> The point of open source is not to ritualistically compile our stuff from source. It’s the awareness that technology is not magic: that there is a trail of breadcrumbs any of us could follow to liberate our digital lives in case of a potential hostage situation. Should we so desire, open source empowers us to create and run our own essential tools and services.
This is the best phrasing of this concept that I remember having seen.
Yes, FLOSS is about the power dynamic between users and developers.
Proprietary software gives developers power over users. Typically, Developers seek this power in order to extract money from users (sometimes in reasonable amounts, other times not). Unfortunately, power is abused. By empowering users with the option to take control of their own technology, FLO software provides strong protection against abuse -- developers need to weigh user-hostile decisions against the possibility of a fork.
I find it amusing to recall that Stallman's Free Software efforts were more or less kicked off by frustration with crappy closed-source printer drivers. 40 years later, being subjected to abusive behavior from your printer has become a near-universal experience.
When I worked on google wave, one of the most requested features was adding print support (to allow users to print waves). Printing support is a super simple feature (especially compared to "make it run faster on IE9"). But print support didn't occur to us at google because was ... well, of course we didn't think of it. Google (and most tech companies I imagine) work in paperless offices. We almost never try to print things ourselves so we didn't think of it or care.
I have a working theory that any software used by programmers will eventually get excellent (or be replaced with something excellent). And everything else stays vaguely mediocre.
Postgresql? Excellent.
The tooling to allow non-programmers to edit data in postgres? Halfbaked.
Sound cancellation in macbooks for video calls? Fantastic.
The software bank tellers use? Garbage.
Github? Fantastic.
Github equivalent for non programmers (eg people with folders full of Word docs)? 404 not found.
Anyway, the fact that modern printer drivers are garbage should come as no surprise. Who amongst us cares enough to fix them? RMS was probably one of the last competent programmers who will bother writing clean, minimal printer drivers. I expect the world will become paperless before HP cleans up their act.
I have the same problem at the moment with my Wacom tablet - the hardware is great but the software is truly awful, and apparently it phones home regularly. Software for artists is unfortunately off the golden path.
Ah, the tell of someone who has never implemented printing.
Pagination across different paper sizes when content is dynamic/interactive and includes things like section headers that you need keep with text and images and tables that users expect to not split across pages with their custom choices of margins, page-numbers, page titles etc. So many other issues like ensuring monochrome prints are legible, implementing print previews etc.
Oh boy. Some might think implementing math from papers is hard but no, it's this sort of thing. You'll be fixing problems with it for the life-time of the product.
It seems like the driver should detect paper size, broadcast a compatible print area/capabilities to something above, and then stand by to make any dot it can in the allowed area.
Why would the hardware driver need to deal with pagination, layout, or print previews (beyond advertising capabilities accurately)?
I've always imagined that drivers are hard on the hardware side. It is really difficult to reliably place dots on a page with the requisite precision/reliability at the price-point to which we have all become accustomed.
Sure, that would make for a decent PoC. It's all the work that will come later as you discover the browser is NOT doing a good job that will be the problem.
It may be different now, but it was not long ago that browsers would without remorse just let the printed page cut even images in half if a page break happened to be there. It seemed as if all they did was create an image of a length long enough to fit the printable content and just fed that to the printer. No smart layout at all.
If things are different now, it certainly was not during the brief time Wave was around.
Browsers don't normally work with paper-like pages, they work with essentially infinitely scrollable areas. So a browser layout engine is not in any way, shape or form optimized for laying out HTML + CSS in a printer friendly way, especially if you start having 'weird' requirements like A4 vs Letter, smart layout of tables across pages so that they are still readable etc.
In fact, in general, a human being must actually lay these things out by hand for print if that is the desired medium.
Which is an excellent attitude for a short PoC, but unimaginable for a paid product.
In the end, the user doesn't care. They want the printed page to be usable. If the browser makes it usable, excellent! If it doesn't, than the product is bad and an alternative must be found.
