1. 1

    How about making a video out of those QR Codes? I believe this could be a natural fit, recent codecs are particularly useful at compressing information, and QR Codes’ error correction could mitigate the compression artifacts maybe?

    1. 13

      And yet, it is still necessary to download one third of a gigabyte worth of Node modules to build WebPack, to be able to use Phoenix’s live view. Lovely article, but it does not fully cure my Javascript fatigue, haha

      1. 9

        I followed this very helpful post to replace webpack with snowpack, which uses esbuild (a bundler written in go) for super fast iterations and fewer dependencies: https://www.richardtaylor.dev/articles/replacing-webpack-with-snowpack-in-a-phoenix-application

        1. 2

          This is great! Thank you!

        2. 4

          Well, you aren’t forced to use LiveView. Additionally I think that most of the deps come from Webpack which you can replace with “lighter” builder if you want.

          1. 2

            I am using LiveView without webpack. I used symlinks:

            [dmpk2k@bra js]$ ls -lah
            [...]
            -rw-r--r-- 1 dmpk2k dmpk2k 3.7K Feb  2 21:51 app.esm.js
            lrwxrwxrwx 1 dmpk2k dmpk2k   50 Dec  4 22:49 phoenix.js -> ../../../../../deps/phoenix/priv/static/phoenix.js
            lrwxrwxrwx 1 dmpk2k dmpk2k   70 Dec  4 22:49 phoenix_live_view.js -> ../../../../../deps/phoenix_live_view/priv/static/phoenix_live_view.js
            [...]
            

            Inside the layout:

            <script defer type="text/javascript" src="<%= Routes.static_path(@conn, "/js/phoenix.js") %>"></script>
            <script defer type="text/javascript" src="<%= Routes.static_path(@conn, "/js/phoenix_live_view.js") %>"></script>
            <script defer type="module" src="<%= Routes.static_path(@conn, "/js/app.esm.js") %>"></script>
            

            Inside app.esm.js:

            let csrfToken = document.querySelector("meta[name='csrf-token']").getAttribute("content");
            window.liveSocket = new phoenix_live_view.LiveSocket("/live", Phoenix.Socket, {
              params: {_csrf_token: csrfToken},
              hooks: Hooks
            });
            window.liveSocket.connect();
            

            Perhaps I’m missing something by skipping off the beaten path, but it works fine, and life is easier. At some point I’ll make the build gzip the two files, but otherwise there isn’t much more to be gained with a bundler.

            Webpack boils an ocean to make a cup of tea.

            1. 1

              +10! There are lighter projects similar to LiveView: https://github.com/vindarel/awesome-no-js-web-frameworks/ & https://github.com/dbohdan/liveviews some without needing JS at all.

              1. 4

                Only way I see it could work is that it will use WebAsm, which for me isn’t much different from using JS.

                EDIT: I have checked - whole Phoenix LiveView with it’s dependencies (phoenix library for socket integration and morphdom) is ~173 KB unminified and ungzipped. After minification and gzipping it will be almost negligible. Most of the “bloat” comes form Webpack (as mentioned earlier) which can be without much issues replaced with any other build tool of your preference, even just cat to join all files together.

            1. 2

              I am on Firefox on iOS and the website tells me my browser isn’t supported, even though OP says it should work on mobile Firefox.

              1. 2

                Firefox on iOS is not Firefox at all. It’s just a wrapped Safari in-app web view called Firefox only because it supports FF Sync.

              1. 12

                This article leaves aside the most useful special parameter for elegant conditional: the “most recent argument”, $_.

                Example of use: test -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh && source $_ || echo "zsh-syntax-highlighting not installed" >&2

                1. 6

                  Even

                  test -f /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh \
                  && source "$_" \
                  || echo "${_##*/} is not installed" >&2
                  

                  😎

                  1. 3

                    TIL. Thank you for sharing, I never knew that one.

                    1. 2

                      Brilliant! Wasn’t aware. Added it in the post.

                    1. 2

                      The only thing I dislike about it is that it relies on VRChat, whose terms of service you have to comply to, and whose SDK seems to be a bit restricted (you cannot use all the Unity features you want).

