1. 2

      They give the impression that stringing a bunch of config files together is all you need to become operational. Get a server, follow the HOWTO and you’re good.

      If the reader needs that HOWTO, they will probably not be aware of how to set up backup and restore themselves. The server is now a ticking time bomb. And that’s just the basic operational concern.

      Or the reader doesn’t need the HOWTO, and the article is just mildly interesting. Great, they use YAML to generate systemd units that run podman, that forwards environment variables to a container.

      1. 4

        The only thing needed to backup the Matrix homeserver state is to save the content of the PostgreSQL database. The steps to do that are in the project README. They are written with updates in mind but apply equally.

        How is the server a time bomb? We took great care to make sure everything auto-updates regularly so that you are not running software with know issues or vulnerabilities.

        Disclaimer: Co-author.

        1. 3

          I didn’t think it was supposed to be a bulletproof how to set up your server guide, more “here’s how you might use CoreOS”. Which is why I liked it, I’ve not seen many good motivating introductions to CoreOS.

          1. 4

            I agree with jaffachchief here, this article is one of those use case examples. Trying to find “reasons” to use CoreOS is challenging, this gives you a happy path to get something working.

            Sometimes posts like this are just enough to be able to drop your other app in and see it work.

        1. 5

          For example this great study shows that using Typescript would have prevented approximately 15% of all bugs that you find in typical Javascript code. It’s hard to argue against static types with evidence like that.

          And yet, there is no shortage of contrarian people who will pop up to do just that :-)

          1. 8

            *waves*

              1. 4

                The OP is talking about a paper not in that set: https://web.archive.org/web/20191014123107/http://ttendency.cs.ucl.ac.uk/projects/type_study/documents/type_study.pdf

                @yawaramin has been teasing me for a while because I keep meaning to do a serious analysis of the Typescript paper but never get around to it

                1. 3

                  But that post does illustrate a meta point: mere existence of a paper is not a strong evidence, sadly.

                  1. 3

                    Of course, the existence of the paper doesn’t prove anything, you need to actually read the paper and judge whether it’s doing a good job.

              2. 5

                On the Impact of Programming Languages on Code Quality

                “This paper is a reproduction of work by Ray et al. which claimed to have uncovered a statistically significant association between eleven programming languages and software defects in projects hosted on GitHub. … We uncover a number of flaws that undermine the conclusions of the original study as only four languages are found to have a statistically significant association with defects, and even for those the effect size is exceedingly small.”

                1. 2

                  What matters for a business is to create a product, as fast as possible, that people use.

                  Certainly shipping bugs is counter-productive but is not the only metric. What you have to demonstrate is that it would have taken less time to get to a stable point using TypeScript than JavaScript. If it takes 2x longer to write code because of the extra type annotations and slower tooling, it might not offset the extra time that a JavaScript developer would have taken fixing those 15% extra bugs.

                  The 2x number is pulled out of thin air and I’m not saying that JavaScript is superior. In my experience, the number of bugs is not linear to the size of the codebase and dynamically-typed language tends to hit a plateau where it becomes an unmanageable mess more quickly than statically-typed languages. Another metric is that teams that are familiar with a given language are more productive in it, even if it has a lot of quirks.

                  Just saying that language choices is a complicated topic :)

                  1. 1

                    Language choices are indeed complicated topics, especially that even the “rule of thumb” you provided as the first sentence is not true in every circumstance. I agree that most startups and many larger businesses value releasing an MVP as fast as possible, but I worked for at least a couple of projects where correctness and code quality was highly valued, even more so than release speed. A simple example I might give is the hard medical sector where life is at stake.

                    Does it mean that Rust is a perfect choice for those kinds of projects? No. There are certain standards that must be met. Some of the standards actually specify which languages are allowed or force you to use certain coding guidelines, avoid problematic parts of languages etc.

                1. 6

                  SSE is no hyped enough. It’s so simple and it works. It works well with HTTP/2 and is much simpler than WebSocket.

                  1. 9

                    Forgive my ignorance, but it seems like just a boring droplet with some nginx would solve most of the problems here. What’s the driver for all that power?

                    EDIT:

                    Like, I spend 20USD/month at prgmr and have been quite happy with it for Gittea plus all kinds of other weird things.

                    1. 11

                      I needed to learn Kubernetes for work and I decided to do so by moving a bunch of my own infrastructure to it. That’s the whole reason really. It’s really expensive in retrospect and I’m really looking at going back to a more simple setup as a result.

                      1. 2

                        I remember when you started learning and I asked why not just Ansible?

                        Now I see you regretting your choice ~1.5 years later. So I ask again: why not just Ansible? :D

                        I’ve been using Ansible to manage my personal infra for the same amount of time (I started learning Ansible when you started K8s) and love it.

                        1. 5

                          TL;DR: Ansible describes how to get to your desired system state. NixOS describes your desired system state.

                          1. 1

                            AFAIK Ansible also described the desired system state. E.g.

                            service:
                              state: started
                            

                            Something like that.

                            1. 1

                              That describes the fact that you want the service started, not the fact that the service has a bunch of configuration for it. See here for an example: https://github.com/Xe/nixos-configs/blob/master/common/services/xesite.nix

                          2. 1

                            My personal answer to “why not ansible” would have been: it is slow, very tedious in some aspects (running locally, obeying your ~/.ssh/config or .netrc) and you need to write yaml. Personally I have moved to pyinfra which fixes all of these and more.

                          3. 2

                            I learned Kubernetes the same way. Although I hosted it on Google. I’m still paying for that cluster, far more than it’s worth, simply because I can’t be bothered to migrate to something else (a $5/mo droplet or equivalent would do the trick).

                            That said, using a hosted K8s solution I think makes a lot more sense for a small project–although it also potentially increases the cost significantly for a hobby project.

                            I guess IMO, K8s probably isn’t the right tool for most hobby projects (outside of learning K8s). For small teams, hosted K8s is often a good choice.

                            1. 1

                              That totally makes sense! I just didn’t know if there was some other technological forcing function, given the relative expense of some of the options in your table. Also, what’s the hacks column about?

                              1. 2

                                Hacks needed to install NixOS.

                                1. 1

                                  Ah cool.

                                  Prgmr actually has a NixOS image you can start with, though I think it’s a couple versions back.

                            2. 3

                              I just wanted to mention https://www.hetzner.com/cloud which is also quite cheap, and can boot on a NixOS ISO as well. <3 Hetzner

                              1. 1

                                Is there a way to install NixOS on a Hetzner cloud box using the ISO fully automated with Terraform or Ansible? Everything I’ve read about it involves manual steps :/

                                1. 1

                                  Not with the ISO but the nixos-infect approach works quite nicely. Here is an example from my own Terraform:

                                  resource "hcloud_server" "mon2" {
                                    image       = "debian-10"
                                    keep_disk   = true
                                    name        = "mon2"
                                    server_type = "cx21"
                                    ssh_keys    = local.hcloud_keys
                                    backups     = false
                                  
                                    user_data = <<EOF
                                    #cloud-config
                                    runcmd:
                                      - curl https://raw.githubusercontent.com/zimbatm/nixos-infect/3e9d452fa6060552a458879b66d8eea1334d93d2/nixos-infect | NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log
                                    EOF
                                  }
                                  
                                  1. 1

                                    Thanks!!!

                                    Do you then do provisioning with Ansible, or is the next step Terraform, too?

                                    1. 1

                                      Still Terraform, using https://github.com/tweag/terraform-nixos/tree/master/deploy_nixos that I wrote a while ago.

                                      I generally try to keep everything in Terraform as much as possible.

                                      1. 1

                                        thanks, that looks great!

                            1. 25

                              Pro tip: this applies to you if you’re a business too. Kubernetes is a problem as much as it is a solution.

                              Uptime is achieved by having more understanding and control over the deployment environment but kubernetes takes that away. It attracts middle managers and CTOs because it seems like a silver bullet without getting your hands dirty but in reality it introduces so much chaos and indirections into your stack that you end up worse off than before, and all the while you’re emptying your pockets for this experience.

                              Just run your shit on a computer like normal, it’ll work fine.

