Hacker News new | past | comments | ask | show | jobs | submit login
Malloc broke Serenity's JPGLoader, or: how to win the lottery (2021) (sin-ack.github.io)
235 points by fanf2 6 months ago | hide | past | favorite | 175 comments



This is one of the reasons why many hashtable implementations introduce a random component into the algorithm. The order of elements changes on every run, so if you accidentally rely on the order, it's going to go wrong sooner rather than later.

It also very nicely prevents security issues, since if the hashing algorithm is fixed, it can be exploited for denial of service by coming up with keys that all fall into the same bucket.


Many implementations these days also go the opposite way, guaranteeing that hash tables always iterate in insertion order.

I prefer this because it means I don’t have to decide whether I need an ordered map or an unordered map. Often if I think I need an unordered map it turns out to be wrong for some subtle reason.


JavaScript is probably the most notable example of that. It used to not have a guaranteed iteration order, but browsers implemented it in such a way that the iteration order was the insertion order, and then that eventually got standardized because websites started depending on it.

For general purpose hash maps in standard libraries, I think you ought to either randomize the iteration order so that it's different every time, or guarantee an iteration order. Leaving it unspecified but predictable in practice is a recipe to fall victim to Hyrum's Law (https://www.hyrumslaw.com/).


Javascript is kinda weird as the numerical keys have their own special ordering.

Python is probably the better known one, as it went through "arbitrary but deterministic" (before 3.3) to "wilfully non-deterministic" (from 3.3 to 3.6) to "insertion ordered" from 3.6, the latter of which was initially an implementation detail of improving the hashmap but was then made into the language spec starting 3.7.


Perl also changed its behavior, but in the other direction: a random seed was used per interpreter start after 5.18.

https://www.perlmonks.org/?node_id=1005122


That's actually the first python transition I mentioned, per-process hash randomisation had the effect of making map iteration non-deterministic. I believe in both cases this was in response to the hashdos concern / attacks.


Ah, sorry I didn't read that closely.

One minor nit (which the Perl press releases also mess up): the randomisation is per-interpreter, not per-process.

That's not a pedantic distinction. I've seen a couple of bugs/bad behaviors caused by forking servers forgetting to call srand(3)/re-randomize the hash seed after fork(2) and then relying on more randomness than they actually have. Suddenly (for example) hashing rate limiters or bloom filters all operate in near-lockstep, which can cause significant issues at high volumes.

Forking has also caused randomness-related issues (though not necessarily specifically re: hashing) for Rust[1] and Ruby[2], and probably many other platforms. OpenSSL seems to sidestep[3] the issue by using the PID as part of its salt internally.

1: https://github.com/rust-lang/rust/issues/16799

2: https://bugs.ruby-lang.org/issues/4579

3: https://wiki.openssl.org/index.php/Random_fork-safety


I remember that it actually broke a critical algorithm I was testing at the time. Fun times.


Rust has HashMap with random order and BTreeMap which is ordered by the key. Additionally one can use IndexMap crate if wanting to keep the order of insertion in the map. The issue with the latter is how much memory it can waste in the worst cases. A good example is the serde_json library, if enabling the ordering of the maps. If you deserialize JSON into its dynamic Value enum, the resulting object can be many times bigger than the original string.

For immutable data that can fit to the CPU cache, utilizing a sorted vector can be many times faster and uses less memory compared to the maps.


> A good example is the serde_json library, if enabling the ordering of the maps. If you deserialize JSON into its dynamic Value enum, the resulting object can be many times bigger than the original string.

Deserialized non-trivial objects are generally larger than the original serialised value.

IndexMap should not generally be significantly larger than a HashMap though, unless the key and value are very small (sub-word).


We did measure significantly bigger memory usage with IndexMap and needed to revert back to HashMap eventually.

Deserializing into a defined struct does not waste as much memory as Value does. Especially due to the recursive nature of the Map variant, which can hold another Map.


> We did measure significantly bigger memory usage with IndexMap and needed to revert back to HashMap eventually.

That is strange and I’d assume the maintainers would be interested in the information.

By my reckoning HashMap would be consuming about capacity * 10/9 * (8 + sizeof key + sizeof value) while indexmap should be consuming capacity * 10/9 * 8 + capacity * (8 + sizeof key + sizeof value).

Unless indexmap reuses hashbrown directly in which case you’d get something like capacity * 10/9 (16 + sizeof key) + capacity * sizeof value.


It's pretty easy to try out: https://play.rust-lang.org/?version=stable&mode=debug&editio...

Now, if you have an enum such as `serde_json::Value` which is kind of recursive with its `Map` variant, and you have a ton of dynamic JSON parsing in your code, these numbers really add up. And serde_json uses `BTreeMap` (I was wrong in my previous message) by default which is even smaller than `HashMap`.

The learning here is to avoid dynamic JSON parsing if you can. And if needing it, but not caring the insertion order, avoid the `preserve_order` feature flag.

The other learning here is that there is no map structure that fits to all purposes. They all have their pros and cons and you should choose the right one for the problem.


Indexmap does reuse hashbrown. It consists of a hashtable containing `usize` indexes into a `Vec` which in turn contains the actual entries (keys and values), along with a cached hash for the key. In the end the overhead should only be that index and the hash.


PHP too.

Its arrays, which also behave like hash maps, respect insertion order.

https://www.php.net/manual/en/language.types.array.php


Python also, similar story.


