I’m the Yujiri from yujiri.xyz. https://yujiri.xyz/contact.gmi

  • 8 Posts
Joined 2Y ago
Cake day: Jun 25, 2021


What a terrible article.

Whenever I read the claim that copyleft ideology is hypocritical because it imposes a restriction on acceptable use of the software, I pretty much just stop paying attention. The ideology of copyleft is very clear and consistent: making non-free derivatives isn’t a valid freedom because it takes freedom away from others. No, just because you don’t like something doesn’t make it hypocritical. Compare copyleft to defensive force: everyone agrees that it’s wrong to punch someone, but everyone also agrees that you can punch back against someone who punches first.

The two use cases suggested:

Alice holds a digital wallet that securely manages her identity, data, and authorizations for external apps and connections. Alice uses her wallet to sign in to a new decentralized social media app. Because Alice has connected to the app with her decentralized identity, she does not need to create a profile, and all the connections, relationships, and posts she creates through the app are stored with her, in her decentralized web node. Now Alice can switch apps whenever she wants, taking her social persona with her.

  • Creating a profile takes what, 2 minutes? And you do it only once per app.
  • Connections and relationships: Okay so you want to copy your list of followers? That’s nothing remotely new. Pleroma literally has that (also for blocks and mutes).
  • If you want automatic discovery of existing followers, fine, but note that already exists on some platforms via email addresses or phone numbers. All you’d need to extend it to secure, decentralized identifiers is for those platforms to have a metadata field for users to put such an identifier. Hardly revolutionary.

Bob is a music lover and hates having his personal data locked to a single vendor. It forces him to regurgitate his playlists and songs over and over again across different music apps. Thankfully there’s a way out of this maze of vendor-locked silos: Bob can keep this data in his decentralized web node. This way Bob is able to grant any music app access to his settings and preferences, enabling him to take his personalized music experience wherever he chooses.

So you want to import playlists between music apps? That could only work if each song has a globally unique identifier for the playlists which is known to all the platforms. That isn’t the case, and changing that would require every musician to change their workflow.

True, but I think the intention of the post is to call attention to what is likely another scandal like copilot (it launders open source code, violating the license)

Thanks! That page was exactly what I was looking for.

This is a concern I hadn’t really thought of before.

Stuff I read in the past that I think is important here:

As per Drew’s article, I think the main defense we have is the idea of finite scope. In a free alternative to twitter (or another social media platform), there is not an infinite set of features that are desirable. If we pick our feature set wisely, we can build a platform that feels as though nothing is missing, and if we do this, they won’t be able to do the “extend” part because it would be obvious that anything they could add would be making the experience worse, not better. Some of our solutions may have already achieved this - if that’s so, the strategy becomes convicing enough people of that.

For one example I’d name quote tweets. This is a feature that I think is probably an anti-feature. Compared to replies, it is a “third person” form of engagement, which naturally breeds toxicity rather than understanding in disagreement, and encourages people to engage with the worst people on the platform. It also biases people toward having less realistic and less optimistic views of those who disagree with them by showing them only the worst members of the opposing camp. See Shamus Young’s “This Game is Bad For You” - very insightful on this topic.

If we can identify and avoid all such anti-features, and convince enough people to see them as such, we foil the middle E in EEE.

I think all of these arguments are really bad, and I’m someone who hates universal package managers.

“Fragmentation is not an issue”

t seems, they all agree that all of the different packaging formats and managers are a problem. However, is it really so?

Well, duplication of effort is always a downside.

As a developer, by simply using a free licence, you can just sit back and let all of the distros build binaries and do all of the work for you.

The whole complaint being made is that this doesn’t always happen in a timely fashion, and even when it does, it requires a lot of work to be done by each of those distributions.

“There is no need for universal package managers”

Yet, there is a universal package manager that has been around longer than even traditional package managers. BUILDING FROM SOURCE! Many people forget that all of their software is a git clone, make, and make install away from being installed.

I wish it were that simple. In practice, most projects are much harder to build than that. Many use build systems other than plain make such as CMake or Meson and Ninja or GNU autotools (and every project that uses autotools has different levels of intermediate files committed so different commands are needed to build it), and you’ll need to install whatever bespoke build tools they have. I almost always run into arcane error messages that can give me a lot of trouble even as an experienced Linux user and programmer. This is especially true if you’re on a distribution (like anything Debian-based, in other words most newbie distros) where header files are in separate packages, so trying to build anything will give you errors as if you have nothing installed.

