"Digital-only" = By smartphone app OR by smartcard, i.e. a card like a credit card with a chip and your personal unique ID stored on that.
In other words: You cannot get a plain old paper ticket without personal information, the ticket is like a cookie which identifies you as a user and thus allows you to be tracked.
While true, something to note is that german train and metro stations, in general, have no ticket barriers. Tickets are only checked by staff on trains, on a (very) random basis for local / metro trains.
I've had months in which my ticket wasn't checked at all while using it every single day.
Ticket control in Berlin seems to have gotten extremely centralized. 5y ago it was pretty random where they might walk a few people through scanning on the train, today it's almost always checks on the platform at major hubs / tourist centers. I don't know if this a real change of policy or a side result of the BVG changing their contractors.
> I don't think I have been checked a single time in the last 2 years.
My experience differs a lot: I go by train (in Germany) rather often and would say that it was more common to be checked than not (i.e. for me the probability of being checked was more than 1/2).
like public "city" transportation or regional trains?
in regional trains you get checked more often (longer distances, less passenger exchange and per-train personal have this as a side effect), but already it's somewhat tricky to have a regional train ticket which is not linked to your name
in public "city" transportation it's semi-random but also there are times & stations where statistically it's most likely to find someone without an ticket and in turn this places/times get checked very frequent and if you are there every day at the specific time-frames you are unlucky and also get checked very frequent. But most times and place combinations do not have this issue and some are close to guaranteed that you don't get checked.
> ticket is like a cookie which identifies you as a user and thus allows you to be tracked
local trains, underground trains, busses and ferries here in Hamburg has no regular ticket checks whatsoever. No checks -> they can't track people via the ticket.
The neoliberals insisted on that so that the very poor or those without a bank account would not be able to get it, not because of any kind of tracking. No system in Germany has gates and ticket checks are so rare, it's not really viable for tracking.
this sort of tracking is illegal and not done. berlin had to cancel its rollout of smart cards and tapping some years ago due to leaking of personal information. you just wave the card when you get on the bus, or just not at all
Before that ticket, everybody who isn't a full time paranoiac was digitally buying identity bound tickets for specific routes. Known to the selling entity even when the ticket wasn't checked at all. Now that same entity will only see a random location sample the moment the ticket happens to get checked, and zero information about the actual route end points. And paranoiacs can still skip the offer and get a paper ticket just like before (and like everybody who doesn't travel by train very often).
Those concerns simply don't add up: if it was a ploy by a surveillance operation hidden in the train org, they'd have just spent billions on blinding themselves. There so much less data now than there was before.
Most (all?) german train stations don't have barriers. So even though the ticket has a barcode on, there is a good chance that many journeys that barcode will never be scanned by anyone and there will be no central record you ever got on that train.
> So some people have voiced concerns about that being used to profile the movement of Germany's citizens.
How would you do that? For example my local traffic system here in Hamburg for roughly 4 million people has almost no ticket checks: there are no barriers and no other regular ticket checks. One just boards the train/bus/ferry and travel.
For example I was going from Hamburg to Stade and back, using my 49€ ticket. There was no ticket check.
If that was an evil plan to track German citizens's travel behavior, that plan was not well thought out.
It's not digital only, I have a physical version. Whether or not you can get a card depends on your locality. Nevertheless, I don't understand why it's so much more inconvenient to understand and purchase compared to the 9 euro ticket. With that you could get a paper ticket or buy on app and the rules for what it did were consistent everywhere.
But that id doesn't get transmitted anywhere as long as you are not checked for a ticket, which is rare. (And that's not saying that when you get checked it will collect personal non-ananomized data points, it doesn't.)
> Disclaimer: I don't live there, I don't know the details.
exactly
it's digital available in a app _or chip card_
in both cases it's not tracking where you go, you don't check-in/out when you enter leafe a train, their are no "gates" in (most?all?) of Germans public transportation systems. Instead it's a trust based system where sporadically randomly personal will check if passengers have valid tickets. At which point you have to show your ID and card, but that's it. And that you where checked also doesn't get recorded. But even if they would this checks tend to be somewhat rare to a point that some people decided it (was) cheaper to not buy a ticket but pay the fine from time to time.