                      I would rather try to use VSeeFace, although it relies on face tracking alone, instead of the possible full-body tracking we can get with SteamVR.

                      1. 3

                        I’m pretty sure it would be doable to make something else on top of Unreal or Unity (maybe even Godot). This is something that I’ve been thinking about for a while, but I am not a game development kind of person. I’m just trying to get things to work at all.

                        At the very least I see something like this as a tech preview for what you could do with more specialized open source software. The main problem I had is that I already found an avatar I liked in VRChat and it is difficult to export those from VRChat to other programs. I have gotten a copy of the unity package and shader bundle for my avatar though, so we’ll see where it goes from there.

                      1. 10

                        Will it let me modify this website to be accessible to people who can’t or don’t want to watch videos?

                        1. 3

                          Yeah, it is infuriating (and embarrassing) for an accessibility tool to not provide an accessible transcription of the videos. Meh.

                          1. 7

                            I don’t know why this is labeled “a11y”, it’s not necessarily a tool for enhancing accessibility.

                          2. 2

                            My phrasing here is trollish (apologies to anyone hurt) but my point is serious.

                            1. 1

                              If you follow the link to the web version of the Convivial Computing Salon paper, that page has plenty of writing about the project:

                              In this paper, we present spreadsheet-driven customization, a technique that enables end users to customize software without doing any traditional programming. The idea is to augment an application’s UI with a spreadsheet that is synchronized with the application’s data. When the user manipulates the spreadsheet, the underlying data is modified and the changes are propagated to the UI, and vice versa.

                              We have implemented this technique in a prototype browser extension called Wildcard.

                            1. 2

                              Please add a add tag tag.

                              Given the volume of tag addition and tag-specific posts Lobste.rs receives at this point, there should be a tag addition tag.

                              Examples:

                              1. 16

                                filter meta and move on

                                1. 0

                                  same applies to the OP, filter linux and move on

                                  1. 7

                                    There are plenty of Nix posts that don’t have anything to do with Linux.

                                2. 7

                                  Discussion about tags already belongs to meta, no need to create a new tag for which a category already exists.

                                1. 1

                                  That was painful to watch… Thirteen minutes of “what to do if I come from Sublime Text 3”, a few more minutes of “look at what is new”, and just ONE minute of getting started. 😅

                                  1. 2

                                    Where are the tips? This feels like a manual page.

                                    1. 1

                                      For Rust, the most amazing CLI parser library you can find is Pest.

                                      1. 2

                                        Any thoughts on why Pest is better that structopt? (which seems to be the default people turn to)?

                                        1. 1

                                          What about argument-specific parsing, like clap or structopt? I haven’t actually used any of these, but I see them being commonly cited.

                                          1. 1

                                            In my experience there’s lots of good options, with slightly different tradeoffs. Pest isn’t specifically for command lines, it’s just a parser lib. For command line args specifically, there’s two main styles: ones that take a bunch of options and let you query them individually, like clap or argparse, and ones that let you just slap some annotations on a struct and parse your options into that struct, like structopt and argh. They’re all pretty good, just depends on what you want and how you want to get it.

                                            1. 1

                                              clap and structopt are both very good, but (and I think this is a big issue) they are both really substantial dependencies that in my own experience deliver a big hit to compile times. Compile times in Rust are an issue, so as powerful these libraries are, at this point I personally prefer not to use either of them.

                                              1. 1

                                                Compile times are definitely a pain, but if you plan on compiling the tool once and using it for months or years, I’d argue their flexibility and power pays off (although I’m guilty of avoiding them too, mostly because I haven’t done any serious Rust CLI…). Or even shipping the binaries to users.

                                                1. 1

                                                  Small clarification, for those not as familiar with Rust (not directed at @alilleybrinker :)). Structopt is a wrapper around clap which adds Custom Derive procedural macros to allow placing attributes on struct definitions and having the argv parser inferred from such definitions. Most of the compile time is spent on the Custom Derive procedural macros and supporting crates. I.e. clap compiled without the optional features is usually very quick and does not add any significant compile time.

                                                  Edit: full disclosure I am the original clap author.

                                                2. 1

                                                  I’d also checkout Seahorse.