A story I always share when this comes up is of my GTK patch that fixed a GObject Introspection annotation (affects generated bindings for other langauges). I spent twelve fucking hours trying to compile GTK and failed. I gave up and submitted the patch without having seen a successful build (it got accepted).

Again, I am an experienced Linux user and programmer. If even I have so much trouble compiling programs from source, expecting anyone who doesn’t have my skill set to do it is crazy.

“Universal package managers are inefficient”

Flatpak, Snap, and AppImage are just not as fast as conventional package formats. Try using any modern version of Ubuntu, and just see how slow their Snaps are.

I have never noticed them being particularly slow, either to install or to run, though I can’t comment on Snap specifically as I’ve only used Flatpak and AppImage.

But, that isn’t really even the worst part. Because of the nature of universal package managers, they require much more space than traditional packages. Every single app, instead of sharing the dependencies of all other apps on the system, is bundled with all of its dependencies. This can add gigabytes of space to many apps, and slow down older HHD’s.

I mean, sure, reducing space requirements is noble, and universal package managers probably take up a little more space (I haven’t analyzed it myself). But it’s far from a chief concern in a day where even low-end drives have hundred of gigabytes of capacities. And as for " instead of sharing the dependencies of all other apps on the system" - blaming static linking is a serious mistake. The space impact of static linking is not a large cost and it easily makes up for it with its advantages in simplicity and reliability. I would blame dynamic linking for a lot of the headaches we have with packaging and compilation. Dynamic linking introduces the need for complex dependency resolution algorithms, tying each executable to a huge amount of environment it has to carry around in order to work, breaking the portability of programs and crowding your package manager output with obscure libraries you’ve never heard of and shouldn’t have to.


I don’t know very much about this topic, but I think that building a binary yourself can be faster because it can make optimizations involving non-standard CPU features (distro packages have to be compiled without these because the user’s CPU might not support the extension)

Why hide the post button if you’re not subscribed?
On a community's page there is no post button if you're not subscribed, only a subscribe button which appears a post button. At first I thought it was a rule you had to be subscribed to post in a community, but after I learned that you can post on any community by going to Create Post instead and selecting the community from the dropdown, it's just a pointless annoyance.

What does it mean when a package version has extra parts at the end
I get semver: x.y.z, but in the context of distribution packages (never upstream releases), I often see versions like 5.2.1-1, what does the extra number mean?

I for one am super excited about the potential of RISC-V to liberate our computer hardware :)

Increasing prices isn’t a one-way street to making more money. The amount of money you make is the price times the number you sell, and you sell less if the price is higher.

That isn’t how inflation works. Inflation is when the value of currency decreases, meaning prices as measured in currency increase to stay equal in value.

Maybe Drew goes completely crazy and decides to destroy anything related to this new language, I don’t know.

There’s no way he’d do that. He and others spent years building this project already. He’s not gonna throw away that much effort and a promising project just because people are seeing it sooner than he intended.

If you want a TLDR of how it compares to other languages, I think this: https://drewdevault.com/2021/03/19/A-new-systems-language.html

First I’ve heard of Odin, I think most of the languages you list can’t be considered true altneratives to C. A key aspect of C is manual memory management; probably any language with garbage collection cannot replace C in its appropriate use cases (kernels, interpreters, device drivers, etc).

My impression is that Hare aims to be drastically simpler than Rust, but borrows at least one major idea from it: pattern matching. I suspect a big reason Drew didn’t consider Zig satisfactory is because of its lack of unicode string support. See this fascinating thread where he argues with the Zig developers about their decision to leave it out: https://github.com/ziglang/zig/issues/234

The Hare programming language
[Why I'm doing this](https://yujiri.xyz/software/hare.gmi)

It’s a decent article but I think it could’ve benefitted from more concrete examples, in particular of this claim:

For visually impaired users, this might mean laying out information in a more logical sense than in a spatial sense.

The term “free software” as used in FOSS doesn’t mean software that promotes freedom, but software whose licenses allow certain freedoms. In this definition, Android is free software and FOSS.