While I'm also unhappy it's not being offered as a physical ticket, I can say from roughly 10 trips between 200 and 500km and a lot of local metro/bus riding that the frequency with which your ticket is actually checked shouldn't be enough to provide enough data for sophisticated tracking (esp. in comparison to "the normal amount" of GPS/tracking/movement data that smartphones already produce throughout the various apps we all have installed and that are being used on during trainrides)
> (esp. in comparison to "the normal amount" of GPS/tracking/movement data that smartphones already produce throughout the various apps we all have installed and that are being used on during trainrides)
Many people who are skeptical of tracking don't own a smartphone. Those who nevertheless own one (say, because otherwise their job would become more complicated) often only very selectively switch it on.
We don‘t need to wave the ticket at a card reader to use the bus. We just board and mayyybe, like just once a month, there‘s someone on the bus checking the validity of tickets and fining people if they don‘t have one.
What‘s your point exactly? Your concerns seem to be of very theoretical nature tbh.
It can't be used to track citizens as there is no need scan the ticket when boarding a bus / train / light rail / underground and it rarely is checked manually by a ticket inspector.
there is not relevant tracking there, there is no system of checking-in/out of a train
you can always just board the train without anyone checking your ticket, you are _trusted_ to have a valid ticket
then because people can not always be trusted from time to time some personal will check tickets for validity, potentially
but in practice most people get checked like once a month or so at most, it's semi-random so some are probably unlucky
Furthermore any statistic data collected from this checks is anonymized they don't remember that _you_ where checked there (if you ticked was valid).
Additionally checking costs money (personal cost) so the less likely you are to find a trespasser the less checking is done, i.e. with the 49€ ticket probably less checking will be done long term.
For longer reginal trips you are more like to be checked, but in practice this new tickets will give _less_ information to the DB and similar organziations. Because before for most regional ticket you brought either had already been explicit person bound or implicit throught he payment system with a specific start or end place listed on them. The ability to buy regional tickets with cash has been becoming increasingly more limited (e.g. because of nonsense like people trying to steal that cash by blowing up the ticket automata, creating a huge cost for a minimal profit).
The problem IMHO is that it is so well-known that HN hates crypto that anyone who wants to voice a reasonable opinion is likely to avoid doing so in order to not get piled on with downvotes, hatred, etc.
- At least for me that's it, it would be stressful to deal with that so I go elsewhere to discuss the technology.
And this is probably precisely how an echo chamber can be created even without recommendation algorithms.
The "in-group" harasses the "out-group" until all of them leave - or not dare to speak anymore - and only the "in-group" is left.
> anyone who wants to voice a reasonable opinion is likely to avoid doing so in order to not get piled on with downvotes, hatred, etc
I think refraining from posting due to fear of downvotes is a massive disservice to HN. People should be exposed to views of all kinds. It wouldn't be very interesting if we all agreed. I actively try to post and reply even when downvoted. In the course of doing so I often discover that I'm not alone. Posting freely seems to somehow embolden others to reply as well.
Besides, I've got what 17k HN points? I can't even keep track of them anymore anyway.
Not at all. It tells you someone didn't like your post. Don't think it's possible to infer anything other than that. Many times I've had posts oscillate between negative and positive scores. It's very likely there are people who agree out there.
There is no consistency. I have a comment at -2 right now. Over the past few days it oscillated between positive and negative scores. Someone replied to it and my response is currently +6.
In those cases its multiple people consistently disliking your posts. This doesn't necessarily make their downvotes any more valid or intelligent, or the post not worth seeing.
None, but downvoting because of a disagreement makes you an asshole, so that still tells you stuff about the community, or at least those active in certain threads.
> I think refraining from posting due to fear of downvotes is a massive disservice to HN. People should be exposed to views of all kinds. It wouldn't be very interesting if we all agreed.
No evidence for this, but I think more commonly people refrain from posting because if you have a controversial opinion you don’t get one thread of posts to reply to suddenly everyone piles on and you’re “discussing” it with 50 different people.
This is a fundamental flaw in link aggregator style social media where the community is large.
Yeah I’ve experienced it myself, and am aware that I am often on the other side too…
It’s debilitating to have people throwing their 2c in to a growing tree thread and bounce! At least with linear vbulletin forums of old people would have to scroll past the conversation or look like idiots when they reply something totally out of context.
I think we've all done it at some point. It's usually a low hanging fruit phenomenon. Someone posts something with an obvious mistake, lots of people notice it and proceed to point it out at nearly the same time. Between refreshes of the page, it looks like you're the first one replying. Most vivid memory I have of this is someone here inadvertently telling the creator of the D programming language he didn't know enough C to comment.
