1. 2

    I think it’s worth mentioning what Tim Sweeney thinks about Linux and open source the rest of the time: https://twitter.com/timsweeneyepic/status/964284402741149698

    Also, Rocket League (after Epic bought Psyonix) dropped their Linux support recently because they prefer to use DirectX 11 instead of anything cross platform.

    They claim to be working on Linux stuff for Anti-Cheat and so, but actions are heavier than words.

    Good for Godot and their grant, but remember who is giving the money.

    1. 1

      I think it’s worth mentioning what Tim Sweeney thinks about Linux and open source the rest of the time: https://twitter.com/timsweeneyepic/status/964284402741149698

      In the surroundings of the discussion, that view isn’t in any way hostile. Tim is criticising Microsoft for their policies, which he frequently does and people just plain suggest “time to move to Linux”. And he’s right - (him) moving to Linux would not make his userbase follow. So it is akin to moving to Canada because you don’t like US politics.

      He also had positive words on Linux/Steam Machine (https://www.polygon.com/2014/4/1/5568378/epic-games-ceo-tim-sweeney-unreal-engine-vr-oculus-rift) and let’s not forget that most Unreal titles saw Linux ports - and the Unreal Engine supports it as a target.

      1. 2

        Everything positive about the relationship between Epic games and Linux has been just words and the historical Linux support of unreal engine.

        Taking in count that they dropped Linux support in one of their games, which is made with Unreal Engine, makes me think rather negative about their current predisposition with the platform.

        Hope to be wrong and see more of Epic’s products running on Linux soon, like the epic store or their anti-cheat software.

    1. 20

      I’ve heard from pen-testers in my building that they now recommend Windows Defender because it’s the default one everywhere and therefore have a much user base for detection and reports.

      I have no idea if this is what the security community agrees with, but I thought it made sense.

      1. 11

        Yup, I can confirm that. There was a test here in Germany by a respected security firm and they found that Windows Defender really upped its game since Vista days, being the best from all tested solutions in regard to detection, speed and security. There’s no reason to use anything else other than wanting to unnecessarily slow one’s system down or having their data sold. :P

        1. 8

          Penetration Tester here, yep I agree with that. The other AV vendors have a tendency to do some crazy kernel module behaviour that would normally be considered pretty crazy/risky whereas Defender is now much better and clearly more sanely integrated. I will say, it still feels odd suggesting Defender though, it used to be the worst.

          I should also add a note that if you are talking about Windows production servers or things that are a bit more in the “change management” role, most of the time I still suggest using Application Whitelisting over AV (or as a supplement).

          1. 1

            That’s similar to my thoughts. Makes sense too.

            1. 1

              In my personal experiencing pentesting (although I do far less of it now than I used to), the paid software rarely offers anything over Windows Defender, but often comes with a bunch of overheads. Most people think AV does something it doesn’t. In over 20 years of testing AV hasn’t stopped me once. That’s not AV’s fault, it’s just not generally designed to stop the workarounds people use. What is AV’s fault is that it’s marketed as a catch-all.

              Having said that, MalwareBytes is one of the better set and forget antimalware tools I’ve used. For people who need that confidence or are attacked it’s something I’ve been comfortable with suggesting for peace of mind in some cases.

            1. 2

              You can check various AV test sites that simply compare the products. This is one test of many:

              https://www.av-comparatives.org/tests/real-world-protection-test-july-october-2019/

              Plus, the fact that you didn’t have any problems doesn’t imply that nobody had any problems with malware. A bad link in an e-mail is clicked by e.g. 1 person among thousands; in such scale, there is a low probability that you will know the person who clicked the link. But such click ratio is still very profitable if the spam campaign is being sent to millions of users. So, the “knows a person that had problems with malware” or “doesn’t know such person” is not a good indicator of the rationale for existence of AV products.

              1. 1

                Of course, that’s why I said “My personal experience:”, just to give a context. I know it’s not a wide enough user base for making assumptions :)

              1. 14

                Installation of Qt binaries will require a Qt Account

                When did Oracle buy Qt, or am I missing something.