Bit of a tangent here, but I think FOSS ideologues have a tendency to overrate the significance of software being FOSS.

We already have a Linux-based mobile OS: Android. It is open source, but it is still in practice a tool for Google to gain more control over us.

Having open source code is necessary, but not sufficient for software freedom. We also need the software to actually be designed to serve the user.

It’s big but I think that number’s inflated. I just downloaded the source bundle from sudo.ws and I find only 200k even if I count the entire repository, including docs (43k) and lib (38k), and lib looks like vendored dependencies to me. The actual src/ is only 15k.

Looks really cool, but sadly it segfaults for me as soon as I enter a password.

I don’t get this meme. There are 5 captions and 4 zones, and 4 of the captions are in the same zone!

these posts are so bad they don’t even need a witty caption, they’re memes by themselves

Even if that comparison is exactly correct, wouldn’t it just mean that a userspace scheduler is redundant? You don’t want to have two pieces of software running at the same time with the same job.

But I don’t think that comparison is correct. OS kernels aren’t an external tool for managing process priorities. They’re how you create processes in the first place, so of course the OS is the appropriate place to manage them.

This sounds like a bad idea to me. Having more stuff running just to figure out which of the running stuff to prioritize.

Aiwendil has a good answer but I’d just like to add this nitpick (also @kromonos@fapsi.be ): bash and fish aren’t terminals, they’re shells

This post seems to be an ad for some sort of development contracting company, which disgusts me, but I feel compelled to respond to the points anyway because their content is interesting independent of the ads. My position is that Node is a terrible choice, and I will rebut these reasons.

Easy learning curve

This paragraph assumes you already know frontend. Yes, it’s easier to learn backend JS than another backend language if you know frontend JS; it’s not easier to learn backend JS than another backend language if you don’t know frontend JS. (Not all developers are full stack)

The V8 JavaScript engine has been proven to be at least twice as fast as any other server-side language out there, including Java and PHP, while using far less memory than any of them.

This argument is bizarre. I have seen that Node is faster than other dynamic langauges, but have you forgotten that compiled languages exist? I would be astonished if you could find any evidence that Node is faster or uses less memory than say, Go (the backend language we use at my job).

One Language

Much like the previous point, this assumes the perspective of a developer who already knows JS and nothing else. If you know only JS, you might prefer to use that language everywhere. But let’s say you know two languages: Go and JS. Using Go would mean using different languages on the frontend vs backend of this particular application, but using JS would mean using different languages on the backend of this project vs your experience in other projects - neither side has the “One language” advantage.

Open Source and Community Developers

This is just silly as all relevant programming languages are open source. A closed source programming language would be a joke.

Scaling Up

The number of companies using it is irrelevant. The ability to scale is relevant, but it’s not a distinct benefit; it’s a consequence of being more resource-efficient, which almost any compiled langauge should beat Node’s ass on due to the intrinsic performance advantage of compilation.

Ease of Deployment

I have no idea what this is even talking about. I thought this was about web backend, where all languages can be deployed in the same way.

A great thing about JavaScript frameworks in general, and especially Node.js, is that they can be used across a variety of different platforms: desktop, mobile, and web.

This only applies to frontend. No one’s saying you shouldn’t use JS for the frontend of a web app as you have no choice.


There’s no evidence that applications written in Node are more secure than applications written in another language such as Go or Rust, and the content of this point has nothing to do with “Security” anyway.

Ability to Use RESTful APIs

Any language can implement and use a REST API.

Lots of Modules / Plugins

It’s true that Node has one of the biggest ecosystems of available libraries, but it’s not the only one. Python, Go, and Ruby all have sufficiently large ecosystems that it seems impossible to find a task for which there isn’t a preexisting library.

Those are all part of it, but for a broad answer, just think about any other type of software that has various alternatives. What’s the difference between web browsers? Between text editors? Email clients? Not everyone can agree on one perfect way for an app or desktop environment to be. There’s always some people who think they’d be more productive with a different design, or that a different design would be more intuitive to them, etc.

I’m pretty sure all of them require that, it’s a pretty mild requirement so even people who don’t like copyleft (like many BSD people) are fine with having that requirement in their licenses

Idealism, if Linux was going to take over innately it already would have

I don’t understand, you could use this argment against anything, just pick something that took off and imagine someone saying this before it did, why is Linux different?

History (let’s be honest it’s like a discord server if it doesn’t take off all at once it never will)

Why? Lots of things take off only after a long time. Why is Linux like a discord server? You don’t explain how you’re arriving at these conclusions

It’s inaccessible (terminals cannot replace everything. I’m talking to you if you say “bloat”)

No, terminals can’t replace everything, nor are we trying to make them do that. Linux has GUI applications and conventional desktop environments. I’m one of the ppl who’s constantly raging against bloat and I use apps like eog. Terminals are great but they are meant for a certain set of uses, not for everything

There’s only corporate funding, so they will appropriate it

I’m not sure what this statement even means, are you saying only corporate things get funded or Linux only gets funding from corporations? And what is ‘appropriation’ mean here? Corporations using Linux is not a problem

We tolerate people who don’t tolerate others (including the less tech-savvy)

Sure, there are bigots and toxic ppl in many Linux communites… just like there are in non-Linux communities. I’m not convinced that Linux communities have an especially high concentration of toxic ppl, especially since you specify “the less tech-savvy”. I don’t think there’s a widespread problem with how Linux ppl treat the less tech-savvy. I think a lot of ppl have this opinion because they do things like ask questions that are answered in the documentation, or send bug reports without any information, or act too demanding of maintainers or free software.

Useful link: http://www.catb.org/esr/faqs/smart-questions.html

Microsoft has way too much power (money)

Yeah, I hate Microsoft too and I wish they had less power and money than they do. But this is just a despair argument. There’s no reason free software can’t win people over, especially with Microsoft going ham on anti-features in recent versions of Windows and more people becoming more critical of capitalism. Money lets them make products and software effectievly, but it can’t let them replicate the things that make free software special.

Few people remember RMS started copyleft as a political goal (too many people are uncomfortable challenging their beliefs, so they want Linux to be “apolitical”)

I don’t see what this has to do with the Linux desktop taking off. Yeah, copyleft is a great idea and to me it is a deeply ideological thing that I support, not just a praxis. But, as someone else said, letting people enjoy Linux apolitically is good because it expands the user base.

No one is doing the political organizing

What political organizing?

Copyleft is flawed and needs to be improved (here’s a template example https://thufie.lain.haus/NPL.html) [also mind you that there’s a need to prevent corporate appropriation]

Copyleft isn’t a magic solution to all problems, and maybe we could do better with different licenses… but that NPL seems like a terrible idea. First, I don’t think you can define terms like “tracking individuals” or “discriminate”/“hate speech” in a legally sound way (the given definition of Discriminate is absurdly over-broad, and the given definition of Hate Speech is both too open to interpretation, since it hinges on the word “hatred”, and too narrow, because of the word “solely”). But even if you could get around the definition issues, you shouldn’t just load a license with your entire ideology. The more stuff you add to the license, the fewer people will agree, and the harder it will be for your software to take off.

People worship RMS instead of realizing he alienates women, people with down syndrome, etc.

Do they? You can be in a lot of Linux communities for a long time without hearing about RMS, and lots of Linux users don’t even like him.

Depends on what terms you want. Summary of popular options:

  • GPL is meant to ensure that any derivative works are also FOSS
  • LGPL is similar, but the definition of “derivative work” is narrower, so proprietary projects can use its code as long as they aren’t extending the LGPL work itself. Often used for libraries
  • AGPL is like GPL, but also applies if someone is using your software as the backend for a network service rather than a program they distribute to users. A company can make a derivate work of GPLed software and offer access to it as a network service without being subject to the GPL terms because making something available as a network service doesn’t count as distributing the derived work.
  • ISC (or MIT or BSD, all roughly the same) is meant to not project derivative works. It makes your project FOSS but allows proprietary derivatives

the reality is a lot of the audience this person is likely trying to reach already has discord installed

People interested in a complete outsider OS are using discord?

My guess is the people interested in this type of project are the ones using IRC and email for everything.

you can easily configure a Linux system to be like this

Best way to give away clothes in Charlotte, NC
I have a lot of clothes I wanna give away with as little hassle as possible, just want to drop them off and be done with it, I don't care about getting any money for it, don't own a car so it has to be very close, and I want to avoid charities with bad reputations

I sympathize with his pain, but some of the solutions he mentions are very bad and unnecessary. The proper solution is to simply stop treating the issue tracker as a todo list for the maintainer; treat it as a todo list for the community. Automatically closing issues is harmful: https://drewdevault.com/2021/10/26/stalebot.html

The vanguard investment broker login doesn’t work in firefox except under certain specific conditions. It doesn’t work in my own firefox profile, even after disabling enhanced tracking protection and disabling ublock origin and noscript, which should be the same as the default profile, yet it at least sometimes works in the default profile. I did some more experiemnts on it today and it seems to have something to do with clearing all site data.

OMGgggg i love Ghosts, my fav vehicle. Never forget the memories of taking down a Wraith with a Ghost in Halo 1… before they nerfed the shit out of them 😭

I feel this guy’s frustration, but just because TikTok stole OBS doesn’t mean OBS didn’t help millions of people or that it didn’t make the world a better place. Lots of free software projects do make the world much better, even if they get unfairly exploited by companies!

“100% satisfaction or your money back!”
A lot of food products in the US say this. I'm curious if anyone has ever tried to get a refund for a product that wasn't defective or spoiled or anything, but merely <100% satisfying?

How does wf-recorder work without root?
I was told that one of the core benefits of Wayland is that it prevents applications from snooping each other, such as by recording the contents of windows that don't belong to them or logging keystrokes that don't belong to them. But the program [wf-recorder](https://github.com/ammen99/wf-recorder) can record my entire screen without root! Doesn't that mean any rogue application could do the same thing?

Am making a P2P messaging protocol and hope for protocol review
cross-posted from: https://lemmy.ml/post/93192 > It's not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.

Mouse not working
Update: I eventually got it to work by unloading some Logitech-specific kernel modules as suggested by someone on Gitlab. I have a Logitech wireless USB mouse that I can't get to work on either of two Linux laptops, but previously worked on one of them and currently works on a Windows laptop. The laptop it used to work on is running [Artix](https://artixlinux.org) (systemd-less Arch) with Sway. Current state of affairs is that I see a device created for it: /dev/hidraw1 (the touchpad is hidraw0 here), and `swaymsg -t get_inputs`, with or without the mouse connected, shows: ``` Input device: PS/2 Generic Mouse Type: Mouse Identifier: 2:1:PS/2_Generic_Mouse Product ID: 1 Vendor ID: 2 Libinput Send Events: enabled Input device: PNP0C50:00 2808:0101 Mouse Type: Mouse Identifier: 10248:257:PNP0C50:00_2808:0101_Mouse Product ID: 257 Vendor ID: 10248 Libinput Send Events: enabled ``` and no inputs are received. `wev` also shows nothing. The other laptop is running Manjaro with the default XFCE desktop. Here is dmesg output from it being connected: ``` [24700.621257] usb 1-2: new full-speed USB device number 7 using xhci_hcd [24700.768351] usb 1-2: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice=24.01 [24700.768359] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [24700.768363] usb 1-2: Product: USB Receiver [24700.768366] usb 1-2: Manufacturer: Logitech [24700.785403] logitech-djreceiver 0003:046D:C52B.000B: hiddev96,hidraw0: USB HID v1.11 Device [Logitech USB Receiver] on usb-0000:00:14.0-2/input2 [24700.912748] logitech-hidpp-device 0003:046D:101B.000C: hidraw1: USB HID v1.11 Device [Logitech Wireless Device PID:101b] on usb-0000:00:14.0-2/input2:1 [24705.438614] audit: type=1101 audit(1637459838.096:311): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="raven" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.438875] audit: type=1110 audit(1637459838.096:312): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.441881] audit: type=1105 audit(1637459838.099:313): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.462551] audit: type=1106 audit(1637459838.119:314): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:session_close grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.462770] audit: type=1104 audit(1637459838.119:315): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24710.941691] audit: type=1101 audit(1637459843.599:316): pid=15611 uid=1000 auid=1000 ses=6 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="raven" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24710.942373] audit: type=1110 audit(1637459843.599:317): pid=15611 uid=1000 auid=1000 ses=6 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24710.949104] audit: type=1105 audit(1637459843.606:318): pid=15611 uid=1000 auid=1000 ses=6 msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' ``` But the Xorg log and xev show nothing, and no inputs are received.