1. 2

    Since I use Gandi as a registrar for my domain names, one of the oldest registrars in France (that supports free software and associative projects), and that it offers mail services (for people, not bulk sending email) for no additional cost, I use Gandi Mail for my new accounts (haven’t completely migrated from GMail).

    They offer 2 mail boxes per domain names (5 for older customers with existing domains), with infinite number of aliases per mail box that support wildcards (e.g. *@example.com for easily using one email per account in a single mail box).

    They support Sieve rules/filters (e.g. when the built-in anti-spam is not enough, or if you want to automatically send responses).

    They also have a paid plan if you want more storage.

    1. 1

      I use Fastmail for my primary inbox because gandi doesn’t push messages, but all my secondary accounts go through gandi - fantastic service given it’s free with the domain registration.

      1. 1

        What do you mean by “doesn’t push messages”? It feels like they are actually.

        1. 1

          On ios, at least, I’m using mail.gandi.net with IMAP.

          Mail for that account never arrives in the background (only after I open mail.app) whereas my other accounts deliver mail immediately regardless of what else I’m doing.

          1. 1

            I don’t have this issue on Thunderbird and K-9 Mail.

    1. 4

      Too bad the spec is not appealing. I have a hobby project that requires it, but it’ll take time to draw schemas of interactions between spec’s components. And I’m thinking more of social web protocols as a whole.

      I understand that to add layers on top of HTTP is not the lighter way, but I’d like to see the email protocols (SMTP…) be replaced by these new web protocols. At least for registration on 3rd party services, which is one of the most used use of emails nowadays.

      1. 4

        Seems fair I guess. They probably made thousands of easy ad dollars off Nintendo’s property, so it’s normal they have a problem with this.

        1. 4

          However, is Nintendo actually making profit of the original Zelda, for example? I mean, is there a way for me as a player to get to play the original Zelda without having to search for a second hand NES and fishing for the original cartridge in flea markets? I get that is their intellectual property, but still it’s not like they still sell those games

          1. 18

            The current philosophy of the law is that Nintendo has an eternal right to tax Zelda. It was never meant to go into the public domain, will never go into the public domain, and if legislators have funny ideas about this stuff then they’ll use their billions of previous culture tax revenue to bribe (er… “lobby”) them to have the right ideas again.

            Anyone who gripes about this state of affairs is obviously a commie trying to steal from them.

            1. 2

              In my understanding, in France and probably other countries, works (not sure what, but writings and musics are included for example, probably programs/video games?) enter public domain 70 years after creator’s death.

              How can this apply to a living company?

              1. 2

                The original author(s) license (indirect in employment contract or direct via a specific one) rights to the work. The ‘death’ clause becomes really gnarly when the actual work of art is an aggregate of many copyright holders.

                This becomes more complicated as the licensing gets split up into infinitely small pieces, like “time-limited distribution within country XYZ on the media of floppy discs”. Such time-limit clauses are a probable cause when contents to whole games suddenly disappear, typically sublicensed contents like music.

                This, in turn, gets even more complicated by the notion of ‘derivative’ work; fanart or those “HD remakes” as even abstract nuances have to be considered. The stories about Sherlock Holmes are in the public domain, but certain aesthetics, like the deerstalker/pipe/… figure - are still(?) copyrighted. Defining ‘derivative’ work is complex in and of itself. For instance, Blizzard have successfully defended copyright of the linked and loaded process of the World of Warcraft client as such, in the case against certain cheat-bots - and similar shenanigans to take down open source / reversed starcraft servers.

                Then a few years pass and nobody knows who owns what or when or where, copyright trolls dive in and threaten extortion fees based on rights they don’t have. Copyright in its current form has nothing to do about the ‘artist’ and is complete, depressing, utter bullshit - It has turned into this bizarre form of mass hypnosis where everyone gets completely and thoroughly screwed.

                These aspects, when combined, is part of the reason as to why “sanctioned ROM stores” that virtual console and so on holds have very limited catalogs, the rightsholders are nowhere to be found and can’t be safely licensed.

            2. 10

              Yep, Nintendo do still sell these games, and it is possible for you to buy them. I bought one of these last week.

              https://www.nintendo.com/nes-classic/

              1. 2

                They also still sell them on the Wii U and 3DS Virtual Consoles.

                1. 1

                  Oh sure, I totally forgot about those new editions, you’re right

                  1. 2

                    I just got a NES Classic and SNES Classic. They are pretty dope! I think that they are starting to care a lot more now that these are a thing :)

                    This does, however, have the unfortunate side effect of players not being able to play their favorites unless they are one of the ~60 games on these two classic editions. So, that’s sad. :(

            1. 10

              On a related note, it’s also worth noting that the user control situation is even worse on mobile devices. You pretty much can’t buy phones or tablets with unlocked firmware that you can easily put your own operating system on.

