1. 7

    And now, having read this, please continue using package managers and pulling in dependencies from Github.

    :^)

    1.  

      You are confusing two different things. Package managers can be very good for security when feeding from distributions that implement a vetting process, security reviews, package signing and ongoing security support.

      1.  

        I mean, theoretically, yes. In actuality, we have left-pad.

        1.  

          Don’t use node? My distro’s package manager is doing fine…

    1. 9

      I self-host. Pretty easy with sovereign. Or if you want to use NixOS: simple-nixos-mailserver

      Definitely worth it, even just for learning how email works.

      1. 1

        Have you encountered any problems with sent mail being caught in spam? that’s one of the most common problems I’ve heard about with self-hosting.

        1. 1

          Yeah, but it’s not so bad after you setup the DKIM etc records properly. The sovereign README has instructions on how to do all that. The situation improves as the age of your domain increases too, I think.

      1. 69

        Fastmail. They are trustworthy, quick to respond to service requests, and rock solid. I can count the number of outages in the past ~10 years on one hand.

        1. 18

          +1 for Fastmail. I’ve been using them for several years now and they’re very reliable, have a really solid web UI, and from what I can tell a solid position on security. They also contribute to moving the state of internet mail forward by improving Cyrus and contributing to RFCs. All in all I’d highly recommend them.

          1. 13

            They also contribute to moving the state of internet mail forward by improving Cyrus and contributing to RFCs.

            That’s another good point: they are by all accounts a solid technical citizen, contributing back and moving the state of the art forward. I like to reward good behaviour when I spend my money, and it’s nice to be able to do that and get top of the line service, to boot.

          2. 14

            I also switched from Gmail to Fastmail.

            The funny thing is that for the amount of press that Gmail received/receives for being “fast”, once you switch to Fastmail, you realize that Gmail is actually very slow. The amount of bloat and feature-creep they’ve introduced is fascinating.

            1. 3

              You’re talking about the web interface or the speed at which the mail is sent?

              1. 1

                The web interface.

                1. 2

                  I just use thunderbird (and k9 on mobile). I don’t see why you’d ever use a web interface for email when a standalone client is so much nicer to use.

                  1. 1

                    I’m on a desktop client too (Evolution). Just pointing out the advantage of Fastmail over Gmail. :)

            2. 9

              Love Fastmail. I only wish more tools had first class CalDAV/CardDAV support. When I switched over, I was genuinely surprised how pervasive it’s become to slap on Google account sync and call it a day, even in FOSS. Aside from the built-in macOS/iOS apps, most solutions involve fussing with URLs and 3rd party plugins, if it’s supported at all.

              1. 1

                Fastmail has a link generator for CalDAV so it’s super easy to get the right URLs. I do agree for 3rd party plugins, it’s annoying to have to install add-ons for standard and open source protocols…

              2. 7

                It was the best one I found, too, overall. I dont know about trustworthy, though, given they’re in a Five Eyes country expanding police and spy authority every year.

                Maybe trustworthy from threats other than them, though. I liked them for that.

                1. 7

                  Yeah, I’m not concerned about state level actors, or more properly, I don’t lose sleep over them because for me and my threat model, there’s simply nothing to be done.

                  1. 4

                    I’m not worried about the state spying on me, I’m worried about the apparatus the state builds to spy on me being misused by service provider employees and random hackers.

                    1. 1

                      If those are your concerns, using PGP is probably recommended.

                    2. 3

                      That will be most folks, too. Which makes it a really niche concern.

                      1. 2

                        Maybe it oughtn’t be niche, but it’s pretty down my list of practical concerns.

                  2. 5

                    I use Fastmail as well, and became a customer by way of pobox.com acquisition.

                    I’ll have to add, this was about the only time I can ever recall that a service I use was acquired by another company and I was actually fine with it, if not a bit pleased.

                    My thinking was along the lines of “well, the upstream has purchased one of the biggest users of their tools, can’t be bad.”