                1. 6

                  From my interpretation it means you need to login to download the qt-*.run binary installer, but not the source code packages. As the distros probably compile from source this shouldn’t be a problem, either.

                  I might be totally wrong though :)

                  1. 2

                    I’m with you on this one. I’m not a native speaker, but the article’s not entirely clear.

                1. 19

                  If the current trends in web development is adding as much abstractions as possible and making the simplest possible website bigger and bigger. Yes, Blazor is the obvious evolution, a really big step in that direction.

                  1. 4

                    In some cases sure. New patterns are always exploited and used incorrectly. And there are folks who will use that same pattern to make applications less complex. Depending on the use case, Blazor could provide a great opportunity for skilled C# developers to build sane front end applications without downloading any plugins. Inversely they can build slick thin client scenarios to make a server application more accessible.

                    It’s all in how you use it. It’s not magical unicorn dust, but it’s a fantastic concept.

                    1. 14

                      IMHO, the downsides are way bigger than the benefits.

                      In case of C# developers, the advantages aren’t as big when you realize Typescript exists.

                      The application size for a WebAssembly build is insane.

                      The lag with the “Blazor server” option is plain terrible.

                      The complexity introduced by both solutions is over the roof.

                      I’ve worked with Microsoft technologies exclusively for nearly 4 years. Can’t think a single scenario in which Blazor would make any sense.

                      1. 7

                        you realize Typescript exists

                        and is strongly supported by Microsoft, having been worked on prior to its public release by the lead architect of C# too.

                        1. 3
                          • App size will drop, and steadily.
                          • Typscript is not quite as powerful as C#, we need that power these days.
                          • Complexity => all being neatly abstracted, that’s the point.

                          It was released over the last few months, give it a chance to mature.

                          1. 4

                            App size will drop, and steadily.

                            I would love to see how, taking in count that C# needs a runtime (Mono for example). You can do work to shrink a runtime, but enough to make it acceptable for a internet connection that isn’t perfect? Like, 3G mobile tethering or somewhere outside the first world.

                            Typscript is not quite as powerful as C#, we need that power these days.

                            Can agree that C# is more powerful, but Typescript is enough, and produces minifiable javascript code that doesn’t depend on an extra runtime, other than the browser’s build-in javascript interpreter. I would love to see some evolution on the Haxe compilation on JS.

                            Complexity => all being neatly abstracted, that’s the point.

                            By experience, I know how are the Microsoft’s abstractions: Complex and rigid. Which means leaky and you will not be able to do anything about it.

                            1. 3

                              in what way is c# more powerful than ts? Pattern matching? I can’t think of anything else, I’d argue in more ways typescript is more powerful in the type department with proper unions + intersection types, mapped types, conditional types. See https://www.typescriptlang.org/docs/handbook/advanced-types.html

                    1. 7

                      Hype aside, I’ve gone looking through Java and C# frontends a few times as a serious alternative to TypeScript.

                      TypeScript is a huge improvement on JavaScript for web apps. But lacking runtime types (e.g. for safety and pattern matching) is such a pain. Even as a big ML guy, none of the Haskell/Elm/Reason/BuckleScript/Scala.js options are seriously something I’d consider introducing at work.

                      I am looking forward to the next generation of mainstream typed frontends after TypeScript. I’d consider Blazor or even GWT/J2CL next time around. But my guess is that it the next generation mainstream frontend will be something else completely.

                      1. 2

                        If you don’t mind losing async/await functionality, check out Haxe compilation to JavaScript… Is able to check if something implements an interface on runtime, for example.

                        I would be all-in with it, but the lack of async/await is a bit painful. I don’t want to get back to the callback hell, or chain promises in obscure ways.

                        1. 1

                          typescript can be used as an extremely strict language with compiler options (like no implicit any, strict null checks, and probably some more). I know this isn’t the default so its hard to introduce into existing codebases but honestly the only downside to typescript is that it doesn’t expand on features like pattern matching and it doesn’t have proper tuples, but the type aspect of it is probably the most powerful of any mainstream language I’ve seen - see type operators like conditional types, mapped types, keyof operator, etc.