[flagged]


Americans? This is using "law" to mean something akin to "scientific law", such as Newton's three laws of motion or Mendel's three laws of inheritance; it's a description of what will happen. People were using "law" in this way since before the USA even was a country lol


It probably started with Zipf's law in the 1930s and then Murphys law a few years later.


> Often if I think I need an unordered map it turns out to be wrong for some subtle reason.

Huh. This hasn’t been my experience. I very rarely need maps to be ordered. In recent years, the only case I can remember is when serializing to TOML and wanting the keys to be written in a specific order. There have been the occasional other case where insertion order is what I wanted, but I almost never need ordering in map keys.

> I prefer this because it means I don’t have to decide whether I need an ordered map or an unordered map.

I’m the opposite, I prefer to be given a choice so I can make the tradeoffs when I want to or need to. If you don’t want to choose, you are free to always choose ordered map, but even if ordered map is the default, there should always be a choice to use unordered map. It’s been very rare that I started with the wrong one and had to change.

When I write python or JavaScript I typically don’t care and will just use whatever is the default, but when I write C++, I very much do care and the vast majority of cases use phmap’s flat_hash_map, which has superior space and speed over std::map and std::unordered_map. For ordered maps I use tsl::ordered_map but that still comes at a cost over flat_hash_map and its unordered variants.


As a rule I’m happy to sacrifice cycles for determinism, because non-deterministic bugs are disproportionately wasteful of developer time.

As much as possible I want my code to give the same results from one run to the next.

Some sources of non-determinism are unavoidable, but e.g. unordered maps and unstable sorts both have deterministic alternatives that are almost as performant.

Maps are such a common data structure that eliminating unordered maps has a big impact on whole program reproducibility.


I agree with sibling commenter. If I need determinism, I choose the deterministic container. If I don’t know whether I need determinism or not, I don’t understand the problem well enough yet.

Regarding wanting your code to produce the same results from one run to the next, so do I, and I get this by using appropriate data structures. If iterating a map is producing non-deterministic results then I’m doing something wrong, because that means that the order of iteration matters. It’s just that it’s not that common in my code that this is the case. Where I need specific order, more often than not, a list (array/vector) has been a more appropriate structure. Sometimes an ordered map is indeed the correct structure, but ordered map doesn’t by itself give you the determinism you desire, you also need to ensure that the insertion order is itself deterministic and consistent between runs, and that the order is maintained during processing/data manipulation between insertion time and iteration time.

Typically a better approach, in my opinion, is to process the data in whatever form makes sense (eg unordered) and then when you reach a point where order matters, that’s where you sort by the order you require, rather than trying to make sure that you insert in the correct order and don’t lose that order somewhere in the process. Of course it’s valid to think about the steps and say “if I use an ordered map, this set of operations maintains the order, so I can omit the sorting” and that’s a good optimisation, but that should, in my opinion, be a conscious decision based on analysis if the problem, your solution, and your requirements.


Picking a tool without thinking about it is a surefire way to get runtime bugs.


> I prefer this because it means I don’t have to decide whether I need an ordered map or an unordered map.

Well only if you happen to insert your elements in order. If you want a proper ordered map like `std::map` in C++ or `BTreeMap` in Rust then you are out of luck (at least in Python and Javascript).


You can always use a library or roll your own.


I don't understand this reasoning. If there is a subtle reason wouldn't you take the time to think through it carefully? Are you in such a rush that you don't have time to decide the required data structure (ordered vs unordered)? Or do you have insufficient control of downstream software that you fear for unknown bugs caused by this? And since insertion order is often related to some other ordering in the input, you are comfortable that downstream software completely rely on this ordering even when it's undocumented? Genuinely curious because this kind of reasoning is alien to me.


Isn't that just a different data structure? How do you preserve insertion order in a hash map?


> How do you preserve insertion order in a hash map?

You enhance the stored elements to also be the nodes of a doubly linked list. The overhead is rarely critical in practice. It can be made more efficient if the hash map doesn’t need to support deletion.


> The overhead is rarely critical in practice.

Depends; you add two extra pointers for each element, so your int → int hash table balloons in size.


I repeat: This is rarely critical in practice. Of course there are cases where it becomes critical, but it’s a perfectly good default.


Ah yeah, I've implemented LRU caches this way (hash map with an intrusive linked list overlayed on the values) but didn't put 2 and 2 together :)


Kind of? It usually means you've compromised the data structure somehow but occasionally it shows up incidentally.

For example, if you append the keys/values to an arena instead of inline in the hash you get a different set of performance tradeoffs. However insertion order is then available by walking the arena.

Appending to an arena in the background is a decent choice for variably sized data, as opposed to heap allocating everything one at a time. That probably has to store the size of each item, hence a forward iterator over the arena at zero cost. Minor quibbles around deleting and tombstones notwithstanding.


If your hash map uses open addressing, instead of a sparse array of pair<key, value>, you can have a vector<pair<key,value>> and a sparse array holding offsets into the vector. Depending on the sizes of keys, values, and offsets, as well as the average loading factor, this might or might not save space.

If your hash map uses chaining, then you weave an extra doubly linked list through your entries (see OpenJDK's OrderedHashMap, for a pretty readable open source example).


At my previous company my boss made me angry after I already handed in my two weeks notice so I stopped caring, and I wrote code that depended on the insertion order into a map. Of course I didn't document it. Have fun guys.


Your ex-boss made you angry and you left code that will make the life more difficult for whom? Only your ex-boss or more people? Who gets punished for what you perceive as one person's mistake?


