This is kind of “defensive C programming practices 101” level.
I guess, but the code was written in the year 2000. It’s not an excuse to not have reviewed this code and modified it to use snprintf, but the snark about a >25 year old line of code in a dependency’s dependency sucks.
I disagree with this, only because it’s imperialism. I’m British, in British English I write marshalling (with two of the letter l), sanitising (-sing instead of -zing except for words ending in a z), and -ise instead of -ize, among other things. You wouldn’t demand an Arabic developer to write all his comments in English for your sake for the sake of being idiomatic, would you?
I’ve worked for a few companies in Germany now, about half of them with their operating language being in German. All of them had comments being written exclusively in English. I don’t know how that is in other countries, but I get the impression from Europeans that this is pretty standard.
That said, my own preference is for American English for code (i.e. variable names, class names, etc), but British English for comments, commit messages, pull requests, etc. That’s because the names are part of the shared codebase and therefore standardised, but the comments and commit messages are specifically from me. As long as everyone can understand my British English, then I don’t think there’s much of a problem.
EDIT: That said, most of these suggestions feel more on the pedantic end of the spectrum as far as advice goes, and I would take some of this with a pinch of salt. In particular, when style suggestions like “I tend to write xyz” become “do this”, then I start to raise eyebrows at the usefulness of a particular style guide.
All of them had comments being written exclusively in English. I don’t know how that is in other countries, but I get the impression from Europeans that this is pretty standard.
Developers in China seem to prefer Chinese to English. When ECharts was first open-sourced by Baidu most of the inline comments (and the entire README) were in Chinese:
In Japan I feel like the tech industry is associated with English, and corporate codebases seem to use mostly English in documentation. However, many people’s personal projects have all the comments/docs in Japanese.
If someone wants to force everyone to spell something the same within a language they should make sure it’s spelled wrong in all varieties, like with HTTP’s ‘referer’.
The Go core developers feel so strongly about their speling that they’re wiling to change the names of constants from other APIs.
The gRPC protocol contains a status code enum (https://grpc.io/docs/guides/status-codes/), one of which is CANCELLED. Every gRPC library uses that spelling except for go-grpc, which spells it Canceled.
Idiosyncratic positions and an absolute refusal to concede to common practice is part and parcel of working with certain kinds of people.
We’re drifting off-topic, but I have to ask: gRPC is a Google product; Go is a Google product; and Google is a US company. How did gRPC end up with CANCELLED in the first place?!
You wouldn’t demand an Arabic developer to write all his comments in English for your sake for the sake of being idiomatic, would you?
If this is something other than a private pet project of a person who has no ambition of ever working with people outside of his country? Yes, yes I would.
I believe the advice is still applicable to non-native speakers. In all companies I worked for in France, developers write code in English, including comments, sometimes even internal docs. There are a lot of inconsistencies (typically mixing US English and GB English, sometimes in the same sentence.)
In my experience (LatAm) the problem with that is people tend to have pretty poor English writing skills. You end up with badly written comments and commit messages, full of grammatical errors. People were aware of this so they avoided writing long texts in order to limit their mistakes, so we had one-line PR descriptions, very sparse commenting, no docs to speak of, etc.
Once I had the policy changed for the native language (Portuguese) in PRs and docs they were more comfortable with it and documentation quality improved.
In Europe people are much more likely to have a strong English proficiency even as a second or third language. You have to know your audience, basically.
While I like to write paragraphs of explanation in-between code, my actual comments are rather ungrammatical, with a bit of git style verb-first, removing all articles and other things. Proper English feels wrong in these contexts. Some examples from my currently opened file:
; Hide map’s slider when page opens first time
;; Giv textbox data now
;;Norm longitude within -180-180
; No add marker when click controls
;; Try redundant desperate ideas to not bleed new markers through button
;; Scroll across date line #ToDo Make no tear in marker view (scroll West from Hawaii)
Those comments would most likely look weird to a person unfamiliar with your particular dialect.
In a small comment it’s fine to cut some corners, similar to titles in newspapers, but we can’t go overboard: the point of these things is to communicate, we don’t want to make it even more difficult for whoever is reading them. Proper grammar helps.
For clarification, this is not my dialect/way of speaking. But I see so many short interline comments like this, that I started thinking they feel more appropriate and make them too, now. Strange!
Is “hat” a standard term regularly used in the golang ecosystem for a specific thing and on the list given in the article? If not, it is not relevant to the point in the article.
(And even generalized: if it happens to be an important term for your code base or ecosystem, it probably makes sense to standardize on how to spell it. in whatever language and spelling you prefer. I’ve worked on mixed-language codebases, and it’d been helpful if people consistently used the German domain-specific terms instead of mixing them with various translation attempts. Especially if some participants don’t speak the language (well) and have to treat terms as partially opaque)
I had to solve this once. I maintain a library that converts between HTML/CSS color formats, and one of the formats is a name (and optional spec to say which set of names to draw from). HTML4, CSS2, and CSS2 only had “gray”, but CSS3 added “grey” as another spelling for the same color value, and also added a bunch of other new color names which each have a “gray” and a “grey” variant.
Which raises the question: if I give the library a hex code for one of these and ask it to convert to name, which name should it convert to?
The solution I went with was to always return the “gray” variant since that was the “original” spelling in earlier HTML and CSS specs:
I don’t think it’s really “imperialism”—firstly, “marshaling” isn’t even the preferred spelling in the US. Secondly in countries all over the world job listings stipulate English language skills all the time (even Arabic candidates) and the practice is widely accepted because facilitating communication is generally considered to be important. Lastly, while empires certainly have pushed language standardization as a means to stamp out identities, I don’t think it follows that all language standards exist to stamp out identities (particularly when they are optional, as in the case of this post).
“marshaling” isn’t even the preferred spelling in the US
What makes you say that? (Cards on the table, my immediate thought was “Yes, it is.” I had no data for that, but the ngram below suggests that the single l spelling is the (currently) preferred US spelling.)
I really dislike such advice. I remember in early 00s, lots of web developers adopting code without “else” and “early returns” and lots of other things that at the time were considered best practices. To be honest in many cases they just added friction to what would be an easier and more readable (if a bit more verbose) code.
That is ok. We don’t need to agree on that. To be honest, the most important thing is for a project to decide upon a style and follow it. I understand why multiple returns, for me they’re like guards, what I don’t like are “if” statements where what is clearly the “else” part is just left out of it because of an early return that might not be a guard. It is confusing, I know.
I remember those days. I kind of vaguely thought I should consider this kind of advice, then I never did, and am glad of it.
There’s nuggets of something useful there. Big long conditionals with lots of logic statements can be hard, and turning subexpressions into variables can help. There are other patterns to try to avoid the difficulty of keeping track of large blocks of code that are run conditionally. Extracting to a method is a cure worse than the disease, but normal in Smalltalk.
Maybe it was also a reaction to a kind of coding practice that we no longer encounter. Deep spaghetti code was not uncommon, with flags being set, and lots of complicated chains of effect. Perhaps the result of people who were introduced to programming through assembly (which is no longer a common background). It’s a certain kind of code that is uncommon now (except maybe in embedded spaces and other low-level places where it’s common to get by with very few quality data structures).
I didn’t think to tag it historical but I submitted it with something like your latter paragraph in mind. It’s just interesting.
Isn’t that just good programming practice in general - to use the appropriate type of flow control construct (i.e. switch or exceptions) rather than putting everything into an if test? – ChrisBaugh
Not to treat things hyperbolically, but this is honestly the most beautiful keyboard I have ever seen.
I currently use a ZSA Moonlander and have been considering the ZSA Voyager to switch to a low-profile keyboard, but I wasn’t completely sold on it. The thing is, I feel that the limited split keyboard market is mainly RGB/gamer-focused. On the contrary, Bayleaf is the type of tool that I would love to use daily as a programmer. The commercially finished look was an excellent idea, and I’m particularly looking forward to seeing the improved thumb cluster. I would easily spend ZSA keyboard amounts and probably more for a keyboard like this.
Also I could see this keyboard pairing really well with fractal design products.
Lastly, I would love to learn the best way to stay in touch with this keyboard!
However, the market for ergo (low-profile) keyboards has gotten a lot better in recent years. Although a lot of things have RGB (like the Moonlander), I would say most of the ergo keyboards aren’t gamer-focused.
Copying my comment from the orange site in case you’re interested in looking at some others:
The latter is pretty awesome. Use a GUI to generate a custom keyboard that you just need to put together. Alas it seems like there is no PCB support for LP switches (at least the Gateron and Kailh Choc).
Do most people using split keyboards have small hands? The thumb cluster on the Ergodox is one of it’s best features, and I never ever see it replicated.
Can you reach every key on that cluster comfortably? I don’t think I have small hands, but have to admit that not all of the keys there are easily reachable for me.
I also have an ergodox and I’m a hair under 6’ and I literally never use any thumb cluster key other than the one closest to my right thumb. I’m not even sure what all of the other keys do even though I wrote this layout myself
lol I actually forgot that I use one of the left thumb keys as a layer modifier to change the home row into arrow keys. the vast majority of modifiers on the left hand. I use emacs so I use alt/meta quite a lot which is why it has a relatively prominent placement. the URL below should have a rough outline of my current layout but I’m not sure if it’s actually public or not
Yeah, I’ve never had an issue pressing the furthest thumb cluster buttons irregularly and my hands aren’t huge (I’m 6’2 to give you some sense of scale) so it’s not like you can’t occasionally stretch for them. Mine have home/end on one side and pgup/pgdn on the other, since I don’t use those often but when I do I don’t want to have to navigate to another layer.
I have a Glove 80 and I can stretch to reach all of the keys on its cluster, but only find the two closest to my thumb to be comfortable.
I would say I have average-to-small sized hands. I don’t know of a good way to measure hands, but I can reach ninths (octave-to-octave +1 key in case you’re a music theory luddite like me) pretty comfortably on a musical keyboard.
license all content you transmit through Firefox to Mozilla (“When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox. -https://www.mozilla.org/en-US/about/legal/terms/firefox)
allow Mozilla to both sell your private information
If you’re already using Firefox, I can confirm that porting your profile over to Librewolf (https://librewolf.net) is relatively painless, and the only issues you’ll encounter are around having the resist fingerprinting setting turned on by default (which you can choose to just disable if you don’t like the trade-offs). I resumed using Firefox in 2016 and just switched away upon this shift in policy, and I do so sadly and begrudgingly, but you’d be crazy to allow Mozilla to cross these lines without switching away.
If you’re a macOS + Littlesnitch user, I can also recommend setting Librewolf to not allow communication to any Mozilla domain other than addons.mozilla.org, just in case.
👋 I respect your opinion and LibreWolf is a fine choice; however, it shares the same problem that all “forks” have and that I thought I made clear in the article…
Developing Firefox costs half a billion per year. There’s overhead in there for sure, but you couldn’t bring that down to something more manageable, like 100 million per year, IMO, without making it completely uncompetitive to Chrome, whose estimate cost exceeds 1 billion per year. The harsh reality is that you’re still using Mozilla’s work and if Mozilla goes under, LibreWolf simply ceases to exist because it’s essentially Firefox + settings. So you’re not really sticking it to the man as much as you’d like.
There are 3 major browser engines left (minus the experiments still in development that nobody uses). All 3 browser engines are, in fact, funded by Google’s Ads and have been for almost the past 2 decades. And any of the forks would become unviable without Apple’s, Google’s or Mozilla’s hard work, which is the reality we are in.
Not complaining much, but I did mention the recent controversy you’re referring to and would’ve preferred comments on what I wrote, on my reasoning, not on the article’s title.
I do what I can and no more, which used to mean occasionally being a Firefox advocate when I could, giving Mozilla as much benefit of the doubt as I could muster, paying for an MDN subscription, and sending some money their way when possible. Now it means temporarily switching to Librewolf, fully acknowledging how unsustainable that is, and waiting for a more sustainable option to come along.
I don’t disagree with the economic realities you mentioned and I don’t think any argument you made is bad or wrong. I’m just coming to a different conclusion: If Firefox can’t take hundreds of millions of dollars from Google every year and turn that into a privacy respecting browser that doesn’t sell my data and doesn’t prohibit me from visiting whatever website I want, then what are we even doing here? I’m sick of this barely lesser of two evils shit. Burn it to the fucking ground.
I think “barely lesser of two evils” is just way off the scale, and I can’t help but feel that it is way over-dramatized.
Also, what about the consequences of having a chrome-only web? Many websites are already “Hyrum’s lawed” to being usable only in Chrome, developers only test for Chrome, the speed of development is basically impossible to follow as is.
Firefox is basically the only thing preventing the most universal platform from becoming a Google-product.
Well there’s one other: Apple. Their hesitance to allow non-Safari browsers on iOS is a bigger bulwark against a Chrome-only web than Firefox at this point IMO.
I’m a bit afraid that the EU is in the process of breaking that down though. If proper Chrome comes over to iOS and it becomes easy to install, I’m certain that Google will start their push to move iOS users over.
I know it’s not exactly the same but Safari is also in the WebKit family and Safari is nether open source nor cross platform nor anywhere close to Firefox in many technical aspects (such as by far having the most functional and sane developer tools of any browser it there).
Pretty much the same here: I used to use Firefox, I have influenced some people in the past to at least give Firefox a shot, some people ended up moving to it from Chrome based on my recommendations. But Mozilla insists on breaking trust roughly every year, so when the ToS came around, there was very little goodwill left and I have permanently switched to LibreWolf.
Using a fork significantly helps my personal short-term peace of mind: whenever Mozilla makes whatever changes they’re planning to make which requires them to have a license to any data I input into Firefox, I trust that I will hear about those changes before LibreWolf incorporates them, and there’s a decent chance that LibreWolf will rip them out and keep them out for a few releases as I assess the situation. If I’m using Firefox directly, there’s a decent probability that I’ll learn about those changes after Firefox updates itself to include them. Hell, for all I know, Firefox is already sending enough telemetry to Mozilla that someone there decided to make money off it and that’s why they removed the “Mozilla will doesn’t and will never sell your data” FAQ item; maybe LibreWolf ripping out telemetry is protecting me against Mozilla right now, I don’t know.
Long term, what I personally do doesn’t matter. The fact that Mozilla has lost so much good-will that long-term Firefox advocates are switching away should be terrifying to Mozilla and citizens of the Web broadly, but my personal actions here have close to 0 effect on that. I could turn into a disingenuous Mozilla shill but I don’t exactly think I’d be able to convince enough people to keep using Firefox to cancel out Mozilla’s efforts to sink their own brand.
If Firefox is just one of three browsers funded by Google which don’t respect user privacy, then what’s the point of it?
People want Firefox and Mozilla to be an alternative to Google’s crap. If they’re not going to be the alternative, instead choosing to copy every terrible idea Google has, then I don’t see why Mozilla is even needed.
Well to be fair to Mozilla, they’re pushing back against some web standard ideas Google has. They’ve come out against things like WebUSB and WebHID for example.
How the heck do they spend that much? At ~20M LoC, they’re spending 25K per line of code a year. While details are hard to find, I think that puts them way above the industry norms.
I’m pretty sure that’s off by 3 orders of magnitude; OP’s figure would be half a US billion, i.e. half a milliard. That means 500M / 20M = 25 $/LOC. Not 25K.
I see your point, but by that same logic, shouldn’t we all then switch to Librewolf? If Firefox’s funding comes from Google, instead of its user base, then even if a significant portion of Firefox’s users switch, it can keep on getting funded, and users who switched can get the privacy non-exploitation they need?
TL;DR 90% of Mozilla’s revenue comes from ad partnerships (Google) and Apple received ca. 19 Bn $ per annum to keep Google as the default search engine.
Where did you get those numbers? Are you referring to the whole effort, (legal, engineering, marketing, administration, etc) ot just development?
That’s an absolutely bonkers amount of money, and while i absolutely believe it, im also kind of curious what other software products are in a similar league
Yeah, that seems like legal butt-covering. If someone in a criminalizing jurisdiction accesses these materials and they try to sue to the browser, Mozilla can say the user violated TOS.
This is just a lie. It’s just a lie. Firefox is gratis, and it’s FLOSS. These stupid paragraphs about legalese are just corporate crap every business of a certain size has to start qualifying so they can’t get their wallet gaped by lawyers in the future. Your first bullet point sucks - you don’t agree to the Acceptable Use Policy to use Firefox, you agree to it when using Mozilla services, i.e. Pocket or whatever. Similarly, your second bulletpoint is completely false, that paragraph doesn’t even exist:
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
The text was recently clarified because of the inane outrage over basic legalese. And Mozilla isn’t selling your information. That’s not something they can casually lie about and there’s no reason to lie about it unless they want to face lawsuits from zealous legal types in the future. Why constantly lie to attack Mozilla? Are you being paid to destroy Free Software?
Consciously lying should be against Lobsters rules.
Let’s really look at what’s written here, because either u/altano or u/WilhelmVonWeiner is correct, not both.
The question we want to answer: do we “agree to an acceptable use policy” when we use Firefox? Let’s look in the various terms of service agreements (Terms Of Use, Terms Of Service, Mozilla Accounts Privacy). We see that it has been changed. It originally said:
“When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.”
Note that this makes no distinction between Firefox as a browser and services offered by Mozilla. The terms did make a distinction between Firefox as distributed by Mozilla and Firefox source code, but that’s another matter. People were outraged, and rightfully so, because you were agreeing to an acceptable use policy to use Firefox, the binary from Mozilla. Period.
That changed to:
“You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.”
Are the legally equivalent, but they’re just using “nicer”, “more acceptable” language? No. The meaning is changed in important ways, and this is probably what you’re referring to when you say, “you don’t agree to the Acceptable Use Policy to use Firefox, you agree to it when using Mozilla services”
However, the current terms still say quite clearly that we agree to the AUP for Mozilla Services when we use Firefox whether or not we use Mozilla Services. The claim that “you don’t agree to the Acceptable Use Policy to use Firefox” is factually incorrect.
So is it OK for u/WilhelmVonWeiner to say that u/altano is lying, and call for censure? No. First, it’s disingenuous for u/WilhelmVonWeiner to pretend that the original wording didn’t exist. Also, the statement, “Similarly, your second bulletpoint is completely false, that paragraph doesn’t even exist:” is plainly false, because we can see that paragraph verbatim here:
So if u/WilhelmVonWeiner is calling someone out for lying, they really shouldn’t lie themselves, or they should afford others enough benefit of the doubt to distinguish between lying and being mistaken. After all, is u/WilhelmVonWeiner lying, or just mistaken here?
I’m all for people venting when someone is clearly in the wrong, but it seems that u/WilhelmVonWeiner is not only accusing others of lying, but is perhaps lying or at very least being incredibly disingenuous themselves.
Oh - and I take exception to this in particular:
“every business of a certain size has to start qualifying so they can’t get their wallet gaped by lawyers”
Being an apologist for large organizations that are behaving poorly is the kind of behavior we expect on Reddit or on the orange site, but not here. We do not want to or should we need to engage with people who do not make good faith arguments.
