About five years ago I reacted to a lot of hype about the impending death of the personal computer with an observation and a prediction. The observation was that some components of a computer have to be the size they are because they’re scaled to human dimensions – notably screens, keyboards, and pointing devices. Wander outside certain size extrema and you get things like smartphone keyboards that are only good for limited use.
However, what we normally think of as the heart of a computer – the processing and storage – isn’t like this. It can get arbitrarily small without impacting usability at all. Consequently, I predicted a future in which people would carry around powerful computing nodes descended from smartphones and walk them to docking stations bundling a screen, a pointing device, and a real keyboard when they need to get real work done.
We’ve now reached an interesting midway point on that road. The (stationary) computers I use are in the process of bifurcating into two classes: one quite large, one very small. I qualify that with “stationary” because laptops are an exception for reasons which, if not yet obvious, will be in a few paragraphs.
Once upon a time, free-trade agreements were about just that: free trade. You abolish your tariffs and import restrictions, I’ll abolish mine. Trade increases, countries specialize in what they’re best equipped to do, efficiency increases, price levels drop, everybody wins.
Then environmentalists began honking about exporting pollution and demanded what amounted to imposing First World regulation on Third World countries who – in general – wanted the jobs and the economic stimulus from trade more than they wanted to make environmentalists happy. But the priorities of poor brown people didn’t matter to rich white environmentalists who already had theirs, and the environmentalists had political clout in the First World, so they won. Free-trade agreements started to include “environmental safeguards”.
Next, the labor unions, frightened because foreign workers might compete down domestic wages, began honking about abusive Third World labor conditions about which they didn’t really give a damn. They won, and “free trade” agreements began to include yet more impositions of First World pet causes on Third World countries. The precedent firmed up: free trade agreements were no longer to be about “free” trade, but rather about managing trade in the interests of wealthy First Worlders.
Today there’s a great deal of angst going on in the tech community about the Trans-Pacific Partnership. Its detractors charge that a “free-trade” agreement has been hijacked by big-business interests that are using it to impose draconian intellectual-property rules on the entire world, criminalize fair use, obstruct open-source software, and rent-seek at the expense of developing countries.
These charges are, of course, entirely correct. So here’s my question: What the hell else did you expect to happen? Where were you idiots when the environmentalists and the unions were corrupting the process and the entire concept of “free trade”?
The British have a phrase “Too clever by half”, It needs to go global, especially among hackers. It can have any of several closely related meanings: the one I mean to focus on here has to do with overconfidence in one’s intelligence or skill, and the particular bad consequences that can have. It’s related to Nassim Taleb’s concept of a “fragilista”.
This may be the week the SJWs lost it all…or, at least, their power to bully people in the hacker culture and the wider tech community.
Many of you probably already know about the LambdaConf flap. In brief: LambdaConf, a technical conference on functional programming, accepted a presentation proposal about a language called Urbit, from a guy named Curtis Yarvin. I’ve looked at Urbit: it is very weird, but rather interesting, and certainly a worthy topic for a functional programming conference.
And then all hell broke loose. For Curtis Yarvin is better known as Mencius Moldbug, author of eccentric and erudite political rants and a focus of intense hatred by humorless leftists. Me, I’ve never been able to figure out how much of what Moldbug writes he actually believes; his writing seems designed to leave a reader guessing as to whether he’s really serious or executing the most brilliantly satirical long-term troll-job in the history of the Internet.
A mob of SJWs, spearheaded by a no-shit self-described Communist named Jon Sterling, descended on LambdaConf demanding that they cancel Yarvin’s talk, pretending that he (rather than, say, the Communist) posed a safety threat to other conference-goers. The conference’s principal organizers, headed up one John de Goes, quite properly refused to cancel the talk, observing that Yarvin was there to talk about his code and not his politics.
For at least five years now I’ve been telling myself that, as nifty as it would be to play with the hardware, I really shouldn’t spend money on a small-form-factor PC.
This was not an easy temptation to resist, because I found little systems like the Intel NUC fascinating. I’d look over the specs for things like that in on-line stores and drool. Replacing a big noisy PC seemed so attractive…but I always drew back my hand, because that hardware came with a premium pricetag and I already have working kit.