> At least with linear vbulletin forums of old people would have to scroll past the conversation or look like idiots when they reply something totally out of context.
Alternatively, they'd recreate threads via extensive quoting, leading to massive in-line quote trees... Socializing is a messy affair no matter what we do, I guess.
The haves and have nots in the HN karma game is precisely the set of people who submit stories and the set of people who merely leave comments. A mediocre story submission trumps a great comment.
So, you have to consider that when talking about downvotes being discouraging— for people that don’t submit stories it can feel very real.
My karma is almost entirely from comments. Karma is a function of time and participation. If you comment a lot, you'll get points because chances are someone somewhere will like what you said.
I care a lot more about the names of people than internet points. I've commented on threads here only to realize days later I was interacting with the creator of a major programming language. Some people are interesting enough that I've bookmarked their comments page.
This is really the only way that a discussion can become "settled": one group is driven from the field. Otherwise it's just endless trench warfare of rehashing talking points.
Especially as none of this is new. It's been obvious since the mtgox collapse, nearly a decade ago, that offshore unregulated "institutions" run by small teams of opportunists were going to be extremely risky places to put your money. It's been obvious for a long time that selling tokens to people with the expectation of profit later that could only materialize from selling to others (no fundamentals) was fraudulent, which the SEC is gradually catching up on enforcing.
The remaining questions are political, and as such unresolveable. Delusional people who thing the US dollar has been on the verge of collapse since 1932 vs people stuck in actual collapsed currencies who want access to pseudodollar banking. Europeans annoyingly pointing out that regular bank transfers can be free and quick vs Americans insisting this is impossible.
Anecdotally, I can say that their effect is already bullshitting indeed:
When being in a random conversation on the "normal kind-of-average people Internet" (Twitch chat), discussing a subject where the host doesn't know a certain word, people already are pasting ChatGPT definitions of the word into the chat, believing it's some kind of dictionary or whatever.
If you tell them it could be completely making things up they'll be like "yeah dunno but it can be a nice overview of the topic".
So people will treat it like the new Google, with no idea (or no concern?) that all it does is mash words together because they're likely to occur next to each other in an arbitrarily defined reference dataset of text which was likely downloaded from random places all over the Internet.
> "with no idea (or no concern?) that all it does is mash words together because they're likely to occur next to each other in an arbitrarily defined reference dataset of text"
You propagate this meme with no idea (or no concern?) that it's incorrect. LLMs are not Markov chains.
> People say it doesn't have a world model but it's not as clean cut as that, it absolutely could build an internal representation of the world and act on it as it progresses through the sentence temporally. Beware of trillion-dimensional space and its surprises, it's very hard for humans to reason about. [...] We shouldn't think about those neural networks as learning simple concepts like 'Paris is the capital of France'; it's doing much more like operators, it's learning algorithms. Inside it, it's not just retrieving information, not at all, it's built internal representation that allows it to reproduce the data that it has seen succinctly. Really you shouldn't think about it as pattern matching and just trying to predict the next word, yes it was trained to predict the next word but what emerged out of this is a lot more than just a statistical pattern matching object. We need to think about it as learning algorithms. [..] it's something very different from what we are used to.
- Sebastien Bubeck, Sr. Principal Research Manager in the Machine Learning Foundations group at Microsoft Research
Remember when COVID hit and some people were saying "1% chance of death isn't much" and then they had to be informed that 1% is very high and we're in serious trouble?
Why is 1% low when we're talking about lifelong pain?
Easy, because the commenter making that argument is a proponent of men getting vasectomies, and they are choosing to interpret the statistics in a way that is favorable to their position. Just like what the people you are describing were doing with covid stats. Just like what people do with statistics on gun crimes or school shootings.
To me it seems like whenever statistics get posted on HN the discussion is bound to devolve into pointless arguments. Statistics are crucial and necessary and we have to have hard data to support everything when said hard data supports MY positions, but when it supports YOURS it's obviously biased and incomplete and inaccurate and useless.
And I guess I should point out that I am in no way saying statistics shouldn't be used when making decisions. It's just that whenever I see them posted here, it means I'm not going to learn anything from that particular comment thread and it's time to move on to the next one.
In what context would it make sense to make an argument that ran counter to statistics bearing on the subject when the statistics themselves appear uncontroversial?