Consciously lying should be against Lobsters rules.
This is a pretty rude reply so I’m not going to respond to the specifics.
Mozilla has edited their acceptable use policy and terms of service to do damage control and so my exact quotes might not be up anymore, but yeah sure, assume that everyone quoting Mozilla is just a liar instead of that explanation if you want.
Sorry for being rude. It was unnecessary of me and I apologise, I was agitated. I strongly disagree with your assessment of what Mozilla is doing as “damage control” - they are doing what is necessary to legally protect the Mozilla Foundation and Corporation from legal threats by clarifying how they use user data. It is false they are selling your private information. It is false they have a nonexclusive … license to everything you do using Firefox. It is false that you have to agree to the Acceptable Use Policy to use Firefox. It’s misinformation, it’s FUD and it’s going to hurt one of the biggest FLOSS nonprofits and alternate web browsers.
It is false that you have to agree to the Acceptable Use Policy to use Firefox.
So people can judge for them selves, the relevant quote from the previous Terms of Use was:
Your use of Firefox must follow Mozilla’s Acceptable Use Policy, and you agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations.
This is a pretty incendiary comment and I would expect any accusation of outright dishonesty to come with evidence that they know they’re wrong. I am not taking a position on who has the facts straight, but I don’t see how you could prove altano is lying. Don’t attribute to malice what can be explained by…simply being incorrect.
FYI this is a change made in response to the recent outrage, the original version of the firefox terms included
Your use of Firefox must follow Mozilla’s Acceptable Use Policy, and you agree that you will not use Firefox to infringe anyone’s rights or violate any applicable laws or regulations.
Your locale is forced to en-US, your timezone is UTC, your system is set to Windows. It will put canvas behind a prompt and randomizes some pixels such that fingerprinting based on rendering is a bit harder. It will also disable using SVG and fonts that you have installed on your systems
Btw, I don’t recommend anyone using resist fingerprinting. This is the “hard mode” that is known to break a lot of pages and has no site-specific settings. Only global on or off. A lot of people turn it on and then end up hating Firefox and switching browsers because their web experience sucks and they don’t know how to turn it off. This is why we now show a rather visible info bar in settings under privacy/security when you turn this on and that’s also why we are working on a new mode that can spoof only specific APIs and only on specific sites. More to come.
Yes, if everyone is running a custom set of spoofs you’d end up being unique again. The intent for the mechanism is for us to be able to experiment and test out a variety of sets before we know what works (in terms of webcompat). In the end, we want everyone to look as uniform as possible
It breaks automatic dark mode and sites don’t remember their zoom setting. Dates are also not always localized correctly. That’s what I’ve noticed so far at least.
My MacBook Pro is nagging me to upgrade to the new OS release. It lists a bunch of new features that don’t care about. In the meantime, the following bugs (which are regressions) have been unfixed for multiple major OS versions:
When a PDF changes, Preview reloads it. It remembers the page you were on (it shows it in the page box) but doesn’t jump there. If you enter the page in the page box, it doesn’t move there because it thinks you’re there already. This worked correctly for over a decade and then broke.
The calendar service fails to sync with a CalDAV server if you have groups in your contacts. This stopped working five or so years ago, I think.
Reconnecting an external monitor used to be reliable and move all windows that were there last time it was connected back there. Now it works occasionally.
There are a lot of others, these are the first that come to mind. My favourite OS X release was 10.6: no new user-visible features, just a load of bug fixes and infrastructure improvements (this one introduced libdispatch, for example).
It’s disheartening to see core functionality in an “abandonware” state while Apple pushes new features nobody asked for. Things that should be rock-solid, just… aren’t.
It really makes you understand why some people avoid updates entirely. Snow Leopard’s focus on refinement feels like a distant memory now.
The idea of Apple OS features as abandonware is a wild idea, and yet here we are. The external monitor issue is actually terrible. I have two friends who work at Apple (neither in OS dev) and both have said that they experience the monitor issue themselves.
I was thinking about this not too long ago; there are macOS features (ex the widgets UI) that don’t seem to even exist anymore. So many examples of features I used to really like that are just abandoned.
Reconnecting an external monitor used to be reliable and move all windows that were there last time it was connected back there. Now it works occasionally.
This works flawlessly for me every single time, I use Apple Studio Display at home and a high end Dell at the office.
On the other hand, activating iMessage and FaceTime on a new MacBook machine has been a huge pain for years on end…
On the other hand, activating iMessage and FaceTime on a new MacBook machine has been a huge pain for years on end…
I can quote on that, but not with my Apple account, but with my brother’s. Coincidentally, he had less problems activating iMessage/FaceTime on an Hackintosh machine.
A variation on that which I’ve run in to is turning the monitor off and putting the laptop to sleep, and waking without moving or disconnecting it.
To avoid all windows ending up on stuck on the laptop display, I have to sleep the laptop, the power off the monitor. To restore power on the monitor, then wake the laptop. Occasionally (1 in 10 times?) it still messes up and I have to manually move windows back to the monitor display.
(This is when using dual-head mode with both the external monitor and laptop display in operation)
iCloud message sync with message keep set to forever seems to load soooo much that messages on my last laptop would be so awful to type long messages (more than 1 sentence) directly into the text box I started to write messages outside of the application, copy/paste and send the message. The delay was in seconds for me.
I’m really heartened by how many people agree that OS X 10.6 was the best.
Edited to add … hm - maybe you’re not saying it was the best OS version, just the best release strategy? I think it actually was the best OS version (or maybe 10.7 was, but that’s just a detail).
It was before Apple started wanting to make it more iPhone-like and slowly doing what Microsoft did with Windows 8 (who did it in a ‘big bang’) by making Windows Phone and Windows desktop amost indistinguishable. After Snow Leopard, Apple became a phone company and very iPhone-centric and just didn’tbother with the desktop - it became cartoonish and all flashy, not usable. That’s when I left MacOS and haven’t looked back.
Recently, Disk Utility has started showing a permissions error when I click unmount or eject on SD cards or their partitions, if the card was inserted after Disk Utility started. You have to quit and re-open Disk Utility for it to work. It didn’t use to be like that, but it is now, om two different Macs. This is very annoying for embedded development where you need to write to SD cards frequently to flash new images or installers. So unmounting/ejecting drives just randomly broke one day and I’m expecting it won’t get fixed.
Another forever-bug: when you’re on a higher refresh rate screen, the animation to switch workspaces takes more time on higher refresh rate screens. This has forced me to completely change how I use macOS to de-emphasise workspaces, because the animation is just obscenely long after I got a MacBook Pro with a 120Hz screen in 2021. Probably not a new bug, but an old bug that new hardware surfaced, and I expect it will never get fixed.
I’m also having issues with connecting to external screens only working occasionally, at least through USB-C docks.
The hardware is so damn good. I wish anyone high up at Apple cared at all about making the software good too.
Oh, there’s another one: the fstab things to not mount partitions that match a particular UUID no longer work and there doesn’t appear to be any replacement functionality (which is annoying when it’s a firmware partition that must not be written to except in a specific way, or it will sofr-brick the device).
Oh, fun! I’ve tried to find a way to disable auto mount and the only solutions I’ve found is to add individual partition UUIDs to a block list in fstab, which is useless to me since I don’t just re-use the same SD card with the same partition layout all the time, I would want to disable auto mounting completely. But it’s phenomenal to hear that they broke even that sub-par solution.
Maybe, but we’re talking about roughly 1.2 seconds from the start of the gesture until keyboard input starts going to an app on the target workspace. That’s an insane amount of delay to just force the user to sit through on a regular basis… On a 60Hz screen, the delay is less than half that (which is still pretty long, but much much better)
Not a fix, but as a workaround have you tried Accessibility > Display > Reduce Motion?
I can’t stand the normal desktop switch animation even when dialed down all the way. With that setting on, there’s still a very minor fade-type effect but it’s pretty tolerable.
Sadly, that doesn’t help at all. My issue isn’t with the animation, but with the amount of time it takes from I express my intent to switch workspace until focus switches to the new workspace. “Reduce Motion” only replaces the 1.2 second sliding animation with a 1.2 second fading animation, the wait is exactly the same.
Don’t update/downgrade to Sequoia! It’s the Windows ME of MacOS’s. After Apple support person couldn’t resolve any of the issues I had, they told me to reinstall Sequoia and then gave me instructions to upgrade to Ventura/Sonoma.
I thought Big Sur was the Windows ME of (modern) Mac OS. I have had a decent experience in Sequoia. I usually have Safari, Firefox, Chrome, Mail, Ghostty, one JetBrains thing or another (usually PyCharm Pro or Clion), Excel, Bitwarden, Preview, Fluor, Rectangle, TailScale, CleanShot, Fantastical, Ice and Choosy running pretty much constantly, plus a rotating cast of other things as I need them.
Aside from Apple Intelligence being hot garbage, (I just turn that off anyway) my main complaint about Sequoia is that sometimes, after a couple dozen dock/undock cycles (return to my desk, connect to my docking station with a 30” non-hidpi monitor, document scanner, time machine drive, smart card reader, etc.) the windows that were on my Macbook’s high resolution screen and move to my 30” when docked don’t re-scale appropriately, and I have to reboot to address that. That seems to happen every two weeks or so.
Like so many others here, I miss Snow Leopard. I thought Tiger was an excellent release, Leopard was rough, and Snow Leopard smoothed off all the rough edges of Tiger and Leopard for me.
I’d call Sequoia “subpar” if Snow Leopard is your “par”. But I don’t find that to be the case compared to Windows 11, KDE or GNOME. It mostly just stays out of my way.
Apple’s bug reporting process is so opaque it feels like shouting into the void.
And, Apple isn’t some little open source project staffed by volunteers. It’s the richest company on earth. QA is a serious job that Apple should be paying people for.
Apple’s bug reporting process is so opaque it feels like shouting into the void.
Yeah. To alleviate that somewhat (for developer-type bugs) when I was making things for Macs and iDevices most of the time, I always reported my bugs to openradar as well:
which would at least net me a little bit of feedback (along the lines of “broken for everyone or just me?”) so it felt a tiny bit less like shouting into the void.
I can’t remember on these. The CalDAV one is well known. Most of the time when I’ve reported bugs to Apple, they’ve closed them as duplicates and given no way of tracking the original bug.
No. I tried being a good user in the past but it always ended up with “the feature works as expected”. I won’t do voluntary work for a company which repeatedly shits on user feedback.
10.6 “Snow Leopard” was the last Mac OS that I could honestly say I liked. I ran it on a cheap mini laptop (a Dell I think) as a student, back when “hackintoshes” were still possible.
For example, if I explain Git to someone as: “Git is a version control system that lets developers track their code changes and collaborate with others.” I get a bored and glazed look every time.
…Okay? Sometimes, learning is boring. Some new things are slog. Cybersecurity training at work sucks but we all do it and we mostly learn from it. Using metaphors about M$ Word and placing blocks in Minecraft won’t ever substitute for using Git.
Sure, sometimes it is. Cybersecurity training is a great example man I hate that stuff and click through as fast as possible without absorbing much. Maybe you enjoy that more than I do.
As for Git specifically, I never said anything about Git itself being boring - my point was more about the terminology that we use to communicate (esp technical terms that seem comfortable to us) and how it translates into the audience’s ability to digest that info.
I don’t think it’s too controversial to say however that Git learning is typically confusing for most new users (not necessarily boring) - there are just a lot of abstract concepts. I think this is also supported by the many experienced devs in this parallel thread on hackernews who have used the same 3 commands for 10 years, although I’m sure they would argue that they just never wanted to learn more than the bare minimum they needed for their workflows, which to me is a little sad.
Anyway, each person is free to use or not use whatever tools/methods they choose, so my goal was just to offer a gamified alternative for whoever finds value in it.
I always thought that significant indentation optionally replacing parens might make Lisps more readable for many. I know Racket has something like this… So for example, the example from the article:
Or as the bumper sticker said: FORTH 🖤 IF HONK THEN
Arguably even less readable, though, especially given conc. languages’ aversion to local variables, hence requiring mental effort to follow along with the stack contents.
(Don’t get me wrong, I like these languages, but I see them more as a kind of high level assembly.)
Looks interesting but I can’t find enough code or background on the choices. I can tell it’s a homebrewed language in a popular niche but I’m not familiar with that niche.
A GitHub or publicly viewable source repo would help, or a clear document on why the author doesn’t believe in it (I suspect).
I mean, all the choices are really well explained near the top of the Latest Documentation, and there is a link to a lot of example code on the homepage - I’m not sure what you’re looking for. The source is in a .tar.gz linked from the homepage which isn’t a big ask.
I think this is putting make up on a pig. I used to believe in significant whitespace but I think it’s important to allow code authors to express the code in the best form for reading. That doesn’t often fit with whitespace. The only exception is newline handling and occasional block indentation like do blocks in Haskell where it’s perfect
I have been playing for some time with thinking about Lisps in a Tcl-style way (not too far off since Tcl was partially inspired by Lisp) and working on a compiler for same.
Commands/functions are first item
Arguments follow
Inline substitution is wrapped by square brackets (print [reverse "olleh"])
Infix math is allowed by expr macro with operator precedence
Compare:
proc square [n] {
expr (n * n)
}
To:
(proc square (n) (expr (n * n)))
Or:
(proc square (n) (* n n))
Or:
(def square (fn (n) (* n n)))
Same thing, just start & end with parenthesis, use line breaks and spaces, and think about all square brackets or curly braces as parentheses as well.
Works for let-style scoped blocks. Here I call it with, and def is called set like in Tcl.
>>> set a 42
42
>>> with { a 7 b 2 } {
... square [expr (a * b)]
... }
196
>>> a
42
I’d like to continue developing this as I like the conceptual elegance of Lisp and it feels very easy to learn and to read.
So, look. Every single internet-connected thing that involves anything that could even be considered user-generated content, and has lawyers, sooner or later inserts a clause into its terms saying you grant them a royalty-free, non-exclusive, non-revocable (etc. etc.) license to copy and distribute things you, the user, input into it.
This is like the most standard boilerplate-y clause there is for user-generated content. It’s a basic cover-your-ass to prevent someone suing you for copyright violation because, say, they just found out that when you type something in the built-in search box it makes a copy (Illegal! I’ll sue!) and transmits the copy (Illegal! I’ll sue!) to a third party.
But about every six months someone notices once of these clauses, misinterprets it, and runs around panicking and screaming OH MY GOD THEY CLAIM COPYRIGHT OVER EVERYTHING EVERYONE DOES WHY WOULD THEY NEED THAT PANIC PANIC PANIC PANIC PANIC OUTRAGE OUTRAGE PANIC.
And then it sweeps through the internet with huge highly-upvoted threads full of angry comments from people who have absolutely no clue what the terms actually mean but who know from the tone of discussion that they’re supposed to be outraged about it.
After a few days it blows over, but then about six months later someone notices once of these clauses, misinterprets it, and runs around panicking and screaming OH MY GOD THEY CLAIM COPYRIGHT OVER EVERYTHING EVERYONE DOES WHY WOULD THEY NEED THAT PANIC PANIC PANIC PANIC PANIC OUTRAGE OUTRAGE PANIC.
And then…
@pushcx this should not be allowed on lobste.rs. It’s 100% outrage-mob baiting.
That’s the point. GDPR has not been that well tested in court. As long as it hasn’t, people will stick to legal boilerplate to make it as broad as possible. This is why all terms of services look like copypasta.
Saying that everyone else does it does not make it okay.
Putting words in my mouth doesn’t make a counterargument.
What do you think is not OK about this boilerplate CYA clause? Computers by their nature promiscuously copy data. Online systems copy and transmit it. The legal world has settled on clauses like this as an alternative to popping up a request for license every time you type into an online form or upload a file, because even if nobody ever actually would sue they don’t want to trust to that and want an assurance that if someone sues that person will lose, quickly. They’ve settled on this because copy/pasting a standard clause to minimize risk is a win from their perspective.
Why is this evil and bad and wrong from your perspective? Provide evidence.
The system we currently have may be structured in a way which makes clauses like this necessary or expedient in order to do business, but the validity of such a clause for that reason doesn’t excuse the system that created it.
Every single internet-connected thing that involves anything that could even be considered user-generated content, and has lawyers, sooner or later inserts a clause into its terms saying you grant them a royalty-free, non-exclusive, non-revocable (etc. etc.) license to copy and distribute things you, the user, input into it.
But Firefox isn’t a web service. It’s a program that runs on my computer and sends data to websites I choose to visit. Those websites may need such legal language for user generated content, but why does Mozilla need a license to copy anything I type into Firefox?
This. I’ve chatted with a few lawyers in the space and this is literally the first time we’re seeing that interpretation to apply to a local program you choose to run that is your agent.
Firefox integrates with things that are not purely your “local agent”, including online services and things not owned by Mozilla. And before you decide this means some sort of sinister data-stealing data-selling privacy violation, go back and look at my original example.
When you upload something to the python package index you do so because you intend for the python package index to create copies of it and distribute it, which needs a license.
When you make a comment on pull request for work you don’t intend for Mozilla to have anything to do with that. You don’t intend for Mozilla to receive your post. Nor to have any special rights to view it, distribute it, make copies of it, etc. They do not need a license because they shouldn’t be seeing it. Moreover you don’t even necessarily have the right to grant them said rights - someone else might own the copyright to the material you are legitimately working with.
When you make a comment on pull request for work you don’t intend for Mozilla to have anything to do with that.
If you use their integrated search which might send things you type to a third party, Mozilla needs your permission to do that.
If you use their Pocket service which can offer recommendations of articles you might like, Mozilla needs your permission to analyze things you’ve done, which may require things like making copies of data.
If you use their VPN service you’re passing a lot of stuff through their servers to be transmitted onward.
There’s a ton of stuff Mozilla does that could potentially be affected by copyright issues with user-generated/user-submitted content. So they have the standard boilerplate “you let us do the things with that content that are necessary to support the features you’re using” CYA clause.
you grant them a royalty-free, non-exclusive, non-revocable (etc. etc.) license to copy and distribute things you, the user, input into it.
The question for random people reading these clauses is what does that mean? Legalese can be hard for lawyers to understand. It’s much harder for mere mortals.
I think everyone is OK with Firefox (the browser) processing text which you enter it into. This processing includes uploading the text to web sites (which you ask it to, when you ask it to), etc.
What is much more concerning for the average user is believing that the “ royalty-free, non-exclusive, non-revocable (etc. etc.) license” is unrestricted.
Let’s say I write the worlds most beautiful poem, and then submit it to an online poem contest via FireFox. Will Mozilla then go “ha ha! Firefox made a copy, and uploaded it to the Mozilla servers. We’re publishing our own book of your work, without paying you royalties. And oh, by the way, you also used Firefox to upload intimate pictures of you and your spouse to a web site, so we’re going to publish those, too!”