Then, tonight, I’m over at my friend Phil Salkie’s place. Phil is a hardware and embedded-programming guy par excellence; I know he builds small-form-factor systems for industrial applications. And tonight he’s got a new toy to show off, a Taiwanese mini-ITX box called a Jetway.
He says “$79 on Amazon”, and I say “I’ve thought about replacing my mailserver with something like that, but could never cost-justify it.” Phil looks at me and says “You should. These things lower your electric bills – it’ll pay itself off inside of a year.”
Oh. My. Goddess. Why didn’t I think of that?
Over on G+, Peter da Silva wrote: ‘I just typoed “goatee” as “gloatee” and now I’m wondering why it wasn’t always spelled that way.’ #evilviziersrepresent #muahaha
The estimable Mr. da Silva is sadly in error. I played the evil vizier in the first run of the Arabian Nights LARP back in 1987. No goatee, and didn’t gloat even once, was much too busy being efficiently cruel and clever.
What, you think this sort of thing is just fun and games? Despotic oriental storybook kingdoms don’t run themselves, you know. That takes functionaries. Somebody gotta keep the wheels turning while that overweight good-for-nothing Caliph lounges on his divan smoking bhang and being fanned by slavegirls. Or being bhanged by slavegirls and smoking his divan. Whatever.
A thankless job it is too. You keep everything prosperous and orderly with a bare minimum of floggings, beheadings, castrations, and miscreants torn apart by camels, and your reward is a constant stream of idiot heroes with oversized scimitars trying to slit your weasand. With the Caliph’s daughter looking all starry-eyed as they try it on – now there’s a girl who’s way too impressed by an oversized, er, scimitar.
Now if you’ll excuse me I need to go see a man about a lamp.
One of the things I most enjoy doing is spotting holes in linguistic maps – places where people habitually circumlocute their way around a word – or, more properly, an important bundle of concepts tagged by a word – that they don’t know they’re missing.
Sometimes, filling one of these holes can shake up everyone’s view of the linguistic map near it in a way that changes their thinking. One of my favorite recent examples is Martin Fowler’s invention of the term “refactoring” in software engineering, and what that did to how software engineers think about their work.
About a year ago I invented a hole-filler that I think is useful for getting to grips with a large class of slippery problems in the philosophy of mind, knowledge, and perception. I’ve meant ever since to develop it further.
So, welcome to three new words: “cryptotheory”, “acrotheory”, and “mesotheory”. Of these, the most important (and the motivator for the other two) is “cryptotheory”.
There’s a link between autism and genius says a popular-press summary of recent research.
If you follow this sort of thing (and I do) most of what follows doesn’t come as much of a surprise. We get the usual thumbnail case studies about autistic savants. There’s an interesting thread about how child prodigies who are not autists rely on autism-like facilities for pattern recognition and hyperconcentration. There’s a sketch of research suggesting that non-autistic child-prodigies, like autists, tend to have exceptionally large working memories. Often, they have autistic relatives. Money quote: “Recent study led by a University of Edinburgh researcher found that in non-autistic adults, having more autism-linked genetic variants was associated with better cognitive function.”
But then I got to this: “In a way, this link to autism only deepens the prodigy mystery.” And my instant reaction was: “Mystery? There’s a mystery here? What?” Rereading, it seems that the authors (and other researchers) are mystified by the question of exactly how autism-like traits promote genius-level capabilities.
At which point I blinked and thought: “Eh? It’s right in front of you! How obvious does it have to get before you’ll see it?”
I just read a very well-intentioned, heartwarming talk about girls who code that, sadly, I think, is missing the biological forest for the cultural trees.
It’s this: Teach girls bravery, not perfection. Read it, It’s short
I like the woman who voiced those thoughts in that way. Well, except for the part about growing up to be Hillary Clinton; do we really want to encourage girls to sleep their way to power and then cover up for their husband’s serial rapes?
That’s not the big problem with teaching girls to be brave rather than seeking perfection, though. That’d be nice if it could be done, but I think it will run smack into an evo-bio buzzsaw.