It seems like an empty criticism to point out that someone's cited statistics agree with their argument.
Instead, either find a problem with the argument or find a problem with the statistics.
Furthermore, I made no claim that people ought to get vasectomies.
My intention was to counterbalance anecdotal fear mongering about a procedure that is well known to be safe and effective as form of birth control.
Whenever I again consider getting one and start reading up opinions on the Internet, it is usually a mix of a lot of people who say they're absolutely OK now ... and then I run into someone who says it COMPLETELY destroyed their life and they're in pain all day every day.
Some even say they've been fine for quite a bit of time and then suddenly the pain starts.
Which in total makes me absolutely NOT want a vasectomy even though I have zero desire to reproduce.
Because it does feel plausible that it can cause trouble to lock something up in the body which is meant to be released once in a while.
I hope some day men too will have real and reliable (condoms fail a lot) self-determination in terms of reproduction, not only "suffer abstinence your whole life or risk getting financially gutted for decades."
This was my experience as well. What you don't read too much about are the moderate experiences.
Something changed for me, down there, after the procedure. My right testicle, in particular, is a lot more sensitive than it used to be. And there is the occasional pain. When that happens I feel around down there and the "tubes" (not sure of the anatomical terminology) feel like they're quite swollen.
Did it destroy me? Absolutely not.
Can I live with it? Yes.
Do I regret having the procedure? No.
But there is clearly a middle of the road scenario here. I'm never in excruciating pain. I've never needed to take pain killers for it. But every once in a while there is a mild throbbing, similar to having a mild headache and it goes away after a while. My family doctor told me that it would go away after a while but it's been 5 years since I had the procedure and it persists.
Something else that I'll say. I had children way too young. My wife and I were high school sweethearts and we got pregnant in our senior year. I love my daughters to death but fatherhood was INSANELY difficult for me. I'm pretty sure that I have Asperger syndrome and this comes with extreme noise sensitivity, freaking out when I get interrupted by anything etc. I really wish that I had understood this about myself when I was 19 years-old because I'm positive that we could have found ways to give our daughters a much easier childhood. Nevertheless, I was absolutely convinced in my 20s that I never should have had kids and that I would never want more.
Then I hit my mid to late 30s, became financially successful, way more comfortable with who and what I am as a person and suddenly felt like NOW was the time to have kids and I kind of wanted to give it another go.
People change, and while vasectomies are reversible, the advise is to consider them a permanent solution.
Just information. Everyone needs to make this extremely personal decision for themselves.
> Something else that I'll say. I had children way too young.
On the upside…you’ll have a long life together with your children (and maybe grandchildren), at an age when you are young enough to really enjoy it. I know people who waited a long time to have kids, and then by the time their kids were adults, they were in their mid-late sixties. They end up needing care as they age when their children are young, relatively poor, and with young children of their own…which can make it hard to care for their now-elderly parents.
Damn I don't know what kind of condom you've been using or if they're not your size but the only condom I have had cracking on me where bad condoms + intense sex, the kind you get in sex ed.
Don't be cheap and get some that are actually your size.
When covid first started I bought a few hundred, and I definitely managed to get a bad batch in there. 99% were fine, but one box had like 4 break. YMMV.
It's a 0.07 mm piece of plastic which has to absorb the forces caused by two moving bodies weighing > 100 kg together. Thus condoms do and will fail, even if properly fitted. The failure rate is estimated between 2% and 12% pregnancies per year.
Or to put it in more visual words:
If you had $ 200 000 in cash (that's the cost of a kid), would you secure it against theft with a 0.07 mm piece of plastic?
Even if much of the force is alleviated by that there's still enough moving kg's left to break condoms
- which we don't even have to discuss, because there is statistics about this, and their failure rate is quite high, as said between 2% and 12% (I suppose it's a range because usage errors and quality vary).
I can't alleviate your worry. I had the same fears going in, but decided the incident rate was low enough for me to "chance" it, given the benefits. It remains a decision I'm very happy to have made, but I also completely understand your position.
I hope some day men too will have real and reliable (condoms fail a lot) self-determination in terms of reproduction
Period tracking is incredibly reliable. People will tell you that women will lie about when they have their periods. However, if you can't trust a woman to tell you when she's menstruating, then that's perhaps a sign that you're not ready for sexual conduct with that woman.
The failure rate of that is in the double digits percentage AFAIK !?
