> many associations with harm are confounded by past or present tobacco use [...] but when pure nicotine is examined [...] the harms appeared minimal: like all stimulants, nicotine may raise blood pressure somewhat, and is addictive to some degree, but the risks do not appear much more strikingly harmful than caffeine [...] There is little evidence from the NRT [nicotine replacement therapy] literature that ‘never-smokers’ like myself are all that likely to become highly addicted
(To be clear, I understand why the medical community would be hesitant to endorse this without it rising to the level of a "cover-up," but it seems like it's not as bad an idea as it intuitively sounds. But it's also unclear if the stimulant levels mentioned in that article are anywhere close to the levels relevant for covid.)
I believe NixOS does not (there's a "nixos-rebuild switch" command that sounds vaguely like it requires a reboot, and NixOS does aim for declarative confgs, but it knows how to restart services etc. without rebooting your whole machine - see chapter 3 of the NixOS manual: https://nixos.org/manual/nixos/stable/index.html#sec-changin...)
But the proposal here isn't about running NixOS as your OS, since we're talking about macOS. It's about using Nix as an additional package/environment manager on top of another OS/kernel, in this case macOS, though of course Linux is well-supported too.
Each file in Nix is stored in a path that's computed based on the hash of the relevant source code, and depends on other files (e.g., libraries) via their hash-based paths, too. So you can straightforwardly have multiple execution environments with their own dependencies that don't interfere. It's an alternative solution to the dependency problem: containers leave paths alone, but create a new root filesystem for each container. Nix programs all share one root filesystem, but modify the paths so nothing uses e.g. /usr/bin or /usr/lib.
Precisely because Nix binaries isolate themselves from /usr and carry their own dependencies, the Nix packaging repo "nixpkgs" can be used on any Linux machine, not just NixOS ones. And the Nix folks also build nixpkgs for macOS, so most software in nixpkgs can be installed on a macOS machine too. This gets you a solution to the dependency problem on macOS itself (because there are no Linux-style containers on macOS). If you want, it also gets you a relatively consistent dev environment for applications that will be eventually deployed on Linux: although the kernel is different and of course the binaries are compiled for different kernels, the entire userspace can be the same on macOS and Linux.
nixos-rebuild switch does not require a reboot. In fact, you'd typically use nixos-rebuild boot if you don't want immediate changes.
For very complicated reconfigurations, it might be advisable to reboot if that involves changes to services that are only started during boot time. But that's the case for nearly any OS...
This is an excellent point from the comments, from one of the signatories:
> If you as a public university had no power against racism beyond the nobility of your intentions, your mission statement wouldn't matter a damn anyway. The public university's power against racism is the inherently anti-racist power of genuine knowledge.
And I think it actually refutes some of the more simplistic comments by other signatories about e.g. a desire to keep politics out of science or whether a university's goal should be truth or social justice. Such a phrasing implicitly claims that social justice (however one defines it) is a separable goal from truth. It reminds me a little of the "non-overlapping magisteria" non-solution to conflicting claims from science and religion, that either science determines truth and religion determines, I dunno, vibes, or alternatively that religion has real truth and science is limited to some subset of reality - it solves the problem by refusing to take either one or the other seriously.
The claims of politics and social justice are claims within the domain of truth, just as the claims of science are. Either climate change is happening and merits a response, or it isn't. Either diversity brings conflict or it doesn't. Either the implicit association test is good science or it isn't. Either social Darwinism is good science or it isn't.
The goal of the university should be to seek the truth because it helps humanity. This is why the research university publishes its research and the teaching university opens its doors to the public, after all. There are enough places (as we tech folks know!) where you can pursue the truth about many things for private gain.
Those of us who are on the side of "science" and "truth" must say that when the pursuit of truth has brought us somewhere, we need to do something with that conclusion. It might take us a long while and to false places on the way (as with social Darwinism), but once we've landed on the shores we sought, we need to build something there. And those of us who adhere to the cause of "social justice" as widely understood (and I certainly count myself as one) must believe that the claims it makes about the world we live in are in fact true, and that the pursuit of truth will keep us focused on what actually benefits the people or causes we support, and we need to not cede ground to the idea that our pursuit of truth is somehow a different thing from the ordinary pursuit of truth.
Politics and social justice contain claims in the domain of truth, but also contain claims in the domain of norms, i.e. end goals, which are inherently orthogonal to truth (or near enough). Whether a fact is true is different from whether it's good or bad, which is different again from whether you should do something about it. Confusing these leads to dangerous outcomes, I believe some of the "false places" you mentioned.
> The claims of politics and social justice are claims within the domain of truth, just as the claims of science are. Either climate change is happening and merits a response, or it isn't. Either diversity brings conflict or it doesn't. Either the implicit association test is good science or it isn't. Either social Darwinism is good science or it isn't.
That's a rather black and white way of looking at things, and seems to imply that once "truth" is found, that further action no longer requires any relationship to it.
Why these things are happening and what is the best way to solve them seem to be more pertinent questions, and involve a much deeper search for the truth then merely establishing that they're occurring and something needs to be done.