It was a company where 80% of employees were interns, I was one of them, the other 20% were people who couldn't get hired elsewhere, with just a handful of those who actually knew what they were doing. There was no leadership.

I agree that I handled the situation unprofessionally, but I feel excused, considering the circumstances. Whether I'd do it again depends on who'd need to clear up this mess. If it's people I care about because I got to know them - I'd keep my cool. But if it's some abstract "organization" where I was just a random cogwheel with zero connection to other cogwheels, then you can't expect me to care about anything that doesn't include "me".


We can expect a lot from you, but I guess you’re always free to let people down.


If I counted each time people let down me I'd definitely broaden my vocabulary of huge numbers.


Vengeful behavior can be gratifying in the short term, but in the long term I've never felt good about it.

Maybe you'll find the same.


> This is one of the reasons why many hashtable implementations introduce a random component into the algorithm.

If the random component is a seed that can be forced/stored/logged/reproduced then it's okay. Otherwise it's actually an horrible idea because it complicates debugging other issues.

Randomness is the enemy, not the friend.

> It also very nicely prevents security issues, since if the hashing algorithm is fixed, it can be exploited for denial of service by coming up with keys that all fall into the same bucket.

Yeah, 20 years ago this was a thing to attack Java webservers: crafting URL with parameters so that they'd all end up in the same bucket. Big denial-of-service one. IIRC PHP webservers suffered from the exact same security issue.

It was fixed by implementing a hash table with a seed and that seed was, of course, under the control of the dev because...

Randomness is the enemy, not the friend.


This seems like a case where a little more debugging would have saved time over brute force bisection. The logging to print component orders had to be done eventually anyway.


Kudos on the debugging but also on that commit message. It managed to condense the cause and the fix into a couple of paragraphs.


For whatever its worth, if we wait long enough C++ will include the equivalent of `malloc_good_size`. https://github.com/cplusplus/papers/issues/18


Needs [2021] in title


This isn’t Gunnar’s fault. The problem was whomever stored ordered data in a hash file.

I have been in this business for decades and I have run into the situation where changing the shape of memory uncovers bugs. Every time it causes many hours and days of debugging.

If programming weren’t hard, they wouldn’t need us to do it. (I’m not sure how much longer that phrase will hold up under large language models.)


> This isn’t Gunnar’s fault. The problem was whomever stored ordered data in a hash file.

Yes. Even if it were, I don't think it needs to be mentioned in the commit message. Gunnar improved something, which triggered problems with old broken code. For his efforts he gets:

> Gunnar, I like you, but please don't make me go through this again. :^)


If the smiley face and the commit message's tone didn't make it clear that it's a joke, TFA explicitly ends with this:

> Gunnar in particular was the one who uncovered this bug, and despite my satirical jab in the commit message helped uncover this very interesting bug, so he’s the one who made this post possible.

Gunnar is also credited right in the same commit message for help:

> Credits to Andrew Kaster, bgianf, CxByte and Gunnar for the debugging help.

And judging from how the author of the actually broken code in question is (reasonably) not investigated or publicized, it seems quite obvious to me that the article's author is not trying to play the blame game.


As long as LLMs are trained on code that has bugs, they'll suggest code that has bugs.


Indeed. And contrary to the title, the fault isn't malloc()'s either.


> As a result, during the 1000 commits I ended up bisecting for, I had to build SerenityOS from scratch about 4-5 times on a 2011 laptop with Sandy Bridge Mobile. While this isn’t the fault of the project, I’m still mad.

I think SerenityOS has some folks that help each other out with resources and PCs for testing purposes.


> I had to build SerenityOS from scratch about 4-5 times on a 2011 laptop with Sandy Bridge Mobile.

I mean, this is like trying to do Windows Vista development with a computer released in the timeframe between Windows 3.1 and Windows 95


Maybe in terms of time, but not in terms of actual performance. CPUs haven’t changed that much since 2011 (relatively speaking), but between Windows 3.1 and Vista we got x64 and multicore CPUs everywhere became the norm.


> CPUs haven’t changed that much since 2011 (relatively speaking)

Perhaps not relatively speaking, but my 2021 CPU is 10x faster than my 2015 CPU on workload which parallelise (which compiling generally does).


Good, let's look at hard numbers!

Windows 3.1 came out in 1992. One of the highlights in the CPU world in 1992 was the launch of the Intel DX2 (https://en.wikipedia.org/wiki/Intel_DX2). It used an 800nm process node, ran at up to 66MHz, had 8k of cache, and was usually coupled with either 4 or 8 MB of RAM.

Windows Vista came out in 2007. That's the year Intel released their Core 2 Quad (https://en.wikipedia.org/wiki/Intel_Core_2). It was a quad core, manufactured on a 45nm process node, running at up to 3.5GHz, with 256k of L1 cache and 8M of L2 cache. In this era, computers often had around 2 GB of RAM.

So we're talking 4x the number of cores, 50x the clock speed, 256x the RAM, 1024x the cache. Benchmarks comparing the two are extremely difficult to find, because they're from completely different eras of computing; but I think it's pretty safe to say that your 10x is completely insignificant in comparison.


An intel chip from 2011: https://ark.intel.com/content/www/us/en/ark/products/52210/i...

Equivalent chip today: https://ark.intel.com/content/www/us/en/ark/products/236784/...