Besides, as long as you are still fertile and relying upon someone else not being fertile that is not self-determination. Men can also be victims of violence.
And as soon as multiple $100k in potential alimony payment (raising a kid for 18 years costs that much!) get involved some (not all!) people will lie to your face as much as humanly possible.
Indeed, we use condoms for the danger days. We have a window of four days before and after supposed ovulation. I wonder if this is enough. Do you use any other kind of tracking like temperature monitoring ? I'd love to read any resources.
I know this isn't the best contraception but I live in a country where I have access to abortion and "tomorrow" pills.
You can get an ovulation test kit if you want to go crazy with it[0]. She can know exactly when she ovulates and you can expand/shrink your window as you feel comfortable. Pair that with a condom and pull-out and there's virtually no risk of pregnancy.
Thanks, I didn't know those existed, it's great...
Actually do you rememeber the twitter thread when someone took apart one of those test (a pregnancy test, I assume they're alike) and then you realised it's basically a small camera doing the work of your eyes on a very cheap paper test ?
https://twitter.com/Foone/status/1301707401024827392
I don't want to use one or two tests like that a month, it would be too much waste. Good news is I suppose is I should be able to get my hand on a paper tests.
I've used fertility awareness (see https://www.tcoyf.com/) paired with a short course of Queen Anne's Lace tincture as a fallback if intimacy should happen during the fertile window. A fertile window for those who ovulate is usually only 2-3 days, with a couple days padded onto either side of the window for extra security. I've been using this method for five years and have avoided pregnancy thus far.
Fertility awareness requires a great deal of mutual trust, and a great deal of understanding of one's body. It is not 100% reliable (although the media would have you believe this method is only for religious zealots and the irresponsible, which is very much not true) -- but it's a lot less complicated than invasive surgery.
Ink for those is available in *bottles* from Epson, it's dirt cheap. No more cartridges!
Make sure to get one which has a user-replaceable "maintenance box", the cheaper ones have a fixed one. You can find that out by e.g. looking at the supplies list on the Epson website, see if the maintenance box is listed alongside the ink.
The box contains the sponge where ink goes to during the cleaning procedure. It needs to be replaced every once in a while. Replacing it is very easy on the user-serviceable ones, the other ones would require mailing it to Epson.
I would guess the reason the cheaper ones don't have it is that making it removable implies making it accessible from the outside which implies adding a pump and hoses to pump the ink into it:
The slot for the box at my printer is at the back of it, not at the ink head, so the ink can only get there by pumping it.
(Not defending Epson's design choices here, just trying to explain them.)
both hp and epson offset the expendable costs on those.
even if you avoid the fixed box trap, you cannot avoid the "replace printer head nozzle" trap that the driver will use to lock you out of your printer in a year or so.
I have printed over 5000 pages with mine, the head is fine (head test printout looks good), I don't know what you're referring to?
To me it rather looks like consumers have been so thoroughly conditioned to distrust printers that they aren't even capable of trusting the good ones anymore maybe - and thus unfortunately keep buying the garbage ones, thinking it doesn't make a difference.
I.e. whenever one of the actual solutions is discussed there's this gossip of "nah, they're also ripping you off" - but I have the thing right behind my desk and it works just fine.
Inkjet as a technology doesn’t stand up well to intermittent use due to ink drying out. I think a lot of consumers buy a printer and use it rarely (idle for weeks at a time). In my experience using an inkjet this way leads to dry ink clogging the head. People don’t easily forget technology letting them down when they needed it.
Does this still happen with current printers or is it one of those ancient memes about printers which don't disappear?
When I turn the Epson one off, it audibly parks the head. I would suppose it is parked onto a gasket which would prevent it from drying out.
Personally, I don't buy laser printers because I cannot imagine that toner dust isn't unhealthy, and I would be scared of it leaking into the air I breathe.
Feel free to prove me wrong with studies, I would appreciate being less scared about it for my next printer in case the Epson does die some day.
It very well could be a problem that has been solved. I have never owned an inkjet personally because of how much trouble my dad had with them when I was a child. I have owned the same laser printer (an HP i found at a second hand computer shop) for the last ten years, and it has basically just worked. I’m just nearing the end of the first tonor cartridge i bought for it, I print relatively rarely, but so far it has just worked every time.