> Those of us who are on the side of "science" and "truth" must say that when the pursuit of truth has brought us somewhere, we need to do something with that conclusion.
There are those of us who see this as pure hubris. Particularly that you're conflating scientific result with truth and ultimately with conclusivity. It suggests a path where solutions are no longer socially discussed and implemented collectively though compromise, but rather handed down by science and enforced by rote.
Physical truth is very different from socially constructed truth. It took me 25 years, great pain, and leaving my original Mormon faith to understand this.
Money, God, and What's Good are socially constructed truths, for example.
You can converge on understanding physical truth without necessarily converging on socially constructed truth.
This is not pointlessly-spent energy! It is part of the job of software engineering, in much the same way as fixing compiler errors and debugging is part of the job of software engineering. Your work isn't done just because you have a program that makes sense to you.
Think about technical discussions as a thing that you need to spend extended amounts of time and energy on - probably more than programming, once you get senior enough as an individual contributor.
(So, yes, I think it's a lack of skill, largely because of a lack of recognition that it's a skill worth developing. I can't say whether the "blame" is yours or theirs, but it is highly likely that everyone has a lot of room to get better at it.)
Honestly, I think if the GDPR had been around before HTTP, we would have seen HTTP as the unreasonable part in this system.
You don't have to make a direct TCP/IP connection for two people to communicate. We had systems like Usenet and UUCP that replicated data through a series of servers. Even today, when you use email, you talk to your email provider who talks to the recipient's email provider, and they have no need to share your personal IP addresses in the process. Some providers used to include this in Received: headers, but many today do not, rightly seeing it as a privacy concern. And even on HTTP we had (and still have, in some cases) mirrors, where legally-unrelated entities host copies of each others' data. Someone in the EU can visit http://ftp.icm.edu.pl/pub/linux/Documentation/ and never have their connection known to the US-juridiction host of TLDP.
It is both socially sensible for these providers to consent to sharing their own infrastructure IP addresses with other providers (but not share their customers' IP addresses) and legally practical for them to make that consent under the GDPR.
Why should it be the case that when you visit my personal website, which I happen to self-host, I have access to your IP address? I don't want that information. I don't even get that information when using higher-level services like Hacker News or Twitter or GitHub, even though those services operate over HTTP. It's weird that I get it, honestly.
I understand there's a huge planetary investment in HTTP, and so the collision of abstractly-reasonable privacy rights with that reality is an extremely hard engineering and policy problem. But that doesn't make the privacy rights unreasonable.
My personal website is a publicly-accessible static site. Blocking people from it is not meaningful.
It might be meaningful under the model of direct HTTP, where you could be DoSing me or trying to exploit my web server. But if you don't contact me over HTTP, then that problem doesn't arise. There's no meaningful concept of blocking people from a Usenet post I write. Even for indirect HTTP, I don't need to block people from my GitHub Pages or from my HN comments. They're public.
If I add dynamic feature like a comment system or discussion forum to my website, then it becomes meaningful, but also at that point I can implement a way for you to consent to sharing your IP address with me as part of signing up.
I get your point, but you said “happen to self host”. You’re (I think inadvertently) conflating content distribution and infrastructure. If you are self hosting a website then there aren’t other people distributing your content: you are. If you are just publishing content to be hosted on some static site platform like gh-pages, then yeah, blocking bad infrastructure players is their problem.
What’s what with the internet is that it allows both types of models, and both are widespread and actively used today. It wouldn’t be hard for e.g. GH to run EU servers and manage mirroring all content and static sites so that traffic is roughly region local. I wouldn't be surprised if they did this to some extent just for efficiency concerns irrespective of any legal ones.
Yeah, but I think the term "self-host" is a little bit conditioned on the HTTP model itself. If we had some sort of Usenet-style distributed infrastructure, you could imagine two ways of publishing content, either running a static site generator locally and using that to push content to the world (and you would be directly negotiating with people about whether you're a spammer), or using some helper online tool a la WordPress to render the content and have them do the push (and they would take responsibility for making sure it gets pushed). In that world, where the end-to-end model of our world's HTTP is uncommon, I think people would still call the first way "self-hosting."
In fact I think we do use the term "self-host" in exactly that way when talking about "self-hosted newsletters." I can (and do!) run a newsletter where I generate the HTML and the MIME document locally, find an SMTP provider of my choice, and instruct it to directly mail recipients. I maintain the mailing list (in a text file in a Git repo) and pass it to my SMTP provider every time I do a mailing, and people contact me directly to sign up. I could also use Substack/Tinyletter/Buttondown/etc., which would have various advantages and disadvantages; the hosting provider would handle most of this for me, including maintaining the list of subscribers. You can also talk about "self-hosted Mailman," etc. In these cases, the self-hoster sees the email addresses of subscribers but not (necessarily) their IP addresses.
I don't think I'm conflating TCP and HTTP. NNTP, UUCP, and SMTP all use TCP, but they're designed in a way that doesn't have this property. In fact it's not even HTTP per se that's a problem. It's mostly about what I called "direct HTTP" - though you posted your comment to me over HTTP, there's no HTTP (nor TCP) connection to me.