Sure, Google, being in control of Chrome, could implement a browser-level page layout engine.
Unfortunately, there is obviously no way to make a good general purpose layout engine, so that will never fly. Any site that wants to offer printing as a paid feautre must implement their own printable version, no question.
Strong disagree. Software quality is driven almost entirely by either insane dedication from hobbyists or (more commonly) monetary incentives. Lots of businesses depend on Postgres so it's good. Github makes money off of providing a good product. Wacom has a total stranglehold on the market so they don't care because they know artists will put up with it.
Wacom is seeing a lot of their lunch get eaten by iPad Pros now, so hopefully they’ll be pressured to improve. I wish Apple could make Sidecar integration work at Wacom levels so I’d never have to use one of their devices again though.
I don't know enough about the APIs involved but - that seems like something you should be able to write as a pair of apps.
You'd need a native iPad app to capture and transmit pen events, and then something on the desktop side to receive the events and turn them into the equivalent wacom tablet events. How does wacom send tablet events to apps? Is it a named socket or something? It shouldn't be too hard to emulate. I wonder if anyone's made something like that in the app store.
Mind you, I'd much rather if Apple baked it into macos through Sidecar.
Wacom uses kernel extensions, which is another reason why I’d rather it be a first party solution. Not sure what Astropad uses because their service requires an overpriced subscription, has a bad UI, and only functions well with an extra peripheral.
But Sidecar is also pretty half-baked and Apple is flakey about supporting features like in general, so who knows how it will all pan out.
There is indeed an app, Duet Display Pro, that will relay Apple Pencil input to your Mac. I've only used it for its second screen functionality; no idea how well the pencil part works.
Amazon offices use absurd amounts of paper.... however it's mainly for raising desks and leveling monitors. Literally every desk has some thing up on a ream of paper. The actual paper document culture is moving online finally.
Most people also position their monitor too high, to be fair. The top of the monitor should be at or slightly below eye level. If you reach out from your chair with your arm held level, that should be roughly in line with the middle of the screen, and your fintips should be ~10cm or a few inches away from the screen.
I very purposefully position my monitor so that my main console window is viewed, with my head level. It is also horizontally centred on the mid-left of that console.
This is because most text, eg bash work, vi of files or code, rests there.
In this way, my head is not tilted down, or eyes tilted down constantly. My head is mostly centred, and looking straight ahead.
I find that elsewise, my body follows the constant downward look, either slouching or the neck bent forwards.
Why do you belief your monitor should be positioned, so you are looking downward constantly?
Multiple ergonomics guides give the guidance I mentioned. Here’s a link to a few, but I encourage you to do your own research.
At the end of the day, if you’re finding that something helps to reduce long-term fatigue then it’s probably not too bad, but don’t forget that slouching in your chair feels good however it’s terrible ergonomically - this is similar. Comfortable short term, but not always long term.
All of these recommend at or slightly below eye level:
Of course though, because the monitor and keyboard should be able to be raised and lowered independently. If you set the desk to a height that's suitable for the monitor, it may be too high for the keyboard.
> I have a working theory that any software used by programmers will eventually get excellent
Most programmers rarely using office suites and prefer to use plain text editors. This has gone so far that developers prefer a sadistically under-featured file-format (.md) to office files.
Personally, I prefer a lightweight, portable, easier to edit, technically just plain text file vs whatever mess of useless fonts/font sizes/unrelated garbage is crammed into a .odf/.docx file.
Literally anyone with a computer that has a ASCII or Unicode compatible text editor can open a .md file and get useful info.
Even better, add a little bit of lightweight extra tooling, and now you've generated a nice looking html page, if you need to make something with fancier presentation.
The only thing I miss is the ability to embed images in the md file itself, but even that is not hard to work around.
Obviously I keep software on hand that can deal with docx/odf, but I'd really rather just keep it simple, due to the fact that I'm stupid.