                          1. 1

                            Did you consider clojurescript?

                            1. 2

                              While I’ve seen more companies using Clojure(script) or Scala(.js) they are both on the same list of languages I don’t think will ever be mainstream enough for me to feel comfortable introducing for a long-term project at work.

                              Edit: also, Clojure is as bad as JavaScript (give or take macros and limited pattern matching). If I wanted a dynamic language without type safety I’d stick with JavaScript. I like JavaScript a lot. I just want something safer at work.

                            2. 1

                              You probably weren’t looking for swathes of suggestions as replies but I enjoyed Ocsigen (OCaml) several years ago and it looks like it’s still going strong. Eliom is an extension of OCaml that basically does what Blazor does.

                            1. 10

                              Jonathan Blow’s “Preventing the collapse of civilization” talk is a must watch.

                              Twitter newly rebuilt UI takes 7× longer to load first tweet

                              There’s no way all those websites that invested tons in A/B testing not intentionally make things load so slow. I’m guessing it’s because the wait makes it more addictive or something like it. It’s either that or incompetence, and I don’t know which is worse.

                              1. 21

                                It becomes clearer when you have 20 departments, each with their own tracking pixel. Death by 1000 cuts.

                                1. 12

                                  I’ve some personal experience on what happens there: You just forget that not everyone is using a:

                                  • Pretty expensive and modern phone
                                  • With tons of GHz and RAM
                                  • With 5G connectivity or high speed WiFi
                                  • Connecting thru LAN network or geographically near your datacenter

                                  And those are the kind of details you just forget, and nobody actually cares because time-to-interactive isn’t as measured as click-thru ratios.

                                  The best I could do when was working on mobile app development, was using the crappiest possible Android or iPhone around for testing. Good enough to have a fast workflow of stop application, install open, test, and repeat. Bad enough so collapsing the memory or CPU wasn’t difficult.

                                1. 4

                                  I literally received my new ThinkPad T495 like half an hour ago, installed Linux on it, opened lobste.rs to check internet connection and saw this.

                                  And yes, it’s happening to me as well.

                                  1. 1

                                    Also the case on my x395 with IPS 1080p non-touch non-privacyfilter screen.

                                    On Linux.

                                  1. 6

                                    Second, the value of social media is shifting away from content hosting and removal, and towards recommendation algorithms directing one’s attention. Unfortunately, these algorithms are typically proprietary, and one can’t choose or build alternatives. Yet.

                                    For me, the main issue is having an algorithm directing my attention in the first place.

                                    centralized enforcement of global policy to address abuse and misleading information is unlikely to scale over the long-term without placing far too much burden on people.

                                    Glad to finally read it from the Twitter’s CEO.

                                    1. 7

                                      For me, the main issue is having an algorithm directing my attention in the first place.

                                      While I agree in terms of most current algorithms on offer, I don’t agree with this as a general principle.

                                      A search engine and a spam filter are both algorithms that direct your attention, helping you focus on the things you want to and avoid irrelevant information. The issue is when people with other agendas get in between you and your algorithm. Search engines and spam filters can be corrupted for advertising/propaganda/manipulation just like any recommendation algorithm but without them we would be much worse off. If the algorithm is open, transparent and user customisable then I am all for it and want more.

                                      There is too much data in the world and life is short.

                                      1. 3

                                        I separate between “hard filters” like spam blocking, and a system that decides to hide me some content of a user I decided to follow, instead of showing everything.

                                        There is too much data in the world and life is short.

                                        True, but for social media, I prefer to follow fewer people and interact more, so it’s perfectly compatible with a strictly chronological timeline.

                                        1. 1

                                          THIS IS WISE

                                        2. 3

                                          Agreed; I really hate the way people use “algorithm” to specifically mean “an opaque algorithm outside my control that changes unpredictably”; it’s really unhelpful.