                              1. 9

                                This is true, but let’s not forget that Kubernetes also has some benefits.

                                Self-healing. That’s what I miss the most with a pure NixOS deployment. If the VM goes down, it requires manual intervention to be restored. I haven’t seen good solutions proposed for that yet. Maybe uptimerobot triggering the CI when the host goes down is enough. Then the CI can run terraform apply or some other provisioning script.

                                Zero-downtime deployment. This is not super necessary for personal infrastructures but is quite important for production environments.

                                Per pod IP. It’s quite nice not to have to worry about port clashes between services. I think this can be solved by using IPv6 as each host automatically gets a range of IPs to play with.

                                Auto-scaling. Again not super necessary for personal infrastructure but it’s nice to be able to scale beyond one host, and not to have to worry on which host one service lives.

                                1. 6

                                  Did anyone tried using Nomad for personal projects? It has self-healing and with the raw runner one can run executables directly on NixOS without needing any containers. I have not tried it myself (yet), but would be keen on hearing the experiences.

                                  1. 3

                                    I am experimenting with the Hashiscorp stack while off for the holidays. I just brought up a vagrant box (1GB ram) with Consul, Docker and Nomad runing (no jobs yet) and the overhead looks okay:

                                                  total        used        free      shared  buff/cache   available
                                    Mem:          981Mi       225Mi       132Mi       0.0Ki       622Mi       604Mi
                                    Swap:         1.9Gi       7.0Mi       1.9Gi
                                    

                                    but probably too high to fit Postgres, Traefik or Fabio and a Rails app into it as well, but 2GB will probably be lots (I am kind of cheap so the less resources the better).

                                    I have a side project running in ‘prod’ using Docker (for Postgres and my Rails app) along with Caddy running as a systemd service but it’s kind of a one off machine so I’d like to move towards something like Terraform (next up on the list to get running) for bring up and Nomad for the reasons you want something like that.

                                    But… the question that does keep running through the back of my head, do I need even Nomad/Docker? For a prod env? Yes, it’s probably worth the extra complexity and overhead but for personal stuff? Probably not… Netlify, Heroku, etc are pretty easy and offer free tiers.

                                    1. 1

                                      I was thinking about doing this but I haven’t done due diligence on it yet. Mostly because I only have 2 droplets right now and nobody depends on what’s running on them.

                                    2. 1

                                      If you’re willing to go the Amazon route, EC2 has offered most of that for years. Rather than using the container as an abstraction, treat the VM as a container: run one main process per VM. And you then get autoscaling, zero downtime deploys, self-healing, and per-VM IPs.

                                      TBH I think K8s is a step backwards for most orgs compared to just using cloud VMs, assuming you’re also running K8s in a cloud environment.

                                      1. 2

                                        That’s a good point. And if you don’t care about uptime too much, autoscaling + spot instances is a pretty good fit.

                                        The main downside is that a load-balancer is already ~15.-/month if I remember correctly. And the cost can explode quite quickly on AWS. It takes quite a bit of planning and effort to keep the cost super low.

                                    3. 5

                                      IMO, Kubernetes’ main advantage isn’t in that it “manages services”. From that POV, everything you say is 100% spot-on. It simply moves complexity around, rather than reducing it.

                                      The reason I like Kubernetes is something entirely different: It more or less forces a new, more robust application design.

                                      Of course, many people try to shoe-horn their legacy applications into Kubernetes (the author running git in K8s appears to be one example), and this just adds more pain.

                                      Use K8s for the right reasons, and for the right applications, and I think it’s appropriate. It gets a lot of negative press for people who try to use it for “everything”, and wonder why it’s not the panacea they were expecting.

                                      1. 5

                                        I disagree that k8s forces more robust application design; fewer moving parts are usually a strong indicator of reliability.

                                        Additionally, I think k8s removes some of the pain of microservices–in the same way that a local anathestic makes it easier to keep your hand in boiling water–that would normally help people reconsider their use.

                                      2. 5

                                        And overhead. Those monster yaml files are absurd in so many levels.

                                        1. 2

                                          Just run your shit on a computer like normal, it’ll work fine.

                                          I think that’s an over-simplification. @zimbatm’s comment makes good points about self-healing and zero-downtime deployment. True, Kubernetes isn’t necessary for those things; an EC2 auto-scaling group would be another option. But one does need something more than just running a service on a single, fixed computer.

                                          1. 3

                                            But one does need something more than just running a service on a single, fixed computer.

                                            I respectfully disagree…worked at a place which made millions over a few years with a single comically overloaded DO droplet.

                                            We eventually made it a little happier by moving to hosted services for Mongo and giving it a slightly beefier machine, but otherwise it was fine.

                                            The single machine design made things a lot easier to reason about, fix, and made CI/CD simpler to implement as well.

                                            Servers with the right provider can stay up pretty well.

                                            1. 2

                                              Servers with the right provider can stay up pretty well.

                                              I was one of the victims of the DDOS that hit Linode on Christmas day (edit: in 2015; didn’t mean to omit that). DO and Vultr haven’t had perfect uptime either. So I’d rather not rely on single, static server deployments any more than I have to.

                                              1. 2

                                                I don’t see how your situation/solution negates the statement.

                                                You’ve simply traded one “something” (Kubernetes) with another (“the right provider”, and all that entails–probably redundant power supplies, network connections, hot-swappable hard drives, etc, etc).

                                                The complexity still exists, just at a different layer of abstraction. I’ll grant you that it does make reasoning about the application simpler, but it makes reasoning about the hardware platform, and peripheral concerns, much more complex. Of course that can be appropriate, but it isn’t always.

                                                I’m also unsure how a company’s profit margin figures into a discussion about service architectures…

                                                1. 5

                                                  I’m also unsure how a company’s profit margin figures into a discussion about service architectures…

                                                  There is no engineering without dollar signs in the equation. The only reason we’re being paid to play with shiny computers is to deliver business value–and while I’m sure a lot of “engineers” are happy to ignore the profit-motive of their host, it is very unwise to do so.

                                                  I’ll grant you that it does make reasoning about the application simpler, but it makes reasoning about the hardware platform, and peripheral concerns, much more complex.

                                                  That engineering still has to be done, if you’re going to do it at all. If you decide to reason about it, do you want to be able to shell into a box and lay hands on it immediately, or hope that your k8s setup hasn’t lost its damn mind in addition to whatever could be wrong with the app?

                                                  You’ve simply traded one “something” (Kubernetes) with another (“the right provider”, and all that entails–probably redundant power supplies, network connections, hot-swappable hard drives, etc, etc).

                                                  The complexity of picking which hosting provider you want to use (ignoring colocation issues) is orders and order of magnitudes less than learning and handling k8s. Hosting is basically a commodity at this point, and barring the occasional amazingly stupid thing among the common names there’s a baseline of competency you can count on.

                                                  People have been sold this idea that hosting a simple server means racking it and all the craziness of datacenters and whatnot, and it’s just a ten spot and an ssh key and you’re like 50% of the way there. It isn’t rocket surgery.

                                                2. 1

                                                  can you share more details about this?

                                                  I’ve always been impressed by teams/companies maintaining a very small fleet of servers but I’ve never heard of any successful company running a single VM.

                                                  1. 4

                                                    It was a boring little Ubuntu server if I recall correctly, I think like a 40USD general purpose instance. The second team had hacked together an impressive if somewhat janky system using the BEAM ecosystem, the first team had built the original platform in Meteor, both ran on the same box along with Mongo and supporting software. The system held under load (mostly, more about that in a second), and worked fine for its role in e-commerce stuff. S3 was used (as one does), and eventually as I said we moved to hosted options for database stuff…things that are worth paying for. Cloudflare for static assets, eventually.

                                                    What was the business environment?