What you call underfeatured many would call correctly featured. A more complex format doesn't add value for most use cases, while being harder to reason with and correct issues in.
.md files avoid the copy paste font/size mess by being plain text and rendering in the reader's choice of font. Bold, italics, hyperlinks and such are all explicitly added, easy to Ctrl + F for and aren't hidden behind finicky context menus as in standard word processors.
> I have a working theory that any software used by programmers will eventually get excellent (or be replaced with something excellent). And everything else stays vaguely mediocre.
Hmmm... I think.. sometimes. There's also software that gets excellent, becomes big, becomes profitable, and squeezes out everything else. Then becomes mediocre. word and google docs?
I would be unsurprised if a lot of drivers remain closed source to hide where the bodies are buried.
There's probably a lot of dodgy hardware that's somewhat papered over with fixes in a 200Mb propriatery drivers-- much easier to filter the inbound data and build a workaround than ship everyone a new controller board when it turns out sending 0x08675309 grenades the print head.
(There's now browser based versions of MS Office apps that can simultaneously edit documents stored and automatically version controlled in SharePoint)
In some ways it was truly awful, to mention two examples:
- a reason for using it was to automatically apply Azure Information Protection to documents. All well and good until it turns out the mechanism can trivially be subverted, so trivially that we found out by accident by not following the exact login procedure.
- the usability makes is comparable to Oracle software. I have extensive experience with that too, but I can't say which is worse.
By teaching the current school aged kid's to program.
I seriously think the world would be better off if programming were seriously taught in schools, on a level equivalent to language, math, science, etc.
If we start with Scratch in early grade school and work up to C in high school, so many more people would be comfortable and efficient using computers, and would have the understanding necessary to understand the legislation of tech.
This would take a decade+ to pay off/have the bank tellers know to program, but it seems like the best long term plan.
I agree. Programming shouldn't be (just) thought of as engineering, but also as simply giving the computer complex instructions. There is also the story about RMS teaching secretaries to program Emacs by not telling them Lisp is a programming language.
> Programming shouldn't be (just) thought of as engineering, but also as simply giving the computer complex instructions.
I really like this phrasing. I'm not really an engineer. My code is mostly rough, but it is functional and does what I need it to. I don't program to build a skyscraper, I program so my computer can do a thing I need it to do.
It was about not being able to customize the behavior, lacking the access to source code, not about “crappiness.”
“ In 1980, Stallman and some other hackers at the AI Lab were refused access to the source code for the software of a newly installed laser printer, the Xerox 9700. Stallman had modified the software for the Lab's previous laser printer (the XGP, Xerographic Printer), so it electronically messaged a user when the person's job was printed, and would message all logged-in users waiting for print jobs if the printer was jammed. Not being able to add these features to the new printer was a major inconvenience, as the printer was on a different floor from most of the users. This experience convinced Stallman of people's need to be able to freely modify the software they use.[29]”
It was missing what would quickly be considered a standard feature, and one that was obviously necessary for the use case of a shared printer. That's driver crappiness. The only justification for a shared network printer with no user feedback mechanism is if nothing ever goes wrong with the printer and it always completes your job by the time you can get up and walk down the hall (and stairs, in this case) to pick it up.
> It was missing what would quickly be considered a standard feature
That is an anachronistic claim which sounds logical to the reader in 2020 but doesn’t match the environment of decades ago. The feature he added could have been based on, from perspective of the producer of the printer, completely non existing API.
That is, something available to different customers, but completely specific to the setup of every customer.
Additionally, it was the principle that mattered to RMS. One can often do some reverse engineering intervention to achieve the desired modification even based on the closed source, but it’s still against the conceptual advantages of working on the codebase which is by policy free. As in:
“Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software.”
The principle works even once the network messaging API in some environment is standardized and starts to allow some, from that point on, “standard feature”.