                                          1. 2

                                            I didn’t say, nor mean, in any moment, that an algorithm is something opaque outside of my control. If you thought so that’s your problem.

                                            I don’t want an algorithm re-ordering or hiding the posts from the people I choose to follow. I don’t care if it’s opaque or free software.

                                            1. 2

                                              It appears many people do want these recommendation algorithms though. If I’m understanding correctly, companies like Twitter and Facebook added them, and then measured user engagement. User engagement went up, and the algorithm was shown to be effective. While there are some vocal opponents of these new recommendation based feeds, the reality is that large companies wouldn’t keep them around if they didn’t increase the time users spend on the site overall.

                                              1. 4

                                                In my personal opinion, spending more time on the platform doesn’t mean it’s good for the users. Only for Twitter, because they can sell more advertising.

                                                Maybe it’s more time spent because you are dealing with some random idiot that called you nazi or something like that.

                                                And if large companies want to keep the algorithm, I don’t care, I won’t use that, as I want strictly chronological timeline.

                                                1. 1

                                                  I’m not sure I agree that many people want these algorithms. They have generally been made the default, and sometimes only, choice with the alternative options hidden out of sight (or in Twitter’s case: randomly switching back to the default). Most people just don’t care at some point and just give up.

                                                2. 2

                                                  I don’t want an algorithm re-ordering or hiding the posts from the people I choose to follow. I don’t care if it’s opaque or free software.

                                                  Ah, but that’s different; at first you said you didn’t want an algorithm, now you said you don’t want algorithmic re-ordering. But sorting the posts chronologically in the first place is an algorithm. So is using your follower list to determine whether a given post should be included in your timeline.

                                                  1. 2

                                                    Facepalm. But actually this makes utter concrete sense.

                                                    But still, I think the issue is in where sirikon determines the algorithm is directing attention … I feel like the definition of algorithm is a side quest here because the question of attention-direction is more profound.

                                                    The opacity of the hypothetical evil algorithm (some call this opacity “proprietary,” but I think people around here attribute to unfree software qualities that are illusory and/or misdirected anger at unrelated evils) is the source of the mysterious redirection of attention, but I think it is pretty clear if considered thoughtfully that the question of what directs attention is completely vexed, totally bonkers, and irreducible to quibbling, mathematical, verbal, or otherwise.

                                                3. 1

                                                  Not too different from how people use people to indicate generic people who aren’t the people to whom they’re talking but share certain negative characteristics, nor terribly different from how people use calculus to describe all reason as in “it was not a part of McBlergh’s calculus” (it did not “factor in” to McBlergh’s decision making). Curious: What helpful substitutes you can imagine? I admit this could seem to be an incredibly unfair question, unless you admit that you can see that I see that you’re getting at a clear and definite point, which is that “algorithm” is supposed to mean “mathematical proposition” or similar, not “mathematical proposition of evil.” But I am curious. I think it’s fair, if you think about it from other perspectives than highfalutin’ math-lovingness, although I suppose descriptivism is ultimately for the hoi polloi….

                                            1. 19

                                              That’s pretty weird considering ActivityPub exists already, it’s W3C spec, and there’s a huge federated ecosystem around with with services like Mastodon, Pleroma, Pixelfed, PerrTube, and Plume using it. Why is Twitter creating a new initiative here instead of federating with the existing one that’s already widely popular?

                                              1. 14

                                                Why is Twitter creating a new initiative here instead of federating with the existing one that’s already widely popular?

                                                Because they want to control it, most likely. A lot of developers would flock at a federated twitter and ignore community-driven alternatives.

                                                1. 5

                                                  I wouldn’t hold my breath on developers flocking to an API developed by Twitter over community driven alternatives given the abysmal track record Twitter has in that space.

                                                2. 4

                                                  Like the other commenters said, the likely reason is that they want to make embrace the fediverse and indieweb stuff, then consume it all and gobble it up. Then they own it.

