was a good reason to present web content differently from application interface; now, unfortunately, those conventions have leaked between environments) but I seem to recall once upon a time major interface vendors published HIGs that were either enforced or at least broadly adhered to (and offenders like Winamp were rare and the butt of frequent jokes). That seems to have fallen by the wayside. Google and Apple seem to be trying to bring it back in the mobile interfaces, but they’re doing a bad job of enforcement (even though they’ve given themselves the technical ability to do so!) and their mobile HIGs are bad anyway.


                                                                                                                                                    System fragility. You know how many people are terrified of changing their system’s settings? We taught them to feel this way by, in the 90s, presenting them with a multitude of knobs that could destroy their system, requiring them to shell out money to a probably-insufferable technician who would almost certainly make fun of them behind their backs to unfuck things and then quite possibly shell out more money or time to recreate work they lost. Well now we’re well into the 2010s, we’ve learned our lesson, and systems are resilient, present informative warnings at an appropriate frequency and generally enable fearless user operation! Lol, no, of course not. Systems are less likely to fuck themselves now, but regular users are still justifiably afraid of them because they’re still unjustifiably likely to present dangerous options with only jargon to warn you off.

                                                                                                                                                    Now, back in the 90s, some of that fragility was just because consumer-level computers weren’t a mature product yet. They had to expose some of the rougher edges of the underlying hardware interfaces, because there wasn’t enough headroom to paper over them effectively. (Not all of them, of course. In no universe should it take me two clicks to erase a disk.) But there’s really no remaining excuse now.

                                                                                                                                                    1. 8

                                                                                                                                                      On HIGs: While Macs have had good consistency even from third parties for a long time, on Windows its been a total mess of nothing looking and feeling consistent. The last push for HIG consistency was with Windows 95; UWP might improve this though. At least the X11 desktops are consistent with themselves. (I try to make apps that are good citizens on Windows.)

                                                                                                                                                      On browsers: Please take me back to the days of static pages, when browsers were document viewers, not app runtimes.

                                                                                                                                                      1. 3

                                                                                                                                                        Adherence to the macOS HIG has eroded noticeably in recent years, even in first-party apps. I agree it’s nowhere near as much of a mess as Windows, but I don’t use it as a point of comparison anymore.

                                                                                                                                                        1. 3

                                                                                                                                                          Apple seems to be getting less interested in pushing (or even enabling) third parties to conform to any kind of consistent HIG as well. One of the traditional strengths of the Mac platform for developers was its thorough and consistent documentation, which explained what everything did, why it did it, how pieces fit together, and generally what the Right Way To Do Things was. Now the documentation is all over the map and my recent experience with it has not been very good. Large parts look like basically auto-generated Doxygen style stuff giving you bare-bones class documentation and not much else.

                                                                                                                                                      2. 4

                                                                                                                                                        Interface mutability.

                                                                                                                                                        Without any change, there is no progress. I am also amazed at some people I have encountered who actually seemed to simply refuse to learn anything new.

                                                                                                                                                        That said, change for changes sake (novelty chasing) is indeed a serious problem in the industry. I wholeheartedly agree.

                                                                                                                                                        1. 4

                                                                                                                                                          Maybe a different type of progress?

                                                                                                                                                          I think it was The Ultimate C64 Talk where the speaker made the point that hardware moves so fast nowadays, people don’t explore its limits (paraphrased from memory).

                                                                                                                                                          There’s often a kind of CADT-style impatience among people, which leads to exasperated comments from my fiancé like “They made Spotify shit again”. I don’t use Spotify, so I’m not sure, but I’ve understood that after the shock of change (“now it’s shit!”) there’s often a meh (“it didn’t get better or worse, just different.”).

                                                                                                                                                          So how can the end users know if a change was in any way objectively better when things move faster (and break) than we can explore the limits?

                                                                                                                                                          1. 3

                                                                                                                                                            When I have a useful thing, I don’t want it to progress; I want it to keep being the same useful thing.