The average person doesn’t know. Reading the legalese doesn’t help them, because legalese is written in legalese (an English-adjacent language which isn’t colloquial English). Legalese exists because lawsuits live and die based on minutiae such as the Oxford Comma. So for Mozillas protection, they need it, but these needs are in conflict with the users need to understand the notices.
The Mozilla blog doesn’t help, because the italicized text at the top says: It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice
OK, what does the Privacy Notice say?
(your) …data stays on your device and is not sent to Mozilla’s servers unless it says otherwise in this Notice
Which doesn’t help. So now the average person has to read pages of legal gobbledygook. And buried in it is the helpful
Identifying, investigating and addressing potential fraudulent activities,
Which is a huge loophole. “We don’t know what’s potentially fraudulent, so we just take all of the data you give to FireFox, upload to our US-based servers, and give the DoJ / FBI access to it all without a warrant”. A lawyer could make a convincing and possibly winning argument that such use-cases are covered.
The psychological reason for being upset is that they are confused by complicated things which affect them personally, which they don’t understand, and which they have no control over. You can’t address that panic by telling them “don’t panic”.
The psychological reason for being upset is that they are confused by complicated things which affect them personally, which they don’t understand, and which they have no control over. You can’t address that panic by telling them “don’t panic”.
Could you explain why the concern is necessarily born of confusion rather than accurate understanding?
you said the reason for being upset is that they are confused. sorry if I was changing your meaning by adding “necessarily.” why do you say the concern is because of confusion or lack of understanding? what understanding would alleviate the concerns?
I don’t see a lot of difference between confusion and lack of understanding. Their upset is because the subject affects them, and they’re confused about it / don’t understand it, and they have no control over it.
This is entirely normal and expected. Simply being confused isn’t enough.
What would alleviate the concerns is to address all three issues, either singly, or jointly. If people don’t use Firefox, then it doesn’t affect them, and they’re not upset. If they understand what’s going on and make informed decisions, then they’re not upset. And then if they can make informed decisions, they have control over the situation, and they’re not upset.
The solution is a clear message from Mozilla. However, for reasons I noted above, Mozilla has to write their policies in legalese, when then makes it extremely difficult for anyone to understand them.
but who does “they” refer to? are you saying this describes people in general who are concerned about the policy, or are you just supposing that there must be someone somewhere for whom it is true?
what about people who have an accurate layman’s understanding of what the policy means, and are nonetheless concerned?
The psychological reason for being upset is that they are confused by complicated things which affect them personally, which they don’t understand, and which they have no control over. You can’t address that panic by telling them “don’t panic”.
The actual reason for them being upset is that someone told them to be afraid of the supposedly scary thing and told them a pack of lies about what the supposedly scary thing meant.
I propose to deal with that at the source: cut off the outrage-baiting posts that start the whole sordid cycle. Having a thread full of panicked lies at the top of the front page is bad and can be prevented.
And if you really want to comfort the frightened people and resolve their confusion, you should be talking to them, shouldn’t you? The fact that your pushback is against the person debunking the fearmongering says a lot.
The actual reason for them being upset is that someone told them to be afraid of the supposedly scary thing and told them a pack of lies about what the supposedly scary thing meant.
i.e. you completely ignored my long and reasoned explanation as to why people are upset.
which explains clearly just how nefarious and far-reaching the new policy is.
At best that comment points out that a consolidated TOS for Mozilla “services” is confusingly being linked for the browser itself. Nothing has been proven in the slightest about it being “nefarious”, and the fact that you just assert malicious intent as the default assumption is deeply problematic.
So your position is completely unconvincing and I feel no need to address it any further.
But you’re not debunking the fear mongering. You’re conspicuously ignoring any comment that explains why the concern is valid. Don’t hapless readers deserve your protection from such disinformation?
You’re largely describing boilerplate for web services, where the expectation is that users input content, and a service uses that content to provide service.
Firefox is a user agent, where the expectation is that users input content and the agent passes that content through to the intended service or resource.
When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information
You can call this boilerplate if you like, but it certainly gives Mozilla unambiguous rights relative to what you put into it.
This is like the most standard boilerplate-y clause there is for user-generated content. It’s a basic cover-your-ass to prevent someone suing you for copyright violation because, say, they just found out that when you type something in the built-in search box it makes a copy (Illegal! I’ll sue!) and transmits the copy (Illegal! I’ll sue!) to a third party.
This really does beg the question: Firefox is 20 years old. Why did they only feel the need to add this extremely standard boilerplate-y clause now?
what exactly does that mean? Were they already actively doing this, and the lawyers “won” by updating the TOS to cover that behavior? Or did the lawyers “win” because they were pushing for a business decision to change Firefox’s data gathering activities?
I disagree. I think this is actionable, relevant, and very on-topic. I’d even argue about that with you here, except that you in particular have a very solid history of bad-faith arguing, and I have better things to do.
Anyway, so far 84 of us have upvoted it, vs 7 “off-topic” flags and 8 hides, for a ratio of about 5:1, if we care about user opinions. Your paternalism isn’t a good look. Just hide it, flag it, and move on!
I wouldn’t say that the site rules don’t mean anything–I would say that many users and even admins have disregarded them for political expediency.
The long-term effects of this, of course, are deleterious…but that doesn’t matter when gosh darnit, the outgroup is wrong right now.
In the case of Apple, there’s a weird sort of thing where a release tag covers what is technically marketing. They also are both a large software and hardware vendor and, like it or not, have a large userbase. I’m not saying we should see a constant dripfeed of Apple propaganda, but it isn’t entirely without precedent.
I wouldn’t say that the site rules don’t mean anything–I would say that many users and even admins have disregarded them for political expediency.
Of course. I adopted the parent comment’s hyperbole to avoid getting bogged down in minutia. But there’s nothing wrong with more clarity and precision.
I’m really surprised to see anyone pay even the slightest of attention to this on Lobsters. It’s something my granddad would post to Facebook (example)
When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.
That’s… wow. Thank you for highlighting that. I am seriously considering using something other than Firefox for the first time in… ever. Regardless of how one might choose to interpret that statement, it’s frightening that they would even write it. This is not the Mozilla I knew or want. I’d love to know what alternatives people might suggest that are more community focused and completely FOSS, ideally still non-Chromium.
Isn’t it? Most GDPR consent screens have an easy “accept to everything” button and requires going through multiple steps to “not accept”, and many many more steps to “object” to their “legitimate interest” in tracking for the purposes of advertising. As long as these screens remain allowed and aren’t cracked down on (which I don’t foresee happening, ever), that’s the de facto meaning of “consent” in GDPR as far as I’m concerned: something that’s assumed given unless you actively go out of your way to revoke it.
It’s not what the text of the GDPR defines it as, but the text isn’t relevant; only its effect on the real world is.
Yes, definitely. Consent in GDPR is opt-in not opt-out. If it’s opt-out, that’s not consensual. And the law is the law.
Furthermore, for interstitials, to reject everything should be at least as easy as it is to accept everything, without dark patterns. Interstitials (e.g., from IAB and co.) first tried to make it hard to reject everything, but now you usually get a clear button for rejecting everything on most websites.
As I mentioned in another comment, the DPAs are understaffed and overworked. But they do move. A real-world example of a company affected by the GDPR, and that tries testing its limits, is Meta with Facebook. For user profiling, first they tried the Terms of Service, then they tried claiming a legitimate interest, then they introduced expensive subscriptions for those that tried to decline, now they introduced a UI degradation, delaying the user scrolling, which is illegal as well.
Many complain, on one hand, that the EU is too regulated, suffocating inovation, and with US’s tech oligarhs now sucking up to Trump to force the EU into allowing US companies to break the law. On the other hand, there are people who believe that the GDPR isn’t enforced enough. I wish people would make up their mind.
Many complain, on one hand, that the EU is too regulated, suffocating inovation, and with US’s tech oligarhs now sucking up to Trump to force the EU into allowing US companies to break the law. On the other hand, there are people who believe that the GDPR isn’t enforced enough. I wish people would make up their mind.
Those are different people, all who have made up their mind.
I thought I made it reasonably clear that I don’t care that much about what the text of the law is, I care about what material impact it has on the world.
To be fair, @mort’s feeling may come from non-actually-GDPR-compliant cookie consent forms. I have certainly seen where I couldn’t find the “reject all” button, and felt obligated to manually click up to 15 “legitimate interest” boxes. (And dammit could they please stop with their sliding buttons and use actual square check boxes instead?)
The facts you provided aren’t relevant. I’m talking about the de facto situation as it applies to 99% of companies, you’re talking about the text of the law and enforcement against one particular company. These are different things which don’t have much to do with each other.
You even acknowledge that DPAs are understaffed and overworked, which results in the lacking enforcement which is exactly what I’m complaining about. For what I can tell, we don’t disagree about any facts here.
I’m talking about GDPR as well, focusing about what impact it has in practice. I have been 100% consistent on that, since my first message in this sub-thread (https://lobste.rs/s/de2ab1/firefox_adds_terms_use#c_3sxqe1) which explicitly talks about what it means de facto. I don’t know where you got the impression that I’m talking about something else.
But there is enforcement, it’s just slower than we’d like. For example, screens making it harder to not opt in rather than opt in have gotten much rarer than they used to be. IME now they mostly come from American companies that don’t have much of a presence in the EU. So enforcement is causing things to move in the right direction, even if it is at a slow pace.
There is a website tracking fines against companies for GDPR violations [1] and as you can see, there are lots of fines against companies big and small every single month. “Insufficient legal basis for data processing” isn’t close to being the most common violation, but it’s pretty common, and has also been lobbed against companies big and small. It is not the case that there is only enforcement against a few high profile companies.
it’s the other way around - most of the time you have to actively revoke “legitimate interest”, consent should be off by default. Unfortunately, oftentimes “legitimate interest” is just “consent, but on by default” and they take exactly the same data for the same purpose (IIRC there are NGOs (such as NOYB, Panoptykon) fighting against IAB and other companies in those terms)
“Legitimate interest” is the GDPR loophole that ad tech companies use to spy on us without an easy opt-out option, right? I don’t know what this means in this context but I don’t trust it.
It is not, ad tech has been considered not a legitimate interest for… Ever… By the Europeans DPAs. Report to your DPA the one that abuse this. There have been enforcement.
Every website with a consent screen has a ton of ad stuff under “legitimate interest”, most ask you to “object” to each individually. The continued existence of this patterns means it’s de facto legal under the GDPR in my book. “Legitimate interest” is a tool to continue forced ad tracking.
I don’t think you’re disagreeing with me. It’s de jure illegal but de facto legal. I don’t care much what the text of the GDPR says, I care about its material effect on the real world; and the material effect is one where websites put up consent screens where the user has to “object” individually to every ad tech company’s “legitimate interest” in tracking the user for ad targeting purposes.
I used to be optimistic about the GDPR because there’s a lot of good stuff in the text of the law, but it has been long enough that we can clearly see that most of its actual effect is pretty underwhelming. Good law without enforcement is worthless.
De facto illegal for entities at Facebook’s scale? Maybe. But it’s certainly de facto legal for everyone else. It has been 7 years since it was implemented; if it was going to have a positive effect we’d have seen it by now. My patience has run out. GDPR failed.
I just gave you a concrete example of a powerful Big Tech company, with infinite resources for political lobbying, that was blasted for their practices. They first tried hiding behind their Terms of Use, then they tried claiming a legitimate interest, then they offered the choice of a paid subscription, and now they’ve introduced delays in scrolling for people that don’t consent to being profiled, which will be deemed illegal as well.
Your patience isn’t important. This is the legal system in action. Just because, for example, tax evasion happens, that doesn’t mean that anti tax evasion laws don’t work. Similarly with data protection laws. I used to work in the adtech industry. I know for a fact that there have been companies leaving the EU because of GDPR. I also know some of the legwork that IAB tried pulling off, but it won’t last.
Just the fact that you’re getting those interstitials is a win. Microsoft’s Edge browser, for example, gives EU citizens that IAB dialog on the first run, thus informing them that they are going to share their data with the entire advertising industry. That is in itself valuable for me, because it informs me that Edge is spyware.
I agree that the “we’re spying on you” pop-ups is a win in itself. I’m just complaining that it’s so toothless as to in practice allow websites to put up modals where each ad tech company’s “legitimate interest” in tracking me has to be individually disabled. If the goal of the GDPR was to in any way make it reasonably easy for users to opt out of tracking, it failed.
I agree that the “we’re spying on you” pop-ups is a win in itself.
I’m not so sure. I’ve even seen this used as an argument against the GDPR: The spin they give it is “this is the law that forces us to put up annoying cookie popups”. See for example this article on the Dutch public broadcasting agency (which is typically more left-leaning and not prone to give a platform to liberals).
“Alle AI-innovaties werken hier slechter dan in de VS. En waarom moet je op elke website op cookies klikken?”, zegt Van der Voort.
Roughly translated “all innovations in AI don’t work as well here as in the US. And why do you have to click on cookies (sic) on every single website?”
I’ve even seen this used as an argument against the GDPR: The spin they give it is “this is the law that forces us to put up annoying cookie popups”.
I have seen that as well, and I think it’s bullshit. The GDPR doesn’t force anyone to make any form of pop-up, nobody is forced to track users in a way which requires consent. The GDPR only requires disclosure and an opt-out mechanism if you do decide to spy on your users, which I consider good..
The GDPR only requires disclosure and an opt-out mechanism if you do decide to spy on your users, which I consider good..
I agree, but at the same time I think the average user just sees it as a nuisance, especially because in most cases there’s no other place to go where they don’t have a cookie popup. The web development/advertising industry knowingly and willfully “complied” in the most malicious and obnoxious way possible, resulting in this shitty situation. That’s 1 for the industry, 0 for the lawgivers.
I agree that it didn’t have the desired effect (which, incidentally, I have spent a lot of this thread complaining about, hehe). I think everyone was surprised about just how far everyone is willing to go in destroying their website’s user experience in order to keep tracking people.
has to “object” individually to every ad tech company’s “legitimate interest” in tracking the user
I’m not sure if you’re deep in grumpy posting or didn’t understand the idea here, but for legitimate interest you don’t need to agree and companies normally don’t give you the option. If you’re talking about the extra options you unset manually, they’re a different thing. The “legitimate interest” part is for example validating your identity through a third party before paying out money. Things you typically can’t opt out of without also refusing to use the service.
If you get a switch for “tracking” or “ads” that you can turn off, that’s not a part of the “legitimate interest” group of data.
I’m sorry but this isn’t true. I have encountered plenty consent screens with two tabs, “consent” and “legitimate interest”, and where the stuff under “consent” are default off while the stuff under “legitimate interest” is on by default and must be “objected to” individually. Some have an “object to all” button to “object” to all ad tracking in the “legitimate interest” category.
Here’s one example: https://i.imgur.com/J4dnptX.png, the Financial Times is clearly of the opinion that tracking for the purpose of advertising counts as “legitimate interest”.
I’m not saying that there’s any relationship between this pattern and what’s actually required by the GDPR, my understanding of the actual text of the law reflects yours. I’m saying that this is how it works in practice.
Mozilla updated the article with a clarifying statement:
UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.
the problem is it doesn’t clarify anything. “basic functionality” is not defined. my guess is they want to be able to feed anything we type or upload to a site, to also be able to feed that into an LLM. “anything other than what is described” doesnt help because what is described is so vague as to mean anything “help you experience and interact with online content”
Mozilla updated the article with a clarifying statement:
UPDATE: We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.
That is… not clarifying. And not comforting. “What is described” in the ToS is “to help you navigate, experience, and interact with online content.” That’s absurdly vague. And what is described in the Privacy Notice is absurdly broad:
To provide you with the Firefox browser
To adapt Firefox to your needs
To provide and improve search functionality
To serve relevant content and advertising on Firefox New Tab
To provide Mozilla Accounts
To provide AI Chatbots
To provide Review Checker, including serving sponsored content
To enable add-ons (addons.mozilla.org, “AMO”), including offering personalized suggestions
To maintain and improve features, performance and stability
To improve security
To understand usage of Firefox
To market our services.
To pseudonymize, de-identify, aggregate or anonymize data.
To communicate with you.
To comply with applicable laws, and identify and prevent harmful, unauthorized or illegal activity.
I’m glad we have this contextless legalese to clarify things. I wonder if there’s some kind of opt-in data collection in Firefox that Mozilla might have legal obligations to clarify their rights to? Couldn’t be that… No, let’s put a pause on critical thinking and post stupid TOS excerpts as if Mozilla are going to steal our Deviantart uploads and sell them as AI training data.
I’m glad we have this contextless legalese to clarify things. I wonder if there’s some kind of opt-in data collection in Firefox that Mozilla might have legal obligations to clarify their rights to? Couldn’t be that… No, let’s put a pause on critical thinking and post stupid TOS excerpts as if Mozilla are going to steal our Deviantart uploads and sell them as AI training data.
If they need a ToS for a particular feature, then that “contextless legalese” should be scoped to that feature, not to Firefox as a whole.
This is precisely why the same organization should not do all of these things. If they want to do non-tool stuff to continue funding their mission they should start up independently managed companies that can establish these consents for a narrow band of services. They can give the existing organization control as a majority shareholder, with dividends flowing back to the main organization. That is the way to ensure that incentives don’t become misaligned with the mission.
Having owned a Framework since April of 2022, I cannot recommend them to people who need even basic durability in their devices. Since then, I have done two mainboard replacements, two top cover replacements, a hinge replacement, a battery replacement, several glue jobs after the captive screw hubs sheared from the plastic backing…
It’s just such an absurdly fragile device with incredibly poor thermals. They sacrificed a ton of desirable features to make the laptop repairable, but ultimately have released a set of devices that, when used in real-world settings, end with you repairing the device more often than not. And these repairs are often non-trivial.
I will personally be migrating to another machine. The Framework 12’s focus on durability may be trending in the right direction, but to regain trust, I’d need to see things like drop and wear tests. A laptop that can be repaired, but needs constant upkeep/incredibly delicate handling, is ultimately not an actual consumer device, but a hobbyist device.
Maybe they’ll get better in a few years. Maybe the Framework 12 will be better. Their new focus on AI, the soldered RAM in the desktop offering, and the failure to address the flimsy plastic chassis innards, among other things, mean that they have a long way to go.
It’s definitely a “be part of the community that helps solve our product problems” sort of feeling.
I have an AMD FW13, and was trying to figure out why it loses 50+% of its battery charge overnight when I close the lid, because I don’t use this computer every single day and don’t want to have remember to charge yet another device.
So I check the basics-I’m running their officially supported Linux distro, BIOS is current, etc. And half an hour into reading forum threads about diagnosing sleep power draw, I realize that this is not how I want to spend my time on this planet. I love that they’re trying to build repairable/upgradeable devices, but that goal doesn’t matter so much if people end up ditching your products for another option because they’re just tired of trying to fix it.
