1. 6

    A slightly related Go nit, the case of structure members determines whether they’re exported or not. It’s crazy, why not explicitly add a private keyword or something?

    1. 17

      why not explicitly add a private keyword or something?

      Because capitalization does the same thing with less ceremony. It’s not crazy. It’s just a design decision.

      1. 4

        And limiting variable names to just “x”, “y” and “z” are also simpler and much less ceremony than typing out full variable names

        1. 1

          I’m not sure how this relates. Is your claim that the loss of semantic information that comes with terse identifiers is comparable to the difference between type Foo struct and e.g. type public foo struct?

          1. 1

            That is actually a Go convention, too. Two-letter or three-letter variable names like cs instead of customerService.

        2. 6

          This would be a more substantive comment chain if you can express why it’s crazy, not just calling it crazy. Why is it important that it should be a private keyword “or something”? In Go, the “or something” is literally the case sensitive member name…which is an explicit way of expressing whether it’s exported or not. How much more explicit can you get than a phenotypical designation? You can look at the member name and know then and there whether it’s exported. An implicit export would require the reader to look at the member name and at least one other source to figure out if it’s exported.

          1. 7

            It’s bad because changing the visibility of a member requires renaming it, which requires finding and updating every caller. This is an annoying manual task if your editor doesn’t do automatic refactoring, and it pollutes patches with many tiny one-character diffs.

            It reminds me of old versions of Fortran where variables that started with I, J, K L or M were automatically integers and the rest were real. 🙄

            1. 4

              M-x lsp-rename

              I don’t think of those changes as patch pollution — I think of them as opportunities to see where something formerly private is now exposed. E.g. when a var was unexported I knew that my package controlled it, but if I export it now it is mutable outside my control — it is good to see that in the diff.

              1. 2

                I guess I don’t consider changing the capitalization of a letter as renaming the variable

                1. 1

                  That’s not the point. The point is you have to edit every place that variable/function appears in the source.

                  1. 1

                    I was going to suggest that gofmt‘s pattern rewriting would help here but it seems you can’t limit it to a type (although gofmt -r 'oldname -> Oldname' works if the fieldname is unique enough.) Then I was going to suggest gorename which can limit to struct fields but apparently hasn’t been updated to work with modules. Apparently gopls is the new hotness but testing that, despite the “it’ll rename throughout a package”, when I tested it, specifying main.go:9:9 Oldname only fixed it (correctly!) in main.go, not the other files in the main package.

                    In summary, this is all a bit of a mess from the Go camp.

              2. 4

                The author of the submitted article wrote a sequel article, Go’ing Insane Part Two: Partial Privacy. It includes a section Privacy via Capitalisation that details what they find frustrating about the feature.

              3. 4

                A slightly related not-Go nit, the private keyword determines whether struct fields are exported or not. It’s crazy, why not just use the case of the field names saving everyone some keypresses?

                1. 2

                  I really appreciate it, and find myself missing it on every other language. To be honest, I have difficulty understanding why folding would want anything else.

                  1. 2

                    On the contrary, I rather like that it’s obvious in all cases whether something is exported or not without having to find the actual definition.

                  1. 33

                    return err is almost always the wrong thing to do. Instead of:

                    if err := foo(); err != nil {
                    	return err
                    }
                    

                    Write:

                    if err := foo(); err != nil {
                    	return fmt.Errorf("fooing: %w", err)
                    }
                    

                    Yes, this is even more verbose, but doing this is what makes error messages actually useful. Deciding what to put in the error message requires meaningful thought and cannot be adequately automated. Furthermore, stack traces are not adequate context for user-facing, non-programming errors. They are verbose, leak implementation details, are disrupted by any form of indirection or concurrency, etc.

                    Even with proper context, lots of error paths like this is potentially a code smell. It means you probably have broader error strategy problems. I’d try to give some advice on how to improve the code the author provided, but it is too abstract in order to provide any useful insights.

                    1. 17

                      I disagree on a higher level. What we really want is a stacktrace so we know where the error originated, not manually dispensed breadcrumbs…

                      1. 31

                        maybe you do, but I prefer an error chain that was designed. A Go program rarely has just one stack, because every goroutine is its own stack. Having the trace of just that one stack isn’t really a statement of the program as a whole since there’s many stacks, not one. Additionally, stack traces omit the parameters to the functions at each frame, which means that understanding the error means starting with your stack trace, and then bouncing all over your code and reading the code and running it in your head in order to understand your stack trace. This is even more annoying if you’re looking at an error several days later in a heterogeneous environment where you may need the additional complication of having to figure out which version of the code was running when that trace originated. Or you could just have an error like “failed to create a room: unable to reserve room in database ‘database-name’: request timed out” or something similar. Additionally, hand-crafted error chains have the effect that they are often much easier to understand for people who operate but don’t author something; they may have never seen the code before, so understanding what a stack trace means exactly may be difficult for them, especially if they’re not familiar with the language.

                        1. 6

                          I dunno. Erlang and related languages give you back a stack trace (with parameters) in concurrently running processes no problem

                          1. 4

                            It’s been ages since I wrote Erlang, but I remember that back then I rarely wanted a stack trace. My stack were typically 1-2 levels deep: each process had a single function that dispatched messages and did a small amount of work in each one. The thing that I wanted was the state of the process that had sent the unexpected message. I ended up with some debugging modes that attached the PID of the sending process and some other information so that I could reconstruct the state at the point where the problem occurred. This is almost the same situation as Go, where you don’t want the stack trace of the goroutine, you want to capture a stack trace of the program at the point where a goroutine was created and inspect that at the point where the goroutine failed.

                            This isn’t specific to concurrent programs, though it is more common there, it’s similar for anything written in a dataflow / pipeline style. For example, when I’m debugging something in clang’s IR generation I often wish I could go back and see what had caused that particular AST node to be constructed during parsing or semantic analysis. I can’t because all of the state associated with that stack is long gone.

                        2. 9

                          FWIW, I wrote a helper that adds tracing information.

                          I sort of have two minds about this. On the one hand, yeah, computers are good at tracking stack traces, why are we adding them manually and sporadically? OTOH, it’s nice that you can decide if you want the traces or not and it gives you the ability to do higher level things like using errors as response codes and whatnot.

                          The thing that I have read about in Zig that I wish Go had is an error trace which is different from the stack trace, which shows how the error was created, not the how the error propagates back to the execution error boundary which is not very interesting in most scenarios.

                          1. 6

                            The nice thing about those error traces is that they end where the stack trace begins, so it’s seamless to the point that you don’t even need to know that they are a thing, you just get exactly the information that otherwise you would be manually looking for.

                          2. 8

                            In a multiprocess system that’s exchanging messages: which stack?

                            1. 2

                              see: erlang

                            2. 5

                              You don’t want stack traces; you want to know what went wrong.

                              A stack trace can suggest what may have gone wrong, but an error message that declares exactly what went wrong is far more valuable, no?

                              1. 8

                                An error message is easy, we already have that: “i/o timeout”. A stack trace tells me the exact code path that lead to that error. Building up a string of breadcrumbs that led to that timeout is just a poorly implemented, ad-hoc stack trace.

                                1. 5

                                  Indeed and I wouldn’t argue with that. I love a good stack trace, but I find they’re often relied upon in lieu of useful error messages and I think that’s a problem.

                                  1. 2

                                    Building up a string of breadcrumbs that led to that timeout is just a poorly implemented, ad-hoc stack trace.

                                    That’s a bit of an over-generalization. A stack trace is inherently a story about the construction of the program that originated the error, while an error chain is a story about the events that led to an error. A stack trace can’t tell you what went wrong if you don’t have access to the program’s source code in the way that a hand crafted error chain can. A stack trace is more about where an error occurred, while an error chain is more about why an error occurred. I think they’re much more distinct than you are suggesting.

                                    and of course, if people are just bubbling up errors without wrapping them, yeah you’re going to have a bad time, but I think attacking that case is like suggesting that every language that has exceptions encourages Pokémon exception handling. That’s a bad exception-handling pattern, but I don’t think that the possibility of this pattern is a fair indictment of exceptions generally. Meanwhile you’re using examples of bad error handling practices that are not usually employed by Go programmers with more than a few weeks experience to indict the entire paradigm.

                                2. 4

                                  Stack traces are expensive to compute and inappropriate to display to most users. Also, errors aren’t exceptions.

                                  1. 1

                                    That’s why Swift throws errors instead. Exceptions immediately abort the program.

                                  2. 3

                                    What really is the “origin” of an error? Isn’t that somewhat arbitrary? If the error comes from a system call, isn’t the origin deeper in the kernel somewhere? What if you call in to a remote, 3rd party service. Do you want the client to get the stack trace with references to the service’s private code? If you’re using an interface, presumably the purpose is to abstract over the specific implementation. Maybe the stack trace should be truncated at the boundary like a kernel call or API call?

                                    Stack traces are inherently an encapsulation violation. They can be useful for debugging your internals, but they are an anti-feature for your users debugging their own system. If your user sees a stack trace, that means your program is bugged, not theirs.

                                    1. 5

                                      I get a line of logging output: error: i/o timeout. What do I do with that? With Ruby, I get a stack trace which tells me exactly where the timeout came from, giving me a huge lead on debugging the issue.

                                      1. 5

                                        I get a line of logging output: error: i/o timeout. What do I do with that?

                                        Well, that’s a problem you fix by annotating your errors properly. You don’t need stack traces.

                                        1. 3

                                          When your Ruby service returns an HTTP 500, do you send me the stack trace in the response body? What do I do with that?

                                          Go will produce stack traces on panics as well, but that’s precisely the point here: these are two different things. Panics capture stack traces as a “better than nothing” breadcrumb trail for when the programmer has failed to account for a possibility. They are for producers of code, not consumers of it.

                                        2. 2

                                          There’s definitely competing needs between different audiences and environments here.

                                          A non-technical end user doesn’t want to see anything past “something went wrong on our end, but we’re aware of it”. Well, they don’t even want to see that.

                                          A developer wants to see the entire stack trace, or at least have it available. They probably only care about frames in their own code at first, and maybe will want to delve into library code if the error truly doesn’t seem to come from their code or is hard to understand in the first place.

                                          A technical end user might want to see something in-between: they don’t want to see “something was wrong”. They might not even want to see solely the outer error of “something went wrong while persisting data” if the root cause was “I couldn’t reach this host”, because the latter is something they could actually debug within their environment.

                                      2. 9

                                        This is one reason I haven’t gone back to Go since university - There’s no right way to do anything. I think I’ve seen a thousand different right ways to return errors.

                                        1. 9

                                          Lots of pundits say lots of stuff. One good way to learn good patterns (I won’t call them “right”), is to look at real code by experienced Go developers. For instance, if you look at https://github.com/tailscale/tailscale you’ll find pervasive use of fmt.Errorf. One thing you might not see – at least not without careful study – is how to handle code with lots of error paths. That is by it’s very nature harder to see because you have to read and understand what the code is trying to do and what has to happen when something goes wrong in that specific situation.

                                          1. 6

                                            there is a right way to do most things; but it takes some context and understanding for why.

                                            the mistake is thinking go is approachable for beginners; it’s not.

                                            go is an ergonomic joy for people that spend a lot of time investing in it, or bring a ton of context from other languages.

                                            for beginners with little context, it is definitely a mess.

                                            1. 9

                                              I thought Go was for beginners, because Rob Pike doesn’t trust programmers to be good.

                                              1. 17

                                                I’d assume that Rob Pike, an industry veteran, probably has excellent insight into precisely how good the average programmer at Google is, and what kind of language will enable them to be productive at the stuff Google makes. If this makes programming languages connaisseurs sad, that’s not his problem.

                                                1. 9

                                                  Here’s the actual quote:

                                                  The key point here is our programmers are Googlers, they’re not researchers. They’re typically, fairly young, fresh out of school, probably learned Java, maybe learned C or C++, probably learned Python. They’re not capable of understanding a brilliant language but we want to use them to build good software. So, the language that we give them has to be easy for them to understand and easy to adopt.

                                                  So I have to wonder who is capable of understanding a “brilliant language” …

                                                  1. 7

                                                    So I have to wonder who is capable of understanding a “brilliant language” …

                                                    Many people. They don’t work at Google at an entry-level capacity, that’s all.

                                                    There’s a subtle fallacy at work here - Google makes a lot of money, so Google can afford to employ smart people (like Rob Pike!) It does not follow that everyone who works at Google is, on average, smarter than anyone else.

                                                    (edited to include quote)

                                                    1. 8

                                                      Let’s say concretely we are talking about OCaml. Surely entry-level Googlers are capable of understanding OCaml. Jane Street teaches it to all new hires (devs or not) in a two-week bootcamp. I’ve heard stories of people quickly becoming productive in Elm too.

                                                      The real meaning of that quote is not ‘entry-level Googlers are not capable of it’, it’s ‘We don’t trust them with it’ and ‘We’re not willing to invest in training them in it’. They want people to start banging out code almost instantly, not take some time to ramp up.

                                                      1. 7

                                                        Let’s say concretely we are talking about OCaml. Surely entry-level Googlers are capable of understanding OCaml. Jane Street teaches it to all new hires (devs or not) in a two-week bootcamp.

                                                        I suspect that Jane Street’s hiring selects for people who are capable of understanding OCaml; I guarantee that the inverse happens and applicants interested in OCaml self select for careers at Jane Street, just like Erlang-ers used to flock towards Ericsson.

                                                        Google has two orders of magnitude more employees than Jane Street. It needs a much bigger funnel and is likely far less selective in hiring. Go is “the law of large numbers” manifest as a programming language. That’s not necessarily bad, just something that is important for a massive software company and far less important for small boutiques.

                                                        1. 2

                                                          applicants interested in OCaml self select for careers at Jane Street,

                                                          As I said, they teach it to all hires, including non-devs.

                                                          Google has two orders of magnitude more employees than Jane Street. It needs a much bigger funnel and is likely far less selective in hiring

                                                          Surely though, they are not so loose that they hire Tom Dick and Harry off the street. Why don’t we actually look at an actual listing and check? E.g. https://careers.google.com/jobs/results/115367821606560454-software-developer-intern-bachelors-summer-2022/

                                                          Job title: Software Developer Intern, Bachelors, Summer 2022 (not exactly senior level)

                                                          Minimum qualifications:

                                                          Pursuing a Bachelor’s degree program or post secondary or training experience with a focus on subjects in software development or other technical related field. Experience in Software Development and coding in a general purpose programming language. Experience coding in two of C, C++, Java, JavaScript, Python or similar.

                                                          I’m sorry but there’s no way I’m believing that these candidates would be capable of learning Go but not OCaml (e.g.). It’s not about their capability, it’s about what Google wants to invest in them. Another reply even openly admits this! https://lobste.rs/s/yjvmlh/go_ing_insane_part_one_endless_error#c_s3peh9

                                                          1. 2

                                                            And I remember when Google would require at minimum a Masters Degree before hiring.

                                                            1. 1

                                                              I had a master’s degree in engineering (though not in CS) and I couldn’t code my way out of a paper bag when I graduated. Thankfully no-one cared in Dot Com Bubble 1.0!

                                                          2. 3

                                                            They want people to start banging out code almost instantly, not take some time to ramp up.

                                                            Yes, and? The commodification of software developers is a well-known trend (and goal) of most companies. When your assets are basically servers, intangible assets like software and patents, and the people required to keep the stuff running, you naturally try to lower the costs of hiring and paying salary, just like you try to have faster servers and more efficient code.

                                                            People are mad at Rob Pike, but he just made a language for Google. It’s not his fault the rest of the industry thought “OMG this is the bee’s knees, let’s GO!” and adopted it widely.

                                                            1.  

                                                              Yes, I agree that the commodification of software developers is prevalent today. And we can all see the result, the profession is in dire straits–hard to hire because of bonkers interview practices, hard to keep people because management refuses to compensate them properly, and cranking out bugs like no tomorrow.

                                                    2. 8

                                                      No, Rob observed, correctly, that in an organization of 10,000 programmers, the skill level trends towards the mean. And so if you’re designing a language for this environment, you have to keep that in mind.

                                                      1. 4

                                                        it’s not just that. It’s a language that has to reconcile the reality that skill level trends toward the mean, with the fact that the way that google interviews incurs a selection/survival bias towards very junior programmers who think they are the shit, and thus are very dangerous with the wrong type of power.

                                                        1. 4

                                                          As I get older and become, presumably, a better programmer, it really does occur to me just how bad I was for how long. I think because I learned how to program as a second grader, I didn’t get how much of a factor “it’s neat he can do it all” was in my self-assessment. I was pretty bad, but since I was being compared to the other kids who did zero programming, it didn’t matter that objectively I was quite awful, and I thought I was hot shit.

                                                        2. 3

                                                          Right! But the cargo-cult mentality of the industry meant that a language designed to facilitate the commodification of software development for a huge, singular organization escaped and was inflicted on the rest of us.

                                                          1. 3

                                                            But let’s be real for a moment:

                                                            a language designed to facilitate the commodification of software development

                                                            This is what matters.

                                                            It doesn’t matter if you work for a company of 12 or 120,000: if you are paid to program – that is, you are not a founder – the people who sign your paychecks are absolutely doing everything within their power to make you and your coworkers just cogs in the machine.

                                                            So I don’t think this is a case of “the little fish copying what big bad Google does” as much as it is an essential quality of being a software developer.

                                                            1. 1

                                                              Thank you, yes. But also, the cargo cult mentality is real.

                                                        3. 2

                                                          Go is for compilers, because Google builds a billion lines a day.

                                                    3. 2

                                                      return errors.Wrapf(err, "fooing %s", bar) is a bit nicer.

                                                      1. 12

                                                        That uses the non-standard errors package and has been obsolete since 1.13: https://stackoverflow.com/questions/61933650/whats-the-difference-between-errors-wrapf-errors-errorf-and-fmt-errorf

                                                        1. 1

                                                          Thanks, that’s good to know.

                                                        2. 7

                                                          return fmt.Errorf("fooing %s %w", bar, err) is idiomatic.

                                                          1. 7

                                                            Very small tweak: normally you’d include a colon between the current message and the %w, to separate error messages in the chain, like so:

                                                            return fmt.Errorf("fooing %s: %w", bar, err)
                                                            
                                                        3. 1

                                                          It makes error messages useful but if it returns a modified err then I can’t catch it further up with if err == someErr, correct?

                                                          1. 2

                                                            You can use errors.Is to check wrapped errors - https://pkg.go.dev/errors#Is

                                                            Is unwraps its first argument sequentially looking for an error that matches the second. It reports whether it finds a match. It should be used in preference to simple equality checks

                                                            1. 2

                                                              Thanks! I actually didn’t know about that.

                                                            2. 2

                                                              Yes, but you can use errors.Is and errors.As to solve that problem. These use errors.Unwrap under the hood. This error chaining mechanism was introduced in Go 1.13 after being incubated in the “errors” package for a long while before that. See https://go.dev/blog/go1.13-errors for details.

                                                          1. 10

                                                            Q: Why choose Docker or Podman over Nix or Guix?

                                                            Edit with some rephrasing: why run containers over a binary cache? They can both do somewhat similar things in creating a reproductible build (so long as you aren’t apt upgradeing in your container’s config file) and laying out how to glue you different services together, but is there a massive advantage with one on the other?

                                                            1. 28

                                                              I can’t speak for the OP, but for myself there are three reasons:

                                                              1. Docker for Mac is just so damn easy. I don’t have to think about a VM or anything else. It Just Works. I know Nix works natively on Mac (I’ve never tried Guix), but while I do development on a Mac, I’m almost always targeting Linux, so that’s the platform that matters.

                                                              2. The consumers of my images don’t use Nix or Guix, they use Docker. I use Docker for CI (GitHub Actions) and to ship software. In both cases, Docker requires no additional effort on my part or on the part of my users. In some cases I literally can’t use Nix. For example, if I need to run something on a cluster controlled by another organization there is literally no chance they’re going to install Nix for me, but they already have Docker (or Podman) available.

                                                              3. This is minor, I’m sure I could get over it, but I’ve written a Nix config before and I found the language completely inscrutable. The Dockerfile “language”, while technically inferior, is incredibly simple and leverages shell commands I already know.

                                                              1. 15

                                                                I am not a nix fan, quite the opposite, I hate it with a passion, but I will point out that you can generate OCI images (docker/podman) from nix. Basically you can use it as a Dockerfile replacement. So you don’t need nix deployed in production, although you do need it for development.

                                                                1. 8

                                                                  As someone who is about to jump into nixos, Id love to read more about why you hate nix.

                                                                  1. 19

                                                                    I’m not the previous commenter but I will share my opinion. I’ve given nix two solid tries, but both times walked away. I love declarative configuration and really wanted it to work for me, but it doesn’t.

                                                                    1. the nix language is inscrutable (to use the term from a comment above). I know a half dozen languages pretty well and still found it awkward to use
                                                                    2. in order to make package configs declarative the config options need to be ported to the nix language. This inevitably means they’ll be out of date or maybe missing a config option you want to set.
                                                                    3. the docs could be much better, but this is typical. You generally resort to looking at the package configs in the source repo
                                                                    4. nix packages, because of the design of the system, has no connection to real package versions. This is the killer for me, since the rest of the world works on these version numbers. If I want to upgrade from v1.0 to v1.1 there is no direct correlation in nix except for a SHA. How do you find that out? Look at the source repo again.
                                                                    1. 4

                                                                      This speaks to my experience with Nix too. I want to like it. I get why it’s cool. I also think the language is inscrutable (for Xooglers, the best analogy is borgcfg) and the thing I want most is to define my /etc files in their native tongue under version control and for it all to work out rather than depend on Nix rendering the same files. I could even live with Nix-the-language if that were the case.

                                                                      1. 3

                                                                        I also think the language is inscrutable (for Xooglers, the best analogy is borgcfg)

                                                                        As a former Google SRE, I completely agree—GCL has a lot of quirks. On the other hand, nothing outside Google compares, and I miss it dearly. Abstracting complex configuration outside the Google ecosystem just sucks.

                                                                        Yes, open tools exist that try to solve this problem. But only gcl2db can load a config file into an interactive interface where you can navigate the entire hierarchy of values, with traces describing every file:line that contributed to the value at a given path. When GCL does something weird, gcl2db will tell you exactly what happened.

                                                                      2. 2

                                                                        Thanks for the reply. I’m actually not a huge fan of DSLs so this might be swaying me away from setting up nixos. I have a VM setup with it and tbh the though of me trolling through nix docs to figure out the magical phrase to do what I want does not sound like much fun. I’ll stick with arch for now.

                                                                        1. 6

                                                                          If you want the nix features but a general purpose language, guix is very similar but uses scheme to configure.

                                                                          1. 1

                                                                            I would love to use Guix, but lack of nonfree is killer as getting Steam running is a must. There’s no precedence for it being used in the unjamming communities I participate in, where as Nix is has sizable following.

                                                                            1. 2

                                                                              So use Ubuntu as the host OS for Guix if you need Steam to work. Guix runs well on many OS

                                                                      3. 10

                                                                        Sorry for the very late reply. The problem I have with nixos is that it’s anti-abstraction in the sense that I elaborated on here. Instead it’s just the ultimate wrapper.

                                                                        To me, the point of a distribution is to provide an algebra of packages that’s invariant in changes of state. Or to reverse this idea, an instance of a distribution is anything with a morphism to the category of packages.

                                                                        Nix (and nixos) is the ultimate antithesis of this idea. It’s not a morphism, it’s a homomorphism. The structure is algebraic, but it’s concrete, not abstract.

                                                                        People claim that “declarative” configuration is good, and it’s hard to attack such a belief, but people don’t really agree on what really means. In Haskell it means that expressions have referential transparency, which is a good thing, but in other contexts when I hear people talk about declarative stuff I immediately shiver expecting the inevitable pain. You can “declare” anything if you are precise enough, and that’s what nix does, it’s very precise, but what matters is not the declarations, but the interactions and in nix interaction means copying sha256 hashes in an esoteric programming language. This is painful and as far away from abstraction as you can get.

                                                                        Also notice that I said packages. Nix doesn’t have packages at all. It’s a glorified build system wrapper for source code. Binaries only come as a side effect, and there are no first class packages. The separation between pre-build artefacts and post-build artefacts is what can enable the algebraic properties of package managers to exist, and nix renounces this phase distinction with prejudice.

                                                                        To come to another point, I don’t like how Debian (or you other favorite distribution) chooses options and dependencies for building their packages, but the fact that it’s just One Way is far more important to me than a spurious dependency. Nix, on the other hand, encourages pets. Just customize the build options that you want to get what you want! What I want is a standard environment, customizability is a nightmare, an anti-feature.

                                                                        When I buy a book, I want to go to a book store and ask for the book I want. With nix I have to go to a printing press and provide instructions for printing the book I want. This is insanity. This is not progress. People say this is good because I can print my book into virgin red papyrus. I say it is bad exactly for the same reason. Also, I don’t want all my prints to be dated January 1, 1970.

