It feels ontologically wrong to me to constantly beg my own computer for permissions to do things. I always use root on Linux, and my Gentoo machines don't even have a non-root account. (I get great satisfaction from compiling VLC to let me run it as root as well as patching Dolphin and other apps to not complain about it.) On Windows I always use an admin account and disable all UAC prompts. I've managed to have no incidents since I started this policy a decade ago by simply not downloading malware or using 123 as my password on an open SSH port. Go figure.
The point of lowering application permission is not to prevent you from doing things. It’s to prevent the application to do things you don’t want.
That’s why people try to give apps as little permission as possible and only grant them when they are required.
Technically you are one vulnerability away from irremediably losing everything after opening a seemingly innocent file. I am actually convinced the sole reason it doesn’t happen is because it doesn’t make sense to target people doing that because they virtually don’t exist.
So you don't understand why seatbelts were invented and your evidence that they're unnecessary is that you personally haven't gotten into a car accident.
"Not downloading malware" is everyone's default stance, but no one can identify all of it.
And that's only a single vector out of many. Security flaws exist in even the best operating systems that make you vulnerable even when doing everything "right" (which you emphatically are not).
My problem with this argument is that my user data is by far the most valuable thing on my computer. Almost nothing that gets protected by “root” really matters much. What I really want is a way to protect all my user data from rogue programs, but I have no way to do that on modern computers. Any program I run with my regular user account can steal or delete all of my data already. When my data is so trivially at risk, who cares if a bad program can also wipe my OS or something? I can reinstall Linux. I can’t get my data back if someone steals it.
Check Fedora Silveblue, or Kinoite (or the Budgie edition) if you don't like neither KDE nor Gnome. Inmutable OS, it can be set to a rolling channel to get daily updates, you can rollback it from GRUB in case of disasters and, even better, everything non-desktop environment based it's installed from Flatpak and containerized.
That's why you run programs as different users. Background services like nginx or jellyfin get their own users. Have a separate `games` user if you play video games. If you're going to mess with untrustworthy code, make another user first. Don't give world permissions to your home directory.
That might help if nginx has a security vulnerability. But what about all the programs I run as a user? Nobody runs their IDE or “npm install” under separate user accounts. Nor should we have to in order to prevent a package from interacting with my filesystem outside of the project directory.
macOS does ask you if you want to allow a program to access your files in $HOME. Not sure if it's a perfect solution, but still, it's something.
As a more additive approach than just giving up and running everything as root, I think in Linux you could do the same with (a fair amount of effort and) SELinux or AppArmor.
There's a difference between choosing to wear a seatbelt and being chained to the seat by the car manufacturer, who then refuses to release you "for your own safety".
I wear seatbelts (but I'm proud of my state for being the only one not to force adults to) because a car crash is much more likely than being victim to a zero-day vulnerability.
I have my account set to show flagged comments. A lot of flagged comments are simply some form of "wrongthink" but not violating any guidelines. So I've used the function often to "save" a flagged thing but it seemed to have stopped working for me at some point. I can only speculate why, but I think I saw some other commenters saying that happens if you unflag too much.. wrongthink. I want to give the site admin the benefit of the doubt though. Maybe it's simply an automated process that notices you unflagged too many things that were flagged by others too much?
I also have that setting, and occasionally vouch for an inexplicably flagged comment I notice.
There's definitely wrongthink/ideological flagging and downvoting going on.
(On some comments I make, I know when I make it that it's going to get downvoted, because it pushes against an opinion of the kinds of people who will downvote to suppress criticism. It used to be that criticizing cryptocurrency would get downvotes, but now it's popular to criticize. I can get reliably downvoted any time that I suggest that adding a fee for some basic public infrastructure (e.g., to drive on street in a city), in a "market-based" way, is a handout of the basic public infrastructure to the wealthy. Also, suggestions that there's still any bias against women, in anything, somewhere, seems to reliably get downvotes, no matter how relevant; I don't know why, but I'd guess it's because the topic has a lot of general angry sentiment, and people who are angry the other direction aren't represented as much on HN.)