                                                  I just wonder if this move would be primarily driven with a desire to stiffle competition, or they simply see a new potential source of “growth”. Somehow I don’t think “we believe twitter should be decentralized” is a top reason for them.

                                                  1. 2

                                                    I have a hunch that even if they were to do that, they would be a (possibly intentionally) worse implementation than Mastodon.

                                                    1. 1

                                                      They have explained that their objective is to create a team that will focus on adopting an existing project that fits their own standards, or, in case none exists, create their own.

                                                      1. 2

                                                        And that’s pretty weird. They should federate with the existing standard.

                                                        1. 24

                                                          They’re not interested in actually creating a functional federated system; they’re interested in Investor Storytime and creating some buzz. That should have been obvious as soon as they mentioned the word “blockchain”.

                                                          1. 2

                                                            That would be ideal, but It won’t happen. Just an example: Twitter requires a ton of information just for ads that they cant get if start federatinng.

                                                          2. 1

                                                            I can pretty much guarantee that this is going to be the end result here.

                                                          3. 0

                                                            ActivityPub is missing critical features like e2e cryptography and censorship resistance. It is not a very good protocol. I hope Twitter builds something better.

                                                            1. 1

                                                              It’s perfectly possible to implement those things on top of ActivityPub. And I trust a community driven protocol with a proven federation around it far more than something built by Twitter.

                                                          1. 3

                                                            If a .Net developer needs to do a cross-platform “modern” GUIs, it shouldn’t be much hassle just using Typescript with Electron. There’s no need for something like this at all, only if you heavily depend on existing .Net libraries that aren’t available in Node, either in JS or with a C++ bridge.

                                                            Also there’s GTK# which is probably a better option if you need C#.

                                                            1. 2

                                                              Continue with an experiment on meta-type-system over Go for automatic CRUD management over a database.

                                                              Also will investigate rclone for backups, starting with a Minecraft server.

                                                              1. 1

                                                                Give restic a look as well if you can. It fan use rclone as a backend to upload places.

                                                                1. 1

                                                                  restic is what I’m currently using, but I’m looking for a solution that doesn’t leave the backup repository location, read-write token and repository password inside the machine I’m trying to backup and keep secure.

                                                                  I should be able to perform the backup from another, non-public machine, in the same network as the server to backup, using rclone or something similar.

                                                                  1. 1

                                                                    Yeah fair enough. There’s maybe something to do with vault…

                                                                    Dunno, I’m just going for push based rather then pull since I’m looking for a backend I don’t manage.

                                                              1. 4

                                                                Don’t use calc() for that. Use flexbox or css-grid. That way you doesn’t even need a fixed size and the centered content can be dynamic.

                                                                calc() should be for edge cases that css-grid, flexbox or regular margins-paddings can’t solve, but this problem in particular isn’t one of those.

                                                                1. 1

                                                                  Just curious as someone who hasn’t done a lot of CSS since all these were added (did most of my frontend work around and before 2009). What’s the harm in using calc in this way?

                                                                  I suppose it doesn’t have to recalculate unless the window is resized?

                                                                  1. 1

                                                                    You can’t get in CSS a number that defines “current size of element”, working with percentages in calc just treats them like floating point numbers, not a representation of the elements size.

                                                                    So, you cant calculate properly something if that depends on the elements size, which forces you to: Ignore the size (some times it’s fine) or to fix the elements size.

                                                                    If you use flexbox, for example, you can center the element regardless of the size, because you define some rules about how should be colocated the elements inside a parent element, and the browser just does the maths for you.

                                                                    Plus, using flexbox or grid layout is a declarative way of representing layouts, which is way more readable than messing around with calcs, which should be limited to the bare minimum.

                                                                1. 4

                                                                  Just leaved my old job today, and I start on the new place on monday, so, time for relax and Rocket League.

                                                                  1. 13

                                                                    What tools would you use with such restrictions?

                                                                    A job board.

                                                                    Now seriously: In Windows everything is pointy-n-clicky and is based in Visual Studio/VS Code in some way or another. Going away from that path is just pain and thinking “Why can’t I just use something Unix-y”.