4 cores/4 threads up to 14 cores/20 threads. Max memory supported 32GB up to 192GB. 3.7Ghz turbo up to 5Ghz. 6MB cache up to 24MB+11.5MB L2. Memory bandwidth 21GB/sec up to 76GB/sec. AVX2. Faster GPU.

It’s not so dramatic but it’s not nothing; 5x the threads, nearly 4x memory bandwidth, 1/3rd higher clock speed, 4x the cache, much higher bus bandwidth I think ~5x?


Using max memory supported in this case seems disingenuous, the truth is that the average computer in 2011 had 8GBs of ram, and the average computer in 2024 has 16GBs of ram, 32 if we're being generous.

It doesn't refute your claim that modern CPUs are drastically faster than 12 years ago, but there has definitely been quite a regression in how much we've been gaining the past years


Plus probably like 2x IPC


While I agree that the increase in speed per socket was greater in the 15 years between 1992 and 2007 than in the following 15 years from 2007 to 2022, your comparison for the cache size is not correct.

A motherboard with a 486 CPU of 1992 would have had an L2 cache memory with a size between 64 kB and 256 kB, made with discrete SRAM chips.

During the year 2000, the second generations of Intel Pentium III and of AMD Athlon were the first to have an L2 cache memory integrated in the CPU. When first launched in 1999, both Pentium III and Athlon still had external L2 cache memories.

External L2 cache memories had been the norm in all motherboards except in the cheapest models, starting already with 80386DX, before 1990.

So the L2 cache memory of 2007 was only around 64 times the size of that of 1992.

The increase in IPC (instructions per clock cycle) was huge between 1985 and 1995, i.e. 80386 => 80486 => Pentium => Pentium Pro. After that, the increase in IPC has been continuous until the AMD Zen 5 and Intel Lunar Lake of 2024, but at a much slower pace.

From 1995 to 2003, there was a huge increase in clock frequency, from 0.2 GHz to 3.2 GHz, i.e. 16 times, while in the next 20 years the clock speed has increased less than 2 times.

From 2005 (AMD dual core) until today the greatest speed increases have been provided by either increasing the number of cores per socket or the width of the SIMD execution units. For consumer CPUs (i.e. non-server) Intel has provided a sequence of throughput doublings in the sequence Core 2 (double SIMD throughput vs. previous Athlon X2) => Nehalem (4 cores/socket) => Sandy Bridge (double SIMD throughput) => Haswell (double SIMD throughput), but after that the following throughput doublings in consumer CPUs have all been provided by AMD, with the increase of the number of cores per socket to 8 then 16, and now with the double width of the SIMD units in the desktop variant of Zen 5, i.e. Granite Ridge.

So the increase in throughput per socket (in personal computers) between 2004 and 2024 has been of 256 times, due to increases of core count or SIMD width. For comparison with this 20-year improvement, the increase in clock frequency from 1985 to 2003, during 18 years, had been from 16 MHz to 3.2 GHz, i.e. of 200 times. I do not know the exact increase in IPC between 1985 and 2003, as that would require the choice of a benchmark program, to be run both on an 80386 and on a Pentium 4 or on an Opteron, but it might have been around 20 times. The increase in IPC from 2003 to 2024 might be of at most 6 to 8 times, when accepting an increase of 10% to 20% every 2 to 3 years. So overall, with a doubling of the clock frequency from 2004 to 2024, there would be an increase in the throughput per socket for personal (non-server) computers of around 4000 times both during the 19 years from 1985 to 2004 and during the last 20 years.

This corresponds on average to a little more than a doubling of the throughput per socket (in personal computers) every 2 years, during the last 40 years (i.e. from an Intel 80386 @ 16 MHz to an AMD 9950X).


Thanks, this is good context; I had no idea that the L2 cache used to be on the motherboard.

And yeah, my comparison is completely missing IPC, but that's difficult to quantify... ideally we'd have something like Geekbench results from both, but I struggled to find comparable benchmarks.


Clock speed is irrelevant as a comparison point between highly out of order micro-architectures with execution ports approaching dozen by now.


For the throughput of a computer the clock frequency is at least as important as the number of cores, the IPC (instructions per clock cycle) and the amount of work done by one instruction.

Were it not for the fact that increasing the clock frequency increases the power consumption more than the throughput, clock frequency would have been the most important factor, because increasing any of the other factors increases the throughput by less than their increment, due to various inefficiencies or because not all applications can benefit from those improvements.

For the computer user only the total throughput matters, not how it is achieved.


Come on. We're not comparing 2.1GHz and 2.4GHz here. We're comparing 66MHz and 3500MHz. That difference is significant regardless of execution ports and other micro-architectural details.

I'm not saying that the Core 2 Quad is 50x more powerful because it has 50x the Hz, or that the Core 2 Quad is 200x more powerful because it has 4x the cores @ 50x the Hz, or that it's 1024x more powerful because it has 1024x the cache, or anything like that. I'm trying to illustrate the extreme evolution of the microprocessor from the early 90s to the late '00s.


Nice comparison. Indeed, the developer's CPU is about 13 years old. Vista was released internationally in early 2007, so a 13 year old CPU at release would've been released in 1994, about a year after the original Pentium was released. But many were still using their trusty 486 DX2-66 CPUs.