                                                3. 1

                                                  Actually, I cannot edit my answer know, but I meant to say Nom, not Pest, and I wanted to talk about parser combinators. Plenty of options for sure!

                                                  1. 4

                                                    Neither Pest nor Nom are CLI parsers though… You might use them to implement a CLI parser, but they are not CLI parsers themselves. They are not things I’d recommend to people wanting to write a CLI tool in Rust for handling argv outside of very specialized circumstances.

                                                1. 5

                                                  What kind of gui? What controls you need? Where will it run?

                                                  1. 4

                                                    Notebook/REPL/IDE-type thing. Desktop platforms (linux primarily, but should work with all three).

                                                    1. 5

                                                      If you don’t mind non-native widgets, I’d suggest looking at ReveryUI. Check out OniVim for an example application built with it.

                                                      1. 2

                                                        I thought (without having any experience with Revery) that a large part of the appeal was that it compiled to native code? Or by “non-native widgets”, do you mean something else?

                                                        I’ve been looking at Revery for a project I’ve been sketching out; it seems like a very nice option. If you have any experience building things with it, I’d be interested to hear what you think - one small downside to adopting the framework now is that it seems not much other than Oni2 has been built with it yet (and so there’s more concern about documentation, stability, etc.)

                                                        1. 2

                                                          I thought (without having any experience with Revery) that a large part of the appeal was that it compiled to native code? Or by “non-native widgets”, do you mean something else?

                                                          You’re right that it does compile to native code and that’s one of it’s great benefits.

                                                          Some people prefer their apps to have a “native” feel, by which I mean, buttons, input, windows, and other UI elements have the Operating System’s design. This is not what you get with Revery, each app will mostly look the same on each platform.

                                                          I’ve been looking at Revery for a project I’ve been sketching out; it seems like a very nice option. If you have any experience building things with it, I’d be interested to hear what you think.

                                                          At the moment I’ve been mostly playing around with tiny projects while I learn ReasonML. I do really like it, but I have not got the experience with a large project, releasing, or long term maintenance to give all the disadvantages.

                                                          One negative I can give is that I feel I’ve had to learn React to learn ReactReason and Revery. As someone who mostly used Vue before rather than React this has added an extra hurdle.

                                                        2. 1

                                                          ReasonML is an absolute pain to setup on a new machine. I wish you luck if you follow that path.

                                                          1. 3

                                                            I didn’t come across any issues when I did it a few months ago. Granted, I’m on MacOS so I couldn’t say if this experience is different on Linux.

                                                            1. 2

                                                              Maybe I should try again. Last time I tried to install anything with ML on the bottom, it left junk all over my computer.

                                                            2. 3

                                                              What setup are you using? It seems to be as easy as doing:

                                                              sudo apk add reason

                                                              on alpine

                                                              1. 1

                                                                Can you say more? I’ve been playing around with ReasonML and haven’t had any trouble getting going (at least, on Linux - I can’t speak to other OSes).

                                                        1. 9

                                                          there are a few nginx options in that example config that aren’t needed anymore, or are deprecated, mostly around the add_header commands. like Public-Key-Pins is deprecated now. A good example for nginx security would be more like[0], using the Mozilla SSL generator tool.

                                                          0: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1d&ocsp=false&guideline=5.4

                                                          Also for caddy I believe you still need to add the Strict-Transport-Security header and specifically opt-in for TLS1.3. (I could be wrong, as I don’t use Caddy anymore)

                                                          1. 7

                                                            Mozilla’s SSL generator tool makes it super easy to configure nginx, and you can use something like ssllabs.com to test it out. I don’t really share the author’s difficult experience dealing with this..

                                                            1. 1

                                                              Let’s Encrypt, maybe?

                                                              1. 2

                                                                Let’s Encrypt’s certbot will automatically handle your nginx config if you choose to verify that way (I just do DNS verification, so can’t comment more about it)

                                                          1. 1

                                                            So, a candidate asks about what the current tech debt is, and they answer with a story of what the debt used to be? Smells a bit fishy…

                                                            1. 2

                                                              How do you answer that in practice, though? They were quite open about the current architecture in the article. If they don’t know of any major issues, only time will tell what the current technical debt is.

