1. 2

    Great to hear they’re making progress on the e2e-encryption front! The last big thing that is missing is device cross-signing (see https://github.com/vector-im/riot-web/issues/6779). Really looking forward to the point when e2e-encryption will be default for all private rooms :)

    1. 3

      With TypeScript you can use ReadonlyArray to prevent any mutation on arrays.

      1. 5

        Not trying to downplay the authors workflow but external DSLs based on YAML are mostly an evolutionary dead end. It’s always better to use an embedded DSL because an embedded DSL doesn’t throw away decades of work and tool development for writing software. YAML was never meant to be a programming language or configuration format and most tools based on it create more complexity in the long run.

        For some evidence of why YAML is a terrible way to configure systems I recommend folks take a look at Helm and how it layers a templating system on top of k8s YAML files. For the next revision they’re even thinking of adding Lua as a script engine because lack of programmability is limiting what people want to do with k8s.

        Helm has an embedded Lua engine for scripting some event handlers. Scripts are stored in charts.

        https://github.com/helm/community/blob/master/helm-v3/000-helm-v3.md

        1. 3

          Not trying to downplay the authors workflow but external DSLs based on YAML are mostly an evolutionary dead end.

          I think I agree. I’ve been waiting for someone to do a configuration management system (e.g. a replacement for chef/ansible/saltstack) with a syntax more like terraform.

          1. 2

            I don’t know Terraform, but NixOS looks like a great replacement for these tools. It uses a real programming language, Nix, for configuration specification which is completely declarative. And with NixOps you can distribute the configurations onto remote servers.

            1. 4

              NixOS and Nix needs way more accessible documentation before being in a position to replace anything.

              Case in point, “Nix Pills” is often given when somebody asks for a tutorial. https://nixos.org/nixos/nix-pills/

          2. 3

            external DSLs based on YAML are mostly an evolutionary dead end. It’s always better to use an embedded DSL

            This is just nonsense. There are heaps of cases where it’s way better to use a non-embedded DSL.

            1. 2

              I agree and think projects like https://github.com/stripe/skycfg are an interesting compromise. A python-like DSL to create configuration ASTs like for kubernetes :)

            1. 6

              I can’t read this article without somehow getting redirected to a “club” offering free Walmart gift cards.

              1. 6

                I’d suggest installing an ad blocker. Not to read this particular blog post so much as because this is a good illustration of just how rampant malicious ads are on ad networks these days.

                1. 1

                  Yeah, I tried on my phone and got lucky.

                2. 2

                  Ugh, sorry about that. I guess that’s just wordpress? I don’t know of a better place to have my blog at.

                  1. 5

                    github pages seems to be trustworthy still

                    1. 2

                      Use GitHub Pages. Or DEV. Or NeoCities. Or, heck, even Medium (Medium has four different analytics packages, but even they don’t use an ad network).

                      1. 2

                        I like GitLab Pages

                        1. 2

                          I self-host Wordpress on my friend’s Dreamhost instance. Could open up a spot for you. :-)

                          1. 1

                            SDF offers comparatively cheap hosting: https://sdf.org/?tutorials#web

                        1. 9

                          This is good to know, just up until a few weeks ago I didn’t know they are going for a Chrome/Chromium-like model of software distribution, either. This is by no means obvious and I think their wording in this case is quite deceiving. Thankfully distros like Arch Linux are already distributing a free software build in their official package repositories [1]. I assume this will be the default in the future, just like everyone uses Chromium under Linux.

                          [1] https://www.archlinux.org/packages/community/x86_64/code/

                          1. 3

                            I think the goal with federated systems should be that every single person has their own home server. It can be a cheap computer, like a Raspberry Pi, that is always available and stores your data in one place. You can then access the service with your PC, Laptop, Smartphone, etc. Everything is under your control and you get good availability and performance. Federated systems like Mastodon or Matrix.org make this possible, so I really wouldn’t say that federation is always the „worst of all worlds“.

                            1. 4

                              I have been using Matrix/Riot for a few months now and had about the same experience (I never used E2E though). I know that Riot still has some pain points that are quite annoying, but I love the idea behind the project and would really like to see it become more popular in the future.

                              FYI, they are currently working on device key cross-signing so that you don’t have to verify every single device.