Quite impressive that a CPU from 13 years ago can still work on modern projects today when the same wasn't quite as true back then. And a CPU released today will (hopefully) be able to work satisfactorily beyond 2037. 8)


My main desktop for the last year has been a 2011 Lenovo i5 running Windows 11 on dual monitors. Visual Studio runs great on it. Photoshop (the on-system AI tools can be a tiny bit sluggish). I probably have 200 tabs open in Chrome. Slack, WhatsApp. Three different browsers for testing. CapCut could be a little quicker when editing 4K, but it gets by just fine with complex 2K projects. The only thing I've hit the buffers with a little is complicated After Effects projects. It no likey those.

I do need to upgrade, but damn, for a system I basically saved from a Dumpster, it is decent.


> Visual Studio runs great on it.

I'd really like to see a video of VS running great on such a machine. My experience with it is that it doesn't run great at all on a top-of-the-line 2022 laptop with laggy interactions left and right. For the kind of software VS is, literally any UI lag is completely unacceptable.


I got Deja Vu upon seeing "Alien Lenna" and sure enough... I've seen and commented on this before: https://news.ycombinator.com/item?id=27374942 (2021)


[flagged]


It's an image used within imaging since the 70s. It's used because everybody uses it. It being part of an old Playboy centerfold isn't the relevant bit here.


Lena said “Once upon a time, I was the centerfold of Playboy,” says the former model in the new documentary Losing Lena. “But I retired from modeling a long time ago. It’s time I retired from tech, too.”

See https://www.sfgate.com/news/article/How-a-Nude-Playboy-Photo...


Sometimes we keep doing things because we don't stop and think, but it's good to stop and consider if we should continue or change. "Because we've always done it that way" / "because everyone's doing it" can mask many nasty things we wouldn't start doing if given a completely fresh context.


That's very true, but when looking at all the source materials I don't consider this to be one of those nasty things that absolutely need changing. If I was releasing imaging research or any other kind of publicly accessible data I would not use the image just to avoid the angry mob, but I think this is blown out of proportion.


We do it because we always did it is such a great argument.


Apart from the fact that this probably isn't common knowledge, this article is from 2021 (which the OP failed to disclose).

Why not be mad at IEEE for a change? They apparently only managed to ban use of the image in April of 2024.


Why kill whimsy? Do malloc bugs need especially serious images, like concrete walls or men in business suits?


The Lenna image isn't whimsical, it's a cropped nude photo. The people against it don't want image processing to be boring, they want it to be more inclusive. There are hundreds of other whimsical examples that would not be alienating to a good chunk of women.


Most women don't care about this at all. It's way, way down the bottom of the list of sexist bullshit in this industry. Complaining about it is more performative than anything. It's a way to pretend you're doing something for women.


Can confirm, I know a woman who works on image and video compression and she doesn't think Lena is a problem. "It's a pretty woman. What's not to like?"

Note that video compression has "foreman", of the opposite gender, and the angry mob hasn't gone after that one.


[flagged]


Afaik, Lena herself said she'd like her image to stop being used as a test image. And IEEE already retired its use.

Even if you think it's woke, there's good reason to respect the model's wish


https://www.wired.com/story/finding-lena-the-patron-saint-of...

Lena doesn’t harbor any resentment toward Sawchuk and his imitators for how they appropriated her image; the only note of regret she expressed was that she wasn’t better compensated. In her view, the photograph is an immense accomplishment that just happened to take on a life of its own. “I’m really proud of that picture,” she said.


She later said she wanted people to stop using the picture. https://finchcompany.com/projects/losing-lena-trailer/ https://www.theguardian.com/technology/2024/mar/31/tech-publ...

> Forsén herself has also suggested that the photo should be retired. In 2019, she said she was “really proud” of the picture and she re-created the shot for Wired magazine, which called her “the patron saint of JPEGs”. But later that year, the documentary Losing Lena spearheaded the latest effort to encourage computer science to move on. “I retired from modelling a long time ago,” Forsén said on its release. “It’s time I retired from tech, too. We can make a simple change today that creates a lasting change for tomorrow. Let’s commit to losing me.”


Doesn't it seem weird that she was proud of the picture when interviewed in a neutral context (Wired), but wanted it removed (not very strongly might I add) when interviewed by documentarians making a film with the express purpose of trying to get her picture removed? In the movie quote she even alludes to the title of the film: "Let's commit to losing me". It basically sounds like she gave them the soundbite they wanted.


Imo the reasonable thing to do would be to assign a higher credibility to her opinion in the Wired article higher than her opinion in the activist documentary.


More reasonable would be to consider how much each was paying her.


What's weird here? She can be proud about the picture and think it's a thing of the past that needs to stopped being used.


Or you she might have been incentivized into expressing a different opinion (financially or otherwise).


Why? She cannot have thoughts or agency?


https://www.sfgate.com/news/article/How-a-Nude-Playboy-Photo...

This is what’s cited on Wikipedia about the cessation of use.


The anti-woke, respectful move would be to find another Playboy centerfold.


Why?


Because the legitimate argument "it is against the wishes of the model" masks the underlying, foundational but hidden reason, which is "it appeals to the prurient interest of men in women, which I find detestable". Thus, finding another model who both consents to having her picture used but still appeals to the prurient male interest fulfills the stated claim while frustrating the unstated one.

I'm sure Naomi Wu would be up for it.


Not really, if she understood well what the photograph was being used for at the time, you can't retrospectively wish against it. That's like saying Oh I don't want to be a pornstar anymore, take down all my content thanks.


That’s not what she’s saying. It’s a very simple and reasonable request. Choosing to not respect her wish is essentially choosing not to out of spite for her since the effort to respect it is essentially nothing.