                                                              Unless you mean an answer along the lines of “this code was written in the style popular in 2012 and the dependencies are old versions”.

                                                            1. 2

                                                              Maybe that’s just me, but the text (when visiting the submission’s link) shows up as blurry and barely readable, on Firefox on iOS.

                                                              I can see the GitHub buttons just fine though, so I’ll read about the project there.

                                                              EDIT: That’s just the intro text, apparently.

                                                              1. 1

                                                                Oh just realized, github-pages default theme is adding some css blurriness there. I will fix it. Thanks! Same text is also here: https://github.com/hakanu/pervane

                                                              1. 21

                                                                https://christine.website - It’s not a static site though people can think it is.

                                                                1. 9

                                                                  The aesthetics of https://christine.website/ are some of the most pleasing I have ever seen on a personal website. I found @cadey’s blog a while ago when V is for Vaporware blew up on Reddit and lobste.rs. I was absolutely stunned by how nice website is on the eyes and I wish that more sites/blogs would adopt this kind of styling.

                                                                  1. 7

                                                                    If you want to adopt a styling similar to my own, use this: https://github.com/Xe/gruvbox-css. Examples here, here, and here.

                                                                    1. 2

                                                                      Aaah, I knew I’d seen this theme somewhere! I use it in Neovim. Awesome!

                                                                    2. 2

                                                                      Not to be mean, but isn’t there a Hugo theme that looks rather alike?

                                                                      1. 1

                                                                        Probably? I don’t mind though.

                                                                        1. 3

                                                                          Ah, misread @ashn’s comment as saying something else – what I can’t remember. But the main pleroma developer’s blog is what I meant.

                                                                          1. 2

                                                                            Yeah, we both use hack.css.

                                                                    3. 3

                                                                      Definitely the approach I’d take if building a blog or personal site. Build a site, not a static site generator.

                                                                      The site itself looks great too.

                                                                      1. 2

                                                                        What are you using, it it’s not a static site?

                                                                        1. 1

                                                                          A simple webserver in Go that slings HTML: https://github.com/Xe/site

                                                                        2. 1

                                                                          Dig the aesthetic. I have found something to hack on this weekend :)

                                                                        1. 23

                                                                          the way i see it,

                                                                          • there was a bsd-licensed osxfuse project
                                                                          • fleischer was the maintainer and pretty much sole developer of it
                                                                          • lots of companies maintained their own private forks of it, bundling it with proprietary apps and not contributing anything back upstream
                                                                          • fleischer also maintained his own private fork
                                                                          • his fork happens to work on catalina
                                                                          • he is offering companies whose forks do not work on catalina the opportunity to access his source code, as a commercial deal

                                                                          other than the fact that he deliberately concealed the fact that he was no longer developing a bsd version (presumably so that no one else would bother working on catalina support until it was too late) i have no issues with what he did.

                                                                          1. 27

                                                                            I have yet to encounter a free software or open source license that guarantees the freedom to be informed of the author’s otherwise private business plans in advance. :-)

                                                                            osxfuse became de facto non-free software once the Kernel Extension Signing Certificate was required, much like Linux on the TiVo. Sure, you can change it but then you can’t run it. The fact that it’s no longer gratis isn’t a setback for software freedom at all.

                                                                            1. 10

                                                                              An interesting fact about tivoisation that shouldn’t be forgotten is that Linus Torvalds is outspokenly okay with the method.

                                                                              1. 5

                                                                                My impression is that opposition to tivoization was mostly from Stallman/FSF.

                                                                                1. 5

                                                                                  At times I wonder if the FSF’s push against Tivoization was the beginning of their decline. Linus and the Linux kernel ignored them, big companies got cold feet on “free software” and moved to “open source” (and the symptoms of it like say, Mac OS not shipping modern bash, the rise of LLVM, etc.), and the GPLv3 is seen as overreach by lawyers.

                                                                              2. 1

                                                                                I have yet to encounter a free software or open source license that guarantees the freedom to be informed of the author’s otherwise private business plans in advance. :-)

                                                                                that’s a good point :) and if the companies really cared they could have reached out to him and asked if there would be a catalina version, at which point he could have asked them to pay him to work on it.