I'd distinguish wrongthink from something being off-topic and done-to-death or a flamewar magnet. Maybe one mental exercise test for this is whether the same person would also still downvote as "topic" if the opinion of the post/comment were flipped.
I’ve lived in China for a few years and I noticed anytime I write anything even remotely positive about my experience there I will get downvoted or flagged. Even completely neutral comments sometimes gets downvoted.
Russian here. I can't show -any- cool tech made here or an optimization that we do that western countries don't because people would say I praise Russia no matter how much more often and harsher I criticize. They don't even know what I think about the country, I just can't speak about it.
I appreciate people who are saving flagged comments because what made HN great 10-15 years ago was that I often changed my views because people would articulate why they are right and they sometimes indeed were.
I don’t think anyone doubts there are good things that come from China. Using a throwaway account won’t help your cause marketing China. Like every other “superpower” China has their major, major flaws. The kicker is trust. Pro-China rhetoric on a highly-moderated forum should be met with skepticism.
This isn’t opinion. The great firewall of China isn’t a farce, it would be good to remember that.
It sounds more like the concern is that a post coming from China has a significantly higher likelihood to be state-sponsored propaganda than a resident’s/citizen’s genuine opinion. It makes sense on its face that it would be “higher” (that’s the point about the Great Firewall) but it seems to be a matter of personal opinion how “significant” that increase is.
>There's definitely wrongthink/ideological flagging and downvoting going on.
I actually vouch for a lot of comments I disagree with that was flagged, and upvoted it because I want it to be shown to the world. And in other times I disagree with it but vouch and upvoted because I dont want HN discussions to be one sided.
one common misconception is that "the downvote is not a disagree button". it absolutely is. I made that mistake before, in the early days of reddit they used to stress that mantra, and I made the false assumption it was true here. You are getting downvoted because people disagree or don't like what you have to say. simple as that.
Downvotes sadly are endorsed by pg (the owner of HN) for use to indicate disagreement.
Flags are not downvotes and are not to show disagreement. They do seem to get used that way.
I like the others above have show-flagged enabled. "90%" of things I vouch are things I disagree with that represent what I consider a point of view that deserves to be known, has been at least reasonably well presented, and isn't flame-bait.
silencing the opposition creates an illusion of consensus. in the deluded minds of the terminally online, it is paramount to maintain that illusion.
in every remotely political discussion here, reddit opinions are allowed to be expressed as non-constructively as you please, but all dissent, no matter how factual and constructive, gets flagged within minutes.
They're not deluded. They're evil. By faking consensus you mint new converts because the false consensus affects the opinions of everyone new to the subject. The platform designers, moderators, etc, etc, know this and that's why they do it.
Apparently it's because the original headline had the unfortunate juxtaposition of "homelessness" & "experimentation"?
I wouldn't be so quick to call delusion/dissent when designers of our spaces have simply made it far too easy to turn private affects into public effects..
(& It might be rude of me to be so concrete.. so.. apologies)
GIMP's icon redeisign and new tool layout were a massive mistake IMO, first thing I do on a new install is disable tool groups and change the color scheme to "legacy"
I did read all the keybindings (as well as the entire README.md) hoping to find a "launch" or similar command but there was nothing relevant. "Increase number of master windows" was most promising but nothing happened. The only command that responded was super+shift+q to quit. Nothing abnormal going on in the Xorg or plwm logs.
I've seen Java described as made for companies to be able to rotate out mediocre programmers as efficiently as possible without letting them mess things up easily, and it makes a lot of sense from that perspective. Barebones semantics to the point of being Spartan (can't even define your own operator overloads), easy to take another class and copy it with small modifications but not mess it up for anyone else (inheritance)..