                                                                    2. 8

                                                                      For me personally, I never chose Docker; it was chosen for me by my employer. I could maybe theoretically replace it with podman because it’s compatible with the same image format, which Guix (which is much better designed overall) is not. (But I don’t use the desktop docker stuff at all so I don’t really care that much; mostly I’d like to switch off docker-compose, which I have no idea whether podman can replace.)

                                                                      1. 3

                                                                        FWIW Podman does have a podman-compose functionality but it works differently. It uses k8s under the hood, so in that sense some people prefer it.

                                                                      2. 2

                                                                        This quite nicely sums up for me 😄 and more eloquently than I could put it.

                                                                        1. 2

                                                                          If you’re targeting Linux why aren’t you using a platform that supports running & building Linux software natively like Windows or even Linux?

                                                                          1. 12

                                                                            … to call WSL ‘native’ compared to running containers/etc via VMs on non-linux OS’s is a bit weird.

                                                                            1. 11

                                                                              I enjoy using a Mac, and it’s close enough that it’s almost never a problem. I was a Linux user for ~15 years and I just got tired of things only sorta-kinda working. Your experiences certainly might be different, but I find using a Mac to be an almost entirely painless experience. It also plays quite nicely with my iPhone. Windows isn’t a consideration, every time I sit down in front of a Windows machine I end up miserable (again, YMMV, I know lots of people who use Windows productively).

                                                                              1. 3

                                                                                Because “targeting Linux” really just means “running on a Linux server, somewhere” for many people and they’re not writing specifically Linux code - I spend all day writing Go on a mac that will eventually be run on a Linux box but there’s absolutely nothing Linux specific about it - why would I need Linux to do that?

                                                                                1. 2

                                                                                  WSL2-based containers run a lightweight Linux install on top of Hyper-V. Docker for Mac runs a lightweight Linux install on top of xhyve. I guess you could argue that this is different because Hyper-V is a type-1 hypervisor, whereas xhyve is a type-2 hypervisor using the hypervisor framework that macOS provides, but I’m not sure that either really counts as more ‘native’.

                                                                                  If your development is not Linux-specific, then XNU provides a more complete and compliant POSIX system than WSL1, which are the native kernel POSIX interfaces for macOS and Windows, respectively.

                                                                              2. 9

                                                                                Prod runs containers, not Nix, and the goal is to run the exact same build artifacts in Dev that will eventually run in Prod.

                                                                                1. 8

                                                                                  Lots of people distribute dockerfiles and docker-compose configurations. Podman and podman-compose can consume those mostly unchanged. I already understand docker. So I can both use things other people make and roll new things without using my novelty budget for building and running things in a container, which is basically a solved problem from my perspective.

                                                                                  Nix or Guix are new to me and would therefore consume my novelty budget, and no one has ever articulated how using my limited novelty budget that way would improve things for me (at least not in any way that has resonated with me).

                                                                                  Anyone else’s answer is likely to vary, of course. But that’s why I continue to choose dockerfiles and docker-compose files, whether it’s with docker or podman, rather than Nix or Guix.

                                                                                  1. 5

                                                                                    Not mentioned in other comments, but you also get process / resource isolation by default on docker/podman. Sure, you can configure service networking, cgroups, namespaces on nix yourself, just like any other system and setup the relevant network proxying. But getting that prepackaged and on by default is very handy.

                                                                                    1. 2

                                                                                      You can get a good way there without much fuss with using the Declarative NixOS containers feature (which uses systemd-nspawn under the hood).

                                                                                    2. 4

                                                                                      I’m not very familiar with Nix, but I feel like a Nix-based option could do for you what a single container could do, giving you the reproducibility of environment. What I don’t see how to do is something comparable to creating a stack of containers, such as you get from Docker Compose or Docker Swarm. And that’s considerably simpler than the kinds of auto-provisioning and wiring up that systems like Kubernetes give you. Perhaps that’s what Nix Flakes are about?

                                                                                      That said I am definitely feeling like Docker for reproducible developer environments is very heavy, especially on Mac. We spend a significant amount of time rebuilding containers due to code changes. Nix would probably be a better solution for this, since there’s not really an entire virtual machine and assorted filesystem layering technology in between us and the code we’re trying to run.

                                                                                      1. 3

                                                                                        Is Nix a container system…? I though it was a package manager?

                                                                                        1. 3

                                                                                          It’s not, but I understand the questions as “you can run a well defined nix configuration which includes your app or a container with your app; they’re both reproducible so why choose one of the over the other?”

                                                                                        2. 1

                                                                                          It’s possible to generate Docker images using Nix, at least, so you could use Nix for that if you wanted (and users won’t know that it’s Nix).

                                                                                          1. 1

                                                                                            These aren’t mutually exclusive. I run a few Nix VMs for self-hosting various services, and a number of those services are docker images provided by the upstream project that I use Nix to provision, configure, and run. Configuring Nix to run an image with hash XXXX from Docker registry YYYY and such-and-such environment variables doesn’t look all that different from configuring it to run a non-containerized piece of software.

                                                                                          1. 2

                                                                                            This is pretty good - graphic selection doesn’t appear to persist when starting a new game but that might just be beta Safari being weird.

                                                                                            Bringing back fond memories of porting Moria to RISC OS cli many years ago.

                                                                                            1. 7

                                                                                              Someone did a very good dive into the archives (starts here https://twitter.com/sirdarckcat/status/1429833886385725441) and it looks like the solution has been described years ahead of filing. IANAL, but hope there’s enough ammunition there to invalidate the patent.

                                                                                              1. 2
                                                                                                1. 1

                                                                                                  I don’t think, and I am definitely not a patent lawyer, that is necessarily “prior art” in the strictest sense - that’s controlling whole script files. Their claims are that their server-generated secrets “reconfigure” the environment for the scripting language according to those secrets allowing different “scopes” of access to different “identities”.

                                                                                                  But I wouldn’t be surprised if there’s more prior art out there - it’s not like permissioned conditional execution of chunks of code was a new idea in 2011 (although the replacing of functions to do that might be?)

                                                                                              1. 26

                                                                                                You’ll be pleased to hear this concept has a name already: literate programming.

                                                                                                1. 7

                                                                                                  That’s just the author’s particular take on this. I’ve seen other takes that are quite different from plain old literate programming.

                                                                                                  1. 3

                                                                                                    Yeah Knuth-style tangle/weave definitely shouldn’t be allowed a monopoly on the very good idea of interleaving prose and code. https://github.com/arrdem/source/tree/trunk/projects/lilith/ was my LangJam submission that went in that direction, partly inspired by my previous use of https://github.com/gdeer81/marginalia and various work frustrations at being unable to do eval() in the ReStructuredText files that constitute the majority of my recent writing.

                                                                                                  2. 2

                                                                                                    Technically, I think, it’d be “documentation generation” because it doesn’t involve any tangle or weave steps.

                                                                                                    because these tools do not implement the “web of abstract concepts” hiding behind the system of natural-language macros, or provide an ability to change the order of the source code from a machine-imposed sequence to one convenient to the human mind, they cannot properly be called literate programming tools in the sense intended by Knuth.

                                                                                                    [my emphasis]

                                                                                                    1. 3

                                                                                                      My view of this is:

                                                                                                      A lot of Literate Programming systems are based on the idea of automatically copy-pasting pieces of code around. I think this is a terrible idea for many of the same reasons why building a program entirely out of C macros is a terrible idea. However, it’s a necessary evil due to the limitations of C; everything has to be in a particular order imposed by the C compiler. If you want your prose to describe an implementation of a function first, and then describe the struct which that function uses on later, the only solution in C is to do macro-like copy/paste to make the generated C code contain the struct definition before the function even though it’s implemented after the function.

                                                                                                      Many modern languages don’t have this limitation. Many languages lets everything refer to everything else regardless of the order they appear in the file. Thanks to this, I think we can generally treat the function as the unit of code in literate programming systems, and we don’t need elaborate automatic copy/paste systems. As a bonus, all the interactions between code snippets follows simple, well-understood semantics, and you don’t have the common issues with invisible action at a distance you see in many literate programming systems.

                                                                                                      That’s the basis for our submission at least, where we made a literate programming system (with LaTeX as the outer language) where all the interaction between different code snippets happens through function calls, not macro expansions.

                                                                                                    2. 1

                                                                                                      Literate programming was the inspiration for my team’s submission: https://github.com/mortie/lafun-language

                                                                                                      1. 9

                                                                                                        With the disclaimer that I am neither an experienced Go programmer, nor have I worked on large teams, I don’t understand what any of this has to do with being bad for smart programmers. In fact, I would say that many of the deficiencies that the article lists are in fact pitfalls for juniors programmers. Much of it comes down to having a substandard type system, so the compiler and associated tooling can’t give you useful guarantees or feedback. An experienced programmer may be able to keep the code’s requirements in their heads, but most junior programmers should have the compiler check their work, and Go’s design makes it impossible to do this.

                                                                                                        1. 12

                                                                                                          I thought Go was well known for having extremely good static analysis tools. The type system isn’t that powerful, but static analysis isn’t just type systems.

                                                                                                          1. 1

                                                                                                            That’s possible. I’m not in tune with the Go ecosystem enough to know if that’s the case, but this is the first I’m hearing of it. I’d be curious to know what these analyses are and what guarantees they provide.

                                                                                                            1. 5

                                                                                                              The golangci-lint list of linters is probably a good view of what people are using generally.

                                                                                                            2. 1

                                                                                                              The analysis package makes it pretty easy to write them too, with the biggest downside being that for some reason I always struggle spelling analysis correctly 😅

                                                                                                              A simple example to check for copyright comments, and a slightly more complicated example to check if you’re actually calling functions that return a function in defer (defer Fun()()).

                                                                                                              Both go vet and staticcheck are implemented with this.

                                                                                                              1. 1

                                                                                                                I wrote one at a previous job to make sure that event constants were matched up with functions of the correct type. Most helpful because that was a common thing people fat-fingered.

                                                                                                          1. 2

                                                                                                            I guess browser.org (mainly lynx.browser.org) which came online in late 1996.

                                                                                                            (There should be usenet and mailing list posts from late ’92, early ‘93 floating around in archives tho’)

                                                                                                            1. 29

                                                                                                              Well written, this were exactly my thoughs when i read this. We don’t need faster programmers. We need more thorough programmers.

                                                                                                              Software could be so much better (and faster) if the market would value quality software higher than “more features”

                                                                                                              1. 9

                                                                                                                We don’t need faster programmers. We need more thorough programmers.

                                                                                                                That’s just a “kids these days…” complaint. Programmers have always been fast and sloppy and bugs get ironed out over time. We don’t need more thorough programmers, like we don’t need more sturdy furniture. Having IKEA furniture is amazing.

                                                                                                                1. 12

                                                                                                                  Source code is a blueprint. IKEA spends a lot of time getting their blueprints right. Imagine if every IKEA furniture set had several blueprint bugs in it that you had to work around.

                                                                                                                  1. 5

                                                                                                                    We’re already close though. We have mature operating systems, language runtimes, and frameworks. Going forward I see the same thing happening to programming that happens to carpentry or cars now. A small set of engineers develop a design (blueprint) and come up with lists of materials. From there, technicians guide the creation of the actual design. Repairs are performed by contractors or other field workers. Likewise, a select few will work on the design for frameworks, operating systems, security, IPC, language runtimes, important libraries, and other core aspects of software. From there we’ll have implementors gluing libraries together for common tasks. Then we’ll have sysadmins or field programmers that actually take these solutions and customize/maintain them for use.

                                                                                                                    1. 7

                                                                                                                      I think we’re already completely there in some cases. You don’t need to hire any technical people at all if you want to set up a fully functioning online store for your small business. Back in the day, you would have needed a dev team and your own sysadmins, no other options.

                                                                                                                      1. 1

                                                                                                                        I see the same thing happening to programming that happens to carpentry or cars now. […] From there we’ll have implementors gluing libraries together for common tasks.

                                                                                                                        Wasn’t this the spiel from the 4GL advocates in the 80s?

                                                                                                                        1. 2

                                                                                                                          Wasn’t this the spiel from the 4GL advocates in the 80s?

                                                                                                                          No, it was the spiel of OOP/OOAD advocates in the 80s. Think “software IC’.

                                                                                                                    2. 1

                                                                                                                      Maybe, maybe not. I just figured that if i work more thoroughly, i get to my goals quicker, as i have less work to do and rewrite my code less often. Skipping error handling might seem appealing at frist, as i reach my goal earlier, but the price for this is that either me or someone else has to fix that sooner or later.