                                                                    Agree with the majority of the rest of tips already given, specially with: “Embrace Visual Studio - it’s a lot better than the Unix crowd gives it credit for.”. Visual Studio does a lot of things, it’s just that, given enough time, slows down without any reason and does a lot of magical things without your explicit permission and it’s hard understanding what the hell it’s doing, and that’s something that unixy people get a hard time while getting used to it.

                                                                    One final thing: If this doesn’t work for you: https://lobste.rs/s/byz48p/fix_windows_10_terminals_use_linux don’t even try, just surrender and embrace PowerShell. Resistance is futile. The rest of terminal emulators are just slower and buggier PowerShell bridges.

                                                                    1. 4

                                                                      Seconding the job board, even though it’s quintessentially nonconstructive advice.

                                                                      I used fullscreened Virtualbox at my job at a large company with heavily-managed Windows developer workstations. This suuuuucked (for one thing, the Windows install plus all the corporate crap reliably wasted 5-6GB of RAM), but I find Windows itself utterly intolerable so it was much preferable to that. I would absolutely quit over being forced to work in the Windows shell.

                                                                    1. 2

                                                                      The secret of good electron apps: Don’t load 30mb of JavaScript code into them.

                                                                      That should be enough for the most of the cases.

                                                                      Edit: The posts concepts might be useful, but I would guess that it’s a solution for not the most common problems out there.

                                                                      1. 14

                                                                        Excellent work. Thanks!

                                                                        1. 35

                                                                          It looks like a part 2 is going to happen. I found a root-level command injection bug in the playground. I don’t think I’m going to be as kind the second time around.

                                                                          1. 20

                                                                            Here’s the details

                                                                            1. 9

                                                                              You know what would be kind? A private email to the author. Or a pull request.

                                                                              1. 87

                                                                                The author was informed and insulted me before banning me from his Discord. The V playground is closed source or I would have submitted a pull request to fix this vulnerability.

                                                                                1. 3

                                                                                  An easy way to get more kindness is to make one’s actions and deliverables match their promises. Doing the other thing can inspire some negativity.

                                                                                2. 1

                                                                                  Can’t wait for Part 2! This one was a great read.

                                                                              1. 40

                                                                                It doesn’t encourage growth. A developer working in Go and only Go will help his business’s bottom line, and the shareholders will be happy, but he will always be a mediocre programmer which is why mediocre coders are so fond of Go.

                                                                                Saying that someone, by deciding to use a tool over other, will be forever a mediocre coder, is just wrong at so many levels, this is disgusting.

                                                                                1. 12

                                                                                  Exactly. Growth is not just about coming to grips with terrible programming languages, or with brilliant but complicated languages.

                                                                                  It comes from learning to work together with others and learning to build complicated, often interconnected, software. This has inherent complexity, both on a technical and human level.

                                                                                  You don’t need to use a terrible language to grow in those things.

                                                                                  1. 11

                                                                                    I’m reminded of the cliche, it’s a poor craftsman that blames his tools.

                                                                                    1. 2

                                                                                      The Law of the instrument, may be a relevant concept to bring up though, in conjunction with your noted cliche.

                                                                                      “I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.”
                                                                                      – Abraham Maslow

                                                                                      That said, I do more strongly align with your stated cliche. I think we are lucky to have such a wide range of quality tools to pick from these days.

                                                                                  1. 7

                                                                                    Working in Go does not suck. The problem is that if you’re not working in something that sucks, you are not growing.

                                                                                    You can work on solving a complex problem using a language that is your ally, not another enemy, and keep growing as a developer.

                                                                                    You shouldn’t think that your tool sucks. Thinking so, should be a red alert saying “switch the tool”.

                                                                                    1. 2

                                                                                      I was gonna troll about maybe just install a Linux if you need it that much, but having to work on Windows with Docker is a huge pain thanks to Hyper-V… Being able to get rid of it would be fantastic.

                                                                                      EDIT: Oh it’s a freaking VM again.