              1. 10

                Well there is the Librem at least.

                https://puri.sm/shop/librem-5/

                1. 1

                  It is my understanding that even this and Fairphone still require blobs and the baseband is totally opaque. The battle for complete user freedom on mobile still seems to be completely lost.

                  1. 3

                    This is correct. Purism routinely exaggerates about what they are able to provide in terms of openness, without any plausible way of actually delivering. It’s quite tiresome.

                    Not only will Librem 5 have blobs, they’ve now shamelessly announced they intend to use a loophole to procure FSF RYF certification despite this. If this is allowed to stand, it also makes RYF rather meaningless.

                2. 7

                  Also Fairphone:

                  We offer the ability to choose between the Google experience and the freedom of open source. Both versions are officially supported by Fairphone and we will provide continuous software updates.

                  In addition, and because the code is openly available, everybody is free to work on making other operating systems work on the Fairphone 2. The community already offers alternative operating systems like Sailfish OS, Ubuntu Touch and LineageOS.

                  1. 2

                    Fairphone requires proprietary firmware blobs anyway.

                    1. 1

                      Thanks, haven’t seen Fairphone before. I really hope there will be enough of a niche for companies like them and Librem going forward.

                      1. 5

                        As a Fairphone user: the market is made by buying the damned phones.

                        I wish there was an official Sailfish distro. I’m a happy user of the community port, but I also tolerate some glitches. Like not being able to calibrate the proximity sensor or run android apps.

                        But, as stated, they do have a non-Google android for those who want to be closer to the mainstream and a Google android for people who don’t care that much.

                    2. 2

                      You can unlock the bootloader on most Android phones and you can run LineageOS or other AOSP forks, sometimes Ubuntu Touch and Sailfish ports, or postmarketOS.

                      You typically have to run the vendor android kernel fork if you want to have useful functionality, but some devices (Nexus 5, Nexus 7, Xperia Z2, Xperia Z2 Tablet) can run mainline Linux.

                      https://wiki.postmarketos.org/wiki/Devices

                      1. 1

                        I know that you can unlock the bootloader, but I think that’s very far from ideal. Also the tools themselves tend to be closed source, and sketchy. You should be able to decide what runs on your phone without jumping through hoops.

                    1. 9

                      Note: you may get the impression this is proxy’s fault, but it isn’t. Host: registry.npmjs.org:443 is, although unusual, a valid HTTP request. (Host: registry.npmjs.org is usual.) It’s NPM registry that is in violation of HTTP standard here.

                      1. 6

                        Huh, interesting, I definitely would have assumed that it would only include the “host”, but you’re totally right:

                        Host = "Host" ":" host [ ":" port ] ; Section 3.2.2

                        https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

                        1. 2

                          That is kinda weird/interesting. If browsers did report the port, I could see mismatched Host header vs real port when behind a load balancer (typically handled by the load balancer adding X-Forwarded-For headers). But most browsers probably don’t do this, unless it’s a totally non-standard port?

                          1. 2

                            You can also mismatch TLS Server Name Indication and Host header. For example, nginx treats TLS and HTTP separately so it does not care if it mismatches.

                      1. 5

                        I’m not fan of full JS websites, when most pages can be cached server-side and will be (about) the same on each reload.

                        1. 5

                          I’m using some VPS, not (yet) a server at home. I use Debian or Arch Linux on these.

                          I’m hosting:

                          • my small websites
                          • Mastodon (private instance)
                          • Nextcloud
                          • tt-rss (until I code my own replacement)
                          • ZNC
                          • Gitea
                          • OpenVPN
                          1. 3

                            Just use singular table names.

                            1. 1

                              You can also consider rate limits. You probably should. Also, forms must have CSRF tokens.

                              1. 2

                                I like the checkbox hack for showing a dark theme (even when JS is disabled).

                                1. 1

                                  Thank you. I use JS only to save the selected mode for the whole session. Without JS it goes back to the default state on page reload.

                                1. 1

                                  Don’t forget to redirect back to the old locations if you ever migrate back to the old view.

                                  1. 1

                                    And… you did forget that!

                                  1. 2

                                    This article promotes proprietary software, it does not really say anything else.

                                    1. 3

                                      Finish a system which makes RSS feeds from release versions, with Wikipedia as source. This gives me a single place to keep track of things I need to keep track of for work, without getting too much noise. Works pretty well for things as git, Kibana, or Ruby. Not so much for very small projects which don’t have a Wikipedia page :) Mostly done, needs a few things still: https://verssion.one and/or my github. After that the next side project to keep me distracted from real work…

                                      1. 2

                                        I plan to do something like this (track software updates), but I would directly scrap software websites or CVS web interfaces (e.g. fetch git tags on cgit) instead of relying on Wikipedia, to get instant updates. I wonder how package maintainers (or Wikipedia contributors) are dealing with this because few pieces of software have an RSS feed for updates.