(Also other comments claim that the CLOUD Act means that if GH the US entity runs EU servers, that doesn't actually solve the problem - it'd have to be a non-US entity not subject to US jurisdiction. That's why I think the old-school-web model of mirrors is a better example; they're generally run by universities or other entities with no legal relation to the site they're mirroring.)
> 2. This Regulation does not apply to the processing of personal data:
> (c) by a natural person in the course of a purely personal or household activity
My sense (I am neither a lawyer nor European so this is certainly not European legal advice) is that you cannot use GDPR to compel someone to delete your contact info if they're solely a social acquaintance, but you can use it to compel them to delete it if they're a one-person business of some sort (contractor, Etsy seller, lawyer, etc.).
(But in practice, we mostly rely on the fact that if you are in Google Cloud and specify a minimum CPU version, Google masks CPUID in that VM to exactly match that CPU, even if the underlying hardware is newer. They do this so live-migration of the whole VM works, but it also helps for process migration. I'm not sure where this is specifically documented but see e.g. https://stackoverflow.com/a/44507857 .)
In general "factual information" is not a defense to a whole bunch of things that society generally recognizes as not protected by free speech (the broad concept, not solely the legal right). I cannot claim to be lawyer and provide you with legal advice, even if that legal advice is correct. I cannot redistribute copies of Taylor Swift's latest album, even if (perhaps especially if) it is a faithful copy. I cannot make a public list of all the black people at my company who show up late to work and leave the white people off that list, even if I'm accurate about when they're showing up. If I am a doctor, I cannot publish transcripts of all the conversations I have with patients.
And a few of these aren't even heinous! If I happen to be self-taught in the law and I am particularly good at giving wise and helpful legal advice, but I am not actually admitted to the bar, nobody is directly hurt by my advice, but society has decided the potential for harm in this situation is high enough that I still shouldn't be allowed to do that.
Addresses aren't copyrighted, and workplace health and safety and discrimination or doctor patient confidentiality don't really fall under this because this information like addresses was already public. And if this information becomes public, whether illegally or legally, you're allowed to republish it. Data breaches get shared all the time and that's legal to do because it's considered public information. You are allowed to publish books and news articles with names and addresses in them, or your legal opinions even if you haven't passed the bar exam (also it's worth noting that this is an American idea) and that's not illegal, so why not websites?
Then how do you decide what is (or should be) a right and what is not? Suppose someone claims a right to gay marriage, or a right to employ only people of their race, or a right to bear arms - how does society (the citizenry, the legislature, and/or the courts) decide whether that is indeed a right?
Absent a holy constitution given to us by the divine, the way we decide what is and isn't a right is we look at its effect. Places that recognize a right to bear arms, for instance, do so because they believe that arming the citizenry protects them against abuses of the government. Places that don't do so because they believe that disarming the citizenry protects them against crimes from other citizens. To the extent that one of these views is correct and the other is not, it is not because they guessed wrong about the nature of the universe - it is because one argument is correct and another is not.
Free speech is not axiomatic. Free speech is a right (and I agree it is a right!) because it has particular positive effects on society, through the benefits of open and unfiltered public discourse.
And the same reasoning helps us define exactly what "free speech" is. We make significant restrictions on free speech - classified information, copyright and trademark law, slander and tortious interference, electioneering laws, unauthorized practice of medicine or law, fraud, etc. - in the expectation that those restrictions serve to benefit society, and in the understanding that if we were to allow these forms of speech, they wouldn't really serve the goals which we see free speech, overall, as helping. If I were to say "I am a licensed doctor and I think you should take two pounds of Vitamin D a day," we understand that the benefit of me adding that statement to the public discourse is nil, and the harm is great, and so we don't recognize that as protected by free speech.
I mean, we could try using the democratic process, that seems to have worked reasonably well so far.
But you're right that I hold free speech to be a right for its own sake. So it's that I first believe that to be a right, on grounds of personal preference, and then I advocate for it because of that. But obviously I cannot convince someone on that basis - though that goes for pretty much every preference.
That said, I think the particular issue here is that the abrogation of the right of free speech created by this action did not come about through any particular instance of the democratic process, and is not actually based on any process of formally weighing rights against one another, but rather who can threaten to cost companies the most revenue.
> many associations with harm are confounded by past or present tobacco use [...] but when pure nicotine is examined [...] the harms appeared minimal: like all stimulants, nicotine may raise blood pressure somewhat, and is addictive to some degree, but the risks do not appear much more strikingly harmful than caffeine [...] There is little evidence from the NRT [nicotine replacement therapy] literature that ‘never-smokers’ like myself are all that likely to become highly addicted
(To be clear, I understand why the medical community would be hesitant to endorse this without it rising to the level of a "cover-up," but it seems like it's not as bad an idea as it intuitively sounds. But it's also unclear if the stimulant levels mentioned in that article are anywhere close to the levels relevant for covid.)