I’ll chime in with the opposite experience - I’ve owned an AMD Framework 13 since it came out, and had no durability issues with it whatsoever, and it’s been one of my 2 favorite computers I’ve ever owned. I’ve done one main board replacement that saved my butt after a bottle of gin fell over on top of it in transport.
Development and light gaming (on Linux, I very much appreciate their Linux support) have been great, and the reparability both gives me peace of mind, an upgrade path, and has already saved me quite a bit of money.
I’ve owned a framework since Batch 1. Durability has not been a problem for me. My original screen has a small chip in it from when I put it in a bag with something that had sharp edges and pressured the screen for a whole flight. Slowly growing. Otherwise, it’s been solid.
Same. I have a batch 1. There are quirks, which I expected and knew I am supporting a startup with little experience. I since have upgraded and put my old board into a cooler master case. This is so amazing, and what I cared about. I am still super happy with having bought the Framework and particular for tinkerers and people who will have a use for their old mainboards it’s amazing.
I get harbouring resentment for a company you felt sold then a bad product. But at the same time, you bought a laptop from a very inexperienced company which was brand new at making laptops, a pretty difficult product category to get right when you’re not just re-branding someone else’s white-label hardware.
3 years have passed since then, if I were in the market for a category which Framework competes in these days I would be inclined to look at more recent reviews and customer testimonials. I don’t think flaws in that 3 year old hardware is that relevant anymore. Not because 3 years is a particularly long time in the computer hardware business, but because it’s a really long time relative to the short life of this particular company.
I would agree that 3 years is enough time for a company to use their production lessons to improve their product. But nothing has changed in the Framework 13.
I don’t resent Framework. I think that’s putting words in my mouth. I just cannot, in good faith, recommend their products to people who need even a semi-durable machine. That’s just fact.
a very inexperienced company which was brand new at making laptops
Founded by people who had experience designing laptops already, and manufactured by a company that manufactures many laptops. Poor explanations for the problems, IMO.
I’ve had a 12th gen Intel since Sept 2022 (running NixOS btw) and I have not had any issues, I will admit it sits in one place 99% of the time. I might order the replacement hinge since mine is a bit floppy but not too big a deal.
As for the event, I was hoping for a minipc using the 395 and I got my wish. Bit pricey and not small enough for where I want to put it and I have no plans for AI work so it’s probably not the right machine for me.
I was originally interested in the HP machine coming with the same CPU (which should be small enough to fit) but I’ve been pricing an AMD 9950 and it comes out cheaper. I was also disappointed there wasn’t a sku with 385 Max w/64GB of RAM , which I might have have ordered to keep the cost down.
For reference a new machine is intended to replace a 10 year old Devils Canyon system.
I’ve also had my Framework 13 since beginning of 2022. I’ve had to do a hinge replacement, input cover replacement, and mainboard replacement. But I sort of expected that since it’s a young company and hardware is hard. And through all of it support was very responsive and helpful.
I would expect that nowadays the laptops are probably more solidly built than those early batches!
Support was definitely helpful. I just don’t have time or money to replace parts on my machine anymore.
From what I understand, the laptops aren’t any stronger. Even the Framework 16 just got some aftermarket/post-launch foam pads to put below the keyboard to alleviate the strain on the keyboard. The entire keyboard deck would flex.
The fact that these products have these flaws makes me wonder how Framework organizes its engineering priorities.
When compared to other similar laptops from brands like HP or Lenovo, how does the deck flex compare? I definitely feel sympathetic to not being better or on par with Apple - given the heaps of money Apple has for economies of scale + lots of mechanical engineers, but it would be a bit rough if mid-tier laptops in that category were far superior.
The deck flex is on par with or worse than an HP EliteBook circa 2019. The problem is that it’s incredibly easy to bend the entire frame of the machine, to the point where it interferes with the touchpad’s ability to click.
It’s really bad, bordering on unexcusable. The fact that there’s no concrete reinforcment says that they sacrificed build quality for repairability, which is equivalent to making a leaky boat with a very fast bilge pump.
I’m not sure what you’re doing to your laptop; how are you bending the entire frame of the machine?
It’s a new company that is largely doing right by open source, and especially open hardware. The quality isn’t incredible but it is worth its value, and I find these claims you’re making dubious.
It’s a fairly common flex point for the chassis, and a common support problem. The base of the mousepad, towards the front of the laptop where there’s a depression in the case, is where the majority of the flex is.
My laptop has seen nothing but daily, regular use. You can find the claims dubious, but others are having them too.
I’ll chime in too: I’ve had the Framework 13 AMD since it came out (mid 2023) and it has been great.
I upgraded the display after the new 2.8K panel came out, it took 2 minutes. Couple months later it developed some dead pixels, so they sent me a replacement. In the process of swapping it out, I accidentally tore the display cable. It took me a while to notice/debug it, but in the end it was just a $15 cable replacement that I’m fairly sure would have otherwise resulted in a full mainboard replacement for any other laptop. (When I had Macbooks, I lost count how many times Apple replaced the mainboard for the smallest thing.)
I haven’t been too precious with it, I toss it around like I did my Thinkpad before this. There’s some scuffs but it has been fine, perhaps the newer models are more sturdy? It’s comforting to know that if anything breaks, I’ll be able to fix it.
I also run NixOS on it, it does everything I need it to do, the battery life is great (8-10 hours of moderate use) and I’ll happily swap out the battery in a few more years once it starts losing capacity.
I spend so much of my life at the computer that feeling a sense of ownership over the components makes a lot of sense to me. I don’t want to feel like I’m living in a hotel.
It is, in fact, how I want to spend my time on this planet.
To add to the chorus, I bought a 12th gen intel framework 13 on release and it’s been flawless so far. Nixos worked out of the box. I love the 3:2 screen. I can totally believe that a small/young manufacturing company has quality control issues and some people are getting lemons, but the design itself seems solid to me.
On my old dell laptop I snapped all the usb ports on one side (by lifting up the other side while keyboard/mouse were still connected). Since they’re connected directly to the motherboard they weren’t repairable without buying a new cpu. If I did the same on the framework it would only break the $12 expansion cards and I wouldn’t even have to turn it off to replace them.
Later I dropped that same dell about 20cm on to a couch with the screen open. The impact swung the screen open all the way and snapped the hinges. They wanted me to send it back for repairs but I couldn’t handle the downtime, so for a year I just had the hinges duck-taped together. I’ve dropped my framework the same way, but because the screen opens the full 180 degrees it doesn’t leverage the hinges at all. And if it did break I’d be able to ship the part and replace it myself.
Not that I support the desktop offering as anything but waste, but the soldered RAM is apparently all about throughput:
We spent months working with AMD to explore ways around this but ultimately determined that it wasn’t technically feasible to land modular memory at high throughput with the 256-bit memory bus. (source)
I wish I could name something in good faith that was comparable to a hyper-repairable x86-64 laptop. Lenovo is pivoting towards repairability with the T14 Gen 5, but I can’t recommend that either yet.
Star Labs, System76, some old Thinkpad models.. there are “competitive” things, but few things that pitch the things Framework does.
While I agree on some of that, I must stress that I’ve had hardware that was fine until just one thing suddenly broke and everything was unusable. I’ll try an analogy: with repairability, if all your components are 99% reliable and working, the whole machine is at 99% but without it, even if all of them are at 99.9% instead, when you have 10 components, you’re not in a better situation overall.
And I say that while I need to finish going through support for a mainboard replacement due to fried USB ports on a first-gen machine (although not an initial batch). BTW, funnily I’m wondering if there’s an interaction with my yubikey. I also wish the chassis was a bit sturdier but that’s more of a wish.
As for thermals, while I think they could probably be better, the 11th gen Intel CPU that you have (just like I do) isn’t great at all: 13th gen ones are much better AFAIK.
I’ve experienced a full main board failure which led to me upgrading to a 12th gen on my own dime.
The thermal problems are still there, and their fans have some surprising QA problems that are exacerbated by thermal issues.
I wish I could excuse the fact that my machine feels like it’s going to explode even with power management. The fans grind after three replacements now, and I lack the energy and motivation to do a fourth.
I think 12th gen is pretty similar to 11th gen. I contemplated the upgrade for similar reasons but held off because I didn’t need to know and the gains seemed low. IIRC it’s really with 13th gen that Intel improved the CPUs. But I agree the thermals/power seems sub-par; I feel like it could definitely be better.
BTW, I just “remembered” that I use mine mostly on my desk and it’s not directly sitting on it which greatly improves its cooling (I can’t give hard numbers but I see the temps under load are better and max CPU frequency can be maintained).
Sorry to hear about the trouble with your Framework 13. To offer another data point: I have a 12th gen Framework 13 and haven’t needed to repair a thing, I’m still super happy with it. The frame-bending I’ve also not seen, it’s a super sturdy device for me.
I don’t understand the necessity for a Framework Desktop edition. It’s just more waste. Just make a better laptop or sell it headless. It would also be nice to see consistency in the offerings instead of 12 being Intel, 13 being AMD AI thingy, 16 being last-gen AMD etc.
I don’t know what “waste” means here. I also don’t understand what the significant difference is in your mind between a “headless laptop” and a “desktop with laptop components”. Are you complaining that the desktop doesn’t come with worse cooling and a built-in keyboard?
The way I see it, if Framework has the capacity to build and sell a desktop computer, and they expect it to sell well enough to cover costs, it’s not hurting anything. For a small company there’s always the risk of spreading yourself too thin, but I don’t think any of us have enough insight into their operations to tell if that’s happening here.
When I say a headless laptop I mean it literally, as in a Framework 13 with some nubs on the hinge or just a plastic block instead of a screen assembly. No keyboard either, make a keyboard-slot-shaped fan assembly for cooling or something - they’re smart people, they could figure it out. The only thing weird about it would be the form factor not being the box shape desktop users are used to. I am making the complaint you’re trying to dismiss. “Waste” is more plastic crap and manufacturing supply chain crap, from moulds to energy usage to time expenditure.
Framework 13 insides exist in both AMD and Intel variants, in various generations
Framework Desktop uses a technically laptop chip but can’t be adequately cooled in the laptop form factor (which is also the reason hardly any laptops with the chip exist). I was looking for a semi-portable small form factor PC and imo this is actually better because it’s smaller than any SFF PC you could build, while still being much more powerful than a NUC-style PC. Its main selling point is LLMs and other GPGPU compute due to the vast unified memory, not much competition in the specific space and GPUs being much more expensive.
You can already have headless ones. I think there’s even a case on their shop.
edit:
As for the variety in CPUs, I think they started with intel partly because TB4 but then they started a partnership with AMD (and AMD CPUs are definitely in a better position now). Moreover, I’ve seen much more variety with other manufacturers (to a point that’s maddening tbh). Finally, the “AMD AI” is AMD’s marketing name: just ignore that part of the name.
AI agents are starting to take vague requirements and independently write, deploy, and debug code with little human oversight.
I have yet to see any evidence of this outside tightly-controlled test environments. Wow, cursor generated a todo app based on the hundreds of millions of todo app examples on GitHub. This is totally spam.
sure, there are plenty of todo apps on the public internet, but I do find it pretty interesting that models are still able to sample from that distribution and generate working code that doesn’t exactly match anything in the training set. even framed as a retrieval problem, this was impossible just a few years ago.
and, if we take a step back, isn’t a lot of coding (even for fun!) of this variety? years ago, it was googling around and copy and pasting snippets from stackoverflow, today it’s using these AI coding tools.
we’ve definitely also observed that the models get really stuck on truly novel algorithms (our experience using cursor/claude 3.6 to write a sync engine). so, I’m pretty excited to get to do more of that and less of the repetitive, boring, copy paste stuff.
I really enjoyed reading this. There are good summaries at the end of each section that both authors agree represent their viewpoints.
Of course, this transcript resulted in me agreeing with Ousterhout entirely, and being puzzled by Martin’s takes on the points where they disagree. I’m curious to hear if that’s because I was already primed by anti-Clean Code rhetoric in advance. Do fans of Clean Code read this and think it’s fair and accurate?
The main feeling I have is that Uncle Bob is more of an evangelist than a technologist. He advocated extremely strongly for TDD, for SOLID, for short functions, for self-documenting code… And back when I hadn’t tried these things at all, his evangelism was part of what convinced me to make the attempt, and I observed my code quality improve significantly as a result. It’s certainly possible to go too far, and I’ve done that, too… But I don’t know if I’d have as much of a sense for the limitations of the approach if I hadn’t attempted the dogma first.
I too, agree that I find Uncle Bob’s reasoning puzzling. The two hardest problems in Computer Science is cache invalidation and naming things, and Uncle Bob wants to create yet more names?
Uncle Bob’s arguments against comments is also puzzling—one place were comments are gold are for workarounds for bugs in code you don’t control, or to provide a reference where an algorithm was described (I notice that neither one of them mentioned the Knuth article describing the primes generator in a comment).
The Reddit thread has some commenters who side with Martin more than they do Ousterhout. Others also described Ousterhout as different shades of “not cool”, but that may be them siding with Martin more.
Redditors tend to like Bob Martin’s personality or pseudo-“scientific method” approach, and so I often see TDD and Martin defended with cult-like ferociousness.
Lobsters tend to like the little mermaid’s personality or pseudo-“fish” approach, and so I often see Tail Driven Development and Ariel defended with cult-like ferociousness.
One problem with this critique of Clean Code is that Uncle Bob presents a rule of thumb, which Ousterhout goes on to interpret as a law, and critiques it as such.
I’m curious to what extent Apple’s hand was forced here. Their stance has consistently been pro-user privacy, and their actions generally reflect that. Was this Apple flipping the table on the U.K. after being asked to do something far worse? (Matthew Green had some commentary on this)
Their hand was 100% forced. The UK demands are fundamentally incompatible with ADP. Unless you’re saying it is an option to just pretend to deliver E2EE while backdooring it?
Isn’t that what they did for Chinese users? Building a custom secret store out of hardware with known local security vulnerabilities and hosting it in Chinese government owned datacenters. But it’s much easier for Apple to tell the UK to suck it up than China.
My bad—my question wasn’t well formulated. The time between the UK’s initial backdoor request and Apple pulling ADP from UK users was surprisingly short. I’m wondering why they had to comply so quickly instead of fighting longer. I don’t think they’d give in unless it was absolutely necessary or something bigger was at risk.
You’re missing the point - if the UK government has a law that says ADP is illegal apple can’t offer it, just like they can’t offer a door-to-door hitman service - they could go to court to fight the law (though in the UK that’s much harder), but while doing so they still can’t offer the service (unless they got some kind of injunction, which - because it’s the uk - is again unlikely).
Simply not offering the service, so UK residents have less data security than anyone else is the solution, is far better than trying to pretend some broken system is in any way secure. Governments need to understand that they don’t get to demand broken encryption and simultaneously pretend they’re not responsible for the security damage it does.
It wasn’t a backdoor “request”, it’s a demand. The UK told Apple they have to do xyz and can’t reveal that they’ve done it. There’s nothing to fight, it’s an order.
The options are (1) backdoor the encryption - thus defeating it for everyone else or (2) do not offer it at all.
Hopefully when the apparent “in future you will be required to turn this off” will come with a message along the lines of “the UK government has required us to store your data in a way that can be read by hackers, monetized by us, and provided to any government agency that requests it - without your knowledge - if you could please enter your password now that would be greatly appreciated”
I will eat my hat if Apple will ever do such a thing. They will say the local regulations require the user to disable it and that’s it. No sarcasm will be employed.
if you offer a service that is actually secure, you’re required to silently downgrade it to a non-secure system and you cannot tell the victims.
Alternatively you do what apple is doing and say “We are not going to offer a system in which we claim certain levels of security that are not possible, or could be actively downgraded in future without user consent or notice solely to support totalitarian governments and incompetent law enforcement”.
The technical capability notice only applies to services you provide, and the existence of that law means that any company operating in the UK that claims to offer secure storage is lying, maybe in future they’d adopt a demand that you not take down any service, but the way to defend against that is to not offer such a service in any country that has such an atrocious human rights record - and while everyone thinks of the US police force when they think of corrupt police, remember the UK police are notorious for violating human rights and the only difference is that they don’t murder people as often.
The UK government’s demand came through a “technical capability notice” under the Investigatory Powers Act (IPA), requiring Apple to create a backdoor that would allow British security officials to access encrypted user data globally.
Yes, if I understand you correctly - as mentioned in the beginning of this article (and reported earlier elsewhere) the UK government asked them to backdoor ADP.
I guess, but the code was written in the year 2000. It’s not an excuse to not have reviewed this code and modified it to use snprintf, but the snark about a >25 year old line of code in a dependency’s dependency sucks.
Nevermind, I guess? 4.4BSD in 1992 had snprintf… reading the xmlrpc-c source and shaking my head the whole time so people know I disagree with it…
I disagree with this, only because it’s imperialism. I’m British, in British English I write marshalling (with two of the letter l), sanitising (-sing instead of -zing except for words ending in a z), and -ise instead of -ize, among other things. You wouldn’t demand an Arabic developer to write all his comments in English for your sake for the sake of being idiomatic, would you?
I’ve worked for a few companies in Germany now, about half of them with their operating language being in German. All of them had comments being written exclusively in English. I don’t know how that is in other countries, but I get the impression from Europeans that this is pretty standard.
That said, my own preference is for American English for code (i.e. variable names, class names, etc), but British English for comments, commit messages, pull requests, etc. That’s because the names are part of the shared codebase and therefore standardised, but the comments and commit messages are specifically from me. As long as everyone can understand my British English, then I don’t think there’s much of a problem.
EDIT: That said, most of these suggestions feel more on the pedantic end of the spectrum as far as advice goes, and I would take some of this with a pinch of salt. In particular, when style suggestions like “I tend to write xyz” become “do this”, then I start to raise eyebrows at the usefulness of a particular style guide.
Developers in China seem to prefer Chinese to English. When ECharts was first open-sourced by Baidu most of the inline comments (and the entire README) were in Chinese:
In Japan I feel like the tech industry is associated with English, and corporate codebases seem to use mostly English in documentation. However, many people’s personal projects have all the comments/docs in Japanese.
If someone wants to force everyone to spell something the same within a language they should make sure it’s spelled wrong in all varieties, like with HTTP’s ‘referer’.
The Go core developers feel so strongly about their speling that they’re wiling to change the names of constants from other APIs.
The gRPC protocol contains a status code enum (https://grpc.io/docs/guides/status-codes/), one of which is
CANCELLED. Every gRPC library uses that spelling except for go-grpc, which spells itCanceled.Idiosyncratic positions and an absolute refusal to concede to common practice is part and parcel of working with certain kinds of people.
We’re drifting off-topic, but I have to ask: gRPC is a Google product; Go is a Google product; and Google is a US company. How did gRPC end up with
CANCELLEDin the first place?!When you use a lot of staff on H-1B and E-3 visas, you get a lot of people who write in English rather than American!