                                        By the way, to have a user-friendly way to privately scrap websites (elements of pages, text files, etc…) automatically for all kind of updates would be awesome. I know someone that uses a piece of proprietary software that is not so nice for that matter.

                                        1. 2

                                          I’ve been mentally designing a ‘good’ way to do this for some time.

                                          It’s very hard if you care about edge cases, but not so bad if you don’t. I’ll do a show-post here if I ever get it going nicely.

                                          1. 1

                                            Going to the sites directly makes it really hard to filter out betas and other unstable releases. Even the github “releases” page don’t help much here; it also happy lists the -pre1 releases. Regexp-ing version numbers is also less easy than it looks (192.168.1.1 looks like a perfectly fine number), so you would need to twiddle for each and every software project, definiing a source, what a version looks like, and how unstable versions work, and keep them up to date. On top of that there is Vim, which releases a new stable(!) version every 4 hours or so. :)

                                            I had a look at all that, and at what is available on wikipedia. I choose to use wikipedia, since it’s Good Enough IMHO. And as a bonus it helps keep wikipedia up to date!

                                          2. 2

                                            You might have luck with scraping gem repositories for version numbers. Could be a bit more straightforward too.

                                          1. 2

                                            You can also consider to use a static website generator, such as Jekyll. The idea is to do not expose any dynamic content such as an administration panel that could lead to a potential vulnerability. You may not have the time to update a CMS in the future, and a static website won’t expose a vulnerability. Also you are free to design your website according to your needs, unlike with a CMS.

                                            1. 4

                                              I’m on my own personal instance, @Exagone313@share.elouworld.org. I’m using Twidere on Android, available on F-Droid.

                                              1. 1

                                                Are you aware of a “relational” database to store entities that could be “incomplete” (e.g. you get only a part from an API call then every parts from a second API call) or with optional fields (like you can do with documents), but still having relations between entities (foreign keys and 1..1, 1..n, n..n relations), and be able to run on a distributed system? I was thinking of storing optional fields somewhere else, like in PostgreSQL’s array or in filesystem, but obviously a lot of keys and string values are repeated and it could work with that). What would be very useful would be to detect entities in child nodes of a json/bson document (potentially recursively) and create new entries for them (hence the incomplete entities).

                                                1. 2

                                                  If I understand you correctly, you can do this in any SQL database. Just select only the fields you actually want on the first call. As far as allowing relationships to be optional, that’s what nullable foreign keys are.

                                                  Running on a distributed system is harder, especially if your workload is online transaction processing. But that would be challenging regardless of the data store you choose. If you really need something that high-end, you can always pay for Spanner…

                                                  But the odds are that you don’t need that. When people frame their requirements as “it needs to be a distributed system”, I take this to mean that they don’t know what their requirements actually are. Do they need redundant copies to prevent data loss? Do they need high availability? Those are mutually exclusive (in practice, with existing solutions, other than Spanner; I’m not trying to argue about the CAP theorem), so… maybe they haven’t thought it through.

                                                  1. 1

                                                    I think I’ll make an article later to describe exactly what I would like.

                                                    1. 1

                                                      Sure, go for it. The response is probably going to be some form of, you can meet the basic needs you’re thinking of but you might have to change the schema a little to make it happen. SQL definitely isn’t like JSON-based storage systems where you can always fit the existing data into it without rearranging it at all.

                                                  1. 1

                                                    OK, thanks!

                                                    1. 1

                                                      Question is why it’s taking this long to just generate a new cert with the extra SAN…

                                                      1. 4

                                                        No one is paid to work on lobsters. If you know ansible and letsencrypt you should be able to help out.

                                                        1. 1

                                                          Well I don’t really know how the current Lets Encrypt cert was generated, but it’s literally just another argument. Did ask about it when it came up on IRC 3 weeks ago, but didn’t get a reply then, and figured it would probably be fixed pretty quickly then so completely forgot about it.

                                                          1. 1

                                                            It was manually created with certbot but, as noted in the bug, should probably be replaced with use of acmeclient to have much fewer moving parts, if nothing else.

                                                            It’d be great to have someone who knows the topic well to help the issue along in any capacity, if you have the spare attention.

                                                            1. 1

                                                              I’ve done entirely too much work with acmeclient to automate certs for http://conj.io and some other properties I run. Will try and find time this weekend to take a run at this.

                                                              1. 1

                                                                That or to use dehydrated: in a text file, one certificate per line, each domain separated by a space.