                                                    Second CTO and fourth engineering team (when I was hired) had the mandate to ship some features and put out a bunch of fires. Third CTO and fifth engineering team (who were an amazing bunch and we’re still tight) shifted more to features and cleaning up technical debt. CEO (who grudgingly has my respect after other stupid things I’ve seen in other orgs) was very stingy about money, but also paid well. We were smart and well-compensated (well, basically) developers told to make do with little operational budget, and while the poor little server was pegged in the red for most of its brutish life, it wasn’t drowned in bullshit. CEO kept us super lean and focused on making the money funnel happy, and didn’t give a shit about technical features unless there was a dollar amount attached. This initially was vexing, but after a while the wisdom of the approach became apparent: we weathered changes in market conditions better without a bunch of outstanding bills, we had more independence from investors (for better or worse), and honestly the work was just a hell of a lot more interesting due in no small part to the limitations we worked under. This is key.

                                                    What problems did we have?

                                                    Support could be annoying, and I learned a lot about monitoring on that job during a week where the third CTO showed me how to setup Datadog and similar tooling to help figure out why we had intermittent outages–eventual solution was a cronjob to kill off a bloated process before it became too poorly behaved and brought down the box. The thing is, though, we had a good enough customer success team that I don’t think we even lost that much revenue, possibly none. That week did literally have a day or two of us watching graphs and manually kicking over stuff just in time, which was a bit stressful, but I’d take a month of that over sitting in meetings and fighting matrix management to get something deployed with Jenkins onto a half-baked k8s platform and fighting with Prometheus and Grafana and all that other bullshit…as a purely random example, of course. >:|

                                                    The sore spots we had were basically just solved by moving particular resource-hungry things (database mainly) to hosting–the real value of which was having nice tooling around backups and monitoring, and which moving to k8s or similar wouldn’t have helped with. And again, it was only after a few years of profitable growth that it traffic hit a point where that migration even seemed reasonable.

                                                    I think we eventually moved off of the droplet and onto an Amazon EC2 instance to make storage tweaks easier, but we weren’t using them in any way different than we’d use any other barebones hosting provider.

                                                    1. 4

                                                      Did that one instance ever go completely down (becoming unreachable due to a networking issue also counts), either due to an unforeseen problem or scheduled maintenance by the hosting provider? If so, did the company have a procedure for bringing a replacement online in a timely fashion? If not, then I’d say you all just got very lucky.

                                                      1. 1

                                                        Yes, and yes–the restart procedure became a lot simpler once we’d switched over to EC2 and had a hot spare available…but again, nothing terribly complicated and we had runbooks for everything because of the team dynamics (notice the five generations of engineering teams over the course of about as many years?). As a bonus, in the final generation I was around for we were able to hire a bunch of juniors and actually teach them enough to level them up.

                                                        About this “got very lucky” part…

                                                        I’ve worked on systems that had to have all of the 9s (healthcare). I’ve worked on systems, like this, that frankly had a pretty normal (9-5, M-F) operating window. Most developers I know are a little too precious about downtime–nobody’s gonna die if they can’t get to their stupid online app, most customers–if you’re delivering value at a price point they need and you aren’t specifically competing on reliability–will put up with inconvenience if your customer success people treat them well.

                                                        Everybody is scared that their stupid Uber-for-birdwatching or whatever app might be down for a whole hour once a month. Who the fuck cares? Most of these apps aren’t even monetizing their users properly (notice I didn’t say customers), so the odd duck that gets left in the lurch gets a hug and a coupon and you know what–the world keeps turning!

                                                        Ours is meant to be a boring profession with simple tools and innovation tokens spent wisely on real business problems–and if there aren’t real business problems, they should be spent making developers’ lives easier and lowering business costs. I have yet to see k8s deliver on any of this for systems that don’t require lots of servers.

                                                        (Oh, and speaking of…is it cheaper to fuck around with k8s and all of that, or just to pay Heroku to do it all for you? People are positively baffling in what they decide to spend money on.)

                                                      2. 1

                                                        eventual solution was a cronjob to kill off a bloated process before it became too poorly behaved and brought down the box … That week did literally have a day or two of us watching graphs and manually kicking over stuff just in time, which was a bit stressful,…

                                                        It sounds like you were acting like human OOM killers, or more generally speaking manual resource limiters of those badly-behaved processes. Would it be fair to say that sort of thing would be done today by systemd through its cgroups resource management functionality?

                                                        1. 1

                                                          We probably could’ve solved it through systemd with Limit* settings–we had that available at the time. For us, we had some other things (features on fire, some other stuff) that took priority, so just leaving a dashboard open and checking it every hour or two wasn’t too bad until somebody had the spare cycles to do the full fix.

                                              1. 3

                                                One thing that I would like to see, is how the CA can be restricted to the .internal TLD.

                                                That way if I ask other people to add the CA on their machine, they can be confident that my network will not MITM their traffic.

                                                1. 3

                                                  :+1 pretty solid. Two nitpicks:

                                                  • I don’t know if it’s necessary to trap all these callbacks, EXIT is fired on ERR and SIGINT as well. But maybe not in an older version of Bash.
                                                  • cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1. I don’t think it’s necessary to redirect the outputs. If that fails, I would like to see the error message.
                                                  1. 45

                                                    Setting aside feelings one way or the other, posting this because the default behavior changing is bound to bite somebody in the next month or two. If anybody knows what minor version is going to start doing this, post here so we can know what to check git --version against. It appears this is landing prior to git 3.0.

                                                    Quoting from the mailing list discussion:

                                                    So we need to make sure existing users know that they can add:
                                                    
                                                    [init]
                                                        defaultBranch = master
                                                    
                                                     to their ~/.gitconfig if they want the legacy behavior
                                                    

                                                    In case you need to support legacy scripts or muscle memory.

                                                    git config --global init.defaultBranch master may also work, but haven’t tried it on my machine.

                                                    1. 19

                                                      [init] defaultBranch = master

                                                      Adding this to my gitconfig now to avoid future issues…

                                                      1. 15

                                                        Wait, I thought that init.defaultBranch was the compromise, to avoid renaming the default branch in Git, while still allowing those who feel uncompfortable by it to avoid it as much as possible?

                                                        Are there any statistics or scientific attempts to qualify how much of a problem this is? It’s probably my fault, but I find it hard to imagine that if someone is in the need for version control, will learn all the basics up until the point where they see the word “master”and give up, not because of direct racism, but racism by association.

                                                        Non-technical issues like these are never easy, but there should at least be some discission where one position is designated as the morally superior before a word is said.

                                                        1. 27

                                                          main is shorter, simple, and has no negative connotations whatsoever. This is an easy thing to do and it makes people feel welcome

                                                          1. 22

                                                            Semi-serious question: How do we know that? I’m going to guess that the people who decieded to use “master” in version control systems didn’t do this out of mallace, but just because the phrase seemed appropriate. So how can we be sure that main won’t eventually fall our of favour? I remember that at the beginning of 2015 Elementary OS wanted to release a new version called “Isis”, afaik in reference to the egyptian god, but then the terror group in ISIS gaiend power and a more or less inncoent name became very controversial.

                                                            And does “shorter” and “simpler” even matter? Almost everyone uses autocompletion in some form or another, and it’s not something you use as often as “git commit”.

                                                            1. 17

                                                              If we knew the future the world would be a better place ;) In the absence of perfect prescience, we will have to be guided by the voices of today.

                                                              1. 5

                                                                Ok, fair enough, but let’s twist the question again: How do we know that everyone has a seat at the table? What if there is a language or a culture where main has a different meaning (a simple but unoffensive example is in Germany, where Main is a river)? Apparently there were no black people, or people “decendents of slavery” to be exact (because not all back people were slaves) were present when the term “master” came into use, to correct this issue early on. But then on the other hand, if I remember correctly, make still uses tabs instead of general indentation, beacuse Stuart Feldman didn’t want to disrupt his userbase of at most a few dozen users.

                                                                1. 4

                                                                  Of course, given that “git” itself is an offensive term in the UK, I insist that the whole project must be immediately renamed.

                                                                  1. 6

                                                                    false equivalence bad-faith troll

                                                                  2. 2

                                                                    What are you hoping to achieve with this thought experiment?

                                                                    1. 6

                                                                      I intend to show that the argument is internally inconsistent. We cannot simultaniously assume a kind of standpoint theory, by which there is always a posibility that a term is (objectivly) wrong, but at the same time be able to suggest an (objective) replacment for a (subjective) offense.

                                                                      A simpler understanding, that does not run into these problems is that offense is determined by intent, not by the nature or the etomology of a word.