                                                                                                                      Also mistakes or just imperformance in software nowadays have huge impact due to being so widespread.

                                                                                                                      One nice example i like to make:

                                                                                                                      Wikimedia foundation got 21.035.450.914 page views last month [0]. So if we optimize that web server by a single instruction per page view, assuming the CPU runs at 4 GHz, with a perfect optimized code of 1.2 instructions per cycle, we can shave off 4.382 seconds per month. Assuming wikipedia runs average servers [1], this means we shave of 1.034 watt hour of energy per month. With a energy price of 13.24 euro cent [2], this means a single cycle costs us roughly 0.013 euro cent.

                                                                                                                      Now imagine you can make the software run 1% faster, which are 48.000.000 instructions, this is suddenly 6240€ per month savings. For 1% overall speedup!

                                                                                                                      High-quality software is not only pleasant for the user. It also saves the planet by wasting less energy and goes easy on your wallet.

                                                                                                                      So maybe

                                                                                                                      Programmers have always been fast and sloppy and bugs get ironed out over time. We don’t need more thorough programmers,

                                                                                                                      this should change. For the greater good of everyone

                                                                                                                      [0] https://stats.wikimedia.org/#/all-projects/reading/total-page-views/normal|table|2-year|~total|monthly
                                                                                                                      [1] https://www.zdnet.com/article/toolkit-calculate-datacenter-server-power-usage/
                                                                                                                      [2] https://www.statista.com/statistics/1046605/industry-electricity-prices-european-union-country/

                                                                                                                    3. 9

                                                                                                                      Software could be so much better (and faster) if the market would value quality software higher than “more features”

                                                                                                                      The problem is there just aren’t enough people for that. That’s basically been the problem for the last 30+ years. It’s actually better than it used to be; there was a time not so long ago where everyone who could sum up numbers in Excel was a programmer and anyone who knew how to defrag their C:\ drive was a sysadmin.

                                                                                                                      Yesterday I wanted to generate a random string in JavaScript; I knew Math.random() isn’t truly random and wanted to know if there’s something better out there. The Stack Overflow question is dominated by Math.random() in more variations that you’d think possible (not all equally good I might add). This makes sense because for a long time this was the only way to get any kind of randomness in client-side JS. It also mentions the newer window.crypto API in some answers which is what I ended up using.

                                                                                                                      I can make that judgment call, but I’m not an ML algorithm. And while on Stack Overflow I can add context, caveats, involved trade-offs, offer different solutions, etc. with an “autocomplete code snippet” that’s a lot more limited. And especially for novice less experienced programmer you wouldn’t necessarily know a good snippet from a bad one: “it seems to work”, and without the context a Stack Overflow answer has you just don’t know. Stack Overflow (and related sites) are more than just “gimme teh codez”; they’re also teaching moments.

                                                                                                                      Ideally, there would be some senior programmer to correct them. In reality, due the limited number of people, this often doesn’t happen.

                                                                                                                      We’ll have to wait and see how well it turns out in practice, but I’m worried for an even greater proliferation of programmers who can’t really program but instead just manage to clobber something together by trail-and-error. Guess we’ll have to suffer through even more ridiculous interviews to separate the wheat from the chaff in the future…

                                                                                                                      1. 2

                                                                                                                        We’ll have to wait and see how well it turns out in practice, but I’m worried for an even greater proliferation of programmers who can’t really program

                                                                                                                        I don’t see this as a problem. More mediocre programmers available doesn’t lower the bar for places that need skilled programmers. Lobste.rs commenters often talk of the death of the open web for example. If this makes programming more accessible, isn’t that better for the open web?

                                                                                                                      2. 6

                                                                                                                        We don’t need faster programmers. We need more thorough programmers.

                                                                                                                        Maybe we need more than programmers and should aim to deserve the title of software engineers. Writing code should be the equivalent of nailing wood, whether you use a hammer or AI assisted nailgun shouldn’t matter much if you are building a structure that can’t hold the weight it is designed for or can’t deal with a single plank that is going to break or rot.

                                                                                                                        1. 6

                                                                                                                          We don’t need faster programmers. We need more thorough programmers.

                                                                                                                          Not for everything, but given we spend so much time debugging and fixing things, thoroughness is usually faster.

                                                                                                                          1. 6

                                                                                                                            Slow is smooth and smooth is fast.

                                                                                                                        1. 4

                                                                                                                          This is a bad idea and you should feel bad.

                                                                                                                          I do not. If you can be vaccinated and a vaccine is available to you and you’re not getting one, you should feel bad.

                                                                                                                          Do you really expect anyone else to do this?

                                                                                                                          I could see it being used as a promotion […]

                                                                                                                          The road to hell is paved with good intentions.

                                                                                                                          If not dying is not enough of an incentive to get the vaccine, I’m not sure what will be.

                                                                                                                          In my region, we are 3.79 million people: between 24th February 2020 and 19th June 2021 (481 days) there are 2720 people who died in hospital with covid19 (and not necessarily from), the large majority of them being over 75 years old.

                                                                                                                          In the end, maybe “not dying” really isn’t a sufficient incentive to take these vaccines for some people, and we should respect that. Moreover, drug alternatives exists which can reduce the incentive too.

                                                                                                                          Cf: Sources are in french unfortunately, but charts are easily translatable.

                                                                                                                          1. 4

                                                                                                                            All this for eight hours of lost life expectancy

                                                                                                                            If the 18-year-old dies, he loses 61.2 years of expected life. That’s a lot. But the probability of the 18-year-old dying, if infected, is tiny, about 0.004%. So the expected years of life lost are only 0.004% times 35% times 61.2 years, which is 0.0009 year. That’s only 7.5 hours. Everything this younger person has been through over the past year was to prevent, on average, the loss of 7.5 hours of his life.

                                                                                                                            1. 4

                                                                                                                              Everything this younger person has been through over the past year was to prevent, on average, the loss of 7.5 hours of his life.

                                                                                                                              That’s discounting all the lost hours that may have arisen from people infected by that 18 year old if he caught COV19. Which is kinda messed up, no?

                                                                                                                              1. 1

                                                                                                                                Not really. Since we’re talking about broad policies, thinking about “well what if an 18-year-old infects X many people” is not very instructive. Instead, we should consider the total number of people who would be infected, if we changed policies.

                                                                                                                                Herd immunity for SARS-CoV-2 would be reached after perhaps 70% of the population has been infected… While perfect protection would eliminate the risk of infection, few people can practice it. Based on data analyzed by economists at the University of California, Berkeley, we assume that actual protection reduced the risk of infection by roughly half. Therefore, imperfect protection reduced the risk of infection for the average American from 70% to 35%.

                                                                                                                                That is, roughly twice as many Americans would have been infected.

                                                                                                                                1. 1
                                                                                                                                  1. 1

                                                                                                                                    I figured we both had read the article which I linked two posts above.

                                                                                                                              2. 4

                                                                                                                                No dead 18 year old loses 7.5 hours of life. You’re saying that it’s cool for 0.004% of 18 year olds to die.

                                                                                                                                Also your calculation is BS because you’re not taking account of the long term health effects of non-fatal covid; and you’re not using any kind of quality of life adjustment. And over the whole population the calculation is different, and disease protection is a whole population effort.

                                                                                                                                1. 5

                                                                                                                                  You’re saying that it’s cool for 0.004% of 18 year olds to die.

                                                                                                                                  You make him say it, he didn’t.

                                                                                                                                  Every death is a tragedy in itself, but you should take some distance to find incoherence in this global situation.

                                                                                                                                  For example, according to WHO 4 millions of deaths are related each year to diabetes; yet do we see as much passion as for covid from governments and corporations to prevent it ? If not, we should ask ourselves why, especially if every people count. I am yet to see MacDonald’s lock down.

                                                                                                                                  And the same analysis can be said for pesticides, air pollution, water pollution, ground pollutions, cigarets, cancers, etc…

                                                                                                                                  1. 3

                                                                                                                                    To expand on what @Student said, mutations are a big reason to control spreading. Mutation is what gets you vaccine-resistant strains, not to mention the risk of more lethal strains.

                                                                                                                                    Diabetes isn’t contractable, nor does it mutate on infection.

                                                                                                                                    Externalities like pollution are even further distanced from infectious diseases.

                                                                                                                                    1. 1

                                                                                                                                      My point was more about deaths and how governments/corporations/media react to it, not targeting a death cause in particular.

                                                                                                                                      The current situation may have another meaning when you take some distance with just talking about covid and vaccines.

                                                                                                                                  2. 2

                                                                                                                                    Also your calculation is BS because you’re not taking account of the long term health effects of non-fatal covid

                                                                                                                                    The case rate of “long covid” is roughly the proportional to the death rate. That is, prolonged symptoms occur in people who might have died if their symptoms were more severe. Therefore, this has the same cost distribution as death does.

                                                                                                                                    and you’re not using any kind of quality of life adjustment.

                                                                                                                                    Of course I am.

                                                                                                                                    The costs of protection include reduced schooling, reduced economic activity, increased substance abuse, more suicides, more loneliness, reduced contact with loved ones, delayed cancer diagnoses, delayed childhood vaccinations, increased anxiety, lower wage growth, travel restrictions, reduced entertainment choices, and fewer opportunities for socializing and building friendships.

                                                                                                                                    I’d say that forcing a reduced quality of life on so many people is too big of a cost.

                                                                                                                                    And over the whole population the calculation is different, and disease protection is a whole population effort.

                                                                                                                                    The risk is primarily concentrated in the old.

                                                                                                                                    SARS-CoV-2 is highly discriminatory and views the old as easy targets. Had policy makers understood the enemy, they would have adopted different protocols for young and old. Politicians would have practiced focused protection, narrowing their efforts to the most vulnerable 11% of the population and freeing the remaining 89% of Americans from wasteful burdens.

                                                                                                                                    1. 1

                                                                                                                                      Would they really have adopted? Would that have been the right course of action?

                                                                                                                                      Seems someone in the comments is also trying to correct someone else being wrong on the internet:

                                                                                                                                      As is well known, as viral cases spread more mutations arise leading to further spread in the community. Blithely recommending that younger individuals should have simply avoided all covid protections flies in the face of prudent epidemiologic practice and ignores the costs associated with covid morbidities.

                                                                                                                                      Not to mention the pandemic that lasted 50 million years when one might think herd immunity should have been reached.

                                                                                                                                      Of course different countries have had different blunders and anyone’s free to believe what they want, but it’s as if some of the most basic things are forgotten in these opinionated discussions.

                                                                                                                                  3. 2

                                                                                                                                    Preach to the choir ;)

                                                                                                                                    Thanks for the interesting article, I will read it after work !

                                                                                                                                1. 12

                                                                                                                                  One thing that kinda like you in the eye under non-features:

                                                                                                                                  No output quality choice. yaydl assumes that you have a large hard drive and your internet connection is good enough, or else you would stream, not download.

                                                                                                                                  I would have thought that if I had a good connection, I wouldn’t care about downloading and could just stream at any time.

                                                                                                                                  1. 3

                                                                                                                                    When I’m downloading something then because I want a different quality or target format (mp3), but this is specifically unsupported by them. And more often that not you’ll realize there’s not “highest” version because there are at least two different formats that provide the same resolution and which you can’t compare just by their bitrate..

                                                                                                                                    1. 1

                                                                                                                                      Yeah, that’s all well, I agree it’s not as complete feature-wise. What I’ve meant is simply that they say “you have good connection or else you would stream”. And I thought, “well, if I had a good connection, then I might as well just stream, in whatever quality I choose”. Just seemed like a bogus argument for not implementing quality picker.

                                                                                                                                    2. 2

                                                                                                                                      I would have thought that if I had a good connection, I wouldn’t care about downloading

                                                                                                                                      I have a good connection (Gbps fibre) and I frequently download rather than stream because YouTube mid-stream ads are now a plague - I’ve seen videos with 5 ad breaks in the first 15 minutes. Or I’m trying to listen to an ambient mix by Cryo Chamber and I get an un-skippable 30s ad for some new severely non-ambient dance pop act. Or just trying to follow a tutorial where every 2 minutes I have to stop what I’m doing and get the cursor over to “Skip Ad” because if I don’t, I’m going to get 3 minutes of [whatever guff it is this week] before the content comes back.

                                                                                                                                      1. 5

                                                                                                                                        I’ve been able to avoid ads with ublock origin on desktop and sponsorblock for ‘native’ ads. maybe yt is able to sneak past ublock but i haven’t seen it yet.