                                                                                1. 1

                                                                                  The fact that it’s no longer gratis isn’t a setback for software freedom at all.

                                                                                  It’s a kernel extension for an OS that isn’t free (AFAICT only Mojave source is available and it’s not like you can build MacOS) and seeks to restrict what you can do with it (via Gatekeeper, which can be turned off but is harder to do so than before - this is why I say seeks rather than restricts). I’m not sure there’s that much software freedom to begin with.

                                                                                2. 12

                                                                                  lots of companies maintained their own private forks of it, bundling it with proprietary apps and not contributing anything back upstream

                                                                                  This is exactly the reason why we have GNU GPL and copyleft.

                                                                                    1. 16

                                                                                      Of course. But „private“ means that you are using given software for your own purposes (at your household or at your company/organization). It is OK that you do not have to publish your changes.

                                                                                      However if someone is „bundling it with proprietary apps“ (which is the case we are talking about), then he is distributing the software to his customers – and at this point GNU GPL comes into play and says that he must share also the source codes with his customers (not with public, but the customers can publish them because GNU GPL grants them this right).

                                                                                      P.S. For the software that is not distributed to the users but is used over the network, there is GNU Affero GPL. And TiVoization is avoided by GNU GPLv3 (since 2007).

                                                                                      1. 1

                                                                                        Yep, it also does not require upstream commits. Your only obligation to the maintainer is credit and preserving the freedom of the user.

                                                                                      2. 0

                                                                                        There may not have been anything to commit back upstream (i.e. no changes to osxfuse were made), and the source code for the application is probably not very useful for this osxfuse developer.

                                                                                        1. 2

                                                                                          “Maintaining a private fork” implies making changes to the source. If you’re just downloading the code but not making changes to it, you aren’t “maintaining” it.

                                                                                          1. 1

                                                                                            “Maintaining a private fork”

                                                                                            Where is that claim being made? All I see being claimed is that companies are “using” it, not modifying it.

                                                                                            1. 1

                                                                                              https://lobste.rs/s/2alill/osxfuse_is_no_longer_open_source#c_1mh8hv:

                                                                                              lots of companies maintained their own private forks of it, bundling it with proprietary apps and not contributing anything back upstream

                                                                                              This is exactly the reason why we have GNU GPL and copyleft.

                                                                                              The very comment you replied to discusses it.

                                                                                              1. 1

                                                                                                That’s just the summary/paraphrasing of someone (“the way i see it [..]”); I think they were just making assumptions? I read the article and all linked issues, and don’t see a mention of anything like a “fork”, just “using”, but perhaps I missed it?

                                                                                                As I understand it forking – private or otherwise – would actually be rather hard (though not impossible) because of the special kernel module signing certificate, which are not so easy to obtain.

                                                                                    1. 10

                                                                                      I use Jekyll and Hugo but I’m constantly wrestling with them. Too many features. Too much magic. Too blog centric. They should be called “static blog generators”.

                                                                                      I dream of a “unified theory of static site generation” in which it would be as easy to host a blog as any other kind of content using a number of more generic primitives that give the user flexibility without creating complexity.

                                                                                      1. 2

                                                                                        I use Hugo for my website, made everything from scratch. What are the things you found that are too blog-centric?

                                                                                        1. 3

                                                                                          That was about a year ago so I may be a bit rusty but basically I had a hierarchy of different kinds of contents + some cross cutting elements. I wanted control over how the different kinds of content are displayed in their index pages and needed multiple levels of nesting.

                                                                                          Hugo makes it easy to create lists of different kinds of content with the minimum flexibility required to produce a blog. But when I wanted more control over index pages, links to sub content and multiple levels of nesting I found it very difficult to use. I had to read a ton of resources, watch hours of video tutorial, and still couldn’t get it done exactly how I wanted it to be. I could have done it all in Django in 2 hours.

                                                                                        2. 2

                                                                                          I’m in the same boat as you. Older stuff done in Jekyll, newer stuff done in Hugo. Feels like I’m only using 10% of the available bells & whistles, but have to fight the other 90% trying to inject themselves into my workflow. I’m considering moving everything to soupault, which conceptually seems much more interesting than the rest of the pack.