                    I’ve not had any noticeable difference in the level of service provided, technically or socially, except the time difference to Australia is something to keep in mind.

                    I do hope that no one here in the US lost their jobs because of the acquisition, however.

                    1. 3

                      I do hope that no one here in the US lost their jobs because of the acquisition, however.

                      Nope! We’ve hired a bunch more people in both offices, and the previous Pobox management are now C-level execs. We’re pretty sure the acquisition has been a win for just about everyone involved :)

                    2. 5

                      I can also recommend it, especially due to their adherence to web standards. After 10+ years of GMail, the only functioning client had been Thunderbird, which too often too large. Since switching to Fastmail, I’ve been having a far better experience with 3rd party clients, and a better mail experience in general (probably also because I left a lot of spam behind me).

                      1. 4

                        I second that. I was searching for a serious e-mail provider for a catch-all email, calendar and contacts.

                        I had trouble setting up my carddav autodiscovery DNS configuration and they helped me without considering me as a “dumb” client. Serious, clear and direct. The most efficient support I could’ve encountered by far.

                        It’s paid, and I’m paying the second plan (of 5$/month), and I think it’s perfectly fair, considering that, firstly, e-mail infrastructure is costly, and secondly, that their service is just plain awesome.

                        1. 5

                          They’ve recently added the ability to automatically set up iOS devices with all of their services when you create a new OTP. I didn’t know that I needed this, but it’s a wonderful little bonus. It’s stuff like that that keeps me happily sending them money, and will as long as they keep doing such a good job.

                          1. 1

                            I did not know about such a thing, since I’m not an iOS user, but sure sounds nice !

                        2. 4

                          Do you know if they store the emails in plaintext server-side?

                          1. 2

                            It’s a good question. I don’t know, and would like to. I’ll shoot them a mail.

                            1. 1

                              Their help page on the matter isn’t clear, although it does describe a lot of things that seem pretty good. Now you’ve got me wondering. (Happy Fastmail user here, and I even convinced my wife to move to it from GMail!)

                              edit: It does sound like it’s plain text but you could read it a couple of ways.

                              All your data is stored on encrypted disk volumes, including backups. We believe this level of protection strikes the correct balance between confidentiality and availability.

                              1. 4

                                Encrypted at rest (encrypted block devices), but cleartext available to the application because we need it for a bunch of things, mostly search, also previews and other bits and pieces. Of course, the applications that hit the on-disk files have their own protections.

                                1. 1

                                  I’d imagine their disks are encrypted as a whole - but not using per-mailbox encryption based on keys derived from individual user passwords.

                                  However, even if such claims are made you can’t verify that and shouldn’t trust a companies word on it. I’d recommend PGP if that is a concern.

                                  1. 1

                                    using per-mailbox encryption based on keys derived from individual user passwords.

                                    If this is a feature you’re looking for in a hosted solution, Protonmail is probably your best option.

                                    However, even if such claims are made you can’t verify that.

                                    Up to a point you can, Protonmail has released their webmail client as open source. Of course, with today’s JavaScript ecosystem it’ll be very hard to verify that the JavaScript code you are running actually corresponds to that code. Also, you can’t verify they’re not secretly storing a plaintext copy of inbound mails before encryption. But down that path lies madness, or self-hosting.

                                    1. 1

                                      But down that path lies madness, or self-hosting.

                                      And the desperate hope that your correspondent also is sufficiently paranoid.

                              2. 3

                                +1 for Fastmail. Switched recently after self-hosting (well, the last several years at a friend’s) since the dial-up days and I’m satisfied.

                                1. 3

                                  Another Fastmail user here. I switched from GMail and my only regret is that I didn’t switch sooner.

                                  I don’t think there are any workflow advantages, but I appreciate that they don’t track me, and I trust them more than Google.

                                  I have the $30 per year subscription.