                                                                                                                                                            1. 0

                                                                                                                                                              So you still have a flip phone and a horse?

                                                                                                                                                              1. 8

                                                                                                                                                                I find comments like this one frustrating. Some people bloody well do still have flip phones and horses, because they want to and that’s actually just fine. Those things don’t work less well than they used to, and if the owner is happy with it and it isn’t dangerous, I can’t imagine why they should change to something else.

                                                                                                                                                                The difference with software updates in newer products like iPhones is that you often need to take the update, or your necessarily connected device will be rife with security holes. But the major updates often screw around with where the buttons are, or how things work. There isn’t really a (safe) choice to just keep the horse or the old flip phone, because in a very real sense they don’t build things that way anymore.

                                                                                                                                                                1. 5

                                                                                                                                                                  Until a few months ago I had a near-invincible candybar phone. Why not a smart phone?

                                                                                                                                                                  • I wanted good battery life. Months later, forgotten in a drawer, the little beasty still runs its daily alarm clock.
                                                                                                                                                                  • I wanted durability. Even with a nice Otterbox on my new phone, that little candybar survived thirty-foot bouncedrops from my cycling commute on hard roads.
                                                                                                                                                                  • I wanted to text without looking. The little keypad gave great tactile feedback, so I could text without breaking eyecontact or appearing to do anything other than have my hands in my pockets.
                                                                                                                                                                  • I wanted good call quality. Most voice calls were comfortable and good.

                                                                                                                                                                  Sometimes old tech that correctly solves the problem domain simply and reliably is preferable to some damn fool new fancy solution. That’s why the AK family and the Mauser action have been around as long as they have, why Usenet and IRC is still in widespread use after over 20 years, and so forth.

                                                                                                                                                                  1. 4

                                                                                                                                                                    Pull someone from 1967 to today (that’s a leap of 50 years). They know how to drive, they can still drive a 2017 car without much problem since that interface hasn’t changed much. The car radio however? That will take some time (along with the climate controls).

                                                                                                                                                                    Another thing—from time to time I’ll find some neat feature on Google Maps. At one time, you could select multiple towns and it would highlight each town in light red. I used that feature. Then they removed it. Then they added it back, but you can only do one town at a time. It’s gotten to the point where I don’t want to learn new features for the fear that they’ll be arbitrarily removed because their constant A/B testing shown that not many people use it, or were confused by it, or they just felt like they didn’t want to support it any more.

                                                                                                                                                            1. 6

                                                                                                                                                              I’ve never used Erlang. How long does it take to recover from a crash, and e.g. start a new thread? I’m guessing this is cheap?

                                                                                                                                                              I ask because Node’s adopted the official “let it crash” line, but restarting a process took up to a minute when I was running it in production.

                                                                                                                                                              1. 11

                                                                                                                                                                It is much cheaper than spawning an OS thread but more expensive than just calling a function.

                                                                                                                                                                1. 4

                                                                                                                                                                  Erlang process spawning is, iirc, less than a thousand machine cycles in modern hardware.

                                                                                                                                                                  1. 1

                                                                                                                                                                    That’s a shame. It used to be a goal of the Node project to hold startup time to 30ms.

                                                                                                                                                                  1. 7

                                                                                                                                                                    I think we’ll see more aggressive ads. In fact I think this has already happened. I remember ads getting noticeably worse (more Flash animation in particular) at the point when Mozilla started shipping a pop-up-blocker by default, and I don’t think it’s coincidence.

                                                                                                                                                                    1. 4

                                                                                                                                                                      I don’t think they are going to be more aggressive, but the opposite. Ads are going to get sneakier, show up in the middle of content as though it was content. Its happening already in the form of paid content, endorsed content, what ever else they want to call it. So instead of aggressive light boxes and pop up windows with three or four timed ads that you can’t skip over, we’re going to looking at content that is actually just one long advertisement. The lines between content and ads will almost disappear entirely.

                                                                                                                                                                      1. 11

                                                                                                                                                                        The question of more subtle vs more aggressive is a false dichotomy. The ad industry is already pursuing both strategies. If you disable your ad blocker I think it’s clear that ads have gotten more aggressive and overall inventory has increased. At the same time I think the usefulness of Google for finding information is at an all-time low. Some topics are alright, but an increasing number of queries just return fluff, advertorials, and sponsored content.

                                                                                                                                                                        I don’t see any possibility for these drain-circling processes to be interrupted. I think both strategies will become increasingly pernicious along with more comprehensive tracking/profiling and a stronger push towards mobile apps.

                                                                                                                                                                        My hope is that we’ll see a commensurate increase in willingness to pay for content and services that aren’t covered in garbage. I think we see that to some extent already, the question is how broadly it will spread.

                                                                                                                                                                        1. 2

                                                                                                                                                                          My guess is that there are limits on how far advertising can push the paid-content model. Beyond everything else, web pages (and sites) need to attract attention. A lot of paid content that serves advertisers is not likely to be all that compelling, so it simply won’t draw all that many pageviews compared to more interesting content.

                                                                                                                                                                          Sites can mix compelling organic content with paid advertising content to some degree, but I think that most sites will wind up with HTML (and Javascript) where the adblockers can strip the paid advertising content out. They won’t be able to on big sites that do custom integration of advertising and content inside their CMS backend, but a lot of sites aren’t going to be able to go that far.

                                                                                                                                                                          (My understanding is that modern ad networks work in large part by integrating the core page content and the added advertising in the browser itself, through mechanisms like Javascript, embedded iframes, and images loaded from outside domains. Doing the integration in the browser requires markers in the HTML and so on, which adblockers can see and act on. If you integrate ads into the HTML in your backend you don’t need these giveaway markers, but you have to have a backend that can talk to ad networks, pull in the ads, stuff them into your HTML, etc etc. Big sites can afford to put together such backends and have enough pageviews to get ad networks to talk to them this way; smaller sites are probably likely to lack both the resources and the influence, so will be left with the ‘add this to your HTML’ approach to serving ads.)

                                                                                                                                                                          1. 1

                                                                                                                                                                            I think you’re right about the need to attract and hold attention. It seems like a site needs to maintain a very high volume of real content in order to make the paid stuff tolerable. I disagree about the technical limitation, though. You could probably cover most of those smaller sites with a WordPress plugin (WordPress supposedly powers 25% of the Internet).

                                                                                                                                                                            The main limitation is economic. A paid post is much more expensive to produce than a banner ad and whereas a banner ad can be targeted at broad categories of sites and users, a paid post has to more or less fit within the narrow topic of the site that hosts it.

                                                                                                                                                                            1. 1

                                                                                                                                                                              When you say “25% of the Internet” you need to be more precise because that is too vague a phrase to be meaningful. It could be 25% of: 1) bandwidth 2) unique domains 3) page views 4) time spent …

                                                                                                                                                                              1. 1

                                                                                                                                                                                https://w3techs.com/blog/entry/wordpress-powers-25-percent-of-all-websites

                                                                                                                                                                                We do count both the self-hosted, open source version of WordPress which can be downloaded at WordPress.org, and we also count WordPress sites hosted at WordPress.com or elsewhere. However, we count the hosted sites only if they are reachable via their own domain (not only as subdomain of wordpress.com), and they must qualify like all other sites in our surveys by getting enough visitors on that separate domain to make it into the top 10 million Alexa sites. As a result, the vast majority of the millions of blogs at WordPress.com are not counted. Only 1.25% of the WordPress sites in our surveys are hosted by Automattic at WordPress.com.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  Looks like they are counting unique domains, which means 25% isn’t as impressive as it sounds because the overwhelming majority of those get very little traffic.

                                                                                                                                                                                  1. 2

                                                                                                                                                                                    Right, but I was specifically commenting on the technical viability of back-end integration with a large number of small sites.