I think you misunderstood my use of the word "standard". I did not mean "standard" in the sense of complying to some particular RFC or anything like that. I meant that some kind of feedback/monitoring capability is de rigueur for that product segment, and that feature needs to be listed on the spec sheet for the product to be considered adequate. Even a completely proprietary network printing protocol needs to have a status reporting capability to be taken seriously.
Does anyone know a list of safe printers (can be second hand postscript laser printers) that do not phone home, embed invisible yellow dot patterns for unique identification and so forth?
...FLOSS is about the power dynamic between users and developers.
Developers rarely own the rights to their own code. It's actually about the power dynamic between capital and users. The Golden Rule ("He who has the gold, makes the rules") is nowhere more clear than in the software industry, with its lopsided clickthrough licenses and terms of service.
By empowering users with the option to take control of their own technology, FLO software provides strong protection against abuse -- developers need to weigh user-hostile decisions against the possibility of a fork.
Unfortunately this isn't really true for large and complex FLOSS, e.g. web browsers. For a lot of the little user-hostile decisions they have taken, it would take me far more time to get the source and all its dependencies, figure out how to correctly build it (which can itself include a nontrivial toolchain with its own effort to set up), find where to make that tiny change I wanted to the source, and recompile and test; than to simply use a debugger to find the right place in the binary to modify directly.
Open-source doesn't necessarily mean easy to take control; and neither does closed source mean the opposite. I've been RE'ing for decades and wish more people knew about this valuable skill, because that's what gives you the true power to take control.
> Unfortunately this isn't really true for large and complex FLOSS, e.g. web browsers.
It is also true for web browsers; all it needs is one developer among the many thousands being able to build and distribute it.
> Open-source doesn't necessarily mean easy to take control
True, it should be more something like: "it won't be easy to use this source by yourself, but if the company decides to discontinue the product, you can still hire some developers to support and continue it, rather than throw in the trash everything you've based on it, which sometimes could mean your entire business". It rather makes hard for others to take away this control, a concept which is wonderfully explained by the GPL license document.
> I've been RE'ing for decades and wish more people knew about this valuable skill, because that's what gives you the true power to take control.
Agree 100% on this, but definitely not easy especially now that pretty much every damn product contains more horsepower and complexity than the Apollo missions computers.
However, if you have books, resources, examples etc. for mere mortals on the subject, I'd love to take a look at them. That topic would probably deserve a post by itself.
>simply use a debugger to find the right place in the binary to modify directly
I reflect back and wonder why the systems I grew up with didn't have this capability built right in, like a keyboard interrupt in DOS that would pause execution and let you dive into the contents of memory, view the stack, or debug the decompiled version of a running program.
Maybe this kind of stuff just wasn't possible in the race to the bottom that was the 80s and 90s PC market, but as a child, I was really confused why I didn't have the tools necessary to "pop the hood" on anything other than BASIC programs—and that's assuming I was using a machine that had BASIC installed.
I'm sure the only thing I would have done with it at the time would have been to cheat at video games, defeat copy protection, and alter game dialog to be extremely crass, but I think it would have been extremely helpful in the development of my adult skill set.
I agree with that. I have firefox cannot update to the latest version nags that I cannot get rid of. Looking at the source takes me down all sorts of false trails, let alone compiling the darn thing. sigh.
On the other hand, it is possible, and great groups of people have for instance de-googled chrome and fixed ubuntu.
doing a small patch on a unsupported piece of software, but that was nearly trivial.
That means you've already started. ;-)
I think it's hard to give recommendations regarding learning of RE in general, as I mainly do it a "scratch an itch" and "learn as you go" type of thing --- whether you need to interface with an unknown file format, change the behaviour of a piece of code, change a message in a UI, automate an aspect of a web app, etc. the exact knowledge you'll need will vary widely. However, in all those circumstances the basic idea is to gather knowledge about the target to get a vague understanding of how it works, and then dive in with the specific tools/knowledge you've gathered.
It's not about power dynamics, it's about liberty. And ultimately, liberty is about autonomy. Having the freedom to do what you choose if you so need to. Free as in freedom right? Stallman was always talking about liberty.