It is NOT reasonable by any stretch of the imagination


How is “please don’t use that photo of me” unreasonable? It’s a simple request that is trivially easy to respect.


> you can't retrospectively wish against it

She absolutely can. And we, collectively, can choose to respect that wish by using a different test image in future. And why not? It's no real burden to make the change.


It's unreasonable, by principal. Just like how beyonce tried to get her ugly image removed from the internet.


I mean, I don't think Beyoncé should have (or does have) any legal recourse in that kind of situation, but publishing unflattering photos of people just to make fun of how they look is a fairly crappy thing to do. The decent thing to do in that situation would be to refrain from publishing the image unless there were public interest grounds for doing so.


The whole dynamic of this discussion is weird. There's a bunch of people coming up with long winded arguments, not-really-relevant examples and other guff. And there's a bunch of us repeatedly saying "why not just be decent?"


I agree, being a decent person is an active choice we should all strive for.

The burden here is that a number of people are so afraid of being "woke" that they'd rather double down being scummy than just find a different jpeg. If it was their daughter I'm sure they'd have a different opinion


> If it was their daughter I'm sure they'd have a different opinion

Are we back in the 60s where a father has to sign off on the daughters job application? We are talking about a woman who willingly signed up for a playboy photoshoot, had been aware of the image being used and circulated for decades with no issues.


> Are we back in the 60s where a father has to sign off on the daughters job application

Strawnan bs. No one advocated anything like that.

> We are talking about a woman who willingly signed up for a playboy photoshoo

Yep. And decades later asked it to not be used anymore.

You can waste as much time with long winded arguments as you want. Or you could just be decent and not use the image. Your call.


> And decades later asked it to not be used anymore.

Then how are her parents even remotely relevant?

> You can waste as much time with long winded arguments as you want

Brought to you by the people who bring this argument up every time the image is used.


How could she possibly have known what the internet would become, or how vast? Nobody could have "understood" how their photo could be widely disseminated like today.

At the end of the day its a stolen photo, and immoral to continue to use against the express wishes of the subject, no matter how you want to justify it -- she asked, so just respect it instead of finding ways to justify being a jerk.


My understanding is that this photo was consensual and not stolen


It was scanned and reproduced without the consent of Playboy, if I understand it correctly.


What do you mean by that word? Does it mean insincere?

EDIT: Why the downvotes? I'm genuinely curious. I see the word thrown around a lot but I can't get a grasp on what it means


I assume you were downvoted because downvoters would not believe your question was genuine.

It is a fact that in the past groups of people have been ostracized, ignored, paid less, acknowledged less, respected less than today based on their race, gender, sexuality, country, profession etc. This has been raised as an issue and for some years —perhaps decades— a counter-motion has been going on: openly promote/respect/acknowledge people that were previously demoted/non-respected/unacknowledged.

The exaggerated examples of these counter-motions are called “woke”. Imagine that we would like to promote the role of ants in the environment because they were largely ignored in the past, so someone makes a movie where an ant beats by sheer physical strength a lion; that would definitely be “woke“.

There are cases where people can disagree whether something is “woke”; for example, think a woman who travels in time to a patriarchal society centuries ago where women were considered property and part of the background and yet she acts in an independent, outspoken, audacious way to men around her without anyone punishing her. That could be called “woke”, but it depends on one's sense of exaggeration.

Reactions against such exaggerations is called “anti-woke”. A great example IMO of a humorous “anti-woke” statement is the image included in the following link, which is a poster for an imaginary documentary: https://knowyourmeme.com/photos/2440971-netflix


> The exaggerated examples of these counter-motions are called “woke”.

This is your definition. I doubt you will find any agreement on what "woke" means, because right-wingers use it to refer to anything and everything that they dislike.


[flagged]


[flagged]


Petee has simply said that we should respect someone’s pretty reasonable preferences. You’ve popped up out of nowhere utterly furious for seemingly very little reason.

If this is how you behave I think most of us would far prefer to have Petee as a coworker than you. If you’re having a lot of conflicts with your colleagues about this, the problem might not lie with your colleagues…


> Petee has simply said that we should respect someone’s pretty reasonable preferences.

That's not an accurate reading of the Petee's post.

> I think most of us would far prefer to have Petee as a coworker than you.

Speak for yourself.


TL;DR:

> Someone used a HashTable to store objects that should be ordered, then iterated over it using the basic HashTable iterator


[flagged]


Did she? I know she stopped going to tech conferences, but I never saw anything about her saying she wanted use of the image to end?


This is very fair, to respect someone's wishes with regards to how their image is used. I'm sad to see this comment (at the time of posting) be downvoted.

It doesn't imply guilt on the author of this interesting article or others who used this image without knowing her wishes or anything. I don't understand the response.


It’s probably downvoted because it doesn’t add anything to the debugging story.

At some point, I’ll probably watch the “Losing Lena” documentary. But I wasted a few minutes to determine the comment was not related to the story


[flagged]


Are you guys still going on about that because they don't want to create a political space in their open-source project?

Stop putting politics in everything you touch. Once upon a time, before being an activist poseur was in vogue, open source was all about code, not idiotic posturing for terminally online people.

Oh, the beautiful, inclusive movement of brigading and "with us or against us" black-and-white thinking. Very tolerant indeed.


RMS has been an "activist poseur" since the very beginning - i.e. before "open source" was even a thing. Do people just never read stallman.org?


Am I wrong, or is "stop putting politics in _____" just people saying "I will politicize _____"?


You are not wrong.


