Threads for jkachmar

    1. 13

      definitely check out Build Systems à la Carte if you’re interested in this sort of thing.

      the authors do an excellent job of trying to distill the problem down to its essential complexities and draw abstractions from that which map pretty cleanly (imo) onto the sorts of designs you see emerge in the general space of build systems.

    2. 11

      This is neat, though I continue to wish this effort were being put into stabilizing flakes upstream.

      I don’t think I’ll ever use it, because when I want to pin a dependency, I want it pinned, not automatically updating, and flakes already provide that to my satisfaction with tag or commit-hash URLs. When I want new stuff, I just pick a newer tag and test if it works for everything I have installed.

      But I can see how other people might have use cases for this.

      1. 1

        It’s happening: And it’s a similar crowd working on both ends of this problem.

        1. 1

          That is… Not the same crowd. Literally the author of this rfc is berating determinate systems in the forum thread announcing FlakeHub.

          1. 3

            I think you’re referring to this thread which is very interesting. The disharmony on display is really disheartening to me, as a newish user of Nix.

            1. 3

              It is sadly not new and partially comes from the whole flakes situation. Both as s symptom and a cause. Basically the people that keep having to maintain stuff and do the work so that it is well integrated are not the same as the one that keep presenting this stuff.

              1. 1

                this is just patently incorrect.

                Graham does an immense amount of work within the community maintaining and extending existing software and infrastructure, as do many of the other Determinate employees.

            2. 2

              there’s some upsetting stuff but as someone who’s been following this closely, I do see the community doing a better job of working together despite ideological differences than a few years ago. I would like things to be better but no technical community is perfect, there’s always stuff that needs to improve.

              with that said, I would be doing you a disservice if your instincts are saying to run and I talk you out of it. you should trust your feelings on this stuff, they’re telling you important things.

              (edit: left out an important clause)

              1. 4

                Unfortunately I already find Nix too useful personally to run. :) But I am not entirely sure what to make of it. Especially with Eelco being both the force that generated flakes, and the force that is sort of cheesing out with FlakeHub, without really addressing the instability issues. It feels a little disingenuous, but at the same time, I’m at a pretty far remove so I’m hardly the best person to interpret the situation clearly.

                1. 1

                  Belatedly: Having had a few days to digest this and see what’s being said about it elsewhere, I share that concern.

        2. 1

          Not to be cynical, but that’s a an RFC for a plan to stabilize the CLI, with flakes still to get an RFC after all of that is done.

          1. 2

            I mean we are catching up years of stuff happening and being merged without support from the rest of the maintainers, half finished. This is part of trying to catch up. It will take time and a lot of effort from people that want to clean it up. This is just making visible what was left to do…

    3. 15

      The comparison to Kubernetes seems odd since this is a single-host platform.

      1. 4

        they both run containers… i see k8s mentioned, but not seeing where he’s really comparing them

      2. 3

        I’m not comparing this to Kubernetes, but I am saying “if you want to run things on a single host, your options were SSHing to the machine to start everything, or Kubernetes. Now there’s a third choice”.

        1. 19

          What about managing them with the standard process orchestrator, the init system?

          1. 2

            Isn’t the point of orchestration that you can do it remotely? Or are you suggesting a means of remotely modifying the process supervision tree?

            1. 10

              systemd --host should let you administer remotely, if you’re connecting from a Linux host.

              as for automation, the first thing that comes to mind is:

              • systemd timer that fires periodically to trigger a oneshot
              • oneshot clones git repo if it doesn’t exist, otherwise checks for an update & pulls changes
              • oneshot unit triggers after previous step & reloads container orchestrator

              if you wanted to avoid the dependency on docker-compose you could express the container orchestration scheme in systemd units as well (which is, i think, what podman-compose does).

              EDIT: alternatively, the image could be pushed to a registry & then whatever manages the containers could auto-update (although i think this functionality is broken with podman-compose so ymmv).

              1. 7

                There is podman-systemd.unit (a.k.a. Quadlets), which does this even better than podman-compose, in my opinion.


              2. 4

                I mean, yes, you could do all of this, if you wanted to, but this feels a bit like that Dropbox comment.

                1. 6

                  i’m not saying that one should use one solution over another, GP just asked how one might use an init system to manage this kind of task without having to directly administer the orchestrator.

                  i like using systemd instead of other tools because i already use it for everything else & i use a distro that makes writing units much easier than dealing with other orchestration schemes, so i have this sort of thing in cache in my brain.

                2. 3

                  I don’t know what you mean by Dropbox comment, but (might be a bit wrong, I haven’t written a unit file in a long time):

                  # ExecStartPre=/usr/bin/git -C /app pull origin master
                  ExecStart=/usr/local/bin/docker-compose up -d
                  ExecReload=/usr/bin/git -C /app pull origin master && /usr/local/bin/docker-compose restart
                  ExecStop=/usr/local/bin/docker-compose down

                  should achieve basically what @jkachmar was saying. You can use a systemd timer to reload this file every hour or whatever. There are reasonable options outside of manually running ssh commands on the server and k8s.

                  1. 5

                    It’s a famous HN comment where someone dismissed Dropbox because “you can do the same thing with an NFS share”, or something similar. Yes, you can do anything, but convenience is important.

                    1. 16

                      The original HN dismissal is funnier than that


                      For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem.

                    2. 2

                      convenience for the masses maybe? to this day I prefer nfs share & sshfs to dropbox by a huge margin, I could honestly never stand it

        2. 3

          There is portainer, there is rancher, there is ansible (via SSH, fair enough), there is nomad, etc. As for kubernetes, k0s is trivial to install, and there is even k0sctl to do it remotely.

          There are plenty of options, not just “ssh or k8s”.

          Also, Kubernetes is far more than just “run a docker container”. Volume management, secret management, networking, service discovery, …

          Yes for a single app on a single host, you don’t need all of that, systemd+docker will get you very far. And maybe or something if you don’t want to self-host. Still, your project is most welcome in that field, though I don’t really like the “pull” strategy, i prefer the “push”. Having a harbormasterctl push $APP_NAME $COMMIT_SHA command that you could run in a Github Actions workflow, (or travis, or circleci, or gitlab ci, or …) would be nice.