                                                                                                                                        1. 2

                                                                                                                                          I recommend also the “Enhancer for YouTube” on the firefox plugin store to disable autoplay, theme youtube, have scroll-volume-control, select certain video qualities and most importantly set a default volume as youtube ignores media.default_volume. (You can disable all the additional controls in the settings if you’re overhelmed)

                                                                                                                                        2. 2

                                                                                                                                          I’m subscribed so I don’t get to see ads usually, but yeah, I see how it can make a differnce.

                                                                                                                                      1. 2

                                                                                                                                        My one question: Caddy is known for effortless TLS, has it on by default and makes it “just work”. Why can’t Maddy also automatically set up TLS, instead of having to use a cert acquired by some other means?

                                                                                                                                        1. 3

                                                                                                                                          Easier for Caddy since it’s a webserver and directly able to search the HTTP verification for LetsEncrypt. Whereas Maddy would either need write access to a directory to create the responses for {nginx, Apache} to serve or integrate a webserver itself - neither a good option if you’re trying to make a simple, secure mail serving solution.

                                                                                                                                          1. 3

                                                                                                                                            It could do dns verification, no web server required.

                                                                                                                                            1. 3

                                                                                                                                              But then it needs either write access to DNS server configs (directly by file or via an API) or an embedded DNS server. All that’s done is move the extra bits to a different port.

                                                                                                                                              1. 2

                                                                                                                                                it’s arguably much more simple to implement than starting a web server, configuring a firewall for it, routing, etc than, e.g. using an API to set a TXT record in DNS.

                                                                                                                                                1. 3

                                                                                                                                                  Sure. How many APIs are there for that?

                                                                                                                                                  bind9 has one. Amazon has one. Google, Rackspace, Hetzner, Linode, Digital Ocean, EasyDNS, NameCheap, CloudFlare… that’s ten. I bet I left out the most popular choices in Brazil, Mexico and the Czech Republic already, too.

                                                                                                                                                  1. 3

                                                                                                                                                    And almost all of those are supported by various acme clients, e.g. https://go-acme.github.io/lego/dns/

                                                                                                                                                    So you don’t even have to implement each one!

                                                                                                                                                  2. 2

                                                                                                                                                    Sure but not everyone has an API to set a TXT record in their DNS - my servers don’t. And I would be surprised if there was a consistent API between PowerDNS, BIND, MaraDNS, etc. All of which is more effort for Maddy’s developers for little gain when you can just link directly to the certbot storage and it’ll Just Work.

                                                                                                                                          1. 1

                                                                                                                                            I’m curious. what is the use case that is not covered by other user process databases like sqlite3?

                                                                                                                                            1. 4

                                                                                                                                              It’s literally postgres. Sqlite and postgres aren’t the same thing. Postgres has many more datatypes and builtin support for cool json stuff. If you only wanted to use sqlite for testing you’d have to either avoid using some datatypes or use an orm that will polyfill missing types and functions.

                                                                                                                                              Edit: sqlite also doesn’t support altering tables. The list of differences just goes on and on. What’s the value in have test specific code? (I’ve definitely done this before too)

                                                                                                                                              1. 3

                                                                                                                                                Just pointing out that SQLite definitely has some JSON support https://sqlite.org/json1.html#the_json_function as well as ALTER TABLE support https://sqlite.org/lang_altertable.html

                                                                                                                                                1. 1

                                                                                                                                                  Yes JSON functions are available if you load the extension. But it’s not built in. Every db has lots of extensions. And even then if you’re using JSON in Postgres or MySQL you’re probably using the d->>‘x’->y syntax and that doesn’t exist in SQLite so you do need to have a transform layer before generating SQL if you want to support both.

                                                                                                                                                  And yes good callout; I think it’s just that you cannot change a column type in SQLite? It’s been a bit since I was doing work on it.

                                                                                                                                                  1. 4

                                                                                                                                                    For go at least, modernc.org/sqlite has the JSON support fully working out of the box.

                                                                                                                                                    1. 3

                                                                                                                                                      Gotcha, thanks.

                                                                                                                                                    2. 2

                                                                                                                                                      Yes JSON functions are available if you load the extension. But it’s not built in.

                                                                                                                                                      I think a lot of people build their distribution of sqlite3 from the amalgamation which does have JSON support built-in.

                                                                                                                                                      e.g. immediately to hand I have macOS Monterey (SQLite v3.35.3), Arch (v3.35.5), Cygwin (v3.34.0) all have the JSON support natively. On the other hand, my NAS (SQLite v3.8.4.3 from 2014) doesn’t have it.

                                                                                                                                                      (edit: has -> have)

                                                                                                                                                      1. 2

                                                                                                                                                        Ah cool, makes sense.

                                                                                                                                                  2. 2

                                                                                                                                                    Title says “in application or test”, I guess I should have been more specific, I didn’t mean the test part, that was obvious to me.

                                                                                                                                                  3. 1

                                                                                                                                                    automating the testing of postgres queries, stored procedures, etc, that are expressed in the source code of a Go program.

                                                                                                                                                  1. 2

                                                                                                                                                    The only time I’ve used Jumbo Frames was between the front and back ends of a news server (early 2000s) because there’s a lot of traffic from the storage to the readers and it made a measurable difference. No issues with routing changes etc. because they had their own subnet for this traffic to avoid saturating other people’s links.

                                                                                                                                                    (edit: We may also have used them from the transit boxes to the storage but my memory is vague there.)

                                                                                                                                                    1. 1

                                                                                                                                                      This is not a valid URL. Certain web browsers will “fix” this URL by converting it to http://pn.com/. The same browser will convert http://arstechnica/ to http://arstechnica.com/ for example. It’s just the browser trying to be “user friendly” by adding “.com” if the hostname doesn’t contain a TLD. But try it with curl or wget and it will fail correctly.

                                                                                                                                                      1. 3
                                                                                                                                                        $ curl -Iv http://pn
                                                                                                                                                        *   Trying 139.162.17.173...
                                                                                                                                                        * TCP_NODELAY set
                                                                                                                                                        * Connected to pn (139.162.17.173) port 80 (#0)
                                                                                                                                                        > HEAD / HTTP/1.1
                                                                                                                                                        > Host: pn
                                                                                                                                                        > User-Agent: curl/7.64.1
                                                                                                                                                        > Accept: */*
                                                                                                                                                        >
                                                                                                                                                        < HTTP/1.1 200 OK
                                                                                                                                                        HTTP/1.1 200 OK
                                                                                                                                                        < Date: Tue, 08 Jun 2021 15:29:28 GMT
                                                                                                                                                        Date: Tue, 08 Jun 2021 15:29:28 GMT
                                                                                                                                                        < Server: Apache/2.2.22 (Debian)
                                                                                                                                                        Server: Apache/2.2.22 (Debian)
                                                                                                                                                        < Last-Modified: Thu, 30 Jul 2015 00:14:34 GMT
                                                                                                                                                        Last-Modified: Thu, 30 Jul 2015 00:14:34 GMT
                                                                                                                                                        < ETag: "e0003-b1-51c0c9688ffb3"
                                                                                                                                                        ETag: "e0003-b1-51c0c9688ffb3"
                                                                                                                                                        < Accept-Ranges: bytes
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        < Content-Length: 177
                                                                                                                                                        Content-Length: 177
                                                                                                                                                        < Vary: Accept-Encoding
                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                        < Connection: close
                                                                                                                                                        Connection: close
                                                                                                                                                        < Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        
                                                                                                                                                        <
                                                                                                                                                        * Closing connection 0
                                                                                                                                                        
                                                                                                                                                        1. 2
                                                                                                                                                          $ curl -Iv http://pn/
                                                                                                                                                          * Could not resolve host: pn
                                                                                                                                                          * Closing connection 0
                                                                                                                                                          curl: (6) Could not resolve host: pn
                                                                                                                                                          

                                                                                                                                                          The difference has to be in our DNS servers.

                                                                                                                                                          If I use the DNS server 1.1.1.1, it works. If I use the DNS server 8.8.8.8, it does not work.

                                                                                                                                                          1. 1

                                                                                                                                                            oh weird, I wonder if google just drops TLD requests. not like it really affects anyone.

                                                                                                                                                            1. 2
                                                                                                                                                              % dig @8.8.8.8 pn.
                                                                                                                                                              
                                                                                                                                                              ;; QUESTION SECTION:
                                                                                                                                                              ;pn.				IN	A
                                                                                                                                                              
                                                                                                                                                              ;; ANSWER SECTION:
                                                                                                                                                              pn.			21599	IN	A	139.162.17.173
                                                                                                                                                              

                                                                                                                                                              Google properly resolves pn.

                                                                                                                                                              1. 2

                                                                                                                                                                That command didn’t work for me 2 hours ago, but it is working now.

                                                                                                                                                        2. 2

                                                                                                                                                          This is not a valid URL.

                                                                                                                                                          Unless I’m reading the ABNF in RFC3986 (“Uniform Resource Identifier (URI): Generic Syntax”) incorrectly, it’s a valid URI (and also a valid URL) because reg-name can be 0-or-more unreserved which includes ALPHA. Hence pn is a valid reg-name and the whole is a valid URI.

                                                                                                                                                          Additionally, the regexp they give for parsing URIs accepts http://pn/ and spits out the correct fields.

                                                                                                                                                          > echo "http://pn/" | perl -nle '@a = ($_=~m%^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?%);print join(" | ", @a);'
                                                                                                                                                          http: | http | //pn | pn | / |  |  |  |
                                                                                                                                                          

                                                                                                                                                          Which gives us scheme = http, authority = pn, path = /, query = "", fragment = "".

                                                                                                                                                          1. 2

                                                                                                                                                            You are correct, it is correct URL syntax. (Since ‘pn’ doesn’t resolve on my system, I made the mistake of thinking it was unresolvable, hence http://pn/ doesn’t point at anything, hence it isn’t valid. I now understand I was wrong about this.)

                                                                                                                                                        1. 78

                                                                                                                                                          It would help if Firefox would actually make a better product that’s not a crappy Chrome clone. The “you need to do something different because [abstract ethical reason X]” doesn’t work with veganism, it doesn’t work with chocolate sourced from dubious sources, it doesn’t work with sweatshop-based clothing, doesn’t work with Free Software, and it sure as hell isn’t going to work here. Okay, some people are going to do it, but not at scale.

                                                                                                                                                          Sometimes I think that Mozilla has been infiltrated by Google people to sabotage it. I have no evidence for this, but observed events don’t contradict it either.

                                                                                                                                                          1. 24

                                                                                                                                                            It would help if Firefox would actually make a better product that’s not a crappy Chrome clone. The “you need to do something different because [abstract ethical reason X]” doesn’t work with veganism, it doesn’t work with chocolate sourced from dubious sources, it doesn’t work with sweatshop-based clothing, doesn’t work with Free Software, and it sure as hell isn’t going to work here. Okay, some people are going to do it, but not at scale.

                                                                                                                                                            I agree, but the deck is stacked against Mozilla. They are a relatively small nonprofit largely funded by Google. Structurally, there is no way they can make a product that competes. The problem is simply that there is no institutional counterweight to big tech right now, and the only real solutions are political: antitrust, regulation, maybe creating a publicly-funded institution with a charter to steward the internet in the way Mozilla was supposed to. There’s no solution to the problem merely through better organizational decisions or product design.

                                                                                                                                                            1. 49

                                                                                                                                                              I don’t really agree; there’s a lot of stuff they could be doing better, like not pushing out updates that change the colour scheme in such a way that it becomes nigh-impossible to see which tab is active. I don’t really care about “how it looks”, but this is just objectively bad. Maybe if you have some 16k super-HD IPS screen with perfect colour reproduction at full brightness in good office conditions it’s fine, but I just have a shitty ThinkPad screen and the sun in my home half the time (you know, like a normal person). It’s darn near invisible for me, and I have near-perfect eyesight (which not everyone has). I spent some time downgrading Firefox to 88 yesterday just for this – which it also doesn’t easily allow, not if you want to keep your profile anyway – because I couldn’t be arsed to muck about with userChrome.css hacks. Why can’t I just change themes? Or why isn’t there just a setting to change the colour?

                                                                                                                                                              There’s loads of other things; one small thing I like to do is not have a “x” on tabs to close it. I keep clicking it by accident because I have the motor skills of a 6 year old and it’s rather annoying to keep accidentally closing tabs. It used to be a setting, then it was about:config, then it was a userChrome.css hack, now it’s a userChrome.css hack that you need to explicitly enable in about:config for it to take effect, and in the future I probably need to sacrifice a goat to our Mozilla overlords if I want to change it.