Wait until you hear about the HTTP ‘Referer’ header. The HTTP folks have been refusing to conform to common practice for more than 30 years!
If this is something other than a private pet project of a person who has no ambition of ever working with people outside of his country? Yes, yes I would.
I believe the advice is still applicable to non-native speakers. In all companies I worked for in France, developers write code in English, including comments, sometimes even internal docs. There are a lot of inconsistencies (typically mixing US English and GB English, sometimes in the same sentence.)
In my experience (LatAm) the problem with that is people tend to have pretty poor English writing skills. You end up with badly written comments and commit messages, full of grammatical errors. People were aware of this so they avoided writing long texts in order to limit their mistakes, so we had one-line PR descriptions, very sparse commenting, no docs to speak of, etc.
Once I had the policy changed for the native language (Portuguese) in PRs and docs they were more comfortable with it and documentation quality improved.
In Europe people are much more likely to have a strong English proficiency even as a second or third language. You have to know your audience, basically.
While I like to write paragraphs of explanation in-between code, my actual comments are rather ungrammatical, with a bit of git style verb-first, removing all articles and other things. Proper English feels wrong in these contexts. Some examples from my currently opened file:
Those comments would most likely look weird to a person unfamiliar with your particular dialect.
In a small comment it’s fine to cut some corners, similar to titles in newspapers, but we can’t go overboard: the point of these things is to communicate, we don’t want to make it even more difficult for whoever is reading them. Proper grammar helps.
For clarification, this is not my dialect/way of speaking. But I see so many short interline comments like this, that I started thinking they feel more appropriate and make them too, now. Strange!
“If you use standard terms, spell them in a standard way” is not the same as “use only one language ever”.
Is “chapéu” or “hat” the standard way of spelling hat in Golang? If it’s “hat”, your standard is “only use American English ever”.
Is “hat” a standard term regularly used in the golang ecosystem for a specific thing and on the list given in the article? If not, it is not relevant to the point in the article.
(And even generalized: if it happens to be an important term for your code base or ecosystem, it probably makes sense to standardize on how to spell it. in whatever language and spelling you prefer. I’ve worked on mixed-language codebases, and it’d been helpful if people consistently used the German domain-specific terms instead of mixing them with various translation attempts. Especially if some participants don’t speak the language (well) and have to treat terms as partially opaque)
What? England had the word “hat” long before the USA existed.
I had to solve this once. I maintain a library that converts between HTML/CSS color formats, and one of the formats is a name (and optional spec to say which set of names to draw from). HTML4, CSS2, and CSS2 only had “gray”, but CSS3 added “grey” as another spelling for the same color value, and also added a bunch of other new color names which each have a “gray” and a “grey” variant.
Which raises the question: if I give the library a hex code for one of these and ask it to convert to name, which name should it convert to?
The solution I went with was to always return the “gray” variant since that was the “original” spelling in earlier HTML and CSS specs:
https://webcolors.readthedocs.io/en/latest/faq.html#why-does-webcolors-prefer-american-spellings
I thought you guys loved imperialism?
Imperialism is like kids, you like your own brand.
I don’t think it’s really “imperialism”—firstly, “marshaling” isn’t even the preferred spelling in the US. Secondly in countries all over the world job listings stipulate English language skills all the time (even Arabic candidates) and the practice is widely accepted because facilitating communication is generally considered to be important. Lastly, while empires certainly have pushed language standardization as a means to stamp out identities, I don’t think it follows that all language standards exist to stamp out identities (particularly when they are optional, as in the case of this post).
What makes you say that? (Cards on the table, my immediate thought was “Yes, it is.” I had no data for that, but the ngram below suggests that the single l spelling is the (currently) preferred US spelling.)
https://books.google.com/ngrams/graph?content=marshaling%2Cmarshalling&year_start=1800&year_end=2022&corpus=en-US&smoothing=3&case_insensitive=true
It’s imperialist to use social and technical pressure to “encourage” people to use American English so their own codebases are “idiomatic”.
I disagree. I don’t see how it is imperialism in any meaningful sense. Also “pressure” is fairly absurd here.
I really dislike such advice. I remember in early 00s, lots of web developers adopting code without “else” and “early returns” and lots of other things that at the time were considered best practices. To be honest in many cases they just added friction to what would be an easier and more readable (if a bit more verbose) code.
I will die on the hill that early/multiple returns are more readable and usually result in simplified logic and so code that’s easier to follow.
That is ok. We don’t need to agree on that. To be honest, the most important thing is for a project to decide upon a style and follow it. I understand why multiple returns, for me they’re like guards, what I don’t like are “if” statements where what is clearly the “else” part is just left out of it because of an early return that might not be a guard. It is confusing, I know.
I remember those days. I kind of vaguely thought I should consider this kind of advice, then I never did, and am glad of it.
There’s nuggets of something useful there. Big long conditionals with lots of logic statements can be hard, and turning subexpressions into variables can help. There are other patterns to try to avoid the difficulty of keeping track of large blocks of code that are run conditionally. Extracting to a method is a cure worse than the disease, but normal in Smalltalk.
Maybe it was also a reaction to a kind of coding practice that we no longer encounter. Deep spaghetti code was not uncommon, with flags being set, and lots of complicated chains of effect. Perhaps the result of people who were introduced to programming through assembly (which is no longer a common background). It’s a certain kind of code that is uncommon now (except maybe in embedded spaces and other low-level places where it’s common to get by with very few quality data structures).
I didn’t think to tag it historical but I submitted it with something like your latter paragraph in mind. It’s just interesting.
Not to treat things hyperbolically, but this is honestly the most beautiful keyboard I have ever seen.
I currently use a ZSA Moonlander and have been considering the ZSA Voyager to switch to a low-profile keyboard, but I wasn’t completely sold on it. The thing is, I feel that the limited split keyboard market is mainly RGB/gamer-focused. On the contrary, Bayleaf is the type of tool that I would love to use daily as a programmer. The commercially finished look was an excellent idea, and I’m particularly looking forward to seeing the improved thumb cluster. I would easily spend ZSA keyboard amounts and probably more for a keyboard like this.
Also I could see this keyboard pairing really well with fractal design products.
Lastly, I would love to learn the best way to stay in touch with this keyboard!
It’s a lovely board for sure.
However, the market for ergo (low-profile) keyboards has gotten a lot better in recent years. Although a lot of things have RGB (like the Moonlander), I would say most of the ergo keyboards aren’t gamer-focused.
Copying my comment from the orange site in case you’re interested in looking at some others:
The keyboard they were inspired by (not for sale… yet?): https://old.reddit.com/r/ErgoMechKeyboards/comments/1cfg3vr/…
Corneish (out of stock): https://lowprokb.ca/products/corne-ish-zen?variant=376943319… Unicorne: https://new.boardsource.xyz/products/unicorne-LP
The corneish is an absolute gem in my opinion. It is possibly (probably?) open-sourced too.
Edit: Some more finds from my own perusal
Comparison of split keyboards: https://jhelvy.shinyapps.io/splitkbcompare/
Mostly open-source ergo keyboard customizer: https://ryanis.cool/cosmos/
The latter is pretty awesome. Use a GUI to generate a custom keyboard that you just need to put together. Alas it seems like there is no PCB support for LP switches (at least the Gateron and Kailh Choc).
Do most people using split keyboards have small hands? The thumb cluster on the Ergodox is one of it’s best features, and I never ever see it replicated.
Can you reach every key on that cluster comfortably? I don’t think I have small hands, but have to admit that not all of the keys there are easily reachable for me.
I also have an ergodox and I’m a hair under 6’ and I literally never use any thumb cluster key other than the one closest to my right thumb. I’m not even sure what all of the other keys do even though I wrote this layout myself
May I ask your solution to modifiers? I’ve been using homerow mods and find it quite difficult to avoid mistakes.
I also only use a small number of the available thumb keys.
lol I actually forgot that I use one of the left thumb keys as a layer modifier to change the home row into arrow keys. the vast majority of modifiers on the left hand. I use emacs so I use alt/meta quite a lot which is why it has a relatively prominent placement. the URL below should have a rough outline of my current layout but I’m not sure if it’s actually public or not
https://configure.zsa.io/ergodox-ez/layouts/v6QGK/latest/0
Yeah, I’ve never had an issue pressing the furthest thumb cluster buttons irregularly and my hands aren’t huge (I’m 6’2 to give you some sense of scale) so it’s not like you can’t occasionally stretch for them. Mine have home/end on one side and pgup/pgdn on the other, since I don’t use those often but when I do I don’t want to have to navigate to another layer.
You are 6 cm taller, so not a big difference? On my layout I basically never reach for del/f13 or the matching keys on the other side.
I had this problem too, and when my Ergodox finally packed it in, I went with a keyball44 for (in large part) this reason.
I have a Glove 80 and I can stretch to reach all of the keys on its cluster, but only find the two closest to my thumb to be comfortable.
I would say I have average-to-small sized hands. I don’t know of a good way to measure hands, but I can reach ninths (octave-to-octave +1 key in case you’re a music theory luddite like me) pretty comfortably on a musical keyboard.
I was never able to get used to the ZSAs; I do enjoy two different split keyboards in regular use:
Having said that, I can’t help but agree that the Bayleaf is gorgeous, esp for a custom built keyboard.
The ideals of this post are dead. Firefox is neither private nor free. Do not use Firefox in 2025.
Mozilla has done an about face and now demands that Firefox users:
See https://lobste.rs/s/de2ab1/firefox_adds_terms_use for more discussion.
If you’re already using Firefox, I can confirm that porting your profile over to Librewolf (https://librewolf.net) is relatively painless, and the only issues you’ll encounter are around having the resist fingerprinting setting turned on by default (which you can choose to just disable if you don’t like the trade-offs). I resumed using Firefox in 2016 and just switched away upon this shift in policy, and I do so sadly and begrudgingly, but you’d be crazy to allow Mozilla to cross these lines without switching away.
If you’re a macOS + Littlesnitch user, I can also recommend setting Librewolf to not allow communication to any Mozilla domain other than addons.mozilla.org, just in case.
👋 I respect your opinion and LibreWolf is a fine choice; however, it shares the same problem that all “forks” have and that I thought I made clear in the article…
Developing Firefox costs half a billion per year. There’s overhead in there for sure, but you couldn’t bring that down to something more manageable, like 100 million per year, IMO, without making it completely uncompetitive to Chrome, whose estimate cost exceeds 1 billion per year. The harsh reality is that you’re still using Mozilla’s work and if Mozilla goes under, LibreWolf simply ceases to exist because it’s essentially Firefox + settings. So you’re not really sticking it to the man as much as you’d like.
There are 3 major browser engines left (minus the experiments still in development that nobody uses). All 3 browser engines are, in fact, funded by Google’s Ads and have been for almost the past 2 decades. And any of the forks would become unviable without Apple’s, Google’s or Mozilla’s hard work, which is the reality we are in.
Not complaining much, but I did mention the recent controversy you’re referring to and would’ve preferred comments on what I wrote, on my reasoning, not on the article’s title.
I do what I can and no more, which used to mean occasionally being a Firefox advocate when I could, giving Mozilla as much benefit of the doubt as I could muster, paying for an MDN subscription, and sending some money their way when possible. Now it means temporarily switching to Librewolf, fully acknowledging how unsustainable that is, and waiting for a more sustainable option to come along.
I don’t disagree with the economic realities you mentioned and I don’t think any argument you made is bad or wrong. I’m just coming to a different conclusion: If Firefox can’t take hundreds of millions of dollars from Google every year and turn that into a privacy respecting browser that doesn’t sell my data and doesn’t prohibit me from visiting whatever website I want, then what are we even doing here? I’m sick of this barely lesser of two evils shit. Burn it to the fucking ground.
I think “barely lesser of two evils” is just way off the scale, and I can’t help but feel that it is way over-dramatized.
Also, what about the consequences of having a chrome-only web? Many websites are already “Hyrum’s lawed” to being usable only in Chrome, developers only test for Chrome, the speed of development is basically impossible to follow as is.
Firefox is basically the only thing preventing the most universal platform from becoming a Google-product.
Well there’s one other: Apple. Their hesitance to allow non-Safari browsers on iOS is a bigger bulwark against a Chrome-only web than Firefox at this point IMO.
I’m a bit afraid that the EU is in the process of breaking that down though. If proper Chrome comes over to iOS and it becomes easy to install, I’m certain that Google will start their push to move iOS users over.
I know it’s not exactly the same but Safari is also in the WebKit family and Safari is nether open source nor cross platform nor anywhere close to Firefox in many technical aspects (such as by far having the most functional and sane developer tools of any browser it there).
Pretty much the same here: I used to use Firefox, I have influenced some people in the past to at least give Firefox a shot, some people ended up moving to it from Chrome based on my recommendations. But Mozilla insists on breaking trust roughly every year, so when the ToS came around, there was very little goodwill left and I have permanently switched to LibreWolf.
Using a fork significantly helps my personal short-term peace of mind: whenever Mozilla makes whatever changes they’re planning to make which requires them to have a license to any data I input into Firefox, I trust that I will hear about those changes before LibreWolf incorporates them, and there’s a decent chance that LibreWolf will rip them out and keep them out for a few releases as I assess the situation. If I’m using Firefox directly, there’s a decent probability that I’ll learn about those changes after Firefox updates itself to include them. Hell, for all I know, Firefox is already sending enough telemetry to Mozilla that someone there decided to make money off it and that’s why they removed the “Mozilla will doesn’t and will never sell your data” FAQ item; maybe LibreWolf ripping out telemetry is protecting me against Mozilla right now, I don’t know.
Long term, what I personally do doesn’t matter. The fact that Mozilla has lost so much good-will that long-term Firefox advocates are switching away should be terrifying to Mozilla and citizens of the Web broadly, but my personal actions here have close to 0 effect on that. I could turn into a disingenuous Mozilla shill but I don’t exactly think I’d be able to convince enough people to keep using Firefox to cancel out Mozilla’s efforts to sink their own brand.
If Firefox is just one of three browsers funded by Google which don’t respect user privacy, then what’s the point of it?
People want Firefox and Mozilla to be an alternative to Google’s crap. If they’re not going to be the alternative, instead choosing to copy every terrible idea Google has, then I don’t see why Mozilla is even needed.
Well to be fair to Mozilla, they’re pushing back against some web standard ideas Google has. They’ve come out against things like WebUSB and WebHID for example.
How the heck do they spend that much? At ~20M LoC, they’re spending 25K per line of code a year. While details are hard to find, I think that puts them way above the industry norms.
I’m pretty sure that’s off by 3 orders of magnitude; OP’s figure would be half a US billion, i.e. half a milliard. That means 500M / 20M = 25 $/LOC. Not 25K.
I see your point, but by that same logic, shouldn’t we all then switch to Librewolf? If Firefox’s funding comes from Google, instead of its user base, then even if a significant portion of Firefox’s users switch, it can keep on getting funded, and users who switched can get the privacy non-exploitation they need?
I gathered some numbers on that here: https://untested.sonnet.io/notes/defaults-matter-dont-assume-consent/#h-dollar510000000
TL;DR 90% of Mozilla’s revenue comes from ad partnerships (Google) and Apple received ca. 19 Bn $ per annum to keep Google as the default search engine.
Where did you get those numbers? Are you referring to the whole effort, (legal, engineering, marketing, administration, etc) ot just development?
That’s an absolutely bonkers amount of money, and while i absolutely believe it, im also kind of curious what other software products are in a similar league
doesn’t seem like a particularly grave concern to me
That page says “Services”. Does it apply to Firefox or the VPN?
The sexuality and violence thing I suspect is so that they are covered for use in Saudi Arabia and Missouri.
Yeah, that seems like legal butt-covering. If someone in a criminalizing jurisdiction accesses these materials and they try to sue to the browser, Mozilla can say the user violated TOS.
i assume it applies mostly to Bugzilla / Mozilla Connect / Phabricator / etc
This is just a lie. It’s just a lie. Firefox is gratis, and it’s FLOSS. These stupid paragraphs about legalese are just corporate crap every business of a certain size has to start qualifying so they can’t get their wallet gaped by lawyers in the future. Your first bullet point sucks - you don’t agree to the Acceptable Use Policy to use Firefox, you agree to it when using Mozilla services, i.e. Pocket or whatever. Similarly, your second bulletpoint is completely false, that paragraph doesn’t even exist:
The text was recently clarified because of the inane outrage over basic legalese. And Mozilla isn’t selling your information. That’s not something they can casually lie about and there’s no reason to lie about it unless they want to face lawsuits from zealous legal types in the future. Why constantly lie to attack Mozilla? Are you being paid to destroy Free Software?
Consciously lying should be against Lobsters rules.
Let’s really look at what’s written here, because either u/altano or u/WilhelmVonWeiner is correct, not both.
The question we want to answer: do we “agree to an acceptable use policy” when we use Firefox? Let’s look in the various terms of service agreements (Terms Of Use, Terms Of Service, Mozilla Accounts Privacy). We see that it has been changed. It originally said:
“When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.”
Note that this makes no distinction between Firefox as a browser and services offered by Mozilla. The terms did make a distinction between Firefox as distributed by Mozilla and Firefox source code, but that’s another matter. People were outraged, and rightfully so, because you were agreeing to an acceptable use policy to use Firefox, the binary from Mozilla. Period.
That changed to:
“You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.”
Are the legally equivalent, but they’re just using “nicer”, “more acceptable” language? No. The meaning is changed in important ways, and this is probably what you’re referring to when you say, “you don’t agree to the Acceptable Use Policy to use Firefox, you agree to it when using Mozilla services”
However, the current terms still say quite clearly that we agree to the AUP for Mozilla Services when we use Firefox whether or not we use Mozilla Services. The claim that “you don’t agree to the Acceptable Use Policy to use Firefox” is factually incorrect.
So is it OK for u/WilhelmVonWeiner to say that u/altano is lying, and call for censure? No. First, it’s disingenuous for u/WilhelmVonWeiner to pretend that the original wording didn’t exist. Also, the statement, “Similarly, your second bulletpoint is completely false, that paragraph doesn’t even exist:” is plainly false, because we can see that paragraph verbatim here:
https://www.mozilla.org/en-US/about/legal/terms/firefox/
So if u/WilhelmVonWeiner is calling someone out for lying, they really shouldn’t lie themselves, or they should afford others enough benefit of the doubt to distinguish between lying and being mistaken. After all, is u/WilhelmVonWeiner lying, or just mistaken here?
I’m all for people venting when someone is clearly in the wrong, but it seems that u/WilhelmVonWeiner is not only accusing others of lying, but is perhaps lying or at very least being incredibly disingenuous themselves.
Oh - and I take exception to this in particular:
“every business of a certain size has to start qualifying so they can’t get their wallet gaped by lawyers”
Being an apologist for large organizations that are behaving poorly is the kind of behavior we expect on Reddit or on the orange site, but not here. We do not want to or should we need to engage with people who do not make good faith arguments.