Potayto, potahto. As an example outside of computing, slavery — the antithesis of liberty/autonomy — is the manifestation of an extremely skewed power dynamic.
Yes, it is to protect liberty to do what you will with the software/source.
It is also to make sure that the developers of said software will be in a much more difficult situation when it comes to abusing the users of their software. Stallman talks about this as well.
Liberty for whom? Most of humanity is not economically privileged enough or digitally literate enough to utilise the available digital liberty, let alone able to know that it exists.
You know what else tends to have poor ux in my experience? Overly priced specialized commercial software targeted towards a specific industry.
I think the worst i've ever experienced between floss and commercial software had to be the software to program the waterjet cnc at my last job. For some reason, half the menu items were in german, all the configuration was done in a text file where variables were a mix between english and german, the machine manufacturer stopped officially supporting the program and literally one person at their tech support office even knew how to use it and his knowledge had gotten pretty rusty. That program was an ugly, bug ridden, confusing mess that at one time cost lots of money.
According to the tech i talked to, it was written by one german guy who had a poor grasp of english, vanished years before and nobody knew how to contact him.
We used alphacam for our routers, but my boss was delaying paying for another alphacam license for as long as possible. It was nearly $10k per license or something.
This echoes how I think of Bitcoin; an alternative to government and private banking, not as a replacement but its very existence shifts the hostage-like power dynamics we have grown accustomed to.
All joking aside, I recognize that this is strong language, but it certainly describes the tactics used.
Although obviously no one is in immediate physical danger, with the exception of medical equipment. Even that I'm not sure of, I've just heard hearsay.
For me personally at least, discovering open source meant learning that even if something looks like magic, it has source code behind it somewhere. Nothing is magic, everything is science(or engineering), even if that is hidden/obscured from the end user.
As a result of this, anything can be reimplemented/replaced, if you or someone else have knowledge on how to do so. This in turn means that it is possible to escape from unethical services, thus the article.
> even if something looks like magic, it has source code behind it somewhere.
This is an incredibly important insight. When technologically illiterate people have difficulties with a gadget, it is extremely common that you can trace their difficulties back to their assumption that the workings of the gadget are magic: they don't attempt to form any kind of mental model for how the device might work, and end up making impossible and contradictory assumptions about it. Even an incorrect mental model would be more useful, because you'd be more conscious of making predictions and realizing that your predictions are wrong for a reason when the machine doesn't respond as expected.
This thread is a great example of why I think open-source is a distracter for true freedom: it emphasises the notion that source is somehow necessary to understand and modify software, when the truth is far from it.
Legal or not, you can always take a disassembler to a binary and find out the truth, just like you can do the same to other devices and understand their workings much like what the "true scientists" do[1]. Crackers and the security industry have been doing that for decades. PC magazines of the 80s and early 90s even told you how to patch your own software --- without source --- to accomplish certain things like fixing bugs or changing "annoyances".
I often wonder what the state of software would be like if Stallman emphasised the right to inspect and modify regardless of source code availability; perhaps there would be far less open-source projects, but people would have a much more intimate familiarity with how computers work in general.
If I can modify the binary, I don't need the source. Especially for large projects, where trying to figure out how to compile the exact same binary I already have and know works, along with its massive tree of dependencies, can be even more difficult compared to just opening it in a hex editor and patching a few bytes.
[1] It seems computer scientists mainly focus on construction unlike physicists, biologists, and chemists who focus on analysis first.
I still think open source is an important effort, editing/reading source code will always be more efficient then reverse engineering and modifying the binary.
That being said, I agree with much of what you say, and I am working on learning re/binary patching. Are there any good resources you could recommend?
Get a manual for your processors assembly and a description of the way binaries are organized for your operating system (Headers, sections).
Try to build a minimal binary with c, analyze it, try to modify it. Find out what the appropriate tools are for your operating system.
This is the best phrasing of this concept that I remember having seen.