                                                                                                                                                              I also keep accidentally bookmarking stuff. I press ^D to close terminal windows and sometimes Firefox is focused and oops, new bookmark for you! Want to configure keybinds for Firefox? Firefox say no; you’re not allowed, mere mortal end user; our keybinds are perfect and work for everyone, there must be something wrong with you if you don’t like it! It’s pretty darn hard to hack around this too – more time than I was willing to spend on it anyway – so I just accepted this annoyance as part of my life 🤷

                                                                                                                                                              “But metrics show only 1% of people use this!” Yeah, maybe; but 1% here and 5% there and 2% somewhere else and before you know it you’ve annoyed half (of not more) of your userbase with a bunch of stuff like that. It’s the difference between software that’s tolerable and software that’s a joy to use. Firefox is tolerable, but not a joy. I’m also fairly sure metrics are biased as especially many power users disable it, so while useful, blindly trusting it is probably not a good idea (I keep it enabled for this reason, to give some “power user” feedback too).

                                                                                                                                                              Hell, I’m not even a “power user” really; I have maybe 10 tabs open at the most, usually much less (3 right now) and most settings are just the defaults because I don’t really want to spend time mucking about with stuff. I just happen to be a programmer with an interest in UX who cares about a healthy web and knows none of this is hard, just a choice they made.

                                                                                                                                                              These are all really simple things; not rocket science. As I mentioned a few days ago, Firefox seems have fallen victim to a mistaken and fallacious mindset in their design.

                                                                                                                                                              Currently Firefox sits in a weird limbo that satisfies no one: “power users” (which are not necessarily programmers and the like, loads of people with other jobs interested in computers and/or use computers many hours every day) are annoyed with Firefox because they keep taking away capabilities, and “simple” users are annoyed because quite frankly, Chrome gives a better experience in many ways (this, I do agree, is not an easy problem to solve, but it does work “good enough” for most). And hey, even “simple” users occasionally want to do “difficult” things like change something that doesn’t work well for them.

                                                                                                                                                              So sure, while there are some difficult challenges Firefox faces in competing against Google, a lot of it is just simple every-day stuff where they just choose to make what I consider to be a very mediocre product with no real distinguishing features at best. Firefox has an opportunity to differentiate themselves from Chrome by saying “yeah, maybe it’s a bit slower – it’s hard and we’re working on that – but in the meanwhile here’s all this cool stuff you can do with Firefox that you can’t with Chrome!” I don’t think Firefox will ever truly “catch up” to Chrome, and that’s fine, but I do think they can capture and retain a healthy 15%-20% (if not more) with a vision that consists of more than “Chrome is popular, therefore, we need to copy Chrome” and “use us because we’re not Chrome!”

                                                                                                                                                              1. 21

                                                                                                                                                                Speaking of key bindings, Ctrl + Q is still “quit without any confirmation”. Someone filed a bug requesting this was changeable (not even default changed), that bug is now 20 years old.

                                                                                                                                                                It strikes me that this would be a great first issue for a new contributor, except the reason it’s been unfixed for so long is presumably that they don’t want it fixed.

                                                                                                                                                                1. 9

                                                                                                                                                                  A shortcut to quit isn’t a problem, losing user data when you quit is a problem. Safari has this behaviour too, and I quite often hit command-Q and accidentally quit Safari instead of the thing I thought I was quitting (since someone on the OS X 10.8 team decided that the big visual clues differentiating the active window and others was too ugly and removed it). It doesn’t bother me, because when I restart Safari I get back the same windows, in the same positions, with the same tabs, scrolled to the same position, with the same unsaved form data.

                                                                                                                                                                  I haven’t used Firefox for a while, so I don’t know what happens with Firefox, but if it isn’t in the same position then that’s probably the big thing to fix, since it also impacts experience across any other kind of browser restart (OS reboots, crashes, security updates). If accidentally quitting the browser loses you 5-10 seconds of time, it’s not a problem. If it loses you a load of data then it’s really annoying.

                                                                                                                                                                  1. 4

                                                                                                                                                                    Firefox does this when closing tabs (restoring closed tabs usually restores form content etc.) but not when closing the window.

                                                                                                                                                                    The weird thing is that it does actually have a setting to confirm when quitting, it’s just that it only triggers when you have multiple tabs or windows open and not when there’s just one tab 🤷

                                                                                                                                                                    1. 1

                                                                                                                                                                      The weird thing is that it does actually have a setting to confirm when quitting, it’s just that it only triggers when you have multiple tabs or windows open and not when there’s just one tab

                                                                                                                                                                      Does changing browser.tabs.closeWindowWithLastTab in about:config fix that?

                                                                                                                                                                      1. 1

                                                                                                                                                                        I have it set to false already, I tested it to make sure and it doesn’t make a difference (^W won’t close the tab, as expected, but ^Q with one tab will still just quit).

                                                                                                                                                                    2. 2

                                                                                                                                                                      I quite often hit command-Q and accidentally quit Safari

                                                                                                                                                                      One of the first things I do when setting up a new macOS user for myself is adding alt-command-Q in Preferences → Keyboard → Shortcuts → App Shortcuts for “Quit Safari” in Safari. Saves my sanity every day.

                                                                                                                                                                      1. 1

                                                                                                                                                                        Does this somehow remove the default ⌘Q binding?

                                                                                                                                                                        1. 1

                                                                                                                                                                          Yes, it changes the binding on the OS level, so the shortcut hint in the menu bar is updated to show the change

                                                                                                                                                                          1. 1

                                                                                                                                                                            It overrides it - Safari’s menu shows ⌥⌘Q against “Quit Safari”.

                                                                                                                                                                          2. 1

                                                                                                                                                                            You can do this in windows for firefox (or any browser) too with an autohotkey script. You can set it up to catch and handle a keypress combination before it reaches any other application. This will be global of course and will disable and ctrl-q hotkey in all your applications, but if you want to get into detail and write a more complex script you can actually check which application has focus and only block the combination for the browser.

                                                                                                                                                                          3. 2

                                                                                                                                                                            This sounds like something Chrome gets right - if I hit CMD + Q I get a prompt saying “Hold CMD+Q to Quit” which has prevented me from accidentally quitting lots of times. I assumed this was MacOS behaviour, but I just tested Safari and it quit immediately.

                                                                                                                                                                          4. 6

                                                                                                                                                                            Disabling this shortcut with browser.quitShortcut.disabled works for me, but I agree that bug should be fixed.

                                                                                                                                                                            1. 1

                                                                                                                                                                              Speaking of key bindings, Ctrl + Q is still “quit without any confirmation”.

                                                                                                                                                                              That was fixed a long time ago, at least on Linux. When I press it, a modal says “You are about to close 5 windows with 24 tabs. Tabs in non-private windows will be restored when you restart.” ESC cancels.

                                                                                                                                                                              1. 1

                                                                                                                                                                                That’s strange. I’m using latest Firefox, from Firefox, on Linux, and I don’t ever get a prompt. Another reply suggested a config tweak to try.

                                                                                                                                                                                1. 1

                                                                                                                                                                                  I had that problem for a while but it went away. I have browser.quitShortcut.disabled as false in about:config. I’m not sure if it’s a default setting or not.

                                                                                                                                                                                  1. 1

                                                                                                                                                                                    quitShortcut

                                                                                                                                                                                    It seems that this defaults to false. The fact you have it false, but don’t experience the problem, is counter-intuitive to me. Anyway the other poster’s suggestion was to flip this, so I’ll try that. Thanks!

                                                                                                                                                                                    1. 1

                                                                                                                                                                                      That does seem backwards. Something else must be overriding it. I’m using Ubuntu 20.04, if that matters. I just found an online answer that mentions the setting.

                                                                                                                                                                            2. 7

                                                                                                                                                                              On one level, I disagree – I have zero problems with Firefox. My only complaint is that sometimes website that are built to be Chrome-only don’t work sometimes, which isn’t really Firefox’s problem, but the ecosystem’s problem (see my comment above about antitrust, etc). But I will grant you that Firefox’s UX could be better, that there are ways the browser could be improved in general. However, I disagree here:

                                                                                                                                                                              retain a healthy 15%-20% (if not more)

                                                                                                                                                                              I don’t think this is possible given the amount of resources Firefox has. No matter how much they improve Firefox, there are two things that are beyond their control:

                                                                                                                                                                              1. Most users use Google products (gmail, calendar, etc), and without an antitrust case, these features will be seamlessly integrated into Chrome, and not Firefox.
                                                                                                                                                                              2. Increasingly, websites are simple not targeting Firefox for support, so normal users who want to say, access online banking, are SOL on Firefox. (This happens to me, I still have to use Chrome for some websites)

                                                                                                                                                                              Even the best product managers and engineers could not reverse Firefox’s design. We need a political solution, unless we want the web to become Google Web (tm).

                                                                                                                                                                              1. 3

                                                                                                                                                                                Why can’t I just change themes?

                                                                                                                                                                                You can. The switcher is at the bottom of the Customize Toolbar… view.

                                                                                                                                                                                1. 2

                                                                                                                                                                                  Hm, last time I tried this it didn’t do much of anything other than change the colour of the toolbar to something else or a background picture; but maybe it’s improved now. I’ll have a look next time I try mucking about with 89 again; thanks!

                                                                                                                                                                                  1. 3

                                                                                                                                                                                    You might try the Firefox Colors extension, too. It’s a pretty simple custom theme builder.

                                                                                                                                                                                    1. 2

                                                                                                                                                                                      https://color.firefox.com/ to save the trouble of searching.

                                                                                                                                                                                2. 4

                                                                                                                                                                                  I agree with Firefox’s approach of choosing mainstream users over power-users - that’s the only way they’ll ever have 10% or more of users. Firefox is doing things with theming that I wish other systems would do - they have full “fresco” themes (images?) in their chrome! It looks awesome! I dream about entire DEs and app suites built from the ground up with the same theme of frescoes (but with an different specific fresco for each specific app, perhaps tailored to that app). Super cool!

                                                                                                                                                                                  I don’t like the lack of contrast on the current tab, but “give users the choice to fix this very specific issue or not” tends to be extremely shortsighted - the way to fix it is to fix it. Making it optional means yet another maintenance point on an already underfunded system, and doesn’t necessarily even fix the problem for most users!

                                                                                                                                                                                  More importantly, making ultra-specific optionss like that is usually pushing decisions onto the user as a method of avoiding internal politicking/arguments, and not because pushing to the user is the optimal solution for that specific design aspect.

                                                                                                                                                                                  1. 2

                                                                                                                                                                                    As for the close button, I am like you. You can set browser.tabs.tabClipWidth to 1000. Dunno if it is scheduled to be removed.

                                                                                                                                                                                    As for most of the other grips, adding options and features to cater for the needs of a small portion of users has a maintenance cost. Maybe adding the option is only one line, but then a new feature needs to work with the option enabled and disabled. Removing options is just a way to keep the code lean.

                                                                                                                                                                                    My favorite example in the distribution world is Debian. Debian supports tries to be the universal OS. We are drowning with having to support everything. For examples, supporting many init systems is more work. People will get to you if there is a bug in the init system you don’t use. You spend time on this. At the end, people not liking systemd are still unhappy and switch to Devuan which supports less init systems. I respect Mozilla to keep a tight ship and maintaining only the features they can support.

                                                                                                                                                                                    1. 7

                                                                                                                                                                                      Nobody would say anything if their strategy worked. The core issue is that their strategy obviously doesn’t work.

                                                                                                                                                                                      adding options and features to cater for the needs of a small portion of users

                                                                                                                                                                                      It ’s not even about that.

                                                                                                                                                                                      It’s removing things that worked and users liked by pretending that their preferences are invalid. (And every user belongs to some minority that likes a feature others may be unaware of.)

                                                                                                                                                                                      See the recent debacle of gradually blowing up UI sizes, while removing options to keep them as they were previously.

                                                                                                                                                                                      Somehow the saved cost to support some feature doesn’t seem to free up enough resources to build other things that entice users to stay.

                                                                                                                                                                                      All they do with their condescending arrogance on what their perfectly spherical idea of a standard Firefox user needs … is making people’s lives miserable.

                                                                                                                                                                                      They fired most of the people that worked on things I was excited about, and it seems all that’s left are some PR managers and completely out-of-touch UX “experts”.

                                                                                                                                                                                      1. 4

                                                                                                                                                                                        As for most of the other grips, adding options and features to cater for the needs of a small portion of users has a maintenance cost. Maybe adding the option is only one line, but then a new feature needs to work with the option enabled and disabled. Removing options is just a way to keep the code lean.