                                  1. 3

                                    One of other things I want to highlight is reliability/availability. Making sure I dont miss important emails is even more important than privacy to me. Newer, smaller, and privacy-focused sites might not have as much experience in keeping site up or getting all your mail in reliably.

                                    Fastmail has been around for quite a while with positive feedback from everyone Ive seen. So, they might perform better than others in not missing/losing email and being available. Just speculating here based on what their customers say.

                                    1. 3

                                      SMTP actually tolerates outages pretty well… I’ve had my self hosted server down for a couple days, and everyone resent me everything when I fixed it.

                                      1. 1

                                        Haha. Good to know.

                                    2. 1

                                      What service do you use for Calendars and such?

                                      1. 4

                                        I use FastMail for calendars and contacts. I actually don’t use it for e-mail much since my ISP is pretty ok.

                                        For Android I switched from CalDAV-Sync + CardDAV-Sync to DAVdroid. Both work but the latter is easier to configure (by way of having less config options).

                                        I tried self-hosting Radical for a while but for the time I had to put into it I’d rather pay FastMail $30 per year.

                                        1. 1

                                          Fastmail! We have a family email account and shared calendars and reminders and suchlike, and I have a personal account as well.

                                      1. 7

                                        The points are good, but I certainly don’t want inotify features to be gating the VFS layer. IMO inotify is good at what it does. If you want to know about absolutely everything going on for a given filesystem, maybe you want to implement the filesystem itself (fuse, e.g.).

                                        1. 11

                                          IIRC (and I was involved in higher level filesystem libraries when this stuff was going into the kernel - but that was a long time ago) dnotify and inotify were designed with the constraint that they couldn’t impose a significant performance penalty, the logic being that the fs operations were more important than the change notification. If watching changes is as important or more important than io performance another mechanism like a fuse proxy fs or strace/ptrace makes sense.

                                          1. 3

                                            fuse is how tup keeps track of dependencies, although I think it also will attempt to use library injection when that’s not availible.

                                            1. 1

                                              That’s awesome. I’ve tried experimenting with ptrace/strace to ensure correct dependency declaration and it’s a real pain to get right.

                                              1. 1

                                                I have yet to try it out, but I’m definitely using it in my next project.

                                          2. 2

                                            Thing is, FUSE is slower, buggy (I’ve had kernel panics) and less flexible. A native way to track file system operations in a lossless manner would be really nice to have on linux.

                                          1. [Comment removed by author]

                                            1. 2

                                              Are error messages from parser combinator libraries as bad as the ones from yacc?

                                              Yes. They tend to just give an error for the combinator itself, and provide no larger context.

                                              1. 2

                                                Did you perhaps mean to comment on this post instead?

                                                1. 1

                                                  Yes

                                              1. 1

                                                This is an interesting device in the era of smart phones. This is aimed at college students for particular exams. Are they not allowed to have their smart phones in these exams? A smart phone app selling for $5 would have been much more cost effective. Instead of using a phone that has already been paid for, now they have to pay for specialized hardware that costs $100 - more than some smart phones.

                                                1. 1

                                                  Are they not allowed to have their smart phones in these exams?

                                                  Generally they aren’t, as the networking would make it very easy to cheat.

                                                  In my experience, the good calculator apps on phones are simply emulators of physical calculators. There’s always wolfram alpha, but I haven’t seen a good native calculator app.

                                                  That being said, I enjoy using physical calculators much better than emulators. There’s something about a device which is designed for one purpose and doesn’t have to make compromises…

                                                1. 2

                                                  It’s in my category of things which are an interesting idea, but which should be a tablet app instead of a piece of hardware.

                                                  1. 1

                                                    I believe one of their main markets is use by HS students and for major exams such as the SAT or ACT.

                                                  1. 1

                                                    This is perhaps the most interesting graphing calculator to have come out since I started following the industry. The developer is French, and there hasn’t been very much discussion at all on English-language forums.