I’ve been getting deeper into timekeeping and calendar-related software the last few years. Besides my work on GPSD, I’m now the tech lead of NTPsec. Accordingly, I have learned a great deal about time mensuration and the many odd problems that beset calendricists. I could tell you more about the flakiness of timezones, leap seconds, and the error budget of UTC than you probably want to know.
Paradoxically, I find that studying the glitches in the system (some of which are quite maddening from a software engineer’s point of view) has left me more opposed to efforts to simplify them out of existence. I am against, as a major example, the efforts to abolish leap seconds.
Last week I decided the time had come to bite the bullet and systematically port the fairly large volume of Python code I maintain from Python 2 to Python 3.
I straightaway ran into a problem, which is that for my purposes the Web resources on on how to do this are pretty awful. And not just in the general, unsurprising sense of being way too full of theory and generality and way too light on practical advice, either.
No, there’s a more specific problem as well. I write systems programs, things like SRC and reposurgeon that have to be able to do string-bashing-like things on binary data without upchucking or (worse) silently mangling that data.
Due to the Python 3 decision that strings are sequences of Unicode code points rather than bytes, this is significantly more difficult in Python 3 than it was in Python 2.
Do we make too many of our software tools automatons when they should be judgment amplifiers? And why don’t we write more DSLs?
Back in the Renaissance there was a literary tradition of explaining natural philosophy via conversations among imaginary characters. I’m going to revive that this evening because I had an IRC conversation this afternoon, about the design insights behind reposurgeon, that pretty much begs to be presented this way.
The person of “Simplicio” was Galileo’s invention in his Dialogue Concerning the Two Chief World Systems. Here he represents four different people, but almost everything he says is something one of them in fact said or very plausibly might have. I’ve cleaned it up, edited, and amplified only a little.
For those of you coming in late, reposurgeon is a tool I wrote for editing version-control histories. It has many applications, including highest-quality repository conversions. Simplicio needed to excise some security-sensitive credentials from a DHS code repository – not just from the tip version but from the entire history. Reposurgeon is pretty much the only practical way to do this.
So, without further ado…
I made a really common and insidious programming mistake recently. I’m going to explain it in detail because every programmer in the world needs the reminder not to do this, and I hope confessing that even “ESR” falls into such a trap will make the less experienced properly wary of it.
Our sutra for today expounds on the sayings of the masters Donald Knuth and Ken Thompson, who in their wisdom have observed “Premature optimization is the root of all evil” and “When in doubt, use brute force.”
The SCCS back end to SRC doesn’t support named symbolic references to numbered revisions, because SCCS masters don’t include a symbol table. This is one of the things RCS added.
Goddess help me, I’ve figured out how to shoehorn in this feature. And probably should not do it.
I just released version 1.7 of SRC, Simple Revision Control.
For those of you late to the party, SRC is a simple version control system for directories full of small standalone files like FAQs, scripts in your ~/bin, dotfiles, and so forth – cases where you don’t want multi-file changesets. It’s actually a Python wrapper around RCS (or, optionally, SCCS) but gives you integer sequential version numbers, lockless operation, and a modern low-friction UI modeled on Subversion’s.
With 1.7, I think it’s finished – the last two user-visible features I had planned were SCCS support and DOT visualization, and those are done now.
I believe SRC is now feature-complete for its functional niche. Am I mistaken? Is anything missing? Did I do anything that seems wrong?
I know SRC has had real users since about 0.3. If you are an SRC user, please check in in the comments. Most importantly, tell me if you need any feature it doesn’t have. I’m also curious if the actual use cases are any different than I expected, and I am all agog to know if anyone actually has a use for the SCCS support.
I needed a break from serious work yesterday, so SRC now speaks SCCS as well as RCS. This wasn’t difficult, I had SRC carefully factored in anticipation from when I originally wrote it.
I can’t say I think this feature will be actually useful; SCCS is pretty primitive, and the SRC support has some annoying limitations as a result. But some hacks you do just because you can, and this is one of them.
Some years ago I happened across a fascinating book titled Wicked River: The Mississippi When It Last Ran Wild. If you have any fondness for Mark Twain (as I do – I own and have read the complete works), you need to read this book. The book is an extended argument that Twain’s late-Victorian portraits of river life were a form of rosy-filtered nostalgia for a pre-Civil-War reality that was quite a bit more wild, colorful, squalid, violent, and bizarre.
The river is tamed now, corseted by locks and levees, surrounded by a settled society. It was already nearly thus when Twain was writing. But in and before Huck Finn’s time (roughly the 1840s) it had been a frontier full of strivers, mad men, bad men, and epic disasters like the New Madrid earthquakes.
Random evocative detail: there was a river pirate named John Murrell who operated out of a section of the river called Nine Mile Reach and often masqueraded as a traveling preacher; his gang was called the “Mystic Clan”, and it was for years believed that he had a master plan to foment a general slave insurrection. But that last bit may have been fabrication by a con man with a book to sell. Whether true or not, it led to riots in various cities and a mob attempt to expel all gamblers from Vicksburg based on a rumor that some of them had been part of the plot.
The book is full of you couldn’t-make-this-stuff-up stories like that. And then, much more recently, I learned about Abe Lincoln’s flatboat voyage.
If you were reading A&D a year ago, you may recall that I invented a new version-control system to occupy an odd little niche that none of the exiting ones serve very well.
Well, actually, it’s a shell around a very old version-control system that makes a reasonable fast version-storage manager but has a crappy UI. Thus, SRC – RCS reloaded, with a mission to serve cases where you don’t want per-directory changesets but prefer each file to have its own separate change history. Like a directory full of separate FAQs, or your ~/bin full of little scripts.
SRC gives you a modern UI in the svn/hg/git style (but much, much simpler than git’s) and lockless operation. It has full embedded documentation and an Emacs VC backend. If your little project goes multi-file, you can instantly fast-export to git.
Today I shipped Version 1.0. This could have happened sooner, but I’ve been focusing on NTPsec pretty hard in the last year. There was one odd bug in the behavior of multi-file commands that I just hadn’t got around to fixing. (Yes, you can do multi-file commands, but the files still have separate histories.)
The whole thing is just 2KLOC of Python, and that’s with the rather extensive embedded documentation. The sort of person who frequents this blog might find the FAQ entertaining.
Once upon a time, back during the Age of Exploration, there was a marvellous practice called the “silent trade”. It was a solution to a serious coordination problem between groups who had no languages in common, or distrusted each other so much that they refused to come within range of each others’ weapons.
What makes it marvellous is that it constituted experimental proof of the existence of universal, objective ethical principles sufficient to build cooperation among hostile parties.
I struck a small blow for better security today.
It started last night on an IRC channel with A&D regular Susan Sons admonishing the regulars to rotate their ssh keys regularly – that is, generate and export new key pairs so that is someone cracks the crypto on one out of your sight it won’t be replayable forever.
This is one of those security tasks that doesn’t get done often enough because it’s a fiddly pain in the ass. But (I thought to myself) I have a tool that reduces the pain. Maybe I should try to eliminate it? And started hacking.
The tool was, until yesterday, named ssh-installkeys. It’s a script wrapper written in Python that uses a Python expect engine to login into remote sites and install (or remove) ssh public keys. What makes it useful is that it remembers a lot of annoying details like fixing file and directory permissions so your ssh server won’t see a potential vulnerability and complain. Also, unlike some competing tools, it only requires you to enter your password once per update.
Some time ago I taught this code to log its installations in a config file so you have a record of where you have remote-installed keys. I realized that with a little work this meant I could support a rotate option – mass-install new keys on every site you have recorded. And did that.
I’ve been meaning for some time to change the tool’s name; ssh-installkeys is too long and clumsy. So it’s now sshexport. I also updated it to know about, and generate, ed25519 keys (that being the new hotness in ssh crypto).
In order to reduce the pain, sshexport can now now store your passwords in its list of recorded sites, so you only have to enter the password the first time you install keys and all later rotations are no-hands operations. This doesn’t actually pose much additional security risk because by hypothesis anyone who can read this file has read access to your current private ssh keys already. The correct security measure is whatever you already do to protect other sensitive data in your dot directories, like GPG directories and web passwords stored by your browser. I use drive encryption.
The result is pretty good. Not perfect; the big missing feature is that it doesn’t know how to update your keys on sites like GitLab. That would take a custom method for each such site, probably implemented with curl. Perhaps in a future release.