This is a pretty rude reply so I’m not going to respond to the specifics.
Mozilla has edited their acceptable use policy and terms of service to do damage control and so my exact quotes might not be up anymore, but yeah sure, assume that everyone quoting Mozilla is just a liar instead of that explanation if you want.
EDIT:
https://blog.mozilla.org/en/products/firefox/update-on-terms-of-use/
Sorry for being rude. It was unnecessary of me and I apologise, I was agitated. I strongly disagree with your assessment of what Mozilla is doing as “damage control” - they are doing what is necessary to legally protect the Mozilla Foundation and Corporation from legal threats by clarifying how they use user data. It is false they are selling your private information. It is false they have a nonexclusive … license to everything you do using Firefox. It is false that you have to agree to the Acceptable Use Policy to use Firefox. It’s misinformation, it’s FUD and it’s going to hurt one of the biggest FLOSS nonprofits and alternate web browsers.
So people can judge for them selves, the relevant quote from the previous Terms of Use was:
Source: http://archive.today/btoQM
The updated terms make no mention of the Acceptable Use Policy.
This is a pretty incendiary comment and I would expect any accusation of outright dishonesty to come with evidence that they know they’re wrong. I am not taking a position on who has the facts straight, but I don’t see how you could prove altano is lying. Don’t attribute to malice what can be explained by…simply being incorrect.
that’s not binding to firefox. that’s binding to mozilla services like websites and other services. https://www.mozilla.org/en-US/about/legal/terms/mozilla/ links to the acceptable use page for instance. whereas the firefox one does not. https://www.mozilla.org/en-US/about/legal/terms/firefox/
firefox is fine. your other points are also largely incorrect.
FYI this is a change made in response to the recent outrage, the original version of the firefox terms included
Which has now been removed.
What are the trade-offs for resisting fingerprinting? Does it disable certain CSS features, or?
Your locale is forced to en-US, your timezone is UTC, your system is set to Windows. It will put canvas behind a prompt and randomizes some pixels such that fingerprinting based on rendering is a bit harder. It will also disable using SVG and fonts that you have installed on your systems
Btw, I don’t recommend anyone using resist fingerprinting. This is the “hard mode” that is known to break a lot of pages and has no site-specific settings. Only global on or off. A lot of people turn it on and then end up hating Firefox and switching browsers because their web experience sucks and they don’t know how to turn it off. This is why we now show a rather visible info bar in settings under privacy/security when you turn this on and that’s also why we are working on a new mode that can spoof only specific APIs and only on specific sites. More to come.
Now that I know about it, I’m really looking forward to the new feature!
I’m using CanvasBlocker but its performance and UX could use some love.
This is the kind of thing Mozilla still does that sets it very far appart from the rest. Thanks!
heh, I wonder how many bits of entropy will be there in roughly “which of the spoofs are enabled”? :D
Yes, if everyone is running a custom set of spoofs you’d end up being unique again. The intent for the mechanism is for us to be able to experiment and test out a variety of sets before we know what works (in terms of webcompat). In the end, we want everyone to look as uniform as possible
It breaks automatic dark mode and sites don’t remember their zoom setting. Dates are also not always localized correctly. That’s what I’ve noticed so far at least.
Last week I asked Grok something like: “If we let 1000 LLM instances talk between each other for 100 years. Will they invent anything new?”
The response started with … “What a fascinating thought experiment! …”
The feigned personality of LLMs always irritates me. You’re not fascinated, you’re probabilistic token output. Just answer the question.
Did you generate most of the text with an LLM and edit it?
My MacBook Pro is nagging me to upgrade to the new OS release. It lists a bunch of new features that don’t care about. In the meantime, the following bugs (which are regressions) have been unfixed for multiple major OS versions:
There are a lot of others, these are the first that come to mind. My favourite OS X release was 10.6: no new user-visible features, just a load of bug fixes and infrastructure improvements (this one introduced libdispatch, for example).
It’s disheartening to see core functionality in an “abandonware” state while Apple pushes new features nobody asked for. Things that should be rock-solid, just… aren’t.
It really makes you understand why some people avoid updates entirely. Snow Leopard’s focus on refinement feels like a distant memory now.
The idea of Apple OS features as abandonware is a wild idea, and yet here we are. The external monitor issue is actually terrible. I have two friends who work at Apple (neither in OS dev) and both have said that they experience the monitor issue themselves.
It is one thing when a company ignores bugs reported by its customers.
It is another thing when a company ignores bugs reported by its own employees that are also customer-facing.
When I worked for a FAANG, they released stuff early internally as part of dogfooding programs to seek input and bug reports before issues hit users.
Sounds good, just that “you’re not the target audience” became a meme because so many bug reports and concerns were shut down with that response.
I was thinking about this not too long ago; there are macOS features (ex the widgets UI) that don’t seem to even exist anymore. So many examples of features I used to really like that are just abandoned.
This works flawlessly for me every single time, I use Apple Studio Display at home and a high end Dell at the office.
On the other hand, activating iMessage and FaceTime on a new MacBook machine has been a huge pain for years on end…
I can quote on that, but not with my Apple account, but with my brother’s. Coincidentally, he had less problems activating iMessage/FaceTime on an Hackintosh machine.
A variation on that which I’ve run in to is turning the monitor off and putting the laptop to sleep, and waking without moving or disconnecting it.
To avoid all windows ending up on stuck on the laptop display, I have to sleep the laptop, the power off the monitor. To restore power on the monitor, then wake the laptop. Occasionally (1 in 10 times?) it still messes up and I have to manually move windows back to the monitor display.
(This is when using dual-head mode with both the external monitor and laptop display in operation)
iCloud message sync with message keep set to forever seems to load soooo much that messages on my last laptop would be so awful to type long messages (more than 1 sentence) directly into the text box I started to write messages outside of the application, copy/paste and send the message. The delay was in seconds for me.
I’m really heartened by how many people agree that OS X 10.6 was the best.
Edited to add … hm - maybe you’re not saying it was the best OS version, just the best release strategy? I think it actually was the best OS version (or maybe 10.7 was, but that’s just a detail).
Lion was hot garbage. It showed potential (if you ignored the workflow regressions) but it was awful.
10.8 fixed many of lion’s issues and was rather good.
Snow Leopard was definitely peak macOS.
Are there people who still use 10.6? I wonder what would be missing compared to current MacOS. Can it run a current Firefox? Zoom?
It would be pretty hard to run 10.6 for something other than novelty, the root certs are probably all expired, and you definitely can’t run any sort of modern Firefox on it, the last version of FF to support 10.6 was ESR 45 released in 2016: https://blog.mozilla.org/futurereleases/2016/04/29/update-on-firefox-support-for-os-x/
I know there are people keeping Windows 7 usable despite lack of upstream support; it would be cool if that existed for 10.6 but it sounds like no.
Maybe 10.6 could still be useful for professional video/audio/photo editing software, the type that wasn’t subscription based.
It was before Apple started wanting to make it more iPhone-like and slowly doing what Microsoft did with Windows 8 (who did it in a ‘big bang’) by making Windows Phone and Windows desktop amost indistinguishable. After Snow Leopard, Apple became a phone company and very iPhone-centric and just didn’tbother with the desktop - it became cartoonish and all flashy, not usable. That’s when I left MacOS and haven’t looked back.
Recently, Disk Utility has started showing a permissions error when I click unmount or eject on SD cards or their partitions, if the card was inserted after Disk Utility started. You have to quit and re-open Disk Utility for it to work. It didn’t use to be like that, but it is now, om two different Macs. This is very annoying for embedded development where you need to write to SD cards frequently to flash new images or installers. So unmounting/ejecting drives just randomly broke one day and I’m expecting it won’t get fixed.
Another forever-bug: when you’re on a higher refresh rate screen, the animation to switch workspaces takes more time on higher refresh rate screens. This has forced me to completely change how I use macOS to de-emphasise workspaces, because the animation is just obscenely long after I got a MacBook Pro with a 120Hz screen in 2021. Probably not a new bug, but an old bug that new hardware surfaced, and I expect it will never get fixed.
I’m also having issues with connecting to external screens only working occasionally, at least through USB-C docks.
The hardware is so damn good. I wish anyone high up at Apple cared at all about making the software good too.
Oh, there’s another one: the fstab things to not mount partitions that match a particular UUID no longer work and there doesn’t appear to be any replacement functionality (which is annoying when it’s a firmware partition that must not be written to except in a specific way, or it will sofr-brick the device).
Oh, fun! I’ve tried to find a way to disable auto mount and the only solutions I’ve found is to add individual partition UUIDs to a block list in fstab, which is useless to me since I don’t just re-use the same SD card with the same partition layout all the time, I would want to disable auto mounting completely. But it’s phenomenal to hear that they broke even that sub-par solution.
Maybe it’s an intended “feature”, because 120Hz enabled iPhones and iPads have the same behavior.
Maybe, but we’re talking about roughly 1.2 seconds from the start of the gesture until keyboard input starts going to an app on the target workspace. That’s an insane amount of delay to just force the user to sit through on a regular basis… On a 60Hz screen, the delay is less than half that (which is still pretty long, but much much better)
Not a fix, but as a workaround have you tried Accessibility > Display > Reduce Motion?
I can’t stand the normal desktop switch animation even when dialed down all the way. With that setting on, there’s still a very minor fade-type effect but it’s pretty tolerable.
Sadly, that doesn’t help at all. My issue isn’t with the animation, but with the amount of time it takes from I express my intent to switch workspace until focus switches to the new workspace. “Reduce Motion” only replaces the 1.2 second sliding animation with a 1.2 second fading animation, the wait is exactly the same.
Don’t update/downgrade to Sequoia! It’s the Windows ME of MacOS’s. After Apple support person couldn’t resolve any of the issues I had, they told me to reinstall Sequoia and then gave me instructions to upgrade to Ventura/Sonoma.
I thought Big Sur was the Windows ME of (modern) Mac OS. I have had a decent experience in Sequoia. I usually have Safari, Firefox, Chrome, Mail, Ghostty, one JetBrains thing or another (usually PyCharm Pro or Clion), Excel, Bitwarden, Preview, Fluor, Rectangle, TailScale, CleanShot, Fantastical, Ice and Choosy running pretty much constantly, plus a rotating cast of other things as I need them.
Aside from Apple Intelligence being hot garbage, (I just turn that off anyway) my main complaint about Sequoia is that sometimes, after a couple dozen dock/undock cycles (return to my desk, connect to my docking station with a 30” non-hidpi monitor, document scanner, time machine drive, smart card reader, etc.) the windows that were on my Macbook’s high resolution screen and move to my 30” when docked don’t re-scale appropriately, and I have to reboot to address that. That seems to happen every two weeks or so.
Like so many others here, I miss Snow Leopard. I thought Tiger was an excellent release, Leopard was rough, and Snow Leopard smoothed off all the rough edges of Tiger and Leopard for me.
I’d call Sequoia “subpar” if Snow Leopard is your “par”. But I don’t find that to be the case compared to Windows 11, KDE or GNOME. It mostly just stays out of my way.
Have you ever submitted these regressions to Apple through a support form or such?
Apple’s bug reporting process is so opaque it feels like shouting into the void.
And, Apple isn’t some little open source project staffed by volunteers. It’s the richest company on earth. QA is a serious job that Apple should be paying people for.
Yeah. To alleviate that somewhat (for developer-type bugs) when I was making things for Macs and iDevices most of the time, I always reported my bugs to openradar as well:
https://openradar.appspot.com/page/1
which would at least net me a little bit of feedback (along the lines of “broken for everyone or just me?”) so it felt a tiny bit less like shouting into the void.
I can’t remember on these. The CalDAV one is well known. Most of the time when I’ve reported bugs to Apple, they’ve closed them as duplicates and given no way of tracking the original bug.
No. I tried being a good user in the past but it always ended up with “the feature works as expected”. I won’t do voluntary work for a company which repeatedly shits on user feedback.
I wonder if this means that tests have been red for years, or that there are no tests for such core functionality.
Sometimes we are the tests, and yet the radars go unread
10.6 “Snow Leopard” was the last Mac OS that I could honestly say I liked. I ran it on a cheap mini laptop (a Dell I think) as a student, back when “hackintoshes” were still possible.
…Okay? Sometimes, learning is boring. Some new things are slog. Cybersecurity training at work sucks but we all do it and we mostly learn from it. Using metaphors about M$ Word and placing blocks in Minecraft won’t ever substitute for using Git.
why can’t learning be fun?
Sure, sometimes it is. Cybersecurity training is a great example man I hate that stuff and click through as fast as possible without absorbing much. Maybe you enjoy that more than I do.
As for Git specifically, I never said anything about Git itself being boring - my point was more about the terminology that we use to communicate (esp technical terms that seem comfortable to us) and how it translates into the audience’s ability to digest that info.
I don’t think it’s too controversial to say however that Git learning is typically confusing for most new users (not necessarily boring) - there are just a lot of abstract concepts. I think this is also supported by the many experienced devs in this parallel thread on hackernews who have used the same 3 commands for 10 years, although I’m sure they would argue that they just never wanted to learn more than the bare minimum they needed for their workflows, which to me is a little sad.
Anyway, each person is free to use or not use whatever tools/methods they choose, so my goal was just to offer a gamified alternative for whoever finds value in it.
I always thought that significant indentation optionally replacing parens might make Lisps more readable for many. I know Racket has something like this… So for example, the example from the article:
Would become:
Postfix,
5 5 = [ “Sanity!” ] [ “Insanity!” ] if print
Now whitespace doesn’t matter and there’s even less syntax
Or as the bumper sticker said:
FORTH 🖤 IF HONK THENArguably even less readable, though, especially given conc. languages’ aversion to local variables, hence requiring mental effort to follow along with the stack contents.
(Don’t get me wrong, I like these languages, but I see them more as a kind of high level assembly.)
There’s also Smalltalk:
(5 = 5 ifTrue: [“sanity”] ifFalse: [“insanity”]) printRetroforth my love….
Looks interesting but I can’t find enough code or background on the choices. I can tell it’s a homebrewed language in a popular niche but I’m not familiar with that niche.
A GitHub or publicly viewable source repo would help, or a clear document on why the author doesn’t believe in it (I suspect).
I mean, all the choices are really well explained near the top of the Latest Documentation, and there is a link to a lot of example code on the homepage - I’m not sure what you’re looking for. The source is in a .tar.gz linked from the homepage which isn’t a big ask.
I don’t know how I missed that, I think I assumed it would be a changelog.
Looks really cool! Thanks
You may appreciate Wisp then.
Or shrubbery notation, used in Racket’s Rhombus dialect.
I think this is putting make up on a pig. I used to believe in significant whitespace but I think it’s important to allow code authors to express the code in the best form for reading. That doesn’t often fit with whitespace. The only exception is newline handling and occasional block indentation like do blocks in Haskell where it’s perfect
I have been playing for some time with thinking about Lisps in a Tcl-style way (not too far off since Tcl was partially inspired by Lisp) and working on a compiler for same.
print [reverse "olleh"])exprmacro with operator precedenceCompare:
To:
(proc square (n) (expr (n * n)))Or:
(proc square (n) (* n n))Or:
(def square (fn (n) (* n n)))Same thing, just start & end with parenthesis, use line breaks and spaces, and think about all square brackets or curly braces as parentheses as well.
Works for
let-style scoped blocks. Here I call itwith, anddefis calledsetlike in Tcl.I’d like to continue developing this as I like the conceptual elegance of Lisp and it feels very easy to learn and to read.
This is a good direction. I’m always stoked when people try someone genuinely new.
Oh, it’s this again.
So, look. Every single internet-connected thing that involves anything that could even be considered user-generated content, and has lawyers, sooner or later inserts a clause into its terms saying you grant them a royalty-free, non-exclusive, non-revocable (etc. etc.) license to copy and distribute things you, the user, input into it.
This is like the most standard boilerplate-y clause there is for user-generated content. It’s a basic cover-your-ass to prevent someone suing you for copyright violation because, say, they just found out that when you type something in the built-in search box it makes a copy (Illegal! I’ll sue!) and transmits the copy (Illegal! I’ll sue!) to a third party.
But about every six months someone notices once of these clauses, misinterprets it, and runs around panicking and screaming OH MY GOD THEY CLAIM COPYRIGHT OVER EVERYTHING EVERYONE DOES WHY WOULD THEY NEED THAT PANIC PANIC PANIC PANIC PANIC OUTRAGE OUTRAGE PANIC.
And then it sweeps through the internet with huge highly-upvoted threads full of angry comments from people who have absolutely no clue what the terms actually mean but who know from the tone of discussion that they’re supposed to be outraged about it.
After a few days it blows over, but then about six months later someone notices once of these clauses, misinterprets it, and runs around panicking and screaming OH MY GOD THEY CLAIM COPYRIGHT OVER EVERYTHING EVERYONE DOES WHY WOULD THEY NEED THAT PANIC PANIC PANIC PANIC PANIC OUTRAGE OUTRAGE PANIC.
And then…
@pushcx this should not be allowed on lobste.rs. It’s 100% outrage-mob baiting.
Saying that everyone else does it does not make it okay. Are there court cases or articles describing the limits you say are implicit?
If you are as right as you think you are, then you could be educating instead of complaining to moderators.
That’s the point. GDPR has not been that well tested in court. As long as it hasn’t, people will stick to legal boilerplate to make it as broad as possible. This is why all terms of services look like copypasta.
Putting words in my mouth doesn’t make a counterargument.
What do you think is not OK about this boilerplate CYA clause? Computers by their nature promiscuously copy data. Online systems copy and transmit it. The legal world has settled on clauses like this as an alternative to popping up a request for license every time you type into an online form or upload a file, because even if nobody ever actually would sue they don’t want to trust to that and want an assurance that if someone sues that person will lose, quickly. They’ve settled on this because copy/pasting a standard clause to minimize risk is a win from their perspective.
Why is this evil and bad and wrong from your perspective? Provide evidence.
The system we currently have may be structured in a way which makes clauses like this necessary or expedient in order to do business, but the validity of such a clause for that reason doesn’t excuse the system that created it.
But Firefox isn’t a web service. It’s a program that runs on my computer and sends data to websites I choose to visit. Those websites may need such legal language for user generated content, but why does Mozilla need a license to copy anything I type into Firefox?
This. I’ve chatted with a few lawyers in the space and this is literally the first time we’re seeing that interpretation to apply to a local program you choose to run that is your agent.
Firefox integrates with things that are not purely your “local agent”, including online services and things not owned by Mozilla. And before you decide this means some sort of sinister data-stealing data-selling privacy violation, go back and look at my original example.
So clearly rejecting their TOS should just toggle off all of those services, right?
None of these are activities falling under copyright, so a license is meaningless.
The list of data subprocessors is short and well documented: https://support.mozilla.org/en-US/kb/firefox-subprocessor-list
So it also can’t be an issue of “let’s be blanket because we can’t give you the list”.