                                                    Features:

                                                    • Full Color This is a feature we’ve seen in almost all graphic calculators released after Casio led the way with the Prizm in 2011. It’s to be expected, and that’s a good thing.
                                                    • Modern Processor This is another base requirement for a modern calculator. z80s and m6800s were fine in the 80s and 90s, but we have much faster, cheap, and off-the-shelf hardware now.
                                                    • Open-Source Hardware and Software Probably the defining feature of the calculator, the platform’s open design is extremely refreshing after years of proprietary calculators from every major manufacturer.
                                                    • Free online simulator On other calculators this is an extra paid downloadable program. Making a naturally cross-platform emulator is exactly the right move. There is also a native version if you want to tinker with the OS.
                                                    • Integrated python interpreter With the HP Prime’s “python,” and the python interpreter on Casio’s fx-CG50, python is another emerging standard in calculators. I’ll take it any day over BASIC, but HP fans are probably sad to see RPL go.

                                                    Shortcomings:

                                                    • Lack of Mathematical Features There is a severe lack of functionality that comes standard with every other graphing or scientific calculator. There are no probability functions beyond the normal PDF and CDF (and a separate “app” with some basic distributions), no base or unit conversions, no finance/TVM functions, no advanced matrix operations.
                                                    • No app interoperability On every other graphing calculator, it is easy to use data from other modes, such as variables and results. Here, no data is shared at all, even between the regression and statistics apps.
                                                    • No symbolic math or CAS Not every calculator has this, but a CAS could easily be implemented on a calculator like this.
                                                    • Clunky Interface Using common functionality is easy enough, but for everything else one has to navigate through several menus using nothing but the arrow keys. There are no shortcuts of any kind (such as function keys, or skipping through menus with number or letter keys).

                                                    A lot of these issues are in software, and they’ve come a long way since their initial release (which didn’t even include log (!)). There is still quite a ways to go, but the open platform makes me excited about the future for this calculator.

                                                      1. 1

                                                        It cost $25 to host for a week on AWS. Not the cheapest thing. :(

                                                      1. 1

                                                        switter.at seems to just be dating/mildly sexual ads?

                                                        1. 1

                                                          Switter happened because of SESTA/FOSTA. It’s like Twitter, except for SW.

                                                        1. 7

                                                          What am I supposed to do with that json file? edit: … oh, it renders completely differently on desktop…

                                                          1. 2

                                                            it doesn’t render at all for me

                                                          1. 5

                                                            The most glaring omission on the post is Infer from Facebook. I woud rate Infer as the most impressive open source C/C++ static analyzer, by far.

                                                            1. 3

                                                              ugh, I’ve been trying to package it for arch and it’s such a pain in the ass. It uses a bunch of ocaml libraries that didn’t previously have packages and it bundles a custom version of clang with its own modifications and extensions. Oh, and due to requiring a custom clang, builds can be over half an hour before anything goes wrong.

                                                              1. 2

                                                                Whoa, if that thing does what it says on the tin, I’m super interested.

                                                                I hope it does.

                                                                Cppcheck did not.

                                                                EDIT: A nasty nest of segfaults is all I can get out of it. Maybe I’ll check back next year.

                                                              1. 11

                                                                I used a Samsung ARM Chromebook for about three years, Arch Linux ARM. It taught me that there are two facets to support:

                                                                1. Can other people help you with your device
                                                                2. Can you fix your own device

                                                                Generally #1 is lower when you use less popular platforms, and I was prepared for that. As someone who is used to fixing everything from hardware (scopes, solder and rosin inhalation) to software (they were sending ARPs how fast?) I was also prepared for #2.

                                                                Or so I thought.

                                                                Whatever you do: do NOT get a device that demands a signed bootloader. The bootloader on this device was forgetful, easily corrupted, rude (“You’re not running Chrome OS! Please press space twice so I can wipe everything!”) and most of all: not replaceable. Only Google had the keys, and I had to live with it.

                                                                Initially I had a second stage of u-boot installed that I had control over. This was brilliant. The Arch Linux ARM install instructions for this device used to have this as part of the recommended setup. That changed at a later point – a story that involves a post-install script for a newer kernel package dd’ing over my root partition.

                                                                I was stuck on a very old kernel version provided in the ALARM repos, I believe the one the original ChromeOS shipped with. This caused me many dramas, including making systemd flat out refuse to boot my device. “You don’t have cgroups support? Pah! I’m on strike. You didn’t need your computer to boot anyway, did you?”.

                                                                I have a couple of stories written up about my experiences:

                                                                A quick summary of the fun side of things used to live in my /etc/issue:

                                                                Welcome to Clusterlizard, chamber \\l.  Please praise your selected deity(s)
                                                                
                                                                Summary of interesting failure stories since December 2013:
                                                                 - 'debug' on kernel command line -> systemd becomes very verbose -> random race conditions due to text output -> crash
                                                                 - filesystem death on SSD by power-cycling too rapidly whilst debugging other issues
                                                                 - btrfs failure from trying to compile firefox ("ran out of inodes" even though btrfs does not use inodes)
                                                                 - systemd update -> required kernel support for xattrs on folders -> refused to boot
                                                                 - empty Chinese take-away containers + bag + laptop -> cracked the screen
                                                                 - systemd update -> prevented kernel from loading userspace wifi firmware
                                                                 - occasional bootloader corruption, fails to work until battled into a soft-reset after many attempts
                                                                 - upgraded many packages, write-cache filled memory, OOM -> system hung, filesystem left inconsistent 
                                                                 - updated kernel -> post-install script dd'd bootloader over my root filesystem 
                                                                 - updated kernel -> shorter wifi scan argument list support -> can't connect to wifi at uni, too many networks
                                                                
                                                                Misc self-inflicted
                                                                 - removed systemd-sysvcompat
                                                                 - custom init system: spawned gettys with wrong arguments -> no logins
                                                                 - repeat episodes of systemd firmware issues
                                                                
                                                                Happy birthday Clusterlizard! (2014 and 2015 and 2016)
                                                                

                                                                Having many things go wrong with systemd whilst on a remote Greek village mountainside lead me to write my own init. But that’s another story.

                                                                What finally forced me to stop using the laptop was a failure of the inbuilt storage coupled with bugs in the evil bootloader. The onboard flash storage (MMC) became very slow over time (down to ~2MB/s write toward the end), but this wasn’t my major concern. What really hurt was when the the laptop started hardlocking when I did heavy disk I/O, such as updating.

                                                                Updating became a dangerous game. I’d try to workaround the problem by constantly interrupting the process and forcing disk sync, but this was tedious and slow. Worst of all: when the laptop locked up during updating I would find many of my system libraries left zero bytes long.

                                                                After about the third or fourth time that I had this happen I decided I needed some change.

                                                                Unfortunately this device had no internal connectors for replacement storage. The internal MMC was soldered directly onto the motherboard (BGA packages, not easily replaceable). But I thought I could use an SD card or USB stick instead.

                                                                USB and SD boot were how I originally installed (and repeatedly fixed) the ALARM installation. But now, out of the blue, the signed bootloader had decided that USB and SD card booting were verboten. “Hmm”, I thought, “perhaps those configuration bits had flipped?”. Not only that, but the configuration region had become write-locked. I have no clue why, the bootloader was still in the “developer” mode, and I tried many things to resolve it.

                                                                I found it hard to stop using my Arm laptop. I still occasionally get it out for the smell, it brings back many memories of many places. It has been the lightest and longest lasting laptop I have ever owned. It had many physical construction issues, was held together with hot glue, and the performance was non-existant in the graphics department. But it was different, it was something I could afford, and it was fun.

                                                                RIP clusterlizard, 2016

                                                                Epilogue: I now use an 11.6” refurbished DELL Latitude 3150. It suffers phantom stuck keys, screen backlight stability issues and I had to warranty the battery a month after buying it. It’s heavier, has a smaller keyboard (complete with a keyboard bezel!) and doesn’t smell anywhere as iconic as my ARM laptop did.