I expect it doesn’t matter if you only print occasionally, but toner exposure from operating printers seems to be a significant health risk: https://pubmed.ncbi.nlm.nih.gov/29233006/
Ecotank ink is water-based and more dilute than the normal stuff, apparently to reduce the liklihood of clogging. It needs a cleaning cycle every few months - that's it.
The article seems quite unclear about potential consequences of using su this way.
I typically use su to run some program in its own user account to ensure:
- it has its own homedir and doesn't fill mine with garbage.
- there is some level of isolation from the rest of the system for security, a basic "jail". I'm not trying to protect against targeted attacks from extremely competent threat actors here, but rather trying to stick software into its own user account so it can only access that account, with isolation of the same level as if I had manually logged in to a secondary account.
Can such programs break out of their "jail" when using su?
Or is the author of the article just angry for other reasons?
The article does not talk about security problems. It's about whether your daemon works correctly.
1. Depending on the environment, process supervision can break if there is an unexpected process sitting between the supervisor and the supervisee. The article describes how the switch to PAM forced the introduction of an in-the-middle process responsible for closing the PAM session. The old su used exec, which avoids an in-the-middle process.
2. Su uses the shell of the target user, and will outright not work if the target user has a "nologin" shell.
The article goes on to mention correct workarounds for this like daemontools setuidguid, Runit chpst or just rolling your own exec wrapper.
Well, os.setuid and os.seteuid in Python give me "PermissionError: [Errno 1] Operation not permitted". Do you have an example of how this could be done?
Every process in your system either still has an ancestor that is still running and has superuser privileges. Either because that was the real ancestor, or else because that ancestor is PID 1 due to reparenting.
A process cannot use its existing ancestral sessions to gain control of their account.
All I hear when someone writes "WebAssembly is coming" is "more RCE exploits are coming - via the thousands of lines of new code I have to hook up to the Internet by using a browser".
The industry has barely finished debugging the monstrosity that was browsers before - XML, JavaScript, CSS, WebGL, WebRTC, ... so now let's add another giant source of security issues to them!
When will this madness stop? When will browsers actually be capable of doing enough and be moved into maintenance-only mode where only security issues are fixed and no new code is added?
Surely some will say "well, WebAssembly will deliver that precisely - browsers now can run all the code".
But wasn't this the promise with JavaScript already, a Turing-complete language in the browser to end the need for more features of HTML?
Anyway, to deliver some value by this comment:
To disable WASM in Firefox, set "javascript.options.wasm = false" in about:config.
Some websites say you also need to set "javascript.options.wasm_baselinejit = false" and "javascript.options.wasm_ionjit = false" but I don't understand what the point of disabling JIT would be if the whole of WASM is disabled anyway?
The current webdev paradigm is "treat JS as bytecode". We have enormous build processes that compiles high-level languages (TS, JSX, SASS etc) into "low-level" and unreadable JS/CSS/HTML. The latter were supposed to be the high-level language interfaces to the browser. It's a mess.
We'll be much better off with an actual compilation target i.e. WASM, full stop.
There’s a cycle where something gets big because people use it. Say, a mushroom picker puts up a document about picking mushrooms. Now he can enjoy his hobby most excellently!
Next the programmers get interested. They help the mushroom picker upgrade his site with maps and a spreadsheet you can search and everything. Now the programmers can enjoy their hobby most excellently!
Then the overengineers take over and insist that it run Linux. Now you can compile Linux to Wasm, and it works if you just configure the endpoints according to an elegant scheme! The overengineers can enjoy their hobby most excellently!
But the mushroom picker who started this thing isn’t going to come back. No one ever picks up the thread of development again, and there’s nothing to do except “be online.” The ride is over.
There's nothing preventing people from creating a regular HTML/CSS/js site, just like they can do right now, even though all major browsers already support wasm.
WASM makes browsers simpler, not more complex.
It's much easier to get the implementation of a 20 page spec correct, than the combinatorial monster that is 200 highlevel language specs and APIs.
The more we can push into a small formal core, the better.
Formal verification tools call this the de Bruijn criterion. You create a small formal core for your proof system, and everything highlevel just compiles to that.
Feature creep is an orthogonal issue that I 100% agree with.
We need to stay vigilant and push back against bloat wherever possible.
Exceptions are a mistake imho, memory64 is an absolute must have otoh.
I.e. I would say the probability is zero that because WASM exists other existing complexity of browsers will be removed.
Because the web is so vast, if you once add a feature to browsers you can never remove it because that would break an unknown amount of websites, or even intranet sites.