                                                                      At the same time, I don’t think that people advocating for this change are arguing on this level. Any reference to this logic is handwaving, but the motivation appears to be something else, which I would either guess to be some kind of at best false pragmatism or at worse opportunism.

                                                                      1. 2

                                                                        (I apologize if I misinterpret your comment, English is not my first language and I am trying to understand your comment)

                                                                        a group X used a terminology to undermine/subjugate a group Y in the past, the group X is much smaller now but it still exists.

                                                                        the change happening here is removing that specific terminology because group Y today is reminded of the past treatment.

                                                                        and is your argument is that, since we don’t know that the new terminology wasn’t used to undermine any group in the past, the change is fruitless as we might need to change it again?

                                                                        or that since the terminology was also used in other contexts by people not in group X, it should be okay to continue using it?


                                                                        As I am neither a member of group X or group Y, my opinion is that if the change results in more people being comfortable using tool, we should definitely do it.

                                                                        1. 4

                                                                          First of all, and I don’t know why this has to be said: Slavery didn’t exist because it was called slavery, it existed because the society reproduced the conditions under which people were slaves.

                                                                          and is your argument is that, since we don’t know that the new terminology wasn’t used to undermine any group in the past, the change is fruitless as we might need to change it again?

                                                                          or that since the terminology was also used in other contexts by people not in group X, it should be okay to continue using it?

                                                                          I explained the further in a sibling comment, that on the terms of the argumentation, it is imposible to say that main is better than master, because perspectives cannot be compared or have any common point of reference. Since this discussion is not based on any hard evidence, we cannot derive any emperical conclusion like “this will make more people comfortable”, since we are talking about idealized, aggregated perspectives, produced by a worldview that has ever increasing problems to explain anything that is happening, hence the focus on such things like “master/main”.

                                                                      2. 5

                                                                        I find it not to be only a “thought experiment”. The questions are on point. No data (if any, I would like to see it) to back up claims that people are offended by these words results in such major changes for everyone. At least that needs to be pointed out.

                                                                        1. 3

                                                                          OP is leaning back in their armchair imagining the theoretical universe in which the broader German community is coping with the upsetting rivered associations with “main” as the new default git branch. I suggest they apply their philosophical leanings to the actual real world in which it turns out a sizeable community of real live humans prefer to dispose of master/slave language where possible in discussions with their terminal.

                                                                          1. 5

                                                                            Please re-read my comment, the “main” example was just to give an example due to limited perspectives, we cannot know what our actions or decisions mean from other perspectives. I explicity said it was harmless, but if you want something better, consider @caleb’s example.

                                                                            I suggest they apply their philosophical leanings to the actual real world in which it turns out a sizeable community of real live humans prefer to dispose of master/slave language where possible in discussions with their terminal.

                                                                            How can you know that? Where are the statistics? Where are the polls? How did we figure this out? When did we figure this out? This is just postulated, and nobody goes into it. And I have a hunch that this is because if you were to actually find out what most people belive, that it would not be what you want to think they do. But that’s just by unprooven hypothesis.

                                                                            1. 2

                                                                              I’m not going to debate you because you’re displaying a preference for thought experiment over an engagement in reality, which not only suggests a closed mind, but also that you simply don’t have sympathy for the real issue at hand. @caleb’s “example” is a much less veiled form of the same type of trolling you’re unwilling to let go of.

                                                                              You wish to model reality, but no modeling is required to understand this issue. We’re here because we’re here. This is a real conversation which is taking place in the real world for several years now. You’re attempting to place the burden of proof of the existence and size of a community on that exact community itself, which is existentially large and significant enough to make the issue stick broadly across numerous open source projects, GitHub, and now the git project itself.

                                                                              This is just completely illogical. If you want to go do your own research and develop some set of quantitative metrics in an attempt to quantize a complex social issue which is unfolding as we speak, then go ahead and do so. It’s not going to change what’s happening.

                                                                              1. 5

                                                                                As already stated, I just want to explain why the position is incoherent, and as everyone knows, ex falso, quod libet. You have already dismissed everyone who is questioning it as a troll, declare the issue as obviously setteled and then proceed to moralize it by claiming those who don’t agree have no sympathy for the real issue at hand – but of course, we are have a closed mind. I am honestly disgusted by this kind of behaviour, this dishonesty and the smug superiority you emit. Please stop and consider what you are doing, and why you feel the need to behave the way you do.

                                                                                1. 2

                                                                                  You wish to model reality, but no modeling is required to understand this issue. We’re here because we’re here. This is a real conversation which is taking place in the real world for several years now. You’re attempting to place the burden of proof of the existence and size of a community on that exact community itself, which is existentially large and significant enough to make the issue stick broadly across numerous open source projects, GitHub, and now the git project itself.

                                                                                  This could be accomplished by a small group of PR professionals who don’t actually care about racism, but recognize a potential upside for their company while the cost of changing a default is distributed throughout the open source community.

                                                                                  The real story here is that GitHub made the change unilaterally, and git followed suit. One might consider the depth of anti-racist feeling that would drive a company to make this change while continuing to partner with ICE, DOD, and police departments around the country.

                                                                      3. 6

                                                                        i was there when we named elementary OS Isis and i was also there when we named it Freya.

                                                                        from what i remember, no one was concerned about optimizing the name, we were more concerned about not hurting people who themselves or their families had been impacted by Isis.

                                                                        I am 110% proud of our decision.

                                                                        (taking the elementary OS dev hat off)

                                                                        I found main to be a better choice, i am used to using mainline at work now (because of perforce legacy repos) and don’t even notice a difference.

                                                                        1. 2

                                                                          So how can we be sure that main won’t eventually fall our of favour

                                                                          Then we just change it again?

                                                                          1. 3

                                                                            But considering that the same would apply again, ad infinitium, we cannot say we will ever find a good name. And at then, what is the point? Either we go on forever renaming every time someone complains, at technical expense, or we claim that this renaming is more important than others, because one offended group is more important than others, which I don’t think that the people arguing for this want to argue.

                                                                            1. 5

                                                                              we cannot say we will ever find a good name

                                                                              I don’t think anyone is claiming that main will be the perfect name forever. If at some point in the future main becomes offensive, then we could change it again. I haven’t found any evidence that would lead me to believe that git would be changing the branch name on a monthly or yearly basis, so I don’t think there is a high cost here.

                                                                              forever renaming every time someone complains, at technical expense

                                                                              Uh, we work in software. Everything changes all the time at technical expense. Updating your dependencies could break your app (even if the API doesn’t change), products get deprecated, new products get created. I don’t see this much backlash against Apple changing their CPU architecture and that’s gonna cause a lot more trouble than this change.

                                                                              But that makes sense because the real issue here is ideology, wokes vs anti-wokes. We’re just pretending it’s technical. I think it’s fine to argue the ideological issue. I don’t think people are automatically racist for not liking the change. I just don’t think the technical argument holds much water.

                                                                              1. 1

                                                                                I don’t know how Apple is going to handle the migration, but I suppose they have tooling to make it easier, the kind of tooling Git lacks.

                                                                                Those conversations might also be more private.

                                                                                As for tech expenses, you’re correct in that everything comes at an expense.

                                                                                Is it therefore justified to impose more of it on others?

                                                                                Maybe that’s an important ideological question as well?

                                                                                This doesn’t have to be all about how git has a master branch to signify “the master copy”.

                                                                                See also: how master hosts usually perform more work than slave hosts (to counter American slavery connotations) or how offensive “blanket exception handling” and “collaborators” should be (in cultures treated with “less thought” than American slavery).

                                                                          2. 1

                                                                            Changing it alone is more welcoming than any harm from the word itself.

                                                                            1. 1

                                                                              This I don’t get. Could you explain what you mean?

                                                                          3. 34

                                                                            Master is more precise, traditional, doesn’t break anything, and has no negative connotation in this context, or most other contexts.

                                                                            Main does not make me feel welcome, it makes me feel like I’m being forced to bend the knee to a mob that can’t or willfully choose to not understand English. It makes me embarrassed to be in this field. Admitting that feeling means I deserve to feel bad anyway though, so whatever.