Apparently acknowledging the existence of computer users who aren't male is political now


Do female users really need "acknowledging"?

Is the lack of acknowledging a barrier?

Are they all waiting for "activists" like you to open the door and be welcomed at using, e.g. SerenityOS?

Do you believe female users feel left behind because there is no official line that says "hi, female users. I acknowledge and salute you. You are welcome here."?

Why do you believe people different than you need your white gloves treatment?

Get off your high horse. It is political posturing at best, at worst it's just getting annoyed at nothing and feeling righteous about it.

All these idiotic inclusive movements all that create is ghettoisation and making everything about gender and race, when the stated goal is to remove the gender and race barrier. In the wise words of Morgan Freeman, "if you want to get rid of racism, stop talking about it".


Yeah, like that time when somebody just wanted to fix a gramatical error ("he" was being used incorrectly) and the maintainers rejected it on political grounds, bringing politics into something that had nothing to do with politics?

So much for a project that claims to be apolitical


Yeah that's kind of their thing, right? The brand of the SerenityOS community is a safe haven for developers who don't want to worry about ethical or code of conduct issues. And for the most part it seems to work okay. It's like the stupid line about "keep politics out of x" which is of course impossible, but in the case of SerenityOS it kind of works for them.


Well the issue is that they seemingly want to be a safe haven for moderate bigots and regressive types as long as they're polite about it, exactly in line with the "keep politics out of x" thing. Their definition of something "political" and deserving of scorn seems to include something as minor as using gender-neutral pronouns in documentation, while assuming that the reader is male is "apolitical" because that's how things used to be.

It seems to be a space designed to avoid anything which the typical 90s white male geek type wouldn't perceive as political. Which in itself is a highly political goal.

"Using Lenna is on-brand for SerenityOS" is not meant as a compliment.


> safe haven for moderate bigots and regressive types

That's an interesting interpretation. Considering that the project has several trans developers and even a handful of (biological) women I'm going to suggest another interpretation: They're not trying to be a safe haven for bigots, they just don't want the endless CoC/pronouns bikeshedding that plagues too many projects these days.


When it comes to inclusion, I look at where the rubber actually meets the road.

If a project welcomes diverse contributors and doesn't foster an environment that alienates them (which, in part, you can evidence by their continued presence and contributions), that seems way more worth its weight than academic quibbles about the language used in documentation.

Are cis and trans women contributors speaking up about any problems? If not, then is the issue really important? I'd rather see a project not actively alienate cis and trans women developers - a higher bar to actively meet than you'd think - than to be religiously attentive to "microaggressions" and the like while doing very little to actually accommodate them as contributors.


Referring to women as "cis women" as if we are somehow a subset of our own sex class is also alienating and unwelcoming. It's awfully disrespectful and reveals a fundamentally misogynistic view of women.


> as if we are somehow a subset of our own sex class is also alienating and unwelcoming

You are though, that's just the truth.

> It's awfully disrespectful and reveals a fundamentally misogynistic view of women.

Sometimes the truth hurts. I'm glad we could teach you it


You are of course free to believe whatever sexist gibberish you like. Doesn't make it true.


i think the issue is more that you feel the need to label anything which does not comply with your ideological view as evil/bigoted/wrong. if it would be a minor issue i hope you wouldn't feel the need to insult and slander volunteers based on simply not agreeing with you, if not i fear what you do to people you have big issues with.


> bigots and regressive types

This by the way is exactly why I approve of any policies that keep people like you out of projects. If you can't learn to get along with people with different beliefs then don't expect them to welcome you.


Well honestly I can't really bring myself to care about it. After all, it's not like we're going into the SerenityOS Discord and seeing Nazis. It's a very slight rebellion, and seems to serve well to defuse tension and actually create a space with less hate than a lot of the spaces which do enforce more modern ethical views.


I just find it sad, more than anything. SerenityOS and Ladybird are interesting projects which I wish I could respect. But instead they seem insistent on regressing back to a dark age in tech where casual sexism was (even more?) commonplace. I can't respect that.


Calling this regressing to a dark age might be why some people choose not to care about such things. Her picture is already everywhere anyway and there's nothing offensive or disrespectful about it.


Sounds like a problem with your close mindedness rather than with the project. Also, you loss and not the project's.


[flagged]


What you're calling "nonsense" is being baseline decent human beings. That's not a headache, but if it was one, it'd be one that's worth the cost.


[flagged]


All ethics is subjective (or at best intersubjective), you're not pointing out anything new or interesting there. Considering the concept of non-male users to be "too controversial" to accept does not meet my threshold for "basic human decency".


[flagged]


I say "female" when I mean female and "non-male" when I mean non-male. In this instance I mean non-male. Please spare me the fake outrage over precise terminology.


[flagged]


I don't understand what you're trying to do. Anyone who could possibly be genuinely convinced by a sexism accusation already knows about the existence of intersex people and non-binary people, so they already know that the term "non-male" refers to a different group of people than "women" (regardless of whether we're talking sex or gender).

This conversation is boring, you're not getting anything out of it, and I'm not getting anything out of it. How about we leave it here?


[flagged]


Cool beans.


It works for them but I don't think it's appropriate everywhere, and there is a cost, if not immediately certainly in the future


In 2021, she didn't.


I don't understand people who enter comment sections just to confidently state something so easily disproven? Losing Lena came out in 2019.


[flagged]


That's a funny way to write, "Oh thanks for pointing that out! I should've double-checked my facts before stating them so confidently."