                                                                                                                                                                                        It seems to me that having useful features is more important than having “lean code”, especially if this “lean code” is frustrating your users and making them leave.

                                                                                                                                                                                        I know it’s easy to shout stuff from the sidelines, and I’m also aware that there may be complexities I may not be aware of and that I’m mostly ignorant of the exact reasoning behind many decisions (most of us here are really, although I’ve seen a few Mozilla people around), but what I do know is that 1) Firefox as a product has been moving in a certain direction for years, 2) that Firefox has been losing users for years, 3) that I know few people who truly find Firefox an amazing browser that a joy to use, and that in light of that 4) keep doing the same thing you’ve been doing for years is probably not a good idea, and 5) that doing the same thing but doing it harder is probably an even worse idea.

                                                                                                                                                                                        I also don’t think that much of this stuff is all that much effort. I am not intimately familiar with the Firefox codebase, but how can a bunch of settings add an insurmountable maintenance burden? These are not “deep” things that reach in to the Gecko engine, just comparatively basic UI stuff. There are tons of projects with a much more complex UI and many more settings.

                                                                                                                                                                                        Hell, I’d argue that even removing the RSS was also a mistake – they should have improved it instead, especially after Google Reader’s demise there was a huge missed opportunity there – although it’s a maintenance burden trade-off I can understand it better, it also demonstrates a lack of vision to just say “oh, it’s old crufty code, not used by many (not a surprise, it sucked), so let’s just remove it, people can just install an add-on if they really want it”. This is also a contradiction with Firefox’s mantra of “most people use the defaults, and if it’s not used a lot we can just remove it”. Well, if that’s true then you can ship a browser with hardly any features at all, and since most people will use the defaults they will use a browser without any features.

                                                                                                                                                                                        Browsers like Brave and Vivaldi manage to do much of this; Vivaldi has an entire full-blown email client. I’d wager that a significant portion of the people leaving Firefox are actually switching to those browsers, not Chrome as such (but they don’t show up well in stats as they identify as “Chrome”). Mozilla nets $430 million/year; it’s not a true “giant” like Google or Apple, but it’s not small either. Vivaldi has just 55 employees (2021, 35 in 2017); granted, they do less than Mozilla, but it doesn’t require a huge team to do all of this.

                                                                                                                                                                                        And every company has limited resources; it’s not like the Chrome team is a bottomless pit of resources either. A number of people in this thread express the “big Google vs. small non-profit Mozilla”-sentiment here, but it doesn’t seem that clear-cut. I can’t readily find a size for the Chrome team on the ‘net, but I checked out the Chromium source code and let some scripts loose on that: there are ~460 Google people with non-trivial commits in 2020, although quite a bit seems to be for ChromeOS and not the browser part strictly speaking, so my guestimate is more 300 people. A large team? Absolutely. But Mozilla’s $430/million a year can match this with ~$1.5m/year per developer. My last company had ~70 devs on much less revenue (~€10m/year). Basically they have the money to spare to match the Chrome dev team person-for-person. Mozilla does more than just Firefox, but they can still afford to let a lot of devs loose on Gecko/Firefox (I didn’t count the number devs for it, as I got some other stuff I want to do this evening as well).

                                                                                                                                                                                        It’s all a matter of strategy; history is littered with large or even huge companies that went belly up just because they made products that didn’t fit people’s demands. I fear Firefox will be in the same category. Not today or tomorrow, but in five years? I’m not so sure Firefox will still be around to be honest. I hope I’m wrong.

                                                                                                                                                                                        As for your Debian comparison; an init system is a fundamental part of the system; it would be analogous to Firefox supporting different rendering or JS engines. It’s not even close to the same as “an UI to configure key mappings” or “a bunch of settings for stuff you can actually already kind-of do but with hacks that you need to explicitly search for and most users don’t know it exists”, or even a “built-in RSS reader that’s really good and a great replacement for Google Reader”.

                                                                                                                                                                                        1. 2

                                                                                                                                                                                          I agree with most of what you said. Notably the removal of RSS support. I don’t work for Mozilla and I am not a contributor, so I really can’t answer any of your questions.

                                                                                                                                                                                          Another example of maintaining a feature would be Alsa support. It has been removed, this upsets some users, but for me, this is understandable as they don’t want to handle bug reports around this or the code to get in the way of some other features or refactors. Of course, I use Pulseaudio, so I am quite biased.

                                                                                                                                                                                          1. 4

                                                                                                                                                                                            I think ALSA is a bad example; just use Pulseaudio. It’s long since been the standard, everyone uses it, and this really is an example of “147 people who insist on having an überminimal Linux on Reddit being angry”. It’s the kind of technical detail with no real user-visible changes that almost no one cares about. Lots of effort with basically zero or extremely minimal tangible benefits.

                                                                                                                                                                                            And ALSA is a not even a good or easy API to start with. I’m pretty sure that the “ALSA purists” never actually tried to write any ALSA code otherwise they wouldn’t be ALSA purists but ALSA haters, as I’m confident there is not a single person that has programmed with ALSA that is not an ALSA hater to some degree.

                                                                                                                                                                                            Pulseaudio was pretty buggy for a while, and its developer’s attitude surrounding some of this didn’t really help, because clearly if tons of people are having issues then all those people are just “doing it wrong” and is certainly not a reason to fix anything, right? There was a time that I had a keybind to pkill pulseaudio && pulseaudio --start because the damn thing just stopped working so often. The Grand Pulseaudio Rollout was messy, buggy, broke a lot of stuff, and absolutely could have been handled better. But all of that was over a decade ago, and it does actually provide value. Most bugs have been fixed years ago, Poettering hasn’t been significantly involved since 2012, yet … people still hold an irrational hatred towards it 🤷

                                                                                                                                                                                            1. 1

                                                                                                                                                                                              ALSA sucks, but PulseAudio is so much worse. It still doesn’t even actually work outside the bare basics. Firefox forced me to put PA on and since then, my mic randomly spews noise and sound between programs running as different user ids is just awful. (I temporarily had that working better though some config changes, then a PA update - hoping to fix the mic bug - broke this… and didn’t fix the mic bug…)

                                                                                                                                                                                              I don’t understand why any program would use the PA api instead of the alsa ones. All my alsa programs (including several I’ve made my own btw, I love it whenever some internet commentator insists I don’t exist) work equally as well as pulse programs on the PA system… but also work fine on systems where audio actually works well (aka alsa systems). Using the pulse api seems to be nothing but negatives.

                                                                                                                                                                                      2. 1

                                                                                                                                                                                        Not sure if this will help you but I absolutely cannot STAND the default Firefox theme so I use this: https://github.com/ideaweb/firefox-safari-style

                                                                                                                                                                                        I stick with Firefox over Safari purely because it’s devtools are 100x better.

                                                                                                                                                                                      3. 10

                                                                                                                                                                                        There’s also the fact that web browsers are simply too big to reimplement at this point. The best Mozilla can do (barely) is try to keep up with the Google-controlled Web Platform specs, and try to collude with Apple to keep the worst of the worst from being formally standardized (though Chrome will implement them anyway). Their ability to do even that was severely impacted by their layoffs last year. At some point, Apple is going to fold and rebase Safari on Chromium, because maintaining their own browser engine is too unprofitable.

                                                                                                                                                                                        At this point, we need to admit that the web belongs to Google, and use it only to render unto Google what is Google’s. Our own traffic should be on other protocols.

                                                                                                                                                                                        1. 8

                                                                                                                                                                                          For a scrappy nonprofit they don’t seem to have any issues paying their executives millions of dollars.

                                                                                                                                                                                          1. 1

                                                                                                                                                                                            I mean, I don’t disagree, but we’re still talking several orders of magnitude less compensation than Google’s execs.

                                                                                                                                                                                            1. 5

                                                                                                                                                                                              A shit sandwich is a shit sandwich, no matter how low the shit content is.

                                                                                                                                                                                              (And no, no one is holding a gun to Mozilla’s head forcing them to hire in high-CoL/low-productivity places.)

                                                                                                                                                                                          2. 1

                                                                                                                                                                                            Product design can’t fix any of these problems because nobody is paying for the product. The more successful it is, the more it costs Mozilla. The only way to pay the rent with free-product-volume is adtech, which means spam and spying.

                                                                                                                                                                                            1. 4

                                                                                                                                                                                              Exactly why I think the problem requires a political solution.

                                                                                                                                                                                          3. 8

                                                                                                                                                                                            I don’t agree this is a vague ethical reason. Problem with those are concerns like deforestation (and destruction of habitats for smaller animals) to ship almond milk across the globe, and sewing as an alternative to poverty and prostitution, etc.

                                                                                                                                                                                            The browser privacy question is very quantifiable and concrete, the source is in the code, making it a concrete ethical-or-such choice.

                                                                                                                                                                                            ISTR there even being a study or two where people were asked about willingness to being spied upon, people who had no idea their phones were doing what was asked about, and being disconcerted after the fact. That’s also a concrete way to raise awareness.

                                                                                                                                                                                            At the end of the day none of this may matter if people sign away their rights willingly in favor of a “better” search-result filter bubble.

                                                                                                                                                                                            1. 11

                                                                                                                                                                                              I don’t think they’re vague (not the word I used) but rather abstract; maybe that’s no the best word either but what I mean with it is that it’s a “far from my bed show” as we would say in Dutch. Doing $something_better on these topics has zero or very few immediate tangible benefits, but rather more abstract long-term benefits. And in addition it’s also really hard to feel that you’re really making a difference as a single individual. I agree with you that these are important topics, it’s just that this type of argument is simply not all that effective at really making a meaningful impact. Perhaps it should be, but it’s not, and exactly because it’s important we need to be pragmatic about the best strategy.

                                                                                                                                                                                              And if you’re given the choice between “cheaper (or better) option X” vs. “more expensive (or inferior) option Y with abstract benefits but no immediate ones”, then I can’t really blame everyone for choosing X either. Life is short, lots of stuff that’s important, and can’t expect everyone to always go out of their way to “do the right thing”, if you can even figure out what the “right thing” is (which is not always easy or black/white).

                                                                                                                                                                                              1. 1

                                                                                                                                                                                                My brain somehow auto-conflated the two, sorry!

                                                                                                                                                                                                I think we agree that the reasoning in these is inoptimal either way.

                                                                                                                                                                                                Personally I wish these articles weren’t so academic, and maybe not in somewhat niche media, but instead mainstream publications would run “Studies show people do not like to be spied upon yet they are - see the shocking results” clickbaity stuff.

                                                                                                                                                                                                At least it wouldn’t hurt for a change.

                                                                                                                                                                                                1. 1

                                                                                                                                                                                                  It probably wasn’t super-clear what exactly was intended with that in the first place so easy enough of a mistake to make 😅

                                                                                                                                                                                                  As for articles, I’ve seen a bunch of them in mainstream Dutch newspapers in the last two years or so; so there is some amount of attention being given to this. But as I expended on in my other lengthier comment, I think the first step really ought to be making a better product. Not only is this by far the easiest to do and within our (the community’s) power to do, I strongly suspect it may actually be enough, or at least go a long way.

                                                                                                                                                                                                  It’s like investing in public transport is better than shaming people for having a car, or affordable meat alternatives is a better alternative than shaming people for eating meat, etc.

                                                                                                                                                                                            2. 7

                                                                                                                                                                                              I agree to an extent. Firefox would do well to focus on the user experience front.

                                                                                                                                                                                              I switched to Firefox way back in the day, not because of vague concerns about the Microsoft hegemony, or even concerns about web standards and how well each browser implemented them. I switched because they introduced the absolutely groundbreaking feature that is tabbed browsing, which gave a strictly better user experience.

                                                                                                                                                                                              I later switched to Chrome when it became obvious that it was beating Firefox in terms of performance, which is also a factor in user experience.

                                                                                                                                                                                              What about these days? Firefox has mostly caught up to Chrome on the performance point. But you know what’s been the best user experience improvement I’ve seen lately? Chrome’s tab groups feature. It’s a really simple idea, but it’s significantly improved the way I manage my browser, given that I tend to have a huge number of tabs open.

                                                                                                                                                                                              These are the kinds of improvements that I’d like to see Firefox creating, in order to lure people back. You can’t guilt me into trying a new browser, you have to tempt me.

                                                                                                                                                                                              1. 10

                                                                                                                                                                                                But you know what’s been the best user experience improvement I’ve seen lately? Chrome’s tab groups feature. It’s a really simple idea, but it’s significantly improved the way I manage my browser, given that I tend to have a huge number of tabs open.