The Python Package Index has almost exactly the same clause in its terms of service for things you voluntarily choose to send to them.
I guess their legal advisers are just bad or something. Maybe you could go see about getting hired to replace them.
When you upload something to the python package index you do so because you intend for the python package index to create copies of it and distribute it, which needs a license.
When you make a comment on pull request for work you don’t intend for Mozilla to have anything to do with that. You don’t intend for Mozilla to receive your post. Nor to have any special rights to view it, distribute it, make copies of it, etc. They do not need a license because they shouldn’t be seeing it. Moreover you don’t even necessarily have the right to grant them said rights - someone else might own the copyright to the material you are legitimately working with.
These scenarios are not even remotely similar.
If you use their integrated search which might send things you type to a third party, Mozilla needs your permission to do that.
If you use their Pocket service which can offer recommendations of articles you might like, Mozilla needs your permission to analyze things you’ve done, which may require things like making copies of data.
If you use their VPN service you’re passing a lot of stuff through their servers to be transmitted onward.
There’s a ton of stuff Mozilla does that could potentially be affected by copyright issues with user-generated/user-submitted content. So they have the standard boilerplate “you let us do the things with that content that are necessary to support the features you’re using” CYA clause.
More specifically, their recommendations are at odds with the interests of users.
The question for random people reading these clauses is what does that mean? Legalese can be hard for lawyers to understand. It’s much harder for mere mortals.
I think everyone is OK with Firefox (the browser) processing text which you enter it into. This processing includes uploading the text to web sites (which you ask it to, when you ask it to), etc.
What is much more concerning for the average user is believing that the “ royalty-free, non-exclusive, non-revocable (etc. etc.) license” is unrestricted.
Let’s say I write the worlds most beautiful poem, and then submit it to an online poem contest via FireFox. Will Mozilla then go “ha ha! Firefox made a copy, and uploaded it to the Mozilla servers. We’re publishing our own book of your work, without paying you royalties. And oh, by the way, you also used Firefox to upload intimate pictures of you and your spouse to a web site, so we’re going to publish those, too!”
The average person doesn’t know. Reading the legalese doesn’t help them, because legalese is written in legalese (an English-adjacent language which isn’t colloquial English). Legalese exists because lawsuits live and die based on minutiae such as the Oxford Comma. So for Mozillas protection, they need it, but these needs are in conflict with the users need to understand the notices.
The Mozilla blog doesn’t help, because the italicized text at the top says: It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice
OK, what does the Privacy Notice say?
(your) …data stays on your device and is not sent to Mozilla’s servers unless it says otherwise in this Notice
Which doesn’t help. So now the average person has to read pages of legal gobbledygook. And buried in it is the helpful
Identifying, investigating and addressing potential fraudulent activities,
Which is a huge loophole. “We don’t know what’s potentially fraudulent, so we just take all of the data you give to FireFox, upload to our US-based servers, and give the DoJ / FBI access to it all without a warrant”. A lawyer could make a convincing and possibly winning argument that such use-cases are covered.
The psychological reason for being upset is that they are confused by complicated things which affect them personally, which they don’t understand, and which they have no control over. You can’t address that panic by telling them “don’t panic”.
Could you explain why the concern is necessarily born of confusion rather than accurate understanding?
I didn’t say the concern is necessarily born of confusion. I said that the concern was because they didn’t understand the issues.
you said the reason for being upset is that they are confused. sorry if I was changing your meaning by adding “necessarily.” why do you say the concern is because of confusion or lack of understanding? what understanding would alleviate the concerns?
I don’t see a lot of difference between confusion and lack of understanding. Their upset is because the subject affects them, and they’re confused about it / don’t understand it, and they have no control over it.
This is entirely normal and expected. Simply being confused isn’t enough.
What would alleviate the concerns is to address all three issues, either singly, or jointly. If people don’t use Firefox, then it doesn’t affect them, and they’re not upset. If they understand what’s going on and make informed decisions, then they’re not upset. And then if they can make informed decisions, they have control over the situation, and they’re not upset.
The solution is a clear message from Mozilla. However, for reasons I noted above, Mozilla has to write their policies in legalese, when then makes it extremely difficult for anyone to understand them.
but who does “they” refer to? are you saying this describes people in general who are concerned about the policy, or are you just supposing that there must be someone somewhere for whom it is true?
what about people who have an accurate layman’s understanding of what the policy means, and are nonetheless concerned?
The actual reason for them being upset is that someone told them to be afraid of the supposedly scary thing and told them a pack of lies about what the supposedly scary thing meant.
I propose to deal with that at the source: cut off the outrage-baiting posts that start the whole sordid cycle. Having a thread full of panicked lies at the top of the front page is bad and can be prevented.
And if you really want to comfort the frightened people and resolve their confusion, you should be talking to them, shouldn’t you? The fact that your pushback is against the person debunking the fearmongering says a lot.
i.e. you completely ignored my long and reasoned explanation as to why people are upset.
Alternatively, you could look at the comment above in https://lobste.rs/s/de2ab1/firefox_adds_terms_use#c_yws3nv, which explains clearly just how nefarious and far-reaching the new policy is.
I haven’t seen you debunk anything. In order to “debunk” my argument, you would have to address it. Instead, you simply re-stated your position.
I explained why your position wasn’t convincing. If you’re not going to address those arguments, I don’t need to respond to your “debunking”.
At best that comment points out that a consolidated TOS for Mozilla “services” is confusingly being linked for the browser itself. Nothing has been proven in the slightest about it being “nefarious”, and the fact that you just assert malicious intent as the default assumption is deeply problematic.
So your position is completely unconvincing and I feel no need to address it any further.
But you’re not debunking the fear mongering. You’re conspicuously ignoring any comment that explains why the concern is valid. Don’t hapless readers deserve your protection from such disinformation?
You’re largely describing boilerplate for web services, where the expectation is that users input content, and a service uses that content to provide service.
Firefox is a user agent, where the expectation is that users input content and the agent passes that content through to the intended service or resource.
You can call this boilerplate if you like, but it certainly gives Mozilla unambiguous rights relative to what you put into it.
This really does beg the question: Firefox is 20 years old. Why did they only feel the need to add this extremely standard boilerplate-y clause now?
Their lawyers won the debate this time.
why though?
what exactly does that mean? Were they already actively doing this, and the lawyers “won” by updating the TOS to cover that behavior? Or did the lawyers “win” because they were pushing for a business decision to change Firefox’s data gathering activities?
Please, If you could reflect for a moment on your own comment that you have written could you determine if comes off as outraged?
I am incredibly tired of this sort of thing sparking ignorant outrage on a regular basis. It should not be permitted on this site.
There’s a “hide” button just for you. You can be the ninth lobster to click it!
This post is
Many much more mild examples have been removed on this site without hesitation. This one has to be, too, if the site rules mean anything.
I disagree. I think this is actionable, relevant, and very on-topic. I’d even argue about that with you here, except that you in particular have a very solid history of bad-faith arguing, and I have better things to do.
Anyway, so far 84 of us have upvoted it, vs 7 “off-topic” flags and 8 hides, for a ratio of about 5:1, if we care about user opinions. Your paternalism isn’t a good look. Just hide it, flag it, and move on!
I will note that we have both a
privacytag andlawtag, which are explicit carveouts for this sort of content.Now, whether or not we should retire those or not is a bigger question.
We already know the site rules don’t mean anything. The same rules are regularly violated for Apple marketing presentations.
What would a post that is not meant to whip up outrage look like? Presumably the blog author did their best to write such a post.
I wouldn’t say that the site rules don’t mean anything–I would say that many users and even admins have disregarded them for political expediency.
The long-term effects of this, of course, are deleterious…but that doesn’t matter when gosh darnit, the outgroup is wrong right now.
In the case of Apple, there’s a weird sort of thing where a
releasetag covers what is technically marketing. They also are both a large software and hardware vendor and, like it or not, have a large userbase. I’m not saying we should see a constant dripfeed of Apple propaganda, but it isn’t entirely without precedent.Of course. I adopted the parent comment’s hyperbole to avoid getting bogged down in minutia. But there’s nothing wrong with more clarity and precision.
then don’t express the ignorant outrage?
I’m really surprised to see anyone pay even the slightest of attention to this on Lobsters. It’s something my granddad would post to Facebook (example)
Such an ad-hominem argument is something my grandma would post on Instagram.
It’s not an ad hominem. I’m not attacking anyone instead of their argument.
https://www.mozilla.org/en-US/about/legal/terms/firefox/
:)
That’s… wow. Thank you for highlighting that. I am seriously considering using something other than Firefox for the first time in… ever. Regardless of how one might choose to interpret that statement, it’s frightening that they would even write it. This is not the Mozilla I knew or want. I’d love to know what alternatives people might suggest that are more community focused and completely FOSS, ideally still non-Chromium.
Thankfully, the lawful base for data use is spelled out in their privacy policy:
https://www.mozilla.org/en-US/privacy/firefox/#lawful-bases
e.g. Browsing, Interaction and Search data are “Legitimate interest” and “Consent”-based.
Consent being the kind that I haven’t given, but I’m supposed to actively revoke? Until the next update?
That unfortunately seems to be the current usage of the term “consent” in the tech industry.
Fortunately, that’s not consent as the GDPR defines it
Isn’t it? Most GDPR consent screens have an easy “accept to everything” button and requires going through multiple steps to “not accept”, and many many more steps to “object” to their “legitimate interest” in tracking for the purposes of advertising. As long as these screens remain allowed and aren’t cracked down on (which I don’t foresee happening, ever), that’s the de facto meaning of “consent” in GDPR as far as I’m concerned: something that’s assumed given unless you actively go out of your way to revoke it.
It’s not what the text of the GDPR defines it as, but the text isn’t relevant; only its effect on the real world is.
Yes, definitely. Consent in GDPR is opt-in not opt-out. If it’s opt-out, that’s not consensual. And the law is the law.
Furthermore, for interstitials, to reject everything should be at least as easy as it is to accept everything, without dark patterns. Interstitials (e.g., from IAB and co.) first tried to make it hard to reject everything, but now you usually get a clear button for rejecting everything on most websites.
As I mentioned in another comment, the DPAs are understaffed and overworked. But they do move. A real-world example of a company affected by the GDPR, and that tries testing its limits, is Meta with Facebook. For user profiling, first they tried the Terms of Service, then they tried claiming a legitimate interest, then they introduced expensive subscriptions for those that tried to decline, now they introduced a UI degradation, delaying the user scrolling, which is illegal as well.
Many complain, on one hand, that the EU is too regulated, suffocating inovation, and with US’s tech oligarhs now sucking up to Trump to force the EU into allowing US companies to break the law. On the other hand, there are people who believe that the GDPR isn’t enforced enough. I wish people would make up their mind.
Those are different people, all who have made up their mind.
I thought I made it reasonably clear that I don’t care that much about what the text of the law is, I care about what material impact it has on the world.
I corrected you with facts, and you’re replying with your feelings. Fair enough.
To be fair, @mort’s feeling may come from non-actually-GDPR-compliant cookie consent forms. I have certainly seen where I couldn’t find the “reject all” button, and felt obligated to manually click up to 15 “legitimate interest” boxes. (And dammit could they please stop with their sliding buttons and use actual square check boxes instead?)
I think the worse case is you click “reject all”, but you don’t actually reject all, and the legitimate interests are still checked.
The facts you provided aren’t relevant. I’m talking about the de facto situation as it applies to 99% of companies, you’re talking about the text of the law and enforcement against one particular company. These are different things which don’t have much to do with each other.
You even acknowledge that DPAs are understaffed and overworked, which results in the lacking enforcement which is exactly what I’m complaining about. For what I can tell, we don’t disagree about any facts here.
Well, other people in this sub-thread are talking about GDPR. You might have switched the topic, but that isn’t alexelcu’s fault.
I’m talking about GDPR as well, focusing about what impact it has in practice. I have been 100% consistent on that, since my first message in this sub-thread (https://lobste.rs/s/de2ab1/firefox_adds_terms_use#c_3sxqe1) which explicitly talks about what it means de facto. I don’t know where you got the impression that I’m talking about something else.
But there is enforcement, it’s just slower than we’d like. For example, screens making it harder to not opt in rather than opt in have gotten much rarer than they used to be. IME now they mostly come from American companies that don’t have much of a presence in the EU. So enforcement is causing things to move in the right direction, even if it is at a slow pace.
There is a website tracking fines against companies for GDPR violations [1] and as you can see, there are lots of fines against companies big and small every single month. “Insufficient legal basis for data processing” isn’t close to being the most common violation, but it’s pretty common, and has also been lobbed against companies big and small. It is not the case that there is only enforcement against a few high profile companies.
[1] https://www.enforcementtracker.com/
Why do you lay this at the feet of GDPR?
it’s the other way around - most of the time you have to actively revoke “legitimate interest”, consent should be off by default. Unfortunately, oftentimes “legitimate interest” is just “consent, but on by default” and they take exactly the same data for the same purpose (IIRC there are NGOs (such as NOYB, Panoptykon) fighting against IAB and other companies in those terms)
“Legitimate interest” is the GDPR loophole that ad tech companies use to spy on us without an easy opt-out option, right? I don’t know what this means in this context but I don’t trust it.
It is not, ad tech has been considered not a legitimate interest for… Ever… By the Europeans DPAs. Report to your DPA the one that abuse this. There have been enforcement.
Every website with a consent screen has a ton of ad stuff under “legitimate interest”, most ask you to “object” to each individually. The continued existence of this patterns means it’s de facto legal under the GDPR in my book. “Legitimate interest” is a tool to continue forced ad tracking.
Yes, all of that is illegal under GDPR.
The problem has been that DPAs are understaffed and overworked.
I don’t think you’re disagreeing with me. It’s de jure illegal but de facto legal. I don’t care much what the text of the GDPR says, I care about its material effect on the real world; and the material effect is one where websites put up consent screens where the user has to “object” individually to every ad tech company’s “legitimate interest” in tracking the user for ad targeting purposes.
I used to be optimistic about the GDPR because there’s a lot of good stuff in the text of the law, but it has been long enough that we can clearly see that most of its actual effect is pretty underwhelming. Good law without enforcement is worthless.
No, it’s de facto illegal a well, law enforcement is just slower that we’d like. Ask, for example, Facebook.
De facto illegal for entities at Facebook’s scale? Maybe. But it’s certainly de facto legal for everyone else. It has been 7 years since it was implemented; if it was going to have a positive effect we’d have seen it by now. My patience has run out. GDPR failed.
I just gave you a concrete example of a powerful Big Tech company, with infinite resources for political lobbying, that was blasted for their practices. They first tried hiding behind their Terms of Use, then they tried claiming a legitimate interest, then they offered the choice of a paid subscription, and now they’ve introduced delays in scrolling for people that don’t consent to being profiled, which will be deemed illegal as well.
Your patience isn’t important. This is the legal system in action. Just because, for example, tax evasion happens, that doesn’t mean that anti tax evasion laws don’t work. Similarly with data protection laws. I used to work in the adtech industry. I know for a fact that there have been companies leaving the EU because of GDPR. I also know some of the legwork that IAB tried pulling off, but it won’t last.
Just the fact that you’re getting those interstitials is a win. Microsoft’s Edge browser, for example, gives EU citizens that IAB dialog on the first run, thus informing them that they are going to share their data with the entire advertising industry. That is in itself valuable for me, because it informs me that Edge is spyware.
I agree that the “we’re spying on you” pop-ups is a win in itself. I’m just complaining that it’s so toothless as to in practice allow websites to put up modals where each ad tech company’s “legitimate interest” in tracking me has to be individually disabled. If the goal of the GDPR was to in any way make it reasonably easy for users to opt out of tracking, it failed.
I’m not so sure. I’ve even seen this used as an argument against the GDPR: The spin they give it is “this is the law that forces us to put up annoying cookie popups”. See for example this article on the Dutch public broadcasting agency (which is typically more left-leaning and not prone to give a platform to liberals).
Roughly translated “all innovations in AI don’t work as well here as in the US. And why do you have to click on cookies (sic) on every single website?”
I have seen that as well, and I think it’s bullshit. The GDPR doesn’t force anyone to make any form of pop-up, nobody is forced to track users in a way which requires consent. The GDPR only requires disclosure and an opt-out mechanism if you do decide to spy on your users, which I consider good..
I agree, but at the same time I think the average user just sees it as a nuisance, especially because in most cases there’s no other place to go where they don’t have a cookie popup. The web development/advertising industry knowingly and willfully “complied” in the most malicious and obnoxious way possible, resulting in this shitty situation. That’s 1 for the industry, 0 for the lawgivers.
I agree that it didn’t have the desired effect (which, incidentally, I have spent a lot of this thread complaining about, hehe). I think everyone was surprised about just how far everyone is willing to go in destroying their website’s user experience in order to keep tracking people.
I’m not sure if you’re deep in grumpy posting or didn’t understand the idea here, but for legitimate interest you don’t need to agree and companies normally don’t give you the option. If you’re talking about the extra options you unset manually, they’re a different thing. The “legitimate interest” part is for example validating your identity through a third party before paying out money. Things you typically can’t opt out of without also refusing to use the service.
If you get a switch for “tracking” or “ads” that you can turn off, that’s not a part of the “legitimate interest” group of data.
I’m sorry but this isn’t true. I have encountered plenty consent screens with two tabs, “consent” and “legitimate interest”, and where the stuff under “consent” are default off while the stuff under “legitimate interest” is on by default and must be “objected to” individually. Some have an “object to all” button to “object” to all ad tracking in the “legitimate interest” category.
Here’s one example: https://i.imgur.com/J4dnptX.png, the Financial Times is clearly of the opinion that tracking for the purpose of advertising counts as “legitimate interest”.
I’m not saying that there’s any relationship between this pattern and what’s actually required by the GDPR, my understanding of the actual text of the law reflects yours. I’m saying that this is how it works in practice.
So when I login to lobste.rs (or any other important website) do I grant them the permission to use my credentials? ;-)
Pretty much
this comment remains property of the Mozilla Foundation and is presented here with their kind permission
Mozilla updated the article with a clarifying statement:
the problem is it doesn’t clarify anything. “basic functionality” is not defined. my guess is they want to be able to feed anything we type or upload to a site, to also be able to feed that into an LLM. “anything other than what is described” doesnt help because what is described is so vague as to mean anything “help you experience and interact with online content”
That is… not clarifying. And not comforting. “What is described” in the ToS is “to help you navigate, experience, and interact with online content.” That’s absurdly vague. And what is described in the Privacy Notice is absurdly broad:
Yes. That’s the fucking point.
I’m glad we have this contextless legalese to clarify things. I wonder if there’s some kind of opt-in data collection in Firefox that Mozilla might have legal obligations to clarify their rights to? Couldn’t be that… No, let’s put a pause on critical thinking and post stupid TOS excerpts as if Mozilla are going to steal our Deviantart uploads and sell them as AI training data.
If they need a ToS for a particular feature, then that “contextless legalese” should be scoped to that feature, not to Firefox as a whole.
This is precisely why the same organization should not do all of these things. If they want to do non-tool stuff to continue funding their mission they should start up independently managed companies that can establish these consents for a narrow band of services. They can give the existing organization control as a majority shareholder, with dividends flowing back to the main organization. That is the way to ensure that incentives don’t become misaligned with the mission.
They’re future-proofing their terms of service. That’s even worse than future-proofing one’s code, Though for different reasons.
That language comes off a bit … onerous
But what does it mean? To “navigate”.
That’s it I guess. Thanks for the find! Firefox is dead to me now. What’s the non-evil browser to go to nowadays?
librewolf seems to be the rage now: https://librewolf.net/
On MacOS/iOS there is the Kagi browser Orion: https://kagi.com/orion/
Having owned a Framework since April of 2022, I cannot recommend them to people who need even basic durability in their devices. Since then, I have done two mainboard replacements, two top cover replacements, a hinge replacement, a battery replacement, several glue jobs after the captive screw hubs sheared from the plastic backing…
It’s just such an absurdly fragile device with incredibly poor thermals. They sacrificed a ton of desirable features to make the laptop repairable, but ultimately have released a set of devices that, when used in real-world settings, end with you repairing the device more often than not. And these repairs are often non-trivial.
I will personally be migrating to another machine. The Framework 12’s focus on durability may be trending in the right direction, but to regain trust, I’d need to see things like drop and wear tests. A laptop that can be repaired, but needs constant upkeep/incredibly delicate handling, is ultimately not an actual consumer device, but a hobbyist device.
Maybe they’ll get better in a few years. Maybe the Framework 12 will be better. Their new focus on AI, the soldered RAM in the desktop offering, and the failure to address the flimsy plastic chassis innards, among other things, mean that they have a long way to go.
It’s definitely a “be part of the community that helps solve our product problems” sort of feeling.
I have an AMD FW13, and was trying to figure out why it loses 50+% of its battery charge overnight when I close the lid, because I don’t use this computer every single day and don’t want to have remember to charge yet another device.
So I check the basics-I’m running their officially supported Linux distro, BIOS is current, etc. And half an hour into reading forum threads about diagnosing sleep power draw, I realize that this is not how I want to spend my time on this planet. I love that they’re trying to build repairable/upgradeable devices, but that goal doesn’t matter so much if people end up ditching your products for another option because they’re just tired of trying to fix it.
I’ll chime in with the opposite experience - I’ve owned an AMD Framework 13 since it came out, and had no durability issues with it whatsoever, and it’s been one of my 2 favorite computers I’ve ever owned. I’ve done one main board replacement that saved my butt after a bottle of gin fell over on top of it in transport.
Development and light gaming (on Linux, I very much appreciate their Linux support) have been great, and the reparability both gives me peace of mind, an upgrade path, and has already saved me quite a bit of money.
I’ve owned a framework since Batch 1. Durability has not been a problem for me. My original screen has a small chip in it from when I put it in a bag with something that had sharp edges and pressured the screen for a whole flight. Slowly growing. Otherwise, it’s been solid.
Same. I have a batch 1. There are quirks, which I expected and knew I am supporting a startup with little experience. I since have upgraded and put my old board into a cooler master case. This is so amazing, and what I cared about. I am still super happy with having bought the Framework and particular for tinkerers and people who will have a use for their old mainboards it’s amazing.
I get harbouring resentment for a company you felt sold then a bad product. But at the same time, you bought a laptop from a very inexperienced company which was brand new at making laptops, a pretty difficult product category to get right when you’re not just re-branding someone else’s white-label hardware.
3 years have passed since then, if I were in the market for a category which Framework competes in these days I would be inclined to look at more recent reviews and customer testimonials. I don’t think flaws in that 3 year old hardware is that relevant anymore. Not because 3 years is a particularly long time in the computer hardware business, but because it’s a really long time relative to the short life of this particular company.
I would agree that 3 years is enough time for a company to use their production lessons to improve their product. But nothing has changed in the Framework 13.
I don’t resent Framework. I think that’s putting words in my mouth. I just cannot, in good faith, recommend their products to people who need even a semi-durable machine. That’s just fact.
Founded by people who had experience designing laptops already, and manufactured by a company that manufactures many laptops. Poor explanations for the problems, IMO.
I’ve had a 12th gen Intel since Sept 2022 (running NixOS btw) and I have not had any issues, I will admit it sits in one place 99% of the time. I might order the replacement hinge since mine is a bit floppy but not too big a deal.
As for the event, I was hoping for a minipc using the 395 and I got my wish. Bit pricey and not small enough for where I want to put it and I have no plans for AI work so it’s probably not the right machine for me.
I was originally interested in the HP machine coming with the same CPU (which should be small enough to fit) but I’ve been pricing an AMD 9950 and it comes out cheaper. I was also disappointed there wasn’t a sku with 385 Max w/64GB of RAM , which I might have have ordered to keep the cost down.
For reference a new machine is intended to replace a 10 year old Devils Canyon system.
I’ve also had my Framework 13 since beginning of 2022. I’ve had to do a hinge replacement, input cover replacement, and mainboard replacement. But I sort of expected that since it’s a young company and hardware is hard. And through all of it support was very responsive and helpful.
I would expect that nowadays the laptops are probably more solidly built than those early batches!
Support was definitely helpful. I just don’t have time or money to replace parts on my machine anymore.
From what I understand, the laptops aren’t any stronger. Even the Framework 16 just got some aftermarket/post-launch foam pads to put below the keyboard to alleviate the strain on the keyboard. The entire keyboard deck would flex.
The fact that these products have these flaws makes me wonder how Framework organizes its engineering priorities.
When compared to other similar laptops from brands like HP or Lenovo, how does the deck flex compare? I definitely feel sympathetic to not being better or on par with Apple - given the heaps of money Apple has for economies of scale + lots of mechanical engineers, but it would be a bit rough if mid-tier laptops in that category were far superior.
The deck flex is on par with or worse than an HP EliteBook circa 2019. The problem is that it’s incredibly easy to bend the entire frame of the machine, to the point where it interferes with the touchpad’s ability to click.
It’s really bad, bordering on unexcusable. The fact that there’s no concrete reinforcment says that they sacrificed build quality for repairability, which is equivalent to making a leaky boat with a very fast bilge pump.
I’m not sure what you’re doing to your laptop; how are you bending the entire frame of the machine?
It’s a new company that is largely doing right by open source, and especially open hardware. The quality isn’t incredible but it is worth its value, and I find these claims you’re making dubious.
It’s a fairly common flex point for the chassis, and a common support problem. The base of the mousepad, towards the front of the laptop where there’s a depression in the case, is where the majority of the flex is.
My laptop has seen nothing but daily, regular use. You can find the claims dubious, but others are having them too.
This has been my experience with the Framework. It’s not Apple hardware, which is best in class all around, but it is on-par with my Dell XPS.
I’ll chime in too: I’ve had the Framework 13 AMD since it came out (mid 2023) and it has been great.
I upgraded the display after the new 2.8K panel came out, it took 2 minutes. Couple months later it developed some dead pixels, so they sent me a replacement. In the process of swapping it out, I accidentally tore the display cable. It took me a while to notice/debug it, but in the end it was just a $15 cable replacement that I’m fairly sure would have otherwise resulted in a full mainboard replacement for any other laptop. (When I had Macbooks, I lost count how many times Apple replaced the mainboard for the smallest thing.)
I haven’t been too precious with it, I toss it around like I did my Thinkpad before this. There’s some scuffs but it has been fine, perhaps the newer models are more sturdy? It’s comforting to know that if anything breaks, I’ll be able to fix it.
I also run NixOS on it, it does everything I need it to do, the battery life is great (8-10 hours of moderate use) and I’ll happily swap out the battery in a few more years once it starts losing capacity.
I spend so much of my life at the computer that feeling a sense of ownership over the components makes a lot of sense to me. I don’t want to feel like I’m living in a hotel.
It is, in fact, how I want to spend my time on this planet.
To add to the chorus, I bought a 12th gen intel framework 13 on release and it’s been flawless so far. Nixos worked out of the box. I love the 3:2 screen. I can totally believe that a small/young manufacturing company has quality control issues and some people are getting lemons, but the design itself seems solid to me.
On my old dell laptop I snapped all the usb ports on one side (by lifting up the other side while keyboard/mouse were still connected). Since they’re connected directly to the motherboard they weren’t repairable without buying a new cpu. If I did the same on the framework it would only break the $12 expansion cards and I wouldn’t even have to turn it off to replace them.
Later I dropped that same dell about 20cm on to a couch with the screen open. The impact swung the screen open all the way and snapped the hinges. They wanted me to send it back for repairs but I couldn’t handle the downtime, so for a year I just had the hinges duck-taped together. I’ve dropped my framework the same way, but because the screen opens the full 180 degrees it doesn’t leverage the hinges at all. And if it did break I’d be able to ship the part and replace it myself.
Not that I support the desktop offering as anything but waste, but the soldered RAM is apparently all about throughput:
With the focus of the desktop being “AI applications” that prioritize high throughpout, I’d say they could’ve gone with an entirely different chip.
I get the engineering constraint, but the reason for the constraint is something I disagree with.
Who else is making something competitive?
I wish I could name something in good faith that was comparable to a hyper-repairable x86-64 laptop. Lenovo is pivoting towards repairability with the T14 Gen 5, but I can’t recommend that either yet.
Star Labs, System76, some old Thinkpad models.. there are “competitive” things, but few things that pitch the things Framework does.
While I agree on some of that, I must stress that I’ve had hardware that was fine until just one thing suddenly broke and everything was unusable. I’ll try an analogy: with repairability, if all your components are 99% reliable and working, the whole machine is at 99% but without it, even if all of them are at 99.9% instead, when you have 10 components, you’re not in a better situation overall.
And I say that while I need to finish going through support for a mainboard replacement due to fried USB ports on a first-gen machine (although not an initial batch). BTW, funnily I’m wondering if there’s an interaction with my yubikey. I also wish the chassis was a bit sturdier but that’s more of a wish.
As for thermals, while I think they could probably be better, the 11th gen Intel CPU that you have (just like I do) isn’t great at all: 13th gen ones are much better AFAIK.
I’ve experienced a full main board failure which led to me upgrading to a 12th gen on my own dime.
The thermal problems are still there, and their fans have some surprising QA problems that are exacerbated by thermal issues.
I wish I could excuse the fact that my machine feels like it’s going to explode even with power management. The fans grind after three replacements now, and I lack the energy and motivation to do a fourth.
I think 12th gen is pretty similar to 11th gen. I contemplated the upgrade for similar reasons but held off because I didn’t need to know and the gains seemed low. IIRC it’s really with 13th gen that Intel improved the CPUs. But I agree the thermals/power seems sub-par; I feel like it could definitely be better.
BTW, I just “remembered” that I use mine mostly on my desk and it’s not directly sitting on it which greatly improves its cooling (I can’t give hard numbers but I see the temps under load are better and max CPU frequency can be maintained).
Sorry to hear about the trouble with your Framework 13. To offer another data point: I have a 12th gen Framework 13 and haven’t needed to repair a thing, I’m still super happy with it. The frame-bending I’ve also not seen, it’s a super sturdy device for me.
I can second that. I’ve had a 12th gen Intel system since late 2022 and no issues of the sort. Even dropping it once did nothing to it
I don’t understand the necessity for a Framework Desktop edition. It’s just more waste. Just make a better laptop or sell it headless. It would also be nice to see consistency in the offerings instead of 12 being Intel, 13 being AMD AI thingy, 16 being last-gen AMD etc.
I don’t know what “waste” means here. I also don’t understand what the significant difference is in your mind between a “headless laptop” and a “desktop with laptop components”. Are you complaining that the desktop doesn’t come with worse cooling and a built-in keyboard?
The way I see it, if Framework has the capacity to build and sell a desktop computer, and they expect it to sell well enough to cover costs, it’s not hurting anything. For a small company there’s always the risk of spreading yourself too thin, but I don’t think any of us have enough insight into their operations to tell if that’s happening here.
When I say a headless laptop I mean it literally, as in a Framework 13 with some nubs on the hinge or just a plastic block instead of a screen assembly. No keyboard either, make a keyboard-slot-shaped fan assembly for cooling or something - they’re smart people, they could figure it out. The only thing weird about it would be the form factor not being the box shape desktop users are used to. I am making the complaint you’re trying to dismiss. “Waste” is more plastic crap and manufacturing supply chain crap, from moulds to energy usage to time expenditure.
You can already have headless ones. I think there’s even a case on their shop.
edit: As for the variety in CPUs, I think they started with intel partly because TB4 but then they started a partnership with AMD (and AMD CPUs are definitely in a better position now). Moreover, I’ve seen much more variety with other manufacturers (to a point that’s maddening tbh). Finally, the “AMD AI” is AMD’s marketing name: just ignore that part of the name.
I have yet to see any evidence of this outside tightly-controlled test environments. Wow, cursor generated a todo app based on the hundreds of millions of todo app examples on GitHub. This is totally spam.
sure, there are plenty of todo apps on the public internet, but I do find it pretty interesting that models are still able to sample from that distribution and generate working code that doesn’t exactly match anything in the training set. even framed as a retrieval problem, this was impossible just a few years ago.
and, if we take a step back, isn’t a lot of coding (even for fun!) of this variety? years ago, it was googling around and copy and pasting snippets from stackoverflow, today it’s using these AI coding tools.
we’ve definitely also observed that the models get really stuck on truly novel algorithms (our experience using cursor/claude 3.6 to write a sync engine). so, I’m pretty excited to get to do more of that and less of the repetitive, boring, copy paste stuff.
I really enjoyed reading this. There are good summaries at the end of each section that both authors agree represent their viewpoints.
Of course, this transcript resulted in me agreeing with Ousterhout entirely, and being puzzled by Martin’s takes on the points where they disagree. I’m curious to hear if that’s because I was already primed by anti-Clean Code rhetoric in advance. Do fans of Clean Code read this and think it’s fair and accurate?
The main feeling I have is that Uncle Bob is more of an evangelist than a technologist. He advocated extremely strongly for TDD, for SOLID, for short functions, for self-documenting code… And back when I hadn’t tried these things at all, his evangelism was part of what convinced me to make the attempt, and I observed my code quality improve significantly as a result. It’s certainly possible to go too far, and I’ve done that, too… But I don’t know if I’d have as much of a sense for the limitations of the approach if I hadn’t attempted the dogma first.
I too, agree that I find Uncle Bob’s reasoning puzzling. The two hardest problems in Computer Science is cache invalidation and naming things, and Uncle Bob wants to create yet more names?
Uncle Bob’s arguments against comments is also puzzling—one place were comments are gold are for workarounds for bugs in code you don’t control, or to provide a reference where an algorithm was described (I notice that neither one of them mentioned the Knuth article describing the primes generator in a comment).
The Reddit thread has some commenters who side with Martin more than they do Ousterhout. Others also described Ousterhout as different shades of “not cool”, but that may be them siding with Martin more.
Redditors tend to like Bob Martin’s personality or pseudo-“scientific method” approach, and so I often see TDD and Martin defended with cult-like ferociousness.
Lobsters tend to like the little mermaid’s personality or pseudo-“fish” approach, and so I often see Tail Driven Development and Ariel defended with cult-like ferociousness.
One problem with this critique of Clean Code is that Uncle Bob presents a rule of thumb, which Ousterhout goes on to interpret as a law, and critiques it as such.
I’m curious to what extent Apple’s hand was forced here. Their stance has consistently been pro-user privacy, and their actions generally reflect that. Was this Apple flipping the table on the U.K. after being asked to do something far worse? (Matthew Green had some commentary on this)
Their hand was 100% forced. The UK demands are fundamentally incompatible with ADP. Unless you’re saying it is an option to just pretend to deliver E2EE while backdooring it?
Isn’t that what they did for Chinese users? Building a custom secret store out of hardware with known local security vulnerabilities and hosting it in Chinese government owned datacenters. But it’s much easier for Apple to tell the UK to suck it up than China.
Apparently the UK did not just require access to UK accounts (which they will have with the removal of E2E in the UK) but direct global access.
My bad—my question wasn’t well formulated. The time between the UK’s initial backdoor request and Apple pulling ADP from UK users was surprisingly short. I’m wondering why they had to comply so quickly instead of fighting longer. I don’t think they’d give in unless it was absolutely necessary or something bigger was at risk.
You’re missing the point - if the UK government has a law that says ADP is illegal apple can’t offer it, just like they can’t offer a door-to-door hitman service - they could go to court to fight the law (though in the UK that’s much harder), but while doing so they still can’t offer the service (unless they got some kind of injunction, which - because it’s the uk - is again unlikely).
Simply not offering the service, so UK residents have less data security than anyone else is the solution, is far better than trying to pretend some broken system is in any way secure. Governments need to understand that they don’t get to demand broken encryption and simultaneously pretend they’re not responsible for the security damage it does.
That’s fair. I’m
probablydefinitely overstating Apple’s ideological ability to say just “nah fam”.And shareholders aren’t usually keen on exiting entire markets.
It wasn’t a backdoor “request”, it’s a demand. The UK told Apple they have to do xyz and can’t reveal that they’ve done it. There’s nothing to fight, it’s an order.
The options are (1) backdoor the encryption - thus defeating it for everyone else or (2) do not offer it at all.
Hopefully when the apparent “in future you will be required to turn this off” will come with a message along the lines of “the UK government has required us to store your data in a way that can be read by hackers, monetized by us, and provided to any government agency that requests it - without your knowledge - if you could please enter your password now that would be greatly appreciated”
I will eat my hat if Apple will ever do such a thing. They will say the local regulations require the user to disable it and that’s it. No sarcasm will be employed.
That would be contravening the technical capability notice which requires the provider to keep any actions secret.
No. That’s literally the entire point.
if you offer a service that is actually secure, you’re required to silently downgrade it to a non-secure system and you cannot tell the victims.
Alternatively you do what apple is doing and say “We are not going to offer a system in which we claim certain levels of security that are not possible, or could be actively downgraded in future without user consent or notice solely to support totalitarian governments and incompetent law enforcement”.
The technical capability notice only applies to services you provide, and the existence of that law means that any company operating in the UK that claims to offer secure storage is lying, maybe in future they’d adopt a demand that you not take down any service, but the way to defend against that is to not offer such a service in any country that has such an atrocious human rights record - and while everyone thinks of the US police force when they think of corrupt police, remember the UK police are notorious for violating human rights and the only difference is that they don’t murder people as often.
oof, demanding global access is wild.
Yes, if I understand you correctly - as mentioned in the beginning of this article (and reported earlier elsewhere) the UK government asked them to backdoor ADP.