Then there's C# which most anyone who's enthusiastic about software dev will find far nicer to work with, but it's probably harder for bargain basement offshore sweatshops to bang their head against.
I really don't think this stance aged well, even if it was closer to true way back when. IMO the spartan language is now Go, and Java has ended up the boring open source workhorse. The jvm is very performant compared to many stacks these days (python Ruby node) while still having a very compelling concurrent programming story, and has a lot of nice language feature things ever since 8 and onwards. Lambdas and streams are the big 8's, but I think virtual threads growing up and even new things like scoped variables are really compelling reasons to build a new thing in java right now.
You need just the right amount of expressivity in a language, so that it is hard to abuse, but still allows writing easy to use libraries.
Java has went over this evolution, implemented generics, lambdas, etc and I believe it strikes a very good balance in not being overly complex (just look at the spec - it's still a very small language, compared to its age, unlike C++ or C#).
Go tried to re-invent this evolution, without having learnt Java's lessons. They will add more and more features until their "simple" will stop applying (though I personally believe that their simple was always just simplistic), simply because you need some expressivity for better libraries, which will later on actually simplify user code.
The problem with the JVM, compared to Go, is the GC; it requires a lot of reserved memory. Go programs use far less.
And the SDK is bulky, which can be a problem for container images - although arguably it should be considered irrelevant, as you only download base images once, if done correctly.
You're not supposed to use the runtime directly these days. jlink allows you to strip unnecessary things (like documentation for the runtime itself), extract only those parts of the runtime you need (though your project must use modules to support that), and then aggressively compress it all getting a pretty small package that runs on an empty OS with no dependencies other than libc. It's still a bunch of files, so for good user experience you would have to ship it as a container (or something like .exe or appimage), but it's really close to Go in terms of size.
It's a configurable property, and Java has a bunch of GCs to begin with.
Also, not using as much memory in these types of GCs is a direct hit to performance. And this actually shows splendidly on GC-heavy applications/benchmarks.
We were paying a million a month for a custom high performance GC for a little bit but we were able to get off that with a lot of development effort and get our five 9's latency under control.
I tried and gave up on getting Keycloak to use less memory. 500-1500 MB for a server with less than 10 concurrent users is ridiculous. And that's even using an external database.
Much less of a problem in .NET (its GC tuning sits somewhere in between the two, especially when SRV GC + DATAS is in use, like in container scenarios, where Go is funnily unaware of limits set by cgroups and needs an external package to fix it). It does pre-allocate more memory than Go per se but in return yields much, much higher allocation throughput out of box. Java allows for even higher allocation throughput, having multiple more sophisticated GC implementations but as you said is not very good at reducing sustained RSS used by an application.
Off the top of my head? Bazel is the Java program I use the most. Hadoop/hive and similar stuff also heavily Java but I'm not sure how much that's in use anymore
I'm not saying there's no Java in open source. And I'm aware of the projects you mention. I don't run them though. And they definitely don't qualify as "the boring open source workhorse".
There are a couple of Java projects, and even one or two kind of successful ones. But Java in open source is very rare, not the boring workhorse.
If I worked on a project that used Bazel, then sure, I'd use Bazel every day.
But which is "the boring workhorse" of open source, if I gave you the option of Java, Make, Linux, gcc, llvm, .deb, would Java really be "the" one?
Sure, maybe you could exclude most of those as not being "boring", like llvm. But "make" wins by any measure. And of course, it's almost by definition hard to think about the boring workhorse, because the nature of it is that you don't think about it.
Checking now, the only reason I can find java even being installed on my dev machines is for Arduino IDE and my Android development environment. Pretty niche stuff, in the open source space.
Most Java applications nowadays are based 100% on open source stack with hundreds of libraries and frameworks and Java dominates enterprise space, so it is a huge open source workhorse, just more obscure than Linux, gcc etc.
Ok, we clearly have an extremely different definition of the word "the" workhorse of open source.