                                                                            1. 12

                                                                              Tradition should not hold back progress. There are more descriptive names out there. For example allow/deny is better than black/whitelist, parent/child is better than master/slave. I understand people are resistant to change and humans are creatures of habit (energy conservation) but this is a simple name change where there’s more advantages than not and people will get over it after a few weeks.

                                                                              1. 21

                                                                                parent/child is better than master/slave

                                                                                Not if it brings up memories of child abuse.

                                                                                1. 4

                                                                                  Sorry about your child abuse, or are you simply virtue signaling? If you feel strongly about it then you can message the maintainers of the software you use to alter the names, otherwise why bring up a “whataboutism” argument.

                                                                                  1. 7

                                                                                    That you consider it valid shows the futility of choosing names to please everybody.

                                                                                    The master slave relationship is not the same as the primary secondary relationship, nor the parent child relationship. Sometimes master slave actually describes the subject matter.

                                                                                    And sometimes the master copy of some source code should live on the master branch. Many people only commit to master when they are certain of their work, while they use another branch as their main branch. Kind of presumptuous, calling the default branch the main branch, isn’t it.

                                                                                2. 16

                                                                                  Sure, but it should hold this back.

                                                                                  1. 1

                                                                                    Sure, but it should hold this back.

                                                                                    Not when there are demonstrably better names that are not, traditionally, associated with one-sided power dynamics, it shouldn’t.

                                                                                    If “main” makes you feel less welcome, then there’s something wrong with your capacity for feeling.

                                                                                    1. 9

                                                                                      Hold on, it’s not possible to win an argument about inclusiveness by saying that the other person is broken. Or even pretend that there is only one way to view things. We have to learn to communicate better and see the other person’s point of view.

                                                                                      1. 1

                                                                                        No, @yawpitch is quite on-point. This isn’t about “winning an argument”. Those with any decent capacity for nuance, critical thought, and self-reflection will note that “main” draws fewer negative associations than “master”. Those with unconfronted reactionary cultural/emotional anger stemming from the strawman “woke mob” fantasy will come up with a contorted bad-faith “arguments” a such as “the word ‘main’ makes me feel unwelcome”. You gotta call bullshit when you see it.

                                                                                        1. 4

                                                                                          Maybe. Or it’s also an opportunity to learn. People can have different points of view, and still, be good people. <3

                                                                                        2. 0

                                                                                          First off, this isn’t an argument about inclusiveness, it’s at best a debate about semantics, and since there’s no cognizable or remotely valid viewpoint that can distinguish “master” in the “traditional” sense being described above from its root association with human bondage, it’s not even a very sensible debate. No such valid viewpoint, with no pretense involved, exists: the word has several long-standing definitional meanings and the one involved here is fundamentally and absolutely inseparable from the notion of master / slave dynamics by which it derives any meaning whatsoever to the cause of version control. To try and empathize with any countering point of view is absurd … it’s a word, its meaning is simply a fact, and that fact is not open to meaningful and intellectually honest dispute, without descending into the interminable Hell of “alternative facts”.

                                                                                          The semantic dispute thus settled the only question, then, is is the community, right now, okay with that semantic baggage being carried further forward, or is the community prepared to make a break from that historical association? Personally I’d say that’s also a moot point … it’s been de facto settled by Github and the very reason the patch detailed above exists is because the network pressures of the downstream are driving an upstream change because YES the community is ready to not be exclusive any longer.

                                                                                          What remains is for individuals who are not comfortable with that linguistic and cultural evolution to, frankly, grow up and un-break themselves of their lack of empathy … the point of view of the “tradition” argument has been heard to death, it does not need more empathy heaped upon it.

                                                                                          I stand by my point: if you – and I’m using the most generally inclusive meaning of “you” here – feel that you’re somehow more included by “master” and less included by “main” then something is deeply and dangerously flawed with your emotional apparatus. The only colorable arguments against this minor default change are inertial, as in you either don’t want to invest the time required to update existing repos or you don’t want to engage in the effort needed to reprogram some muscle memory for future ones. Those are the available arguments. They’re just not very good ones.

                                                                                          1. 7

                                                                                            Maybe OP doesn’t know everything you do. Git is being used all over the world, in different types of cultures, and this seems like an American problem at heart. If they feel like this change is being trusted upon them, and on top of that they get vilified when they want to talk about it, it’s not really helpful to generate a common understanding. It doesn’t mean that they are broken, they just have a different context from you.

                                                                                            I feel like a better line of discussion would be to give out concrete instances where this word has been a problem. Or actually, even ask why OP feels like they do.

                                                                                            1. 4

                                                                                              OP made their context quite clear with their phrasing:

                                                                                              Master is more precise

                                                                                              … only when understood as an explicit reference to master/ slave dynamics …

                                                                                              traditional

                                                                                              … which is automatically a claim of being “inside” the dominant cultural context …

                                                                                              doesn’t break anything

                                                                                              … privileges the idea that the status quo isn’t already broken, which it is if you find the master / slave connotation at all problematic …

                                                                                              and has no negative connotation in this context

                                                                                              … no negative connotation to OP; the phraseology has an extremely negative connotation to me, and I am most certainly not alone: you keep suggesting I need to apply more empathy to someone who’s denying my very existence…

                                                                                              or most other contexts.

                                                                                              … can someone please enumerate the many and varied contexts in which master / slave has no negative connotation from the perspective of anyone who has been a slave, or whose family history was affected by slavery. I can affirm that I’ve personally got a great many friends in a great many contexts – including well outside of America – who see the problem with “master” as default.

                                                                                              I don’t need to understand why OP feels like they do … I need only identify that the feeling itself is unworthy of consideration in the political choice at hand… it is impossible for any rational being that both understands English and is armed with minimal historical context to see “main” as more exclusionary and historically problematic than “master”, hence we need not engage with any such view that happens to be espoused at all, except to point out its obvious and manifest flaws.

                                                                                              1. 2

                                                                                                I guess I didn’t get notifications for this continuing discussion. I’m on mobile and also don’t really care to keep this going, but I do want to clarify that I mean more precise in the sense of “master recording” or “master copy”, as in the source of truth from which copies are derived.

                                                                                                I can’t tell if you already read it that way, and believe that usage to itself be derived from slavery, or just think I’m directly defending the master/slave dynamic.

                                                                                                1. 3

                                                                                                  Both of those usages — arguably they’re the same usage — rely in their entirety on the master / slave semantic for their meaning. Indeed no semantic value can be extracted from either without knowing that relationship exists, at least implicitly. A replication master makes no sense without duplication slaves, and that’s exactly what we called them in the bygone days of glass / nickel masters in optical pressing and tape in replication farms. Even before tape and indeed wax cylinders the master mold of foundry and pottery days was there to be used to direct the toil of those making exact copies, as it were, slavishly, with no independent freedom allowed in the work. They’re utterly inextricable from the historical institution they took as their model.

                                                                                                  As I’ve said before there’s is not now, nor ever can be, any legitimate argument to be made that separates usage in version control from the historical idea of the privileged master and the slave(s) that follow.

                                                                                                2. 0

                                                                                                  it is impossible for any rational being that both understands English and is armed with minimal historical context to see “main” as more exclusionary and historically problematic than “master”, hence we need not engage with any such view that happens to be espoused at all, except to point out its obvious and manifest flaws.

                                                                                                  I’m totally with you, though based on the extent of some of the involved philosophical gymnastics into symbology, original intent, and sociology on the “other side” thrown in the face of the simple actual sizeable live human community looking to stop promoting “master” I’ve gotta conclude that these folks are ultimately motivated by a certain emotional bias…

                                                                                      2. 7

                                                                                        In many uses of master/slave in computer related things, it is actually a poor analogy. Often a “master” does all the work with the “slave” sitting idle waiting to step in only if needed, Other terms like prime and replica can be a better fit anyway. parent/child has a connotation of the parent spawning the child which works for, e.g. processes but not in other cases. In the case of git, there isn’t even a corresponding “slave” concept, only “branches” - In my mind, I wouldn’t even connect that use of the term master to slavery, but I’m not American. In any case, the subversion term “trunk” was better to begin with.