Regardless, I forgive you.


Seems like you may be virtue signaling in the other direction?

I hate that term "virtue signaling". I most often see it when people simply don't understand the opinions of the other person. "It's impossible that you disagree with me, so I will accuse you of holding inauthentic positions".


Quack quack quack.

Perfect duckspeak.


How exactly did you decide that the concern was insincere?


Do you often talk with just buzz words?


[flagged]


Given SerenityOS's stance on gender-neutral language[0], I think it would be safe to say the use of the Lenna image was deliberate. There's been backlash against using cropped pin-ups as test images since at least the 90s[1], this isn't something they would have just now discovered.

[0] https://github.com/SerenityOS/serenity/pull/24647

[1] https://youtu.be/yCdwm2vo09I


What's SerenityOS's stance? They merged a PR to replace males pronouns https://github.com/SerenityOS/serenity/pull/24648

If I understand correctly, there was just a social media mob calling the project transphobic over the use of a couple of "he" in the documentation, that is uncalled for.


There has been the usual suspects creating drama because that's how they can make themselves important. People who care about getting things done rightfully ignore the crybully mob.


Counterproposal: Keep the Lenna image, but balance it out by adding a second test image with some opposite-flavored eye candy: https://i.imgur.com/TIMyJsW.png


This is honestly a good idea (with an actually attractive model instead). I expect Lenna will never die at this point, and honestly, why try to expnge her from history. The best way to fight a meme is with another meme.


Or you know .. some attractive male model selected by female developers.


Why can't we have personalized research papers, where the images are chosen based on the reader's personal preferences?


The Lenna (or Lena) picture is one of the most widely used standard test images used for compression algorithms.

http://lenna.org/


Yes, but the model has asked that the community stops using this image. It should be pretty easy to find an image that can serve as a standard, and that no one objects to.


This is the thing that makes it pretty open and shut to me. Image library devs can still choose to put the whole political thing aside to respect the wishes of the photo's subject.

Does anyone have to, well, not really, but it'd be the nice thing to do.


Any sources on this?


Yes, for example the interview with her in this video: https://youtu.be/yCdwm2vo09I


To be fair, the article using this image is from 2021 - before the linked interview was even recorded.


Fair enough, thanks for pointing it out.


And Lena herself asked the community to stop using it. Oh well.


Sounds like anger finding an issue to fixate on, if it matters that much to you get some therapy.

I doubt whether the lady in question is as bothered by it as much as you are.

I am more upset by the brutality being inflicted on the innocents in Gaza and the fact in my country the UK, families with both parents in work still struggle to pay their bills.


Lena has publically stated: “But I retired from modeling a long time ago. It’s time I retired from tech, too.”

But that aside, the rest of your argument is just the fallacy of relative privation.


That statement in no way implies she is particularly bothered by it and I'm sure if it is an issue for her she will ask Playboy to fix the problem for her.

That image is over 50 years old and is her immortality.

You guys need to find another outlet for your communist ideology of seeking some real or imagined social flaws as a means of venting your shrewish tendencies.


Why should she need to go through a legal process instead of kindly asking the tech community to move on and use a different image?


Gaza and economics, while important, have zero to do with this, and are at best a lame attempt at deflection.

Describing me as someone who is angry and needs therapy is simply attacking the messenger instead of engaging with the argument. We both have a chance to learn from this exchange.

Whether or not Lenna is bothered by this is not, to me, the issue. What is the issue? We are a field where women are underrepresented and often feel unwelcome. This kind of content and the history behind it only reinforce that. They also sends a terrible message to men that this is appropriate in technical discussions. We can make different choices that are more inclusive at zero cost. Why would we continue to tolerate this? Let’s call it out and do better.


[flagged]


This [0] is probably what you’re thinking of. I thought the same thing when I saw the image but I wasn’t remembering it quite right. That said, it’s clear the model herself would prefer not to be used anymore and there isn’t anything special about the image so I don’t see why we shouldn’t respect her wishes.

EDIT: Someone else in the thread said this is from 2021 but I can’t tell since neither the URL nor the page itself give a date. I’ll never understand people hiding/not showing the publish date on blog posts.

[0] https://news.ycombinator.com/item?id=39885977


> Someone else in the thread said this is from 2021 but I can’t tell since neither the URL nor the page itself give a date.

The Git commits in the article indicate the date.


Ahhh, duh. Thank you for pointing that out. My eyes jumped right over that and I was looking for metadata at the top/bottom of the post.


I often Ctrl+F for 20[012] or 19[9] when looking for a date. :)


That’s a good trick, I might have considered that if I wasn’t on mobile. On desktop “Find in page” is second nature to me but is such a slog on mobile.


Yeah, it’s a bit of a pain on mobile.


> That said, it’s clear the model herself would prefer not to be used anymore

That isn't clear at all.


> Forsén herself has also suggested that the photo should be retired. In 2019, she said she was “really proud” of the picture and she re-created the shot for Wired magazine, which called her “the patron saint of JPEGs”. But later that year, the documentary Losing Lena spearheaded the latest effort to encourage computer science to move on. “I retired from modelling a long time ago,” Forsén said on its release. “It’s time I retired from tech, too. We can make a simple change today that creates a lasting change for tomorrow. Let’s commit to losing me.”

Yes it is.


The documentary created by those who wanted her gone? It's understandable that she doesn't want to have that angry mob continue harassing her. But everyone else doesn't have to give in to cancel culture.


Define "people"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: