1. 1

    .ink because writing.

    http://len.falken.ink

    It’s for nothing else.

    1. 1

      According to this it is run by CentralNic, a UK company.

    1. 6

      Feeling very lost lately, that’s what I’m up to :).

      1. 3

        It’s not a bad place to be. So long as your needs are met, it’s good to unwind your mind a bit. You’ll get focus back eventually. Everyone does. “This too shall pass,” and all that.

        1. 4

          Sublime Text is still around. Since it’s closed source, its authors get to have complete control over its design, and that’s what gives them the competitive edge they need.

          Open Source projects need very committed maintainers in order to go in the right direction, and that’s very time and energy consuming. All for nothing in return - no wonder you keep seeing maintainers give up lately.

          1. 7

            Since it’s closed source, its authors get to have complete control over its design

            I’m not saying that there are no disadvantages to open source, but I don’t think this is one of them. Why wouldn’t they have control if it were open source? Open source doesn’t mean you have to accept all contributions.

            1. 2

              As a VyOS maintainer, one of my tasks is definitely to discard contributions that don’t align with the design goals, and do it gracefully enough to avoid discouraging their authors from contributing at all. The latter part isn’t very easy, but still not nearly as hard as creating the design that will not hold us back in the long run. ;)

              1. 1

                It’s indeed very hard to discard people’s contributions, because on one hand you really appreciate the effort they’re willing to put in, but on the other hand you’re also thinking about the long term and/or overall design. I found that setting very clear and honest expectations really helps with this: if you expect something will be merged then you’ll end up disappointed if it’s rejected, but if you know beforehand that there’s a decent chance it might get rejected then it feels a lot less disappointing. It also affects the work people put in: a minimal proof-of-concept vs. a fully-fledged PR with doc updates and whatnot.

            2. 2

              Yeah well MSDOS is still around too.

          1. 3

            Facepalming hard at these articles (posted a few hours ago) https://globalnews.ca/news/8145997/quebec-covid-passports-hack-police/

            It goes to show the public was not well informed enough about what the QR code contains (practically nothing identifying without additional documentation).

            1. 3

              I found most news coverage about the QR Code misleading and reporting on “cybersecurity experts” that keep claiming they “hacked” the QR Code by decoding it. And then this other privacy group claimed they were able to hack many politicians QR Code when in fact they simply went through the portal, provided the information required to get your QR Code (Name, Date of birth, Vaccination dates and health insurance number, which is the previous information + 2 random number). You will guess that for high profile most of these data points are known and the QR Code you get gives you pretty much the exact same data. Lots of FUD being thrown around by privacy groups looking to get media coverage. I’m all for having a debate about privacy, but these people just keep throwing terms they know are going to be misunderstood by the lay persons and this is plain irresponsible. There have been a few actual bug found in the app that was able to validate a crafted QR Code and another one that allowed a government employee to download thousands of QR Code. But these researchers went through the proper channel and didn’t spread fear around these.

              1. 1

                You must be speaking specifically about the iOS app? I’m still waiting for the Android one to get the public keys.

                1. 1

                  The key is not iOS or Android specific. They are the same key pair. You can find it in all the many third party apps that have been developed over the last months.

                  1. 1

                    Oh that I know. What I don’t know is how to download and reverse an iOS application, but I do an Android application.

                    How have the other applications gotten the keys?

                    1. 3

                      There’s this minified and ugly async compiled into sync state machine javascript that has been shared with me (Seems to be using this SDK ) that has been extracted from the iOS app. As for the public key, don’t quote me on this, but I think someone just asked for it to the right person. Now you can find it in the minified code:

                          s.exports = {
                            alg: "ES256",
                            kty: "EC",
                            crv: "P-256",
                            use: "sig",
                            kid: "fFyWQ6CvV9Me_FkwWAL_DwxI_VQROw8tyzSp5_zI8_4",
                            x: "XSxuwW_VI_s6lAw6LAlL8N7REGzQd_zXeIVDHP_j_Do",
                            y: "88-aI4WAEl4YmUpew40a9vq_w5OcFvsuaKMxJRLRLL0",
                          };
                      
                      1. 2

                        I’ve written a decoder, verifier, and encoder. Refresh the document to see it at the bottom.

                        Also I found out the QR code can hold about 250 doses before it starts becoming unscannable. X)

            1. 3

              Messing the Ocarina of Time decompilation, and maybe do some CADing with CadQuery, and may some writing.

              1. 4

                Cool post! To me, it’s interesting to compare other countries’ solutions to the EU Green Pass:

                This one is easier to decode, on the expense of less information density (especially with the many non-shortened JSON keys, but also JSON syntax itself). The EU version also only records information about the last shot¹.

                What is SHCEncoding? It’s where you create pairs of digits and subtract 45 from them. Yep. There is no real explanation for this anywhere.

                This reads awfully like base45, which was developed by and for the Green Pass. base45 uses the QR code ‘alphanumeric’ charset (which has 45 characters) to encode binary data with near-0% overhead. This would probably also replace the base64 encoding you mentioned.

                ¹: although the format is designed to accomodate more than one, given a spec change from “allow only 1 entry” to “allow >=1 entries”


                Shameless plug for my EU QR code analysis: https://lobste.rs/s/mgeay3/what_s_inside_eu_green_pass_qr_code

                1. 1

                  Wow yeah, your post is excellent too. I’ll reference it in my document. ☺

                  It may be base45! I’ll have to look closer, and if it is, I’ll update the document.

                  Edit: The EU Green pass is certainly better.

                1. 7

                  Geary is the best GUI mail client on Linux, period.

                  1. 4

                    I only know the Mobian version on the Pinephone, but I don’t like Geary. It works alright, but you can’t configure/change the most basic of things. Like sorting a list of messages on subject. Or the fact that it triggers a notification for each new email. Pretty annoying if you use rss2email, or are subscribed to a lot of mailing lists.

                    I feel Geary is designed for people who send and receive about two or three emails per week. For them it probably works pretty well. Maybe the desktop version is different.

                    1. 2

                      It’s pretty nice, but for some reason the search never has worked for me.

                      1. 2

                        It can’t do any encryption/signing stuff, so I guess “best” is highly subjective.

                      1. 4

                        No comments since I saw this 10 hours ago, so I’ll start a conversation:

                        This is borderline half of a stenotype. Why not just go all the way?

                        1. 3

                          I think a stenotype is about typing words instead of letters. Unrelated to size of the keyboard or chording. Am I wrong?

                          1. 5

                            Stuff like plover[1] adapts steno to more general computer input. I saw one of their devs with a very customized vim + steno setup and was impressive, at least, if not quite enough to convince me to give up a normal keyboard.

                            [1] https://www.openstenoproject.org/plover/

                        1. 1

                          While an excellent attempt at a non-commercial FOSSware license, it sounds like PolyForm’s NonCommercial is still my go-to. Keep it up though! Let’s see BTPL 1.1.0.

                          1. 2

                            People may be interested in a further comparison of Gemini and a subset of HTTP: http://len.falken.ink/web/perceived-relations-between-gopher-gemini-and-http.txt

                            1. 2

                              People may be interested in https://github.com/lf94/jyoti too.

                              1. 9

                                I never use code completion. If the editor provides it, I disable it.

                                Having worked on large code bases (500k+ loc) with a lot of models (20-30) I can’t imagine life with a good quality language server…

                                I’m not sure if I envy the author or if I’m afraid of them.

                                1. 5

                                  It’s most likely they use tools like grep and find which easily work with any language, but yes, LSPs are significantly changing the usefulness of autocompletion.

                                  1. 2

                                    This is very true, and built tooling around it. My largest codebase was 10mm lines of code written in a Mainframe language, that couldn’t leave the clients hardware; so we wrote some simple tooling to help with finding things, and basically built a map around things.

                                    Whilst I still don’t use an editor that provides those sorts of things, I do use tools like ssadump or go guru to help give me the lay of the land

                                  2. 1

                                    Having worked on large code bases

                                    Having worked on small code bases I can’t imagine how much I’d have to be offered to agree to work on a codebase over 100kloc.

                                  1. 1

                                    No work for a while after finishing a contract and feeling motivated this week so picking up a pet project and learning Vue + Vuetify for the front end. I get really bogged down in trying to make web things basically aesthetically pleasing and never getting over the CSS where I’m proficient enough to be able to do things quickly, so it’s often painful Getting Things Done. I’m hoping Vue+Vuetify will be a nice middleground between customisability and speed of development.

                                    Also recently started taking ritalin. Any lobste.rs ADHD/ritalin/adderall peeps?

                                      1. 1

                                        I suggest you do not skip taking it at the regular times. It is so easy to see the mood changes!

                                        1. 1

                                          Super interested if you want to share more about that as I’m planning to go on and off it as I need to, but there’s a larger story there.

                                      1. 1

                                        I’m going the other way: it’s time to fully embrace.

                                        1. 4

                                          Oh neat, someone else’s blog that’s just text files!

                                          On topic, I think I’d greatly prefer a lil’ app or script that can take Markdown and make that an epub, rather than messing around with xml.

                                          1. 8

                                            With pandoc you can do:

                                            pandoc input.md -o output.epub
                                            

                                            The default result is good enough, but you could check out other templates and customize to your needs.

                                            1. 2

                                              Oh neat, thanks!

                                            2. 3

                                              I’m working on a 100% client-side webapp that does exactly that. It will be ready for general usage next week, but there is a a post I made a couple days ago with a video of it working. You just drag & drop a folder with markdown files, and it outputs both an ePub3 and a static website. No tracking, no data transmission to a server after the initial load.

                                              1. 1

                                                Wow, that looks great. Nice work! I’ll keep an eye out.

                                                1. 2

                                                  Thanks for the kind words. I plan to do a blog post soon. I just need to finish some bits and it will be ready for general use. I’ve been publishing books for some years now, then I did what everyone who is wise advise you to never do: “build your own tools and procrastinate instead of writing the book you should be writing”.

                                              2. 3

                                                Oh neat, someone else’s blog that’s just text files!

                                                Works best for transmitting long lived textual information ☺

                                                1. 7

                                                  I disagree. A little bit of formatting works wonders. For example you are hard wrapping, which makes it very hard to read on mobile because it gets re-wrapped. Some headers can really go a long way. And clickable links are very useful. I agree that many - maybe most - blogs these days have way more junk than they need. But a little bit of formatting goes a long way to improve readability.

                                                  For comparison, my blog, wich may not quite qualify as minimal I find much more readable: https://kevincox.ca/posts/

                                                  A similar sugumnent is found at: http://bettermotherfuckingwebsite.com/

                                                  And I don’t think HTML is going anywhere soon. Maybe browsers are, along with JS and CSS. But both of the linked sites will be able to be read for effectively all time. Even if HTML isn’t around anymore you could probably extract the content with an hours worth of regexes.

                                                  1. 1

                                                    I agree, here’s my blog: https://blog.webb.page

                                                1. 1

                                                  I see Catala, I upvote.

                                                  1. 5

                                                    Why are people obsessed with distributed systems, there’s a ton of other cool stuff out there!

                                                    1. 7

                                                      Maybe because that topic is highly relevant to the work that a lot of people who work in software do?

                                                      We all have our “Why are people obsessed with [topic I am not interested in]?” gripes. The thing is, they’re based on our personal interests / skills / tastes, which are idiosyncratic.

                                                      I personally wish people weren’t so obsessed with terminal-based editors, CLI tools, unreadable languages like LISP, the boring minutiae of Linux distros, MS Windows, antiquated “retro” systems, statistics, etc. etc. But I don’t see a reason to ask why, any more than I would complain about people liking Vegemite or country music.

                                                      1. 2

                                                        It is an interesting topic and many people have to have at least a base level understanding of all the problems. If you are working with any service at scale, you must know the trade-offs.

                                                      1. 22

                                                        Sadly that’s a really difficult bit of software to use. The license states that you cannot use it in any capacity without emailing the author.

                                                        I’d be very hesitant to engage with this at all, unfortunately.

                                                        1. 5

                                                          Yeah that licence is … interesting. I could understand emailing for permission to modify it, but just to use it seems a bit over the top.

                                                          1. 18

                                                            This is an effort to fight individual exploitation in the FOSS community.

                                                            By writing proprietary software. ;)

                                                            The fact that the source code is available doesn’t make it less proprietary.

                                                          2. 1

                                                            Where do you see the license?

                                                            1. 3

                                                              It’s at the bottom of README.md.

                                                            2. 1

                                                              Not at all. Compiling and running the code privately or for educational purposes would fall under fair use.

                                                              Exploitation is a huge problem in the community, and it starts with little acts like this to fight it, even if it isn’t what people are used to. And as time goes on I will refine what I do to help the problem. ☺

                                                              1. 5

                                                                Exploitation is a huge problem in the community, and it starts with little acts like this to fight it, even if it isn’t what people are used to.

                                                                I’m not sure this achieves anything, honestly. Other than of course, being proprietary software in an effort to “fight exploitation in the FOSS community”.

                                                                1. 2

                                                                  what “exploitation” are you referring to?

                                                                  1. 1

                                                                    The most recent event, which really opened my eyes, was the the one where Amazon took over ElasticSearch.

                                                                    My code can still be used under fair use, and is available for reading.

                                                                    1. 16

                                                                      Amazon didn’t take over ElaaticSearch…Elastic chose to relicense it under a proprietary license, and then Amazon forked the latest Apache 2.0 licensed version into a competing product.

                                                                      1. 1

                                                                        Any software licensed under terms that prevent Amazon (or any other party) from doing this is not free. Maintainers of software that claims to be free software should not be able to prevent users from modifying that software in ways they disapprove of.

                                                                  2. 2

                                                                    That’s nice for users of your software in countries where Fair Use exists as a concept in copyright law.

                                                                    In the UK for example, the concept of Fair Use is described as Fair Dealing, and a defence exists to copyright infringement if it is for the purpose of ‘academic study’, ‘criticism or review’, or ‘reporting of current events’.

                                                                    Running this bot, for example, for my own use in a channel unrelated to its development, I don’t believe would reasonably fall into any of those three buckets.

                                                                    Have you considered a strong licence like AGPL-3.0?

                                                                1. 16

                                                                  In addition to the license not actually being open source, the bot itself has a number of technical issues.

                                                                  I’ve dealt with IRC quite a bit in the past - I maintain a Go IRC library at https://github.com/go-irc/irc, contributed to many others, written a rust IRC library, and one of my main personal projects has a large portion of code which was written to interact with IRC.

                                                                  1. The posted bot doesn’t handle trailing arguments properly (some messages will be reported as starting with : when that is incorrect).
                                                                  2. If a PING is sent during registration, it will not be able to connect. Many servers use this as a form of protection against some DoS attacks.
                                                                  3. It only responds to PRIVMSG, not NOTICE or CTCP ACTIONs.
                                                                  4. It only sends PRIVMSGs.
                                                                  5. It is possible for multiple messages to be returned in one read, but this code can only handle one at a time.
                                                                  6. Messages are not parsed properly. It is valid for lines to start with :. These are often “server messages”. Similarly, IRCv3 defines message tags, which are parsed when the line starts with @. It’s not technically correct, but I believe Twitch’s IRC implementation sends message tags even if the client doesn’t support receiving them. Because of this, some PING messages may be ignored because it’s valid for a server to send :some!user@server PING :SOMETHING.
                                                                  7. If I’m nitpicking, there are completely unnecessary allocations. write! should be used in place of format! because then you don’t need to allocate a string, convert it to bytes, then write it.

                                                                  It’s a good start to an interesting concept, but I would caution people against using this for both the license and the reasons outlined above.

                                                                  1. 2

                                                                    Yep, for sure some things to iron out, but the goal is simplicity. A quick look at go-irc and clearly it is much more complex and has dependencies. Which is understandable considering your projects and this project have different goals! ☺

                                                                    All of those points could be changed if needed. But if you don’t need to handle particular cases a server presents, there is no point. Otherwise you can create a patch or branch to handle it.

                                                                    1. 4

                                                                      Yep, I understand that they have different goals. I really do like the idea of this project. Being able to write bots in a super low friction language while the core is in something like rust is an awesome goal. Also go-irc has no runtime dependencies - they’re only for testing. One of my explicit goals was to have no external deps.

                                                                      Otherwise you can create a patch or branch to handle it.

                                                                      Yes I have the knowledge to fix those things, but also under the current license, I can’t create a patch for it without first asking for permission. Additionally, this could be closed sourced tomorrow and I couldn’t do anything about it.

                                                                      You are of course free to do what you want with your code, but many people (myself included) would be put off enough by the license to not bother.

                                                                      1. 1

                                                                        You are of course free to do what you want with your code, but many people (myself included) would be put off enough by the license to not bother.

                                                                        Yep and I fully acknowledge this. My goal isn’t popularity, it’s building good software while not being taken for a ride.

                                                                    2. 1

                                                                      I wouldn’t call 3+4 technical issues unless they were planned features.

                                                                      No one forces you to implement every part of the spec, and I find ‘only handling PRIVMSG’ a 100% valid thing to do for an irc bot. Also not implementing IRCv3 is fine.

                                                                      If writing an irc client or claiming full protocol compliance you’re right, of course.

                                                                      1. 2

                                                                        Good point. 3+4 are definitely more features than technical issues.

                                                                        Yes, you don’t have to implement what you’re not going to use. The 3 examples I picked (PRIVMSG, CTCP ACTION, and NOTICE) are the 3 most commonly used. I would like to see the user sending the message be passed to the shell script - it seems like you could do quite a bit with that.

                                                                        Not implementing IRCv3 features isn’t that big of a deal (unless as mentioned above, you’re working with some very specific servers), but not handling the message prefix properly will come back and bite you later. Lots of the code here is very special-cased per-message - I would argue it’s much better (cleaner, less error prone, more bulletproof and easier to maintain) to parse messages in a standard way and handle them fully-parsed.

                                                                        Just as an example, here’s my old irc crate with 1 runtime dep on thiserror (which could be pretty easily removed). It’s not that much more complex (especially if you remove the IRCv3 tag handling) and parsing messages into a Message type makes them much easier to deal with. It’s also not optimal (it could be using &str rather than String) but I felt that making it easier to use would be better than blazing fast performance for my use case.

                                                                    1. 10

                                                                      Awesome! What could possibly go wrong with passing user input to a shell script?


                                                                      (Also, OP should add the show tag and set themselves as the author on this story – they’ve submitted links to other repos with the same GitHub username while claiming authorship.)

                                                                      1. 1

                                                                        What could possibly go wrong with passing user input to a shell script?

                                                                        User input is passed to scripts and programs all the time?…

                                                                        And yes, should probably have show, but I don’t want to claim authorship. There is no rule about having to flag as being the author.

                                                                        1. 8

                                                                          Maybe there’s no rule, but it feels dishonest to not participate in accurately representing when you’re submitting your own works vs. sharing others’.

                                                                          1. 2

                                                                            User input is passed to scripts and programs all the time?…

                                                                            mhm, that’s ok because that’s your input! Do you really want someone deciding what get’s passed to a shell script on your machine? It only takes one improperly quoted variable or one eval call to give that user more access to your computer than you supposed they would have.