                                                                                          1. 1

                                                                                            I too use Hugo. Can be a bit overwhelming, i admit.

                                                                                            But may I suggest to use https://github.com/kaushalmodi/hugo-debugprint in your layout, so that while in devmode you can see all your page varables at the bottom of the page.

                                                                                            Has helped me a lot.

                                                                                            1. 1

                                                                                              Thanks! I’ll give a try next time.

                                                                                          1. 2

                                                                                            If you are looking for something a bit fun, here is a janet lisp based one:

                                                                                            https://github.com/bakpakin/mendoza

                                                                                            1. 2

                                                                                              I would be great to be able to just insert pieces of lisp between template open/close tags, and reference template variables directly from it. Or it’s possible and I’m just missing something?

                                                                                              The idea is great but that pair of template delimiters just for the closing paren is aesthetically repulsive.

                                                                                                  <ul>
                                                                                                    {% (for i 0 100 %}
                                                                                                      <li>Item {{ i }}</li>
                                                                                                    {% ) %}
                                                                                              
                                                                                              1. 3

                                                                                                I think something like structured templates could work? I.e:

                                                                                                {%
                                                                                                (for i 0 100 (li "Item " i))
                                                                                                %}
                                                                                                
                                                                                              2. 2

                                                                                                Is its name a The Good Place reference? Jason Mendoza being in love with Janet?

                                                                                                1. 1

                                                                                                  I’m not the author, but almost certainly yes.

                                                                                              1. 6

                                                                                                Why does anyone trust Keybase? They’ve been untrustworthy since they originally suggested uploading private GPG keys for convenience

                                                                                                1. 4

                                                                                                  Exactly! Like hell I’m giving them my private key!

                                                                                                  IIRC, I created a key pair just for Keybase. Signed it with my key pair. That worked fine since nobody on Keybase checked it that I remember. That just inspires more confidence, right? ;)

                                                                                                  1. 3

                                                                                                    It’s the same as uploading an encrypted key to Dropbox, Google drive, etc. Yes, in theory you lose a tiny bit of security, but realistically your attacker needs to break AES to use your key, and such attacker capabilities usually aren’t included in most threat models.

                                                                                                    1. 1

                                                                                                      The keys weren’t encrypted with a passphrase for the web stuff to work seamlessly.

                                                                                                      1. 1

                                                                                                        IIRC web stuff connects to keybase service on your computer to work

                                                                                                        1. 5

                                                                                                          It originally didn’t at the launch of Keybase. You had the option of cli tools (secure, you control the key) or uploading to their web servers for convenience

                                                                                                        2. 1

                                                                                                          Odd. The web app does scrypt (even says that on the login button) on the password, I’d be surprised if the derived key wasn’t used to encrypt the keys used for messaging.

                                                                                                          1. 2

                                                                                                            Unless you have a time machine you won’t be able to see what they used to do with uploaded GPG keys

                                                                                                            1. 1

                                                                                                              Indeed, because the backend is closed source.

                                                                                                              1. 2

                                                                                                                And even if it was open, because you can’t know that’s what they were actually running. (This is why E2E encryption and an open client is important, and an open backend is a security red-herring.)

                                                                                                      2. 3

                                                                                                        This is one of those situations where if you’re a hardcore crypto-head, and have been managing your own PGP/GPG keys for years? You probably shouldn’t, but then it’s not FOR you.

                                                                                                        It’s for people who want a reasonably secure, convenient way to use crypto to send/receive email, store files, and chat.

                                                                                                        There’s no requirement that you upload your existing keys to them, you can always have them generate a fresh key and use it that way.

                                                                                                        1. 1

                                                                                                          Yes true but it is misleading to the non-technical users. Compromise of the Keybase servers meant compromise of their private keys, and as there was no forward secrecy in use…

                                                                                                          1. 3

                                                                                                            I disagree. I don’t think they ever claimed that users keys wouldn’t be compromised if they (Keybase) were.

                                                                                                            This is a perfect example of the perfect being the enemy of the good.