                                                                                        1. 4

                                                                                          Trunk is a good term. I can understand a change to Trunk.

                                                                                          In the book 1984, a major plot point is the reduction of language to reduce the complexities of expressable thought. Words meaning only one thing, like master only meaning “of a slave,” is an example of this language reduction.

                                                                                          1. 3

                                                                                            The master name in git was derived from master/slave terminology, see https://mail.gnome.org/archives/desktop-devel-list/2019-May/msg00066.html

                                                                                            The name trunk like in SVN is ok but I still think calling it main is better overall because of it’s shortness and detachment from it’s controversial origin.

                                                                                            1. 2

                                                                                              Saw, am very not convinced by his sources that it is master slave, even in bitkeeper.

                                                                                              Trunk is much better than main. One is descriptive.

                                                                                          2. 1

                                                                                            Principal/agent makes a lot more sense than parent/child for workflows.

                                                                                            1. 2

                                                                                              Not bad, certainly makes sense under certain delegation workflow contexts.

                                                                                          3. 1

                                                                                            Master is not more precise.

                                                                                          4. 15

                                                                                            As we’ve seen, you can never make people feel welcome–you can only make it more or less costly to join.

                                                                                            1. 13

                                                                                              the spanish main was the site of centuries of brutal colonialism

                                                                                        1. 2

                                                                                          The note about reference counting is something I’d never thought of before and kind of mind blowing if true. I’m not convinced it’s true: a language like Go uses traditional GC but is quite memory efficient also.

                                                                                          1. 10

                                                                                            a language like Go uses traditional GC but is quite memory efficient also.

                                                                                            Not especially, it only seems so in contrast with Java, Python, and Ruby.

                                                                                            1. 7

                                                                                              The main difference is that Go can reduce heap consumption because it also has a stack. Java, Python, and Ruby only have a heap. This removes a lot of pressure on the GC for smaller objects.

                                                                                              1. 4

                                                                                                The other responses seem to be people misinterpreting what your trying to say. I assume that what you’re trying to say is that go has value types in addition to heap allocate objects, which ruby, etc do not.

                                                                                                However once you get beyond low performance interpreters (ruby, python, etc) languages that are ostensibly based on heap only allocation are very good at lowering values. The core value types in Java, and some of the primitives on JS engines are all essentially lowered to value types that live on the stack or directly in objects.

                                                                                                Enterprise (ugh) JVM setups, the ones that have long runtimes, are very good at lowering object allocations (and inlining ostensibly virtual method calls), so in many cases “heap allocated” objects do in fact end up on the stack.

                                                                                                The killer problem with GC is that pauses are unavoidable, unless you take a significant performance, both in CPU time and memory usage.

                                                                                                1. 1

                                                                                                  are very good at lowering object allocations […]

                                                                                                  Escape analysis – while being an improvement – can’t save the day here, it works – if it works – for single values. No amount of escape analysis is able to rewrite your array-of-references Array[Point] to a reference-less Array[(x, y)] for instance.

                                                                                                  killer problem with GC is that pauses are unavoidable […]

                                                                                                  That’s not really a “killer problem”, not even with the qualification you attached to it. GCs – especially those you mention explicitly – give you lots of tuning knobs to decide how GC should run and whether to minimize pauses, maximize throughput, etc.

                                                                                                  With reference counting pauses are unavoidable: when the reference count to the head of that 1 million element singly-linked list hits zero, things are getting deallocated until the RC is done.

                                                                                                  (Note that things like deferred RC and coalesced RC refer to techniques that try to avoid writing the count, not to the deallocation.)

                                                                                                  (And no, “strategically” keeping references alive is not a solution – if you had such a good track of your alive and dead references, you wouldn’t need to use RC in the first place.)

                                                                                                2. 5

                                                                                                  Because the other replies try hard to misunderstand you: Yes, you are right about the main difference.

                                                                                                  The main difference is that in Go most stuff can be a value type which mostly keeps GC out of the equation, while in Java, Python and Ruby the GC is pretty much involved everywhere except for a small selection of special-cased types.

                                                                                                  And no, escape analysis – while being an improvement – can’t save the day here, it works – if it works – for single values. No amount of escape analysis is able to rewrite your array-of-references Array[Point] to a reference-less Array[(x, y)] for instance.

                                                                                                  Go’s GC is decades behind e.g. Hotspot, but it’s not that big of an issue for Go, because it doesn’t need GC for everything, unlike Java.

                                                                                                  1. 3

                                                                                                    Java, Python, and Ruby only have a heap.

                                                                                                    Java does have a stack. This is also part of the Java VM specification:

                                                                                                    https://docs.oracle.com/javase/specs/jvms/se15/html/jvms-2.html#jvms-2.5.2

                                                                                                    Some implementations even have stack overflows (though growable stacks are also in-spec).

                                                                                                    1. 2

                                                                                                      I meant in terms of allocations. I should have been more precise.

                                                                                                      Most OOP languages only allocate on the heap. It’s a nice simplification in terms of language design, but it also means that more garbage gets generated. I am sure that advanced JVMs can use static analysis and move some of the allocations to the stack as well but it’s not a default feature of the language like in Go.

                                                                                                      1. 1

                                                                                                        Thanks for the clarification.

                                                                                                        and move some of the allocations to the stack as well but it’s not a default feature of the language like in Go.

                                                                                                        Sorry for being a bit pedantic ;), but it’s not a feature of the Go language, but the default implementation. The Go specification does not mandate a stack or heap (it never uses those terms). It’s a feature of the implementation and it only works if the compiler can prove through escape analysis that a value does not escape (when the value is used as a pointer or pointer in an interface value). This differs from languages which have specifications that separate stack and heap memory and have clear rules about stack vs. heap allocation.

                                                                                                        When I last looked at a large amount machine code output of the Go compiler 3 years ago or so, escape analysis was pretty terrible and ‘objects’ that people would consider to be value types would be allocated on the heap as a result. One of the problems was that Go did not perform any or much mid-stack inlining, so it’s not clear to the compiler whether pointers that are passed around persist beyond the function call scope.

                                                                                                        So, I am not sure whether there is a big difference here between Go and heavily JIT’ed Java in practice.

                                                                                                        What does help in Go is that the little generics that it has (array, slice, maps) are not implemented through type erasure in the default implementation. So a []FooBar is actually a contiguous block of memory on the stack or heap, whereas e.g. ArrayList<FooBar> in Java is just an ArrayList<Object> after erasure, requiring much more pointer chasing.

                                                                                                    2. 0

                                                                                                      Ruby very much has a stack.

                                                                                                  1. 2

                                                                                                    I wonder if it really makes sense to use home-manager for single user systems? Or rather, I haven’t tried this, I think it actually doesn’t make sense, and I wonder if folks can confirm/reject my suspicions.

                                                                                                    My understanding is that home-manager achieves two somewhat orthogonal goals:

                                                                                                    • First, it manages user-packages (as opposed to system-wide packages)
                                                                                                    • Second, it manages dotfiles

                                                                                                    Using home manager, you can install packages without sudo, and they will be available only for your user and won’t be available for root, for example. I think this makes a ton of sense in multi-user systems, where you don’t want to give sudo access to. But for a personal laptop, it seems like there’s little material difference between adding a package to global configuration.nix vs adding it to home-manager’s per-user analogue?

                                                                                                    For dotfiles, the need to switch configs to update them seems like it adds a lot of friction. I don’t see why this is better than just storing the dotfiles themselves in a git repo and symlinking them (or just making ~ a git repository with git clone my-dotfiles-repo --separate-git-dir ~/config-repo trick).

                                                                                                    Am I overlooking some of the benefits of home-manager?

                                                                                                    1. 6

                                                                                                      Post author here! I find it conceptually nicer to be able to shove most of my config in my ‘per-user’ configuration, as opposed to a bunch of separate dotfiles that I then have to manage the symlinking for myself.

                                                                                                      The friction is definitely a downside, but most of my config I update infrequently enough that it doesn’t matter, and a lot of programs will have a “use this as the config file” option; my mechanism for tweaking kitty is to grab the config file path by looking at ps, copy it into /tmp/kitty.conf, run kitty -c /tmp/kitty.conf until I’m happy, then copy my changes back into my config.