          1. 1

            There is the webhook branch that simulates this (it triggers a pull, but it should be the same if you squint enough).

    4. 1

      i keep my macOS setup version controlled: here a a snapshot of what’s on my personal laptop:

    5. 47

      “Where do you discuss computer related stuff now?”

      I usually don’t.

      Maybe it’s my age showing and maybe I’m just in an unusually dour mood, but I don’t really think discussion is what happens now in most places.

      In places like Twitter and Mastodon, we have lots of hottakes and shitty opinions by equally shitty people–and I’ve seen enough things posted to such great fanfare that are fundamentally wrong or midwit that I question if any cycles spent yield a dividend (minor exception for purely technical things like certain gamedev and graphics feeds).

      On Reddit and other fora, we have heavy bias towards people that have the time to goof around on forums instead of, you know, doing things. Said goofing around is frequently enough inane oneupsmanship or shilling for whatever their current tech stack is.

      Places like Discord and Twitch are content farms for lonely nerds looking to form parasocial relationships. At some point in the last decade it feels like “discussing technology” turned into just another marketing gimmick or a chance for people with slick production, some technical knowledge, and a desire for attention to peddle themselves and get their fifteen minutes.

      (I unironically suggest 4chan’s /g/ or lainchan, because then at least there is no pretense of quality.)

      I can’t even always count on work to be a place to have technical discussions, because the rejection of engineering in favor of product development on one side and the full-hearted embrace of imposter syndrome and acceptance of mediocrity on the other has put a squeeze on the very notion of technical excellence and expertise. What sort of weirdo derails a sprint pokering by talking about database sharding? What entitled single white dude has the gall to suggest people learn anything about complexity theory or automata in their free time, when it’s well known that literally any request that a worker spend time honing their craft is a massive blow against Labor and a chance to enrich Capital at the expense of underrepresented groups?

      (You laugh or jeer, but I’ve seen variants of both of these play out in real workspaces. This is a real thing that happens–and often with the best of intentions!)


      I think that technical discussion certainly still exists, but there’s just so much garbage and such an aggressive gentrification of the culture on the one side and exploitation on the other that anybody who does have their private little space should quite rightly seek to preserve it and not talk much about it.

      I think the culture–at least the one I grew up in, which is the familiar one to me and the one I miss, quite aside from whether it is objectively morally optimal–has been under active attack from both within and without, and that under such circumstances I despair for the sorts of discussions I used to learn from with the sorts of people I used to enjoy the company of.


      The things I’ve seen work best are people having a space to log/discuss their current problems or current projects, and then having a way to field questions or chat with that as a starting point. Otherwise, you become clogged with a bunch of marketing, dick-waving, shit-stirring, and navel-gazing.

      Don’t waste time “discussing” things with people that aren’t doing anything worth discussing, and don’t confuse volume or novelty for utility.

      1. 30

        Kinda disappointed to see this as the top comment. I generally like, but it does seem like there are many threads where a highly-upvoted comment saying “someone else is doing it wrong” sits at the top. (This does not seem to happen on Hacker News, there are different issues there)

        That may or may be true, but either way, writing a screed about it doesn’t really solve the problem … especially when the problem is the lack of technical discussions :-P

        FYI I clicked through to your comments, and what I overwhelmingly see is comments about people’s behavior. Not necessarily bad or wrong, but that’s what you seem pre-occupied with.

        I didn’t see any substantive technical comments.

        If you want to have a technical discussion, you can hide the comments you don’t like, and post what you do like … I think you tend to get back what you put out there. At the very least, it will help the site a bit

        1. 8

          writing a screed about it doesn’t really solve the problem

          I give what I consider actionable advice on how to solve the problem of technical discussion at the end: look for places where people who do things talk about the things they’re doing. If that isn’t useful to you, hey, that’s fine.

          The author asked a question, you seem unimpressed with my answer, here I reply with some minor elaboration, and nothing of substance is accomplished. This is the sort of discussion that led to my current position.

          I overwhelmingly see is comments about people’s behavior.

          I don’t see the same thing; I see comments on:

          • Reflecting on software not being hard physical labor and reminding teams of that as a manager.
          • Reflecting on it being okay to charge money for software.
          • Noting that a rust project with a single binary is friendly from an ops standpoint.
          • Being amused at the singularity being stopped by copyright enforcement.
          • Complaining about the misuse (based on my own experience) of feature flags in production apps.
          • Pointing out that old DOS games kinda shipped their own OS.
          • Making a joke about alternative uses for digital watches.

          Logging out, there are a few extra comments that show up:

          • Asking a question about how much people ran into Fediverse peering issues
          • Explaining why I flagged a story about an employment change.
          • Expressing a concern about the push for a Zig book this early.
          • Expressing that I think it’s not okay to remove submissions with popups.
          • (follow-on to the above) explaining my concern about the misuse of the precedent.
          • Explaining a tagging suggestion.

          If anything, I think that somewhat substantiates my claim that I don’t frequently discuss a lot of technical details in places like this anymore.

          I didn’t see any substantive technical comments.

          You might also enjoy my story submissions, and I’ll note that the lookback capability for user comments is I believe limited to one page–and my posting history is long.

          If you want to have a technical discussion, you can hide the comments you don’t like, and post what you do like

          That is one way to play the Lobsters MUD, yes.

          1. 7

            Right, this is my point

            Don’t waste time “discussing” things with people that aren’t doing anything worth discussing

            my claim that I don’t frequently discuss a lot of technical details in places like this anymore.

            What are you doing / building that’s worth discussing? Honest question – I don’t know. Many people have a link in their profiles, or I can tell from their past comments

            i.e. you seem to have set up a self-fulfilling prophecy. There is A LOT of technical discussion on this site

            1. 6

              Not, the author, but was there a claim of something discussion worthy being built?

              Also how come you focus mostly on someone writing a post rather than the content of the post? I ask because at least back in Usenet times that was considered impolite.

              Sure when someone always likes to troll people they’ll be ignored after some time, but I don’t see that here.

        2. 5

          GP has a history of this sort of rhetoric; i’d go on, but u/aphyr said it much better than i could a few years back.

          i really enjoy this site, but it’s disappointing to log on and see a thread like this dominated by discussion that defeats the purpose of the thread in the first place.

          i’m also disappointed in myself that this is what i’m choosing to contribute, but i have a similar desire as the OP’s and i was hoping that the comments would be a place where we could all talk about what works and what doesn’t in this context!

          1. 4

            Yeah, I think there are a bunch of people like aphyr – people who have done interesting things in the systems programming space, but stay away from because of the bad attitudes.

            I don’t actually mind one comment like that – there will always be a few differing opinions – but my issue is when it sits at the top of the thread, and invites a pile-on of negativity. It’s just not interesting. It’s boring.

            Personally I have found a few great and prolific contributors to Oils through, so I see value in staying. Although they don’t seem to post much! There is often an inverse correlation between the people doing the talking and the people doing things.

      2. 19

        4chan’s /g/ and/or lainchan are the best forums to visit if you’re a teenager who wants to massively stunt your learning in favour of wasting time on the internet. What a misuse of my life.

        1. 9

          Okay, perhaps…but have you installed Gentoo, LFS, Arch, done anything with LLMs or Stable Diffusion, messed around with plan 9, or any of those other things that show up in threads?

          There’s a lot of trash, and some occasional neat stuff–but I find it more earnest in its buffoonery than other places. If it’s not to your liking, that’s cool too.

          1. 4

            I’ve never hung out of 4chan, yet I have heard about all those things. In fact, I’m pretty sure classic Gentoo-bashing site “Gentoo is for Ric*rs” predates 4chan. Plan9 certainly does.

            1. 2

              Sure–my point is that a lot of people’s first introduction to those topics was probably through /g/. The saga of the great attempt at revisiting Plan 9 some many years ago by /g/ is a whoooole thing.

      3. 10

        OP: Hey guys, where to go for interesting discussions?

        Most upvoted comment: Nowhere. crowd: Best answer!

        I kind of sometimes wish that social hubs like this would hide the username and hide the upvote counter. Because sometimes I have a feeling that comments are upvoted because of who puts them, and because others upvoted it, not because of what’s inside it.

        1. 2

          Oh wow, amazing how I hadn’t noticed that GP’s comment was only a single word. Here I was thinking that the comment had struck a nerve about the cultural decay around my favourite craft and that I enjoyed the reflection on the state of various communities, but what do I know, I’m just an idiot that upvotes whatever is the top comment, not a genius like you that can read other people’s minds.

        2. 1

          I’d like to believe there’s a bit more depth to my comment than you’re giving credit for–but, I will thank you for providing an example of why I don’t often do technical discussion in public.

          Consider: If somebody like yourself can so easily and willfully misread and misrepresent a relatively straightforward handful of paragraphs with little outside context, what are the odds of conducting a useful conversation on an involved technical topic that has nuance and requires experience?

      4. 8

        While I agree with a lot of what you said, I definitely disagree with your take on Discord. I’ve found, for example, the Nim discord server to be full of helpful people discussing all kinds of programming-related things, especially the gamedev/graphics people. Ditto for the r/EmuDev and Zig Discord servers.

        I’ve certainly come across my fair share of shitty Discord servers though.

        1. 11

          Discord isn’t a specific place in and of itself; it’s a (non-free, proprietary, and centrally-managed) platform upon which other communities build spaces for chatting, and the individual quality of all of those spaces is what is actually meaningful. It makes as much sense to criticize the discussion quality of Discord as a whole as it does to criticize IRC as a whole, or Facebook messenger as a whole.

        2. 4

          I think you’re fair here–I have a bias against technical communities setting up shop in walled gardens they don’t control.

          1. 1

            While I understand your point, and agree that communities shouldn’t rely on proprietary platforms, this way of phrasing the problem is poor. Practically no community relies fully on infrastructure they “control”. Whether that’s the public IRC server or the internet connections individuals are using.

        3. 1

          The strictly linear model makes it impossible to follow discussions. I definitely prefer the Nim forum.

          1. 1

            Discord has threads.

            1. 1

              That’s useless when people aren’t actually using them to group discussions. I just checked that there aren’t any threads in Nim’s #main.

      5. 4

        The things I’ve seen work best are people having a space to log/discuss their current problems or current projects, and then having a way to field questions or chat with that as a starting point.

        This is an area where I believe Digital Gardens [0] can actually generate great discussion if their platform allows for two way communication.


      6. 1

        literally any request that a worker spend time honing their craft is a massive blow against Labor and a chance to enrich Capital at the expense of underrepresented groups?

        Gold, Jerry! Gold!

    6. 13

      PGP is an insecure and outdated ecosystem that hasn’t reflected cryptographic best practices in decades.

      i feel like this is needlessly inflammatory.

      it’s absolutely true that tools like GnuPG have insecure defaults and painful UX, but OpenPGP-the-ecosystem is alive and well.

      IMO this is mostly thanks to the Sequoia PGP folks, but that work has been bearing fruit for years at this point.

      1. 31

        It’s inflammatory, but it’s also not remotely controversial in cryptographic circles:

        The OpenPGP ecosystem is absolutely not alive and well, if alive and well includes the things that the ecosystem has historically maintained (synchronizing keyservers, a web of trust, etc.). The existence of a memory safe implementation is good, but does very little to address the basic format and cryptographic problems that are baked into OpenPGP’s standards. Fixing those requires standards changes, at which point we’re better off with something without the baggage.

        1. 4

          when i say “alive and well” i mean that the core & associated technologies are being actively developed and there is a healthy ecosystem with strong support for existing standards and tools.

          SKS has (effectively) been completely deprecated by the community in favor of; i don’t use web of trust at all and have no strong opinions on it.

          competing technologies like age are convenient but i have little confidence that they’ll ever see the same degree of support that OpenPGP has in software (e.g. git) or hardware (e.g. Yubikey, Nitrokey).

          EDIT: i feel like it’d be a little too long-winded to respond to all of those blog posts in a single comment, but just to pick on Matt Green: his criticisms of PGP are a little silly to apply here because he seems to be speaking mostly from the perspective of using it to secure communication (e.g. email and chat).

          perfect forward secrecy doesn’t really make sense in the context of OpenPGP when you have other tools for communication that implement cryptographic protocols designed for that purpose.

          1. 15

            [Matt Green’s] criticisms of PGP are a little silly to apply here because he seems to be speaking mostly from the perspective of using it to secure communication (e.g. email and chat).

            To a layman like me, PGP’s primary use case seems to be secure communication (specifically email). So PGP isn’t a good tool for this use case then?

            1. 6

              it depends entirely on what your threat model is; in its current state i wouldn’t recommend PGP for communication to a layperson, but for a savvy individual with specific threat models & use-cases it is still a best-in-class tool.

              for the average software developer/maintainer, however, PGP is probably most useful for authentication & signing (i.e. cryptographic identity) + as a primitive that other tools (with better UIs) can use for encryption operations.

              for authentication: i loaded up my PGP keys onto several Yubikeys and use them as my SSH credentials. between that & Secure Enclave on my mobile devices, i have almost completely done away with private keys on durable storage.

              for signing: one can use PGP to verify git commits (although this can be done with an SSH key now, not all forges support it).

              for encryption: PGP sucks to use directly but is fantastic in conjunction with tools like mozilla/sops & pass (or gopass) for sharing development secrets in a project without relying on 3rd-party infrastructure.

          2. 2

            Git needs signatures, which AFAIK age doesn’t do (you probably want minisign?). Git supports SSH signatures already tho.

        2. 4

          The controversial part is that all of these people you linked imply that we should be vulnerable to a few centralized third parties.

          1. 18

            The criticisms of PGP are not rooted in its lack of centralized ownership. They’re rooted in what a mess it is, both in terms of the user experience and the actual cryptography.

          2. 11

            I get the impression that the political climate (for want of a better term) has changed in the security community. It used to be heavily invested in privacy, decentralization, and open platforms, and PGP ’s design reflects those values.

            The new established wisdom is that centralization is good, open platforms are bad, and multinational corporations are seen as the most competent guardians of consumer privacy.

            The arguments against PGP (including the author’s) all read as a disagreement about values, in the guise of a discussion about technical competence.

            1. 21

              I disagree. I think what has changed is that usability is now seen as a core part of security. Like the author said:

              Security tools, especially cryptographic ones, are only as good as their least-informed and most distracted user.

            2. 10

              There are ways to use PGP that are kinda reasonably secure, and ways to use PGP that are interoperable.

              Unfortunately, the ways that are secure are not interoperable, and the ways that are interoperable are not secure. Plenty of critiques, including the ones already linked, cover this in detail – if you want a more-secure setup in PGP, for example, you have to either do it in an interoperable/compatible way which requires letting other parties strip off the extra-security bits, or do it in a way that doesn’t allow stripping off the extra-security bits but is as a result non-compatible/non-interoperable with likely large numbers of PGP users’ configurations.

              1. 5

                TLS once faced similar issues, but an effort was made to fix it, gradually breaking compatibility with the insecure setups, despite millions of users worldwide being on old, outdated operating systems and browsers, without the ability to update, or even the desire to do so.

                PGP’s installed user base is orders of magnitude smaller, technically savvy, and/or heavily invested in security.

                1. 5

                  PGP’s installed user base is orders of magnitude smaller, technically savvy, and/or heavily invested in security.

                  Unfortunately, I think the developers of PGP implementations and tooling are much more invested in defending the idea that PGP as-is has no security problems that would need to be fixed by ripping out compatibility with ancient crypto algorithms. And even doing that doesn’t really fix all the potential problems with PGP’s design; like a lot of people have said, the preferable well-designed approach is to support one way to do things, and if it gets broken then you increment the protocol version and switch to a different single way of doing things.

                  1. 4

                    I’m not so sure. TLS and Signal have the advantage that they deal with ephemeral data. Software signatures have a far longer lifetime (and in fact, most of the authors’ criticisms are related to the signatures being old). I think it’s very easy to get into a situation where you’re supporting multiple protocol versions at the same time, (as for example PASETO does) effectively ending up in the same place.

    7. 5

      This is gonna be a huge pain to deal with for years. I understand why they rotated it, but I almost wish they didn’t.

      1. 6

        Why do you think this will last years?

        1. 14

          Call this SRE cynicism, but there’s usually a long tail of builds that you do at various companies. Some of those builds may not run very often, and somebody may have pinned the GitHub RSA key thinking that it would never change. It’s going to be interesting to see with the long tail of less often run builds is at some companies.

          1. 9

            now that i’ve been doing infra work in a non-hobbyist capacity for literally any amount of time i don’t call SREs cynical anymore, just realistic.

          2. 1

            I see your point and nice mention of the long tail. Things will likely be discovered and break like you said. I’d call this failing safe 🤷🏻‍♂️. If I revoked an SSL cert with a Certificate Revocation List (CRL), things might break (if clients don’t read the CRL). But I revoked the cert. This is what I wanted. The problem with SSH keys (as mentioned here by df) is that SSH keys don’t have an expiration and there’s no CRL.

            I know how I should rotate passwords and the impulse could be my password leaked out on my Twitch stream (or something). A leak is possible and I know how to rotate a password. I know what the impact is (my old password stops working). I know how to rotate an SSL cert. There’s an automated way to do it with certbot. I might do it every week. A leak of SSH keys is possible so what is the procedure? It’s this very story. There is no other option. There is no CRL.

            So in this way, SSH has no explicit mechanism because … it’s a circle of trust for servers and hostnames to me that is unrelated to a terminal user on Github. I mean, I don’t really get an interactive shell on Github but this is what SSH started out as. I can have a git repo on a normal Linux box but I am granted a user account. This is different (in this context) than the HTTPS access method on Github for the same feature (Github access).

            It’s similar to the TLS circle of trust but there’s no private key infrastructure by itself. So it’s nice how simple SSH is (no registrars, no fees, no PKI, no CRLs, no expiration) but … how do you rotate an SSH key like you would a password or a cert? You do it because you want to fail safe but you make the news. 🌻

    8. 2

      This looks a lot like what newtype does in Haskell.

      1. 1

        yeah, you can construct the specific pattern OP describes with a combination of Data.Tagged + DataKinds + Symbol.

        More concretely:

        {-# LANGUAGE DataKinds, RankNTypes, StandaloneKindSignatures, TypeApplications #-}
        import Data.Tagged (Tagged (..))
        import Data.Kind (Type)
        import GHC.TypeLits (Symbol)
        type Branded :: Symbol -> Type -> Type
        newtype Branded brand t = Tagged brand t
        brand :: forall brand t. t -> Branded brand t
        brand x = Branded (Tagged x)

        …which can be examined in a REPL:

        > :t brand @"password" "hunter2"
        brand @"password" "hunter2" :: Branded "password" String

        You could do without Data.Tagged & just make your own newtype wrappers + helpers, but the library already exists so might as well leverage it & plumb through any helper functions.

      2. 1

        I am not familiar but did some Googling. In your opinion, is this wiki page a decent overview and explainer?

        1. 1

          Yes, definitely.

    9. 3

      Are organizations that allow personal laptops for work that common? I always thought BYOD was limited mostly to smartphones and tablets than laptops.

      1. 2

        Some are, yes. Universities definitely do but I’ve also seen it in smaller companies. Not yet so much in large ones, though here (MS) we do now kind-of have the option: you can have a Windows remote desktop session hosted in Azure and on the corporate network, where it can then connect to other VMs for work, which you can use with your personal laptop / desktop. I know a couple of folks who started using it.

        Android’s Work Profile is quite a nice way of separating the personal and corporate parts of the system. Each one has a pretty-much isolated namespace for storage and so on. For laptops, this seems like a place where confidential computing would help. If I can run my work stuff in something like an AMD SNP-SEV, Intel TDX, or Arm CCA VM, then work can get a remote attestation that shows that I’m running the approved work VM image and that my host OS can’t see inside it and I can do whatever I want on the rest of the system.

      2. 1

        My employer is a ~250-300 person consulting company and we definitely do this. Mainly because the majority of the company works for a client that hands over a laptop with their specs, locked down security policies (a lot of it is government consulting), etc. The devices we bring are subsidized by the company which allows them to enforce certain base rules that avoid some of the stuff in this article. Also, the vast majority of people only need their personal laptop for in between projects, special projects for the company (e.g. business development prototypes, open source updates, etc.), and things like time cards. Company systems are all SaaS so that also lowers risk of issues.

        I’ve also seen this model for a couple clients of ours that tend to be smallish companies coming out of startup phase and needing to expand a bit. The policy is often a holdover from the startup days and generally stays adopted as such since devs and designers want their PCs with Linux installed or Macs (even the .NET folks set up dual boot or have WSL enabled plus a lot of Docker in Windows), business folks want Windows, etc.

      3. 1

        i have worked for at least one company w/ a $1B valuation whose policy was BYOD (with a modest reimbursement for purchasing new hardware, if necessary).

        it’s completely insane but some places just don’t have a sense of operational security.

      4. 1

        I would suspect that organizations that allow personal laptops are more common than the other way around? Although I’d consider most work laptops I’ve seen “personal” since no one uses them but that employee and they can use it in any way they like (and most of them do..) so it may be down to the semantics of “personal”.

    10. 1

      migrating from 1Password to KeePassXC, Strongbox, etc. now that i have a nice setup for keeping things in sync locally (WebDAV server on my Synology) and remotely (same as local but over Wireguard).

      i really overestimated the complexity of a lot of this stuff, especially now that i have a home server setup to manage the tedious aspects automatically (e.g. reverse proxy, Let’s Encrypt, dynamic DNS, etc.).

      if that goes relatively smoothly i’ll probably try to either work on some more automated backup stuff or start poking around at the Apple Music APIs (i want to make some convenience scripts and/or helpful tools to automate/ease some of the manual curation i’ve been doing).

    11. 1

      Is it possible to cross-compile and package for windows on a linux machine?

    12. 8

      I belive that this article will interest more people:

      The thing with a statement like this is that I’m afraid it won’t change anyone. I see it as a reafirmatiom of RMS honesty, others won’t. I wish the conversations around these topic would become more “civilised” (for lack of a better word), so that some concensus can be reached.

      That being said, I wonder what influence the open letter and the support letter had on all of this. It seems the letter of support has currently twice as many signatures as the one criticising RMS, which is supprising. Then again, I was also amused to be reminded of how small the actual community of people who actually care about these things (pro or contra) are.

      1. 37

        It seems the letter of support has currently twice as many signatures as the one criticising RMS, which is surprising.

        As a signer of the original letter, the signatures in the original letter matter a lot more than the counterletter.

        The counterletter was drafted in 4chan /g/ (I saw the thread where people were drafting it) and heavily promoted in the Eastern Bloc at first. It was posted in several Russian-speaking link aggregation sites as well as 4chan itself. Sure, it has more numbers… by a bunch of people who are not writing the free software we are using. In the original letter I see people who wrote the software I’m using, people I have collaborated in bugs with, people I have met at Debconf and Pycon. I see organisations that make free software. In the counterletter I see some personalities like esr and a lot of angry Russians who are upset that someone is telling them that women are having a bad time in free software.

        A few of the signers of the counterletter managed to get some troll signatures, in Russian and 4chan references, into the original letter. They were trying to prove that this meant that there were no safeguards in the original letter and were arguing that by forcing github usernames, their signatures were more valid. Whenever I discovered these troll signatures using my limited Russian, I pointed them out and they were removed. So there were some quality checks.

        Number of signatories doesn’t mean anything. The original letter even stopped accepting signatures while the counterletter kept accepting them. It’s quite easy to get a lot of people in favour of any cause if you frame that cause as being some version of “free speech”, regardless of the speech being said and regardless of all of the people RMS has alienated from free software, especially women.

        1. 16

          heavily promoted in the Eastern Bloc at first

          I am very troubled by this. Why are opinions of free software developers in the Eastern Bloc (or Asia, for that matter) any less valid? Blend2D (a random example) is a great free software, isn’t it? Speaking as an Asian. Thanks.

          1. 7

            I’ve explained this elsewhere, but judging from comments they have made in Habr and presumably 4chan, their motivations are linked to anti-women, anti-LGBT initiatives common in Russia and other Slavic countries. They tend to frame kindness initiatives that do not directly benefit men as some sort of Western degeneracy. This is why their opinions on why Stallman should be head of the FSF matter less.

            Also, Stallman just hasn’t toured Russia that much; most of them have probably never had to deal with him much or work with him. They don’t know him like we do.

        2. 9

          The way I see it, both the people around the open letter and the support letter can be divided into two respective groups. The open letter have those honestly concerned about the negative influence of Stallman on the perception of the FSF/Free Software in general, just like there are those who are honestly concerned about the integrity of the FSF/Free Software when it comes to preserving user freedoms. The second groups are respectively those who are interested in undermining Free Software and those invested in Culture-War issues issues regarding Free Speech, as you mention. The interesting thing is that both “sincere” sides will probably overestimate and focus on the latter groups. An issue structured like this will naturally lead to a cultural deadlock.

          What I wonder is why you think that the open letter is in itself more legitimate than the support letter, because you recognize more developers you know. To some degree it should be expected that people you agree with will more likely be on the same side of the issue. Ultimately it would seem to me that considering that Free Software and user freedom isn’t something that should just interest developers, but users too, even if they don’t have great reputations or have met friends at conferences.

          Either way, because of the deadlock and the arguing about “numbers vs. legitimateness”, I don’t think that these two sides will agree on anything. It is but another trench in this virtual conflict. All I can do is wonder if this influenced the FSF in any meaningful way.

          1. 26

            The original letter are people writing free software. I don’t know what the counterletter people are doing, but they’re not, for the most part, working on GNU, Debian, openSUSE, gcc, nor are they FSF members or employees or hardly anything of the sort.

            This matters.

            Btw: I don’t think anyone is interested in undermining free software. This is a conspiracy theory promoted by the counterletter authors and supporters, that somehow if we don’t want Stallman it must mean that we want to be serfs to FAMANG.

            I support free software. I don’t have to support Stallman to do so.

            1. 14

              Setting aside that there are Free Software contributors that sign the support letter,

              • Andrea Corallo (GCC developer, Emacs developer)
              • Eli Zaretskii (GNU Emacs maintainer)
              • Leah Rowe (Libreboot Project Leader)

              to name a few I recognize, next to members of the same projects you mention – I repeat my question: Why does it matter?

              1. 9

                Yes, there are some. If we go by “voting members” of the free software world, so to speak, there are way more in the original letter than the counterletter.

                No orgs have signed the counterletter either.

                1. 7

                  Again, why does this matter?

                  1. 26

                    Demonstrably it didn’t. Neither letter mattered. The FSF did whatever it wanted.

                    But for me it mattered. It showed that there is a clear consensus of people I want to work with. We agree on who we no longer want to be in charge or be a philosophical beacon for us.

                    1. 11

                      I think the open letter mattered a lot by starting the discussion and making it clear that a lot of people have a problem that he rejoined the board.

                      The support letter shows that a lot of his followers have no problem about any of his opinions or thoughts as long as he did a lot of great work.

                    2. 5

                      Demonstrably it didn’t. Neither letter mattered. The FSF did whatever it wanted.

                      That is what I was wondering. Did the surprising outcome of the support letter help the FSF make their decision? The reason I use the word “surprising” is that in most cases, the “right” and “wrong” sides of these discussions are quickly established, the insinuation of a majority is made on various social media platforms and the change is pushed through (such as with Stallman in 2019 or with the Linux Kernel before). I actually expected the support letter to have far less traction, whether because the position is less popular of because it is more risky to voice support for that side. The previous chapter of the controversy had the “Joint Statement” to state opposition to Stallman. The other side didn’t have anything of that sort.

                      Ultimately this is all speculate and doesn’t amount to anything, but it is an interesting shift (or problematic tendency, depending on your interpretations).

                      1. 17

                        it is more risky to voice support for that side

                        There is no greater risk to signing the counterletter. This is another conspiracy theory pushed by the counterletter, that there is a great cabal of worldwide cancellists who will harm you if you publicly support Stallman. That you need to have great bravery to sign the counterletter.

                        I have no hard numbers, but I believe in actuality the signers of the original letter have received more abusive emails. I got a lot when I signed the GNU joint statement asking for RMS to be removed from leadership in 2019. I’m actually really afraid about having signed the original letter. I am afraid someone will get very angry and try to track me down to my home or something like that. Well, I am not sure how likely this could be, but there’s a lot more undirected anger in the counterletter than the original letter, aimed at a vague and nebulous “cancel culture”. The original letter’s anger is more focussed on a single individual who has been holding back free software for decades.

                        1. 14

                          Not a conspiracy theory at all. I may not be hired for choosing to sign the pro-RMS letter:


                          A tool to “block” signers of the pro-RMS letter:

                          There’s even a browser extension to highlight signers, anywhere we show up.

                          But sure, go on. “Cancel culture” doesn’t exist!

                          1. 13

                            You’re afraid of not being hired by… some dude. I’m afraid of someone showing up in my home and trying to harm me. How many angry and threatening emails have you gotten? I got about about five in 2019.

                            I’m also a little afraid of not being hired by some people for having signed the letter; similar compilations exist for those who signed the original letter.

                          2. 4

                            Yes, cancel culture does exist.

                            However most tech companies are not bigoted enough to respect these “cancel” lists, and I’ve never seen sufficient evidence to the contrary. As to the ones who are, you would not want to work with them anyway.

                            Also, I predict that the future will be less woke.

                            1. 9

                              “Cancel culture” always existed, in the sense that there were entities with the power to arbitrarily take away your reputation, your livelihood, even your basic rights. Historically those entities have been major institutions such as governments and large corporations, and they have done so as a reaction against increasing liberalism.

                              Unsurprisingly, most of the people who now loathe and decry and bemoan “cancel culture” come down on the conservative/reactionary side and are primarily reacting to the democratization (or threat thereof) of the ability to inflict consequences based on someone’s speech, actions, associations, etc. which has been brought about by technology. When I was young, you needed a major media organization (or two or three) behind you to really “cancel” someone effectively. Now you just need a Twitter account and for what you say to catch on with enough other people. To people who were used to being the only ones wielding this power, it likely feels terrifying and so they want to treat it as a new thing. But it is simply the thing they always did, now made available to many others via technology’s ability to amplify voices, improve coordination, etc.

                              As to your last point, it’s worth noting that while the traditional predictor of someone’s politics (on a generic liberal <-> conservative spectrum) has been their age, it appears that is now changing and the most reliable predictors are becoming things like education level (higher education -> overwhelming more liberal tendency) and race/ethnicity (“white”/European-descended -> overwhelming more conservative tendency). So you might want to recalibrate the confidence of your prediction, especially based on a claim that measures within a young and still-developing generational cohort many of whom have not yet attended university.

                            2. 4

                              The preference of one or more organizations to avoid associating with people who publicly support someone with a behavioral track record like Stallman’s is not bigoted.

                              To describe it as such feels dishonest, and ignores the fact that people have legitimate concerns over how likely it is for someone who explicitly supports Stallman’s viewpoints to work in the kinds of inclusive and diverse environments that modern companies and communities seek to cultivate.

                              As for your prediction, I don’t think it’s very likely that the future will be less “woke”; the tweet you reference appears to be from a group that’s quite politically conservative if you go by the recent content on their timeline, so there’s quite a bit of potential for bias there.

                              In my experience, the tech communities that seem to be growing the most rapidly seem to focus heavily on the mind of inclusivity that I associate with “woke culture” (e.g, JavaScript and Rust).

                              By comparison, communities that try to stay “apolitical” (in their own words, not mine) seem to attract more abrasive and disruptive contributors who do nothing to help their relevance.

                              1. 11

                                Painting over 6000 people as being automatically opposed in some form to inclusivity, just because they stand against the witch hunt of RMS, and then seeking to “cancel” them is the very definition of bigotry (”intolerance toward those who hold different opinions from oneself”). It is also disingenuous to suggest that any organizations doing the cancellation is doing it only as a “preference”, as if there is no political / mob pressure behind the scenes.

                                As for your allusion to a group being (according to you) politically conservative, that only seems to be a discrediting tactic used so as to avoid having to address the central point (the statistics quoted in the tweet).

                                1. 9

                                  It is not a witch hunt. He’s not a witch. He’s a guy who has demonstrably harmed free software in many ways. He was a terrible boss at the FSF (for example, refused to give raises because his logic is that wages would then increase without bound, bankrupting the FSF), he has creeped out many women, he has yelled and lost his temper at the very people who are trying to support his cause, he has defended zoophilia, pedophilia, and necrophilia, his main activism is ineffective language nitpicking and advocating technological abnegation.

                                  Not wanting him in charge is not the same as wanting him burned at the stake.

                                  And please don’t make me come up with links for all of these things. It’s really tiring to have to be an archivist for all of these things. Look them up yourself and if you can’t find them, then I’ll try to help.

                        2. 2

                          I thought about what happens if I would sign the open letter a bit and since a few days I get spam about GNU and Linux related topics which are oddly or very close related to RMS. One mail even had the fake sender address of Adolf H. (Yes, the one you think)

                          1. 5

                            Daniel Pocock has been spamming people on both lists lately. The guy is a figure.

                          2. 3

                            FWIW I have been receiving the same messages.

                            1. 2

                              Oh? Are people mass-emailing the counterletter signers with angry notes? What have you gotten?

                              I seem to be flying under the radar this time, but I attracted a lot of anger in 2019.

                              1. 1

                                The RMS open letter, not the support one AFAIK.

                    3. 4

                      It took me a good night’s sleep to realize that you’re still evading my question. So I’ll rephrase it one more: Why should it matter? Why do the voices of software users who see Stallman as someone who defends their Freedoms matter less than those of (some) developers.

                      1. 13

                        Oh, that’s what you were asking:

                        They matter less because they haven’t actually directly dealt with him. They haven’t worked on software he has tried to have a voice in, they haven’t seen him at conferences, they haven’t had him directly yell at them.

                        They don’t know him. So their opinions of him are less well-founded.

              2. 7

                More names here:


                I count 20 people seconding one of “Support Stallman’s reinstatement, as in” and “Denounce the witch-hunt against RMS and the FSF” proposals,

                1. Adrian Bunk [] [mail]
                2. Norbert Preining [] [mail]
                3. Jonas Smedegaard [] [mail]
                4. Ying-Chun Liu [] [mail]
                5. Barak A. Pearlmutter [] [mail]
                6. Adam Borowski [] [mail]
                7. Micha Lenk [] [mail]
                8. Michael Biebl [] [mail]
                9. Bart Martens [] [mail] [confirm]
                10. Jonas Smedegaard [] [mail] [confirm] [confirm] [confirm]
                11. Pierre-Elliott Bécue [] [mail]
                12. Daniel Lenharo [] [mail]
                13. Milan Kupcevic [] [mail] [confirm]
                14. Michael Biebl [] [mail] [confirm]
                15. Axel Beckert [] [mail]
                16. Gilles Filippini [] [mail] [confirm]
                17. Filippo Rusconi [] [mail]
                18. Shengjing Zhu [] [mail]
                19. Matteo F. Vescovi [] [mail] [confirm]
                20. Mathias Behrle [] [mail]
                1. 12

                  These aren’t votes yet. These are seconds, for various of the proposals, both for and against and various shades in between. This is how Debian does resolutions. The votes will be finalised by Saturday.

                  1. 8

                    both for and against and various shades in between.

                    The 20 Debian folks I included however were all for (not against) supporting Stallman. I only included it (and this is only from Debian) because you wrote “the counterletter people are [….] not, for the most part, working on GNU, Debian, openSUSE, gcc,”.

                    1. 11

                      That’s not entirely how that works; they’ve seconded the resolutions to appear on the ballot, not voted for them specifically. Seconding it just means they think it should appear as an option, not that they agree with it.

      2. 8

        It seems the letter of support has currently twice as many signatures as the one criticising RMS, which is supprising.

        RMS has a very religious almost cult following. So no surprise there. Also the RMS open letter GitHub repo stopped accepting signatures on April 1st. The support one still accepts signatures to this date.

        I did a very quick look at the signers of the RMS support letter, looked at a very small amount of accounts closer and there where a couple of things that stood out and seemed fishy:

        • lots of Russian sounding names
        • some of them where newly created (for example 31. March), had their first PR against the repository or had very little activity the last year

        This could be coincidence or people created their account because of this letter but it could also mean that people created new account or used other means to inflate the numbers.

        1. 22

          lots of Russian sounding names

          As someone of Slavic descent, I would be very interested in what you mean to imply by this point.

          1. 16

            Russia has a well-documented state-sponsored homophobia. The recent Russian bill to ban gay marriage, even foreign-made gay marriage, had over 70% support in the polls. These attitudes trickle down and they’re popular with the general Russophone population, not just with the governments. A widespread belief in Slavic countries is that gay acceptance is some Western-induced degeneracy that didn’t really exist in Soviet times, along with some kind of desire to go back to the good ol’ days when LGBT people didn’t “exist”.

            Thus, a letter that is perceived to defend someone (RMS) who has been attacked by the LGBT community will be popular in Russia and surrounding countries. The discourse in 4chan framed the counterletter as being explicitly drafted to give trans people a kick in the head. They consistently used transphobic slurs to refer to me and other signatories of the original letter.

            1. 16

              This is such a wild take. Heck, you could’ve said something like “they’re Russian bots” and that would be somewhat acceptable. You didn’t stop to consider that they could’ve had other motivations (so many better ones!) for having signed it? This is a very bad generalization of the Russian populace, akin to calling all Americans gun-touting redneck hillbillies.

              The real reason for most of the Russian signatures was the letter being shared on some Russian link-aggregator site(s).

              1. 8

                No, they’re not bots, they’re real. And talking to them in the github issues of the counterletter, they are very angry about women and minorities being promoted. This seems to be a strong implicit reason for their alignment with the defense of Stallman. They want to defend their freedom of speech to be awful to women and minorities because being nice is censorship.

                Of course I generalised, because we have voting numbers. At least 70% of the Russian population is homophobic.

                1. 5

                  At least 70% of the Russian population is homophobic.

                  I’d really like to see what are your sources for this claim.

                  1. 15

                    I gave you the source: the voting numbers of the Russian bill passed yesterday to ban gay marriage. It had widespread support. These are not deeply-hidden facts that are difficult to find.

                    But here, there’s plenty more sources:


                    If anything, I was giving Russians the benefit of the doubt with 70% It seems closer to 80%.

            2. 7

              Flagged as troll for being racist against Russians.

              1. 10

                Russian homophobia is well-documented and is a very harmful problem that is killing people in Russia. Recognising problems in Russian society is uncomfortable, but I don’t think it’s racist.

                1. 7

                  Here’s how I understand your reasoning:

                  • Russian government is homophobic and polls show that many russian citizens also are (that is true)
                  • Many people who supported the counter-letter are from Russia (also true)
                  • Therefore they support RMS because they are homophobic.

                  You can tell me to go find it myself. But, it’s you making claims. When I’m making a claim, I’m ready to bear the burden of proof, or I say that it’s just my opinion that may be too far-fetched or entirely untrue. You present your statements as facts but are unwilling to present any proofs, and I don’t think it makes you look more trustworthy, even if your statements are true.

                  1. 5

                    The last claim comes as an inference and from statements I have seen in 4chan and Habr, in English and Russian. 4chan quite openly frames support for the counterletter as a homophobic and transphobic cause. It’s more subtle in the Habr comments, but it does happen there too.

                    It’s more difficult to find it in Habr because my Russian is rudimentary but if you’d like, I can do that too, in case your own Russian isn’t good enough.

          2. 2

            Just something I have noticed. I don’t know if FSF normally reaches those countries and if it is suspicious or not.

        2. 4

          lots of Russian sounding names

          From what I heard, the support letter was shared around Russian HN-likes, which explains that aspect.

          1. 2

            Do you know if those sites tried to push people to sign the letter?

            1. 9

              Yes, it was posted to Habr:


              I can’t find the original post, but they coordinated attacks on the original letter from Habr, for example:


              1. 9

                Are you implying that anti-RMS people “sign open letters”, while pro-RMS people “coordinate attacks” when they do exactly the same thing? ;)

                1. 5

                  These are the same sort of people who are trying to directly harm Molly de Blanc, getting her arrested or swatted. I won’t link to that attack, but there is a lot of anger and implied violence against the original letter. This thing posted to Habr is the same sort of angry violence, trying to get legal authorities involved.

                  It’s not exactly the same thing, it’s not both sides. I am not calling for Stallman to be arrested or harmed. I just don’t want him leading the FSF or GNU.

                  1. 7

                    You are accusing people of coordinating an attack and giving a link to something that clearly isn’t that (not a thread where an attack coordination took place). Then you say you won’t give a real link. Why should I believe you?

                    The post you linked to doesn’t call for violence towards anyone, either. Also, “calls for violence” and “calls for authorities to get involved” are kinda mutually exclusive things.

                    1. 7

                      It’s not hard to find the Molly de Blanc attack page. Look for it yourself.

                      Also, “calls for violence” and “calls for authorities to get involved” are kinda mutually exclusive things.

                      Not in the US. Swatting has gotten people killed. Swatters hope people will get killed. This is an unfortunate by-product of militarisation of the US police force: calling cops on someone can be a death sentence.

                      1. 4

                        All respect due, that post isn’t calling for swatting. It’s calling for the removal of the issue from GitHub!

                        1. 3

                          I’m talking about the attack site on Molly de Blanc that I don’t want to link.

                          But incorrectly citing laws on Github is a similar sort of aggression, driven by similar rage. You’re right it won’t lead to a swatting but I have seen the same group endorse both kinds of actions.

                2. 3

                  I mean, they are literally trying to coordinate to have the original letter removed. That’s different to signing an open letter, isn’t it?

                  1. 6

                    It’s a copy of the deleted issue that someone posted there after the fact, and it received a whole three comments (all general remarks about the situation, no specific action proposals). Since that post clearly is not about coordinating an attack, I assumed JordiGH is referring to something else—most likely the rms-support-letter itself.

              2. 1

                The issue reads like some spam I get daily 😀

        3. 4

          Who cares where they’re from? What matters is whether they’re just random names, or if they’re actively involved in the business of the FSF (and, therefore, are more likely to know what they’re talking about).

      3. 2

        It seems the letter of support has currently twice as many signatures as the one criticising RMS, which is supprising.

        I don’t know. It seems to me that pretty much nobody knows who RMS is, and a significant portion of those who do don’t care about him. So it makes sense that the ones who bother to do something about it are the ones who support him.