                                                                                                                                                                                                Opera had this over ten years ago (“tab stacking”, added in Opera 11 in 2010). Pretty useful indeed, even with just a limited number of tabs. It even worked better than Chrome groups IMO. Firefox almost-kind-of has this with container tabs, which are a nice feature actually (even though I don’t use it myself), and with a few UX enhancements on that you’ve got tab groups/stacking.

                                                                                                                                                                                                Opera also introduced tabbed browsing by the way (in 2000 with Opera 4, about two years before Mozilla added it in Phoenix, which later became Firefox). Opera was consistently way ahead of the curve on a lot of things. A big reason it never took off was because for a long time you had to pay for it (until 2005), and after that it suffered from “oh, I don’t want to pay for it”-reputation for years. It also suffered from sites not working; this often (not always) wasn’t even Opera’s fault as frequently this was just a stupid pointless “check” on the website’s part, but those were popular in those days to tell people to not use IE6 and many of them were poor and would either outright block Opera or display a scary message. And being a closed-source proprietary product also meant it never got the love from the FS/OSS crowd and the inertia that gives (not necessarily a huge inertia, but still).

                                                                                                                                                                                                So Firefox took the world by storm in the IE6 days because it was free and clearly much better than IE6, and when Opera finally made it free years later it was too late to catch up. I suppose the lesson here is that “a good product” isn’t everything or a guarantee for success, otherwise we’d all be using Opera (Presto) now, but it certainly makes it a hell of a lot easier to achieve success.

                                                                                                                                                                                                Opera had a lot of great stuff. I miss Opera 😢 Vivaldi is close (and built by former Opera devs) but for some reason it’s always pretty slow on my system.

                                                                                                                                                                                                1. 1

                                                                                                                                                                                                  This is fair and I did remember Opera being ahead of the curve on some things. I don’t remember why I didn’t use it, but it being paid is probably why.

                                                                                                                                                                                                  1. 1

                                                                                                                                                                                                    I agree, I loved the Presto-era Opera and I still use the Blink version as my main browser (and Opera Mobile on Android). It’s still much better than Chrome UX-wise.

                                                                                                                                                                                                  2. 4

                                                                                                                                                                                                    I haven’t used tab groups, but it looks pretty similar to Firefox Containers which was introduced ~4 years ahead of that blog post. I’ll grant that the Chrome version is built-in and looks much more polished and general purpose than the container extension, so the example is still valid.

                                                                                                                                                                                                    I just wanted to bring this up because I see many accusations of Firefox copying Chrome, but I never see the reverse being called out. I think that’s partly because Chrome has the resources to take Mozilla’s ideas and beat them to market on it.

                                                                                                                                                                                                    Disclaimer: I’m a Mozilla employee

                                                                                                                                                                                                  3. 4

                                                                                                                                                                                                    One challenge for people making this kind of argument is that predictions of online-privacy doom and danger often don’t match people’s lived experiences. I’ve been using Google’s sites and products for over 20 years and have yet to observe any real harm coming to me as a result of Google tracking me. I think my experience is typical: it is an occasional minor annoyance to see repetitive ads for something I just bought, and… that’s about the extent of it.

                                                                                                                                                                                                    A lot of privacy advocacy seems to assume that readers/listeners believe it’s an inherently harmful thing for a company to have information about them in a database somewhere. I believe privacy advocates generally believe that, but if they want people to listen to arguments that use that assumption as a starting point, they need to do a much better job offering non-circular arguments about why it’s bad.

                                                                                                                                                                                                    1. 4

                                                                                                                                                                                                      I think it has been a mistake to focus on loss of privacy as the primary data collection harm. To me the bigger issue is that it gives data collectors power over the creators of the data and society as a whole, and drives destabilizing trends like political polarization and economic inequality. In some ways this is a harder sell because people are brainwashed to care only about issues that affect them personally and to respond with individualized acts.

                                                                                                                                                                                                      1. 4

                                                                                                                                                                                                        There is no brainwashing needed for people to act like people.

                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                          do you disagree with something in my comment?

                                                                                                                                                                                                          1. 3

                                                                                                                                                                                                            In some ways this is a harder sell because people are brainwashed to care only about issues that affect them personally and to respond with individualized acts.

                                                                                                                                                                                                            I’m not @halfmanhalfdonut but I don’t think that brainwashing is needed to get humans to behave like this. This is just how humans behave.

                                                                                                                                                                                                            1. 2

                                                                                                                                                                                                              Yep, this is what I was saying.

                                                                                                                                                                                                              1. 1

                                                                                                                                                                                                                things like individualism, solidarity, and collaboration exist on a spectrum, and everybody exhibits each to some degree. so saying humans just are individualistic is tautological, meaningless. everyone has some individualism in them regardless of their upbringing, and that doesn’t contradict anything in my original comment. that’s why I asked if there was some disagreement.

                                                                                                                                                                                                                to really spell it out, modern mass media and culture condition people to be more individualistic than they otherwise would be. that makes it harder to make an appeal to solidarity and collaboration.

                                                                                                                                                                                                                @GrayGnome

                                                                                                                                                                                                                1. 1

                                                                                                                                                                                                                  I think you’re only seeing the negative side (to you) of modern mass media and culture. Our media and culture also promote unity, tolerance, respect, acceptance, etc. You’re ignoring that so that you can complain about Google influencing media, but the reality is that the way you are comes from those same systems of conditioning.

                                                                                                                                                                                                                  The fact that you even know anything about income inequality and political polarization are entirely FROM the media. People on the whole are not as politically divided as media has you believe.

                                                                                                                                                                                                                  1. 1

                                                                                                                                                                                                                    sure, I only mentioned this particular negative aspect because it was relevant to the point I was making in my original comment

                                                                                                                                                                                                                  2. 1

                                                                                                                                                                                                                    to really spell it out, modern mass media and culture condition people to be more individualistic than they otherwise would be. that makes it harder to make an appeal to solidarity and collaboration.

                                                                                                                                                                                                                    I think we’re going to have to agree to disagree. I can make a complicated rebuttal here, but it’s off-topic for the site, so cheers!

                                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                                      cheers

                                                                                                                                                                                                      2. 3

                                                                                                                                                                                                        I agree with everything you’ve written in this thread, especially when it comes to the abstractness of pro-Firefox arguments as of late. Judging from the votes it seems I am not alone. It is sad to see Mozilla lose the favor of what used to be its biggest proponents, the “power” users. I truly believe they are digging their own grave – faster and faster it seems, too. It’s unbelievable how little they seem to be able to just back down and admit they were wrong about an idea, if only for a single time.

                                                                                                                                                                                                        1. 2

                                                                                                                                                                                                          Firefox does have many features that Chrome doesn’t have: container tabs, tree style tabs, better privacy and ad-blocking capabilities, some useful dev tools that I don’t think Chrome has (multi-line JS and CSS editors, fonts), isolated profiles, better control over the home screen, reader mode, userChrome.css, etc.

                                                                                                                                                                                                        1. 1

                                                                                                                                                                                                          But… why are security keys hardware instead of software? Is it possible to reverse engineer these hardware keys and reimplement them with software?

                                                                                                                                                                                                          1. 6

                                                                                                                                                                                                            There’s no need for reverse engineering, the specs are public. GitHub maintains a software U2F emulator, which is a software emulation of the USB protocol using the userspace device driver infrastructure. It stores the keys in the macOS keychain (which, on recent Macs, is actually protected by a separate security chip). On Windows, WebAuthn via Windows Hello is backed by the TPM, so it’s a separate chip that stores the keys.

                                                                                                                                                                                                            The extra thing on top of this seems to be that the manufacturers sign the keys in the devices with a claim that they do some rate limiting. That doesn’t really seem to take the economics into account though. The most common attack on CAPTCHAs is to pay folks on Mechanical Turk to solve them. A U2F device costs about $20. If it can let you in every 10 seconds, then it’s three times faster than a human doing the same thing (32 seconds to solve a CAPTCHA on average, according to the article) and that’s $20 for the entire lifetime of the device. A bank of them in a datacenter could easily undercut human CAPTCHA solvers.

                                                                                                                                                                                                            1. 1

                                                                                                                                                                                                              Problem is that it is a lot harder to forward FIDO2 tokens than CAPTCHAs. For CAPTCHAs you need a simple VNC. For security keys, you would probably need to forward USB devices. Possible, but a lot harder to automate. Or, you run your bot’s on the Mechanical Turk workers computers, which probably wouldn’t go well.

                                                                                                                                                                                                              Oh, and the keys probably don’t purposefully rate limit, it’s just that their hardware is slow enough that it takes a second to generate and sign the attestation.

                                                                                                                                                                                                              1. 3

                                                                                                                                                                                                                For security keys, you would probably need to forward USB devices. Possible, but a lot harder to automate

                                                                                                                                                                                                                I don’t think it is. You need to forward the challenge-response pairs, but they’re just values in an HTTP request. We have a lot of infrastructure for forwarding HTTP requests between computers…

                                                                                                                                                                                                                1. 1

                                                                                                                                                                                                                  And rewrite a good bunch of browser FIDO stack if you want to go that way then. Probably catching Webauthn calls would be the entry point, from which you send the parameters over to the program on the computer with the token which actually does the requests on the key. Still, far from a ready-made solution that VNC is.

                                                                                                                                                                                                                  1. 5

                                                                                                                                                                                                                    I am trying to understand the system you’re imagining. I’m assuming someone trying to attack a system and needing to bypass CAPTCHAs. The way that they do this today is to have a custom client with a modified WebKit / Blink that pulls out the CAPTCHA queries, presents them via an HTTP interface to folks on MTurk, and then forwards the responses. The way that they’d do it with the WebAuthn model would be to have a load of U2F devices attached to a single machine and send the WebAuthn requests to each one. The infrastructure is much simpler with the WebAuthn / U2F model.

                                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                                      The browser FIDO stack is a new feature. Initially this was offered (and is still offered) as a set of libraries.

                                                                                                                                                                                                                      Websites interact with a rather simple javascript API to achieve this whole thing and it’s really not hard to just scrape the calls out of a response and put that data into the C APIs.

                                                                                                                                                                                                              2. 1

                                                                                                                                                                                                                Is it possible to reverse engineer these hardware keys and reimplement them with software?

                                                                                                                                                                                                                It’s definitely possible to have software versions - back in 2010 or thereabouts I was contracting for a company who used RSA fobs to control remote access and I had a software version rather than an actual hardware fob.

                                                                                                                                                                                                                1. 1

                                                                                                                                                                                                                  Not sure about this case, but hardware keys such as HASP, Sentinel (in 90s, 2000s) were a pretty popular target for crackers to create a software-emulated key that would allow running the application without the physical dongle attached.

                                                                                                                                                                                                                  I’m not sure how similar is this solution, but I wouldn’t bet any money to assume it’s secure by default.

                                                                                                                                                                                                                1. 2

                                                                                                                                                                                                                  Had an encounter with a Hero a few years back - he stonewalled on an issue for over a month (“you lot can’t fix it”), blocking two data architects, then when I gave in and fixed it, immediately reverted my fix and put his own in instead. I quit a week later.

                                                                                                                                                                                                                  1. 3

                                                                                                                                                                                                                    So … was he right?

                                                                                                                                                                                                                    1. 1

                                                                                                                                                                                                                      I suppose he was technically correct in that his fix solved the problem but then my fix also solved the problem. He just didn’t want anyone else making changes to his* code.

                                                                                                                                                                                                                      *He wasn’t actually on the project any more; just refused to let go and management couldn’t really do anything.

                                                                                                                                                                                                                  1. 4

                                                                                                                                                                                                                    Still in early development/I do not recommend to run an instance yet.

                                                                                                                                                                                                                    What comparable server would people recommend for real-world use right now?

                                                                                                                                                                                                                    1. 8

                                                                                                                                                                                                                      I use honk which is written in Go and uses SQLite as its data store

                                                                                                                                                                                                                      1. 5

                                                                                                                                                                                                                        +1 also. If microblog.pub used SQLite, I might be inclined to give it a go but I have no desire for Mongo (in or out of Docker.)

                                                                                                                                                                                                                        1. 3

                                                                                                                                                                                                                          Agreed. The reason I looked at honk initially was the relatively easy and painless data store in a world where everyone was using Postgres and Mongo. The fact it’s opinionated as hell and written in Go are just additional benefits

                                                                                                                                                                                                                        2. 1

                                                                                                                                                                                                                          +1

                                                                                                                                                                                                                        3. 2

                                                                                                                                                                                                                          Any ActivityPub compatible S2S implementation (big ones are Mastodon and Pleroma; honk is a smaller one) should work with it.