                                                                                                      I do agree that doing per-user installation isn’t super useful on a single-user system. This is why I have /etc/nixos owned by my non-root user, so I don’t have to sudo every time I want to edit it (though I do still have to sudo to rebuild the changes).

                                                                                                      1. 2

                                                                                                        I would like to thank you for the post, I’m totally copying the autorandr and awesome setup (and a bunch of other things too =])

                                                                                                      2. 4

                                                                                                        What is neat with managing dotfiles with Nix is to be able to reference derivations. You need to run autorandr as part of script? Just say ${pkgs.autorandr}/bin/autorandr and it won’t clutter your path.

                                                                                                        1. 2

                                                                                                          My understanding is that home-manager achieves two somewhat orthogonal goals:

                                                                                                          As @vbernat said, they are not completely orthogonal, since you can refer to files in (package) output paths in configuration files, which is really nice.

                                                                                                          I think this makes a ton of sense in multi-user systems, where you don’t want to give sudo access to. But for a personal laptop, it seems like there’s little material difference between adding a package to global configuration.nix vs adding it to home-manager’s per-user analogue?

                                                                                                          For me, the large benefit is that I can use home-manager on both NixOS and non-NixOS systems. E.g., in my previous job I used several Ubuntu compute nodes. By using home-manager, I could have exactly the same user environment as my NixOS machines.

                                                                                                          1. 2

                                                                                                            home-manager has a complexity cost so that needs to be weighed in for sure.

                                                                                                            Typically the vim config can get complicated because it has to be adjusted to work between various environments. Since home-manager provides both the package and config, this is much simplified. I remember having to tune vim constantly before.

                                                                                                          1. 1

                                                                                                            Litmus test; would https://sr.ht be implementable in Gemini?

                                                                                                            I am not 100% sure, it’s possible that the TLS client certificate makes it easier to track people. The client would have to support selecting which identity to use for a given website at the minimum.

                                                                                                            1. 1

                                                                                                              I don’t think so; Gemini is for transmitting documents, not for creating web applications.

                                                                                                              1. 1

                                                                                                                No but that doesn’t necessarily mean it is reliant on the web. A large portion of sr.ht operations can be done from email

                                                                                                              1. 6

                                                                                                                Hetzner is quite cool although if you’re running Docker containers over there, you gotta be careful. Unlike other cloud providers, Hetzner offers no “Firewall” product (like AWS Security Groups,Digital Ocean Firewall etc). The only way to restrict incoming traffic is by yourself using iptables/ufw etc.

                                                                                                                Surprisingly Docker and UFW don’t play nicely together as demonstrated here. I’d like to make a move to Hetzner myself from DO but because of this limitation, I’m unable to. I know there are workarounds and hacks, but fiddling with iptables rules for protecting sensitive information is not something I’m willing to do.

                                                                                                                1. 5

                                                                                                                  It looks like they added a Load Balancer since then so that information might be out of date. (source: https://www.hetzner.com/cloud )

                                                                                                                  1. 1

                                                                                                                    They seem to be building features, which is nice. First just vms. Then volumes, networks, floating ips, load balancers. I wonder if object storage is next?

                                                                                                                  2. 4

                                                                                                                    I’ve been bitten by this. I felt pretty stupid afterwards.

                                                                                                                    My feeling is that docker is to blame here, after a lot of years, still not working with a widely deployed firewall, bypassing it if it’s enabled, and not supporting nftables at all? And not to mention the cgroups v2 issue.

                                                                                                                    Yet I’m still using it. I should have moved to using podman or such…

                                                                                                                    1. 3

                                                                                                                      I felt pretty stupid afterwards.

                                                                                                                      Same. Luckily I had just workloads with non critical data. I spent the following week moving back to DigitalOcean.

                                                                                                                      should have moved to using podman or such…

                                                                                                                      Does Podman respects UFW rules? How do they do networking stuff differently than Docker? Would be pretty interested to explore more on this.

                                                                                                                      1. 1

                                                                                                                        Does Podman respects UFW rules? How do they do networking stuff differently than Docker? Would be pretty interested to explore more on this.

                                                                                                                        As far as I’ve understood it, podman doesn’t touch your networking at all. You have to set it up yourself, but I probably have misunderstood something in this area.

                                                                                                                        I’m still (happily) using Hetzner, but I should really move to something else than debian/docker as this is still broken.

                                                                                                                        1. 1

                                                                                                                          Late comment - podman works just like plain old Docker, setting up network and all. Played around a bit with it using ansible on a brand new cpx11 on Hetzner, it’s so much faster than my old machines at home, hard to go back to after tasting that speed. Oh well.

                                                                                                                    2. 1

                                                                                                                      I’m currently running a bunch of Docker stuff on my DigitalOcean VPS, and have been relying on ufw for my firewall needs… Going to look into this right now, thanks for the heads up!

                                                                                                                      1. 1

                                                                                                                        If you have machines on Hetzner’s Robot (the bare metal offering) then you have a firewall option

                                                                                                                        1. 2

                                                                                                                          Yep, but like the author in the post said, one of the reasons to move was Cost. I doubt I’d want to pay 50% extra (yes for better resources) just to get Firewall. I think it’s a basic security feature that they should have offered in their core offering for a VPS too, but then again it gave me a chance to experiment with FreeBSD so not complaining much :)

                                                                                                                          1. 1

                                                                                                                            Hmm, … a used 32G machine on Hetzner costs as much as a 32G VPS and has double the disk space (on RAID-0). And you can get 64G machines on robot (not on cloud). There are use cases where their cloud offering is better and others where their bare metal is best. I’ve run hybrid workloads there with great joy.

                                                                                                                      1. 2

                                                                                                                        What is the motivation behind Gleam? Are there different design choices that you wanted to explore compared to Elixir?

                                                                                                                        1. 5

                                                                                                                          I believe the big one is a static type system, but there’s more on the Gleam website: https://gleam.run/

                                                                                                                          1. 3

                                                                                                                            Like Elixir it aims to bring a new style of programming to the Erlang VM.

                                                                                                                            Elixir polymorphism and metaprogramming inspired by Clojure, and Ruby. Gleam brings type safety and static analysis inspired by Elm, OCaml, and Rust.

                                                                                                                          1. 2

                                                                                                                            Nice work!

                                                                                                                            How far away is the interpreter from becoming a usable replacement for Bash? I wanted to introduce a native bash replacement in direnv in order to remove the Bash dependency. The last time I tried, it didn’t handle all of the features that are being used in the stdlib.

                                                                                                                            1. 2

                                                                                                                              Looking over stdlib, I don’t see anything that shouldn’t run under the latest release of Oil. I’d be interested in a bug report if it doesn’t run.

                                                                                                                              I just ran osh -n stdlib.sh and it spits out a big AST, so that’s a good sign.

                                                                                                                              1. 2

                                                                                                                                Oil is also interesting and on my radar. For the direnv use-case, gosh has an inherent advantage since it’s written in the same language as direnv.

                                                                                                                                My hope for Oil is that we will get something that is faster and stricter than Bash. The new language seems interesting but ultimately what I want is more like a stricter and faster version of Bash. And then rebuild all of nixpkgs with it. Due to the nature of Nix and how the derivations are being composed using chunks of strings, Bash is quite ideal as a builder companion. But the feedback that Bash gives is sometimes lacking.

                                                                                                                                1. 2

                                                                                                                                  what I want is more like a stricter and faster version of Bash

                                                                                                                                  Ah OK, I didn’t quite get the Go connection, but Oil is definitely a stricter version of bash now, and it’s on track to be faster (maybe 3 to 9 months from now).

                                                                                                                                  In the last couple releases I really nailed the strictness down. Some examples:

                                                                                                                                  http://www.oilshell.org/blog/2020/10/big-changes.html#tightened-up-string-literals

                                                                                                                                  As of early this year, e.g. http://www.oilshell.org/blog/2020/06/release-0.8.pre6.html, I consider the OSH part mostly done. That is, the semantics of the language.

                                                                                                                                  I would say OSH is the most bash compatible shell by a mile… If that’s what you want, I would think it’s pretty much your only option other than bash itself. (I haven’t tested shfmt recently, but the Go runtime places some fundamental limitations as mentioned)

                                                                                                                                  There are a few remaining issues, which are mostly unimplemented stuff that existing scripts haven’t tickled. As for divergences, there’s an IFS compatibilty bug I know about, but nobody has hit it in practice.

                                                                                                                                  https://github.com/oilshell/oil/issues?q=is%3Aissue+is%3Aopen+label%3Acompatibility

                                                                                                                                  https://github.com/oilshell/oil/issues?q=is%3Aissue+is%3Aopen+label%3Adivergence

                                                                                                                              2. 1

                                                                                                                                Oh neat, I never noticed direnv was written in Go!

                                                                                                                                For most Bash code out there, it should be pretty complete modulo some minor bugs you might uncover that would be easy to fix. Some of the funkier Bash features aren’t fully implemented, but if people do use them in the wild I’m happy to take a look or review PRs.

                                                                                                                                The only other thing to keep in mind is that this is pure Go, so there’s no real process forking for subshells. This is fine for the vast majority of vanilla Bash code, but if a bash script relies on PIDs or procfs, then the behavior will change with the Go interpreter. The upside, beyond dropping Bash as a dependency, is that you have a tighter control over the interpreter.

                                                                                                                                Edit: just noticed what you said about the stdlib script. If you file an issue I can take a look at that this weekend.

                                                                                                                                1. 2

                                                                                                                                  Thanks for the reply. I will give the latest version a try and see if it works with the stdlib. I am quite excited to see if it works now :)

                                                                                                                                  1. 2

                                                                                                                                    For those following along, we’re continuing this discussion here: https://github.com/mvdan/sh/issues/624

                                                                                                                              1. 2

                                                                                                                                Curl has been getting more buggy since the introduction of HTTP/2. This is understandable, HTTP/2 is an order of magnitude more complex than HTTP/1.1. Hopefully, the Rust backend will allow alleviating those bugs.

                                                                                                                                1. 3

                                                                                                                                  I hope this ignites some competition to speed everything up.

                                                                                                                                  There is a small reasoning mistake in the article: not all of the hooks are executed on a per-package basis. For example, the NixOS activation script is executed once per system change, regardless of how many new packages have been installed. It doesn’t mean that Nix is fast, but it is able to benefit from some more concurrency.

                                                                                                                                  1. 2

                                                                                                                                    dpkg also aggregates execution of hooks: see https://wiki.debian.org/DpkgTriggers.

                                                                                                                                    1. 1

                                                                                                                                      thanks for the correction!

                                                                                                                                  1. 1

                                                                                                                                    I wrote something similar a while back: https://github.com/zimbatm/h

                                                                                                                                    It also has a URL to folder heuristic, but more importantly, it also hooks into Bash so it automatically changes directory into the cloned repo. So technically, h <owner>/<repo> or h <URL> is idempotent and takes you to that project.

                                                                                                                                    1. 1

                                                                                                                                      Nice! I like the shell hook for changing directory. I had done a bit of research on how to achieve a directory change without launching a new shell, and it seemed a shell function was the only sane way.

                                                                                                                                    1. 7

                                                                                                                                      PHP being more popular than Perl is not hard to explain: PHP had properties that made it easy to host a large amount of it (especially by being an Apache Mod and being written for web pages specficially), so a lot of hosts did that. Perl, on the other hand, is no where nearly as designed for HTML output as PHP.

                                                                                                                                      Python vs Ruby is a bit harder, but I’d say it’s mostly down to Python having a reputation for being “Easy”, where Ruby can be easy, but is known more for being part of a counter culture. Python tends to be like Pop, where Ruby is either Jazz or Punk (if you’d excuse the mixed metaphors). Of course, both Ruby and Python expose rather large amounts of complexity as you start writing larger programs.

                                                                                                                                      1. 11

                                                                                                                                        IIRC Python, with some weird backing from Google, ended up as the de-facto teaching language. I think that’s what is responsible for its comparative popularity. Now the same thing is happening/has happened with Go.

                                                                                                                                        I think a lot of people are ignorant about the role evangelism plays in shaping language ecosystems.

                                                                                                                                        1. 2

                                                                                                                                          Indeed, evangelism definitely plays a large role in how popular languages end up. Thanks for pointing that out.

                                                                                                                                        2. 5

                                                                                                                                          PHP was also much easier to get into for beginners. I still remember not knowing what I was doing at all, and successfully programming something in PHP. All it took is some persistence a lot of F5-reloads. This instant feedback property is so valuable to beginners.

                                                                                                                                          1. 3

                                                                                                                                            Python vs Ruby is a bit harder, but I’d say it’s mostly down to Python having a reputation for being “Easy”, where Ruby can be easy, but is known more for being part of a counter culture.

                                                                                                                                            I started with Perl (doing apps with HTML::Template, mod_perl and the likes) then moved to Ruby on Rails during its hype (I did learn Ruby proper, outside of rails though). What got me moving from Ruby to Python was essentially the standard library and I think many people went a similar path. It was just easy to get stuff running and all the modules seemed good quality and worked out of the box. I still prefer Ruby over Python (but that is mostly because I like Smalltalk and Ruby draws much more from it) but back then it was simply more pragmatic to reach out for python when doing anything except a Rails web app. I think this xkdc pretty much nailed it: https://xkcd.com/353/

                                                                                                                                            1. 3

                                                                                                                                              Python vs Ruby is a bit harder, but I’d say it’s mostly down to Python having a reputation for being “Easy”, where Ruby can be easy, but is known more for being part of a counter culture. Python tends to be like Pop, where Ruby is either Jazz or Punk (if you’d excuse the mixed metaphors). Of course, both Ruby and Python expose rather large amounts of complexity as you start writing larger programs.

                                                                                                                                              Ruby was driven by the popularity of rails, and I’d argue Python was driven by scientific computing. Python only really went stratospheric this decade with the rise of data science and ML.

                                                                                                                                              1. 3

                                                                                                                                                Python was driven by scientific computing.

                                                                                                                                                Was this historically true though? Clearly, today’s popularity of Python is due to the fact that everyone uses ML for everything. But I would think that the niche of scientific computing was much smaller when Python already was more popular than Ruby?

                                                                                                                                                1. 2

                                                                                                                                                  I think you’re right. Python was a successful back-end web language back when “data science” was just statistics and scientific computing had never heard of (and couldn’t afford) these newfangled “high-level” “scripting” languages. On the other hand, the numpy/scipy stack has been around quite a while. I think it’s more like Python was already prevalent in education as ML was starting to expand, had decent ergonomics, and the ecosystem was fairly robust due to (web-driven) industry adoption.

                                                                                                                                                  1. 1

                                                                                                                                                    I would even bend this to my theory: the reason why Python won ML is numpy, and the reason why Python has numpy is a runtime which can easily be extended with native modules.

                                                                                                                                                    The fact that Python exposes the guts of the interpreter is oft cited as drawback (“that’s why every implementation converges to CPython design”), but it also is an explanation of the popularity.

                                                                                                                                                    1. 3

                                                                                                                                                      I agree NumPy is Python’s strategic advantage, but I disagree it has anything to do with CPython runtime. NumPy is mostly historic accident: it took three tries to get right (Numeric, Numarray, and then NumPy), and it basically burned out two extraordinary programmers (Jim Hugunin and Travis Oliphant).

                                                                                                                                                      In other words, I agree with “runtime matters” theory, but “runtime that matters” credit goes to NumPy itself, not CPython.

                                                                                                                                                      1. 1

                                                                                                                                                        Oh, interesting! Do you have some link to read about the history of NumPy by any chance?

                                                                                                                                                        1. 3

                                                                                                                                                          Travis Oliphant published a book titled “Guide to NumPy”. Its first chapter is titled “Origins of NumPy” and is probably the most definite account. It should be easy to find but I don’t think it’s appropriate to link to the web version of the published book.

                                                                                                                                                  2. 1

                                                                                                                                                    I certainly used Python much more than Ruby before ML became a thing. These days though, I don’t use a lot of either.