                                                                But when it breaks, I have many more options to fix it.

                                                                1. 1

                                                                  btrfs failure from trying to compile firefox (“ran out of inodes” even though btrfs does not use inodes)

                                                                  This is very likely a generic error code being converted by a function in the VFS to something which doesn’t make sense for btrfs. Despite being an abstraction layer, VFS still expects a pseudo-ext-style implementation. This is evident in error messages and especially api design. See for example how statfx(2) has fields for free inodes, or “unreserved” blocks, even though those are not working statistics for many filesystems.

                                                                  1. 1

                                                                    I think you’re more ranting about Chromebooks than ARM as a processor architecture. I have an Intel Chromebook and probably the same bootloader.

                                                                    1. 2

                                                                      Not sure why this was posted again so soon…

                                                                    1. 8

                                                                      Somehow, this reminds me of shoutboxes from back in the day.

                                                                      1. 1

                                                                        Yeah, I get those vibes. - also quite like the extremely restrained design which adds to that perception. I wish a lot of webshits could be like this one in that sense.

                                                                        1. 4

                                                                          a lot of webshits

                                                                          Had a bit too much n-gate today?

                                                                          1. 2

                                                                            I recently configured my RSS reader to email me n-gate on a regular basis. It’s not a good idea: help, I’m becoming too cynical…!

                                                                            1. 2

                                                                              Thanks for reminder to check it. The repealing net neutrality one w/ “executive fiat’ was great haha.

                                                                              1. 0

                                                                                No such thing in our industry, regrettably, due to the extensive marketing and cultural issues.

                                                                            2. 1

                                                                              So it’s “IRC meets nothing else”?

                                                                            1. 1

                                                                              Is there a graph showing how well it holds up?

                                                                              1. 1

                                                                                No, but I can tell you right now it doesn’t.

                                                                                1. 1

                                                                                  Not the specifics, but the over-arching ideas pretty much hold up I’d say.

                                                                                  • Open Systems: Sure Oracle hasn’t died yet, but even MS is even getting on the Open bandwagon to some degree.
                                                                                  • Software Distribution Channels: well OK the Internet ate the CDROM up, but retail software in a store is 99% dead, he called that.
                                                                                  • Kernel/base source code explosion: Drivers def. take up way too much room in the kernel :)
                                                                                  • Multiprocessor: def. true
                                                                                  • Networking: well OK 3 directions, Internet/WAN, Wireless(LAN) and high-speed LAN(fiber and friends)
                                                                                  • Java: pretty much true, minus the systems programming part.
                                                                                  • Nomadic devices: smartphones totally made this true.
                                                                                  1. 1

                                                                                    I was mainly referring to the title claim of “2^(Year-1984) Million Instructions per Second” because OP was asking for a graph.

                                                                              1. 1

                                                                                Have there been any updates? This paper is 5 years old.

                                                                                1. 3

                                                                                  Looks like still not really cleared up. Here’s a news article from 2017.

                                                                                1. 1

                                                                                  Is there any way to zoom out? The text is too large to read comfortably.

                                                                                  1. 17

                                                                                    The vcs tag seems wrong. Git works fine without GitHub. This is more a business story.

                                                                                    1. 1

                                                                                      Why is there a fork icon next to your username?

                                                                                      1. 3

                                                                                        Maybe it’s a comment on the merged discussion submission?

                                                                                        1. 1

                                                                                          looks like it

                                                                                    1. 1

                                                                                      rw does not support copying sparse files, a feature found on some operating systems.

                                                                                      Can’t you seek to the end of the input file and then truncate the output to that length?

                                                                                      rw is not yet able to determine the size of block devices on Illumos, Minix, NetBSD, and OpenBSD.

                                                                                      Same question here: does lseek(fd, 0, SEEK_END) not work?