So now we have wasm + N other subsystems, so N+1, and the security of N+1 systems is less than that of N.
We break/deprecate the web all the time. Web backwards compatibility is a myth, it's just that wo don't get any calls from the 90s complaining that their dogs website broke.
I feel like you're pretending like there's no value to it? If there was no value then yeah it would be stupid to do it. But it is valuable, because people want within-10%-of-native performance.
Perhaps that is just the tax they ought to pay for wanting to squeeze out more performance? :)
The alternative of not paying that tax by using WASM means "I want native performance but I don't want to pay the price of having to do native development."
So what developers are doing here is creating an externality - external cost which other people have to pay:
Browsers for the average internet user who just wants to read some news get worse in terms of security because some people want to distribute their software more conveniently at zero cost.
The cost is paid by the users who all now have WASM in their browser, even if they don't need it.
The web is the best distribution platform we currently have and increasing performance via WebAssembly means a wider variety of programs are now viable on the web.
Distributing native software is a PITA nowadays. You're either at the mercy of a random App Store review process, or you can't run the software you just downloaded outside an app store because the operating system doesn't allow it.
Yes they can, if they have the time and skills to port it to the many plattforms desired. But maybe you do see the point, that it is a bit easier to develope and test for only one plattform, as opposed to ... many?
(have you ever released something cross plattform?)
Point being, the web is a plattform now (since quite a while) and not anymore a static site displayer. Provide a technologically better alternative and people will use that.
> But wasn't this the promise with JavaScript already, a Turing-complete language in the browser to end the need for more features of HTML?
The problem is javascript sucks. We want to be able to write any kind of application, but we don't want to have to do it in javascript. Ideally, this would mean that you pick Java or C# instead and use one of several cross-platform UI frameworks, but I've never found a native UI framework that was as easy to work with as HTML. If C# would just let us write native UI with HTML and CSS (and not just using electron), then I would never write a webapp again
> We want to be able to write any kind of application, but we don't want to have to do it in javascript.
To make "any kind of application" on the web you need the web to provide sensible APIs for those applications. And Javascript has nothing to do with it. E.g. lack of controls listed over at https://open-ui.org/ has nothing to do with Javascript.
> If C# would just let us write native UI with HTML and CSS
Good luck implementing anything beyond the most basic controls with HTML and CSS.
I don't think so, no, or rather, I think you might lose out on "the web" part of it. That is, that the web really is a bunch of stuff, all accessible in one "thing", and stuff can and does "link" to various other stuff.
E.g., consider an OIDC log in. It's really one app (the relying party), redirecting to a whole different app (your SSO of choice). You can't exactly do that in another app without, I think, really running into issues of "is it my SSO, or a phish?". The browser provides that trusted layer of "I am look at this app" (via the URL bar). And even then … that's fraught with absolutely immense tons of peril.
It's also a distribution mechanism: I don't have to download Slack, Discord, Postman, etc. — I just go to a URL, and the browser downloads the code needed. (I can and do download some of these, and there are some advantages to do so. But then extend it to every app I use on the web: my bank, Turbotax, my email, my three different loan payment sites, my landlord's payment site … that'd be far too many downloads.)
The improved sandboxing model is supposed to be why this one's going to turn out better (and why it's worth losing some of the ease of development of the old ones...)
Silverlight lives on! i started in SL 1.0 and moved onto Xamarin and now to .NET7. Its the same code, same concepts, just different conventions around the APIs.
For me, WebAssembly is another target. ive been building webview based app UIs with (usually) native backends, cross platform for atleast 10yrs now. I still use libraries i made for SL because PCL was just the first evolution of dotnet! Life is good on the MS gravey train! Im running the same code literly everywhere, backend, frontend, UI, mobile, tablet, cloud. THE SAME CODE, just thin bootstrappers and OS specific impls of various services.
The best part of WASM i think is that i can write services in different languages, for specific purposes, if i ever need to. Yep, i can use scheme or haskell if the need fits, but c# has been evolving too and i can write functional anyways. Im not in the industry where a thin abstraction causes me scaling issues, but i am in one where its hard to find good devs, and usually they can read c# and pick it up quickly no matter their preferred poison.
In other words: You cannot get a plain old paper ticket without personal information, the ticket is like a cookie which identifies you as a user and thus allows you to be tracked.
Disclaimer: Not a resident of Germany.