It doesn't mean "more than zero projects are Java based". Nor does it mean "most (opensource?) Java applications are based on open source". That latter is borderline circular, only Oracle legal shenanigans makes it not circular.
> and Java dominates enterprise space
I said nothing about enterprise. Clearly Java is HUGE in enterprise.
> so it is a huge open source workhorse
That sentence took a strange turn. Enterprise, and then back to open source?
> just more obscure than Linux, gcc etc.
Obscure? I'd expect Java to be about as strong a brand as Linux. Among developers in general I'd expect gcc to be orders of magnitude more obscure. There's no programmer out there who has not heard of Java, but many have never heard of gcc.
> Ok, we clearly have an extremely different definition of the word "the" workhorse of open source.
You said what it is not, but forgot to share your own definition.
>That sentence took a strange turn. Enterprise, and then back to open source?
What makes you so surprised? One does not exclude another, enterprise users are users too. Most of things in Java world aren’t client-side, so many users won’t observe them directly, but open source Java technology is doing a lot of work for them, constituting significant share of the code base.
Half of the internet is literally running that.. like unless you deliberately avoid Java stacks, you will come across it. It's one of the top 3 ecosystems in size, with JS and python being the other 2 contenders.
The lack of operator overloading is a bit annoying but in practice seldom a real problem. An operator is just a funny looking method. So what.
There are worse fundamental problems in Java. For example the lack of a proper numeric tower. Or the need to rely on annotations to indicate something as basic as nullabilty.
It’s a massive annoyance when working with any sort of numeric code. Or custom collections. Or whatever else the standard library enjoys that nobody else gets to use.
I remember the times on one of professional forums, where there was lots of questions about architecture in C# sections and almost none in Java section. Abundance of tools creates abundance of possibilities to get confused about what’s right. In Java many design decisions converged to some dominant design long time ago, so you no longer think about it and focus on business. It’s sometimes as bad as getter verbosity (thankfully record style is getting traction), but in most cases it’s just fine.
Who actually asked for this? It's been nothing but a pointless nuisance to me as a user. Samsung complains at me if I choose to give an app persistent GPS access, in the rare occasion it even lets me. I want my programs to do as much as possible, not be hamstrung.
There’s a few apps where I want to grant broad permissions from the outset, but generally that’s not what I want, especially when it comes to photos, contacts, etc. In most cases there’s no benefit whatsoever to granting e.g. access to my entire photo library and it seriously irritates me to see apps insist on said access.
In fact if I had my way, I’d never see a prompt and permissions would default to “only selected” (collections) and “no access” (location, wifi, etc), with the handful of exceptions having access granted manually.
I gave Telegram access to only a few photos, and it pops up the "give me more access" dialog EVERY SINGLE TIME I open it. Not when I want to send a photo, every time I open the app!
The cognitive dissonance can be disturbing. A frightening number of people never grew past a child's logic of "X has problems -> X is the worst thing ever -> if I hate X then that must mean I love the opposite of X" and suddenly they're a trans activist (which is a good thing, to be clear) frothing at the mouth in absolutist terms to defend people who want them dead..
Someone feel free to correct me if I'm wrong, but as far as I can appraise the situation, Israel sucks and has a somewhat higher incidence of committing war crimes than other western countries, but Palestine would suck even worse if you switched their places around, the only thing holding them back from committing much worse atrocities being lack of resources, going by their human rights record and direct statements from their leadership. Israel isn't executing anyone for being gay for example. But out of many factors, one being some left leaning people taking the mental shortcut that the anti-American option is always more intellectual and "owns the conservatives", we've ended up in this nonsense scenario.
This is why everyone should have a union, including highly paid professionals. Imagine what it would be like. "No, fuck you, we're going on strike until you stop inconveniencing us to death with your braindead security theater. No more code until you give us admin on our own machines, stop wasting our time with useless Checkmarx scans, and bring the firewall down about ten notches."
reply