1. 1

    Good one! Could be even better if this blog had an option for a dark mod so we could test it live (even due he shared pictures there)

    1. 1

      On macOS, opening System Preferences and toggling between light and dark changed the appearance of the site for me.

      1. 1

        There’s instructions on how to test it in the post.

      1. 1

        Two major changes that are missing here:

        In PHP 8 all internal functions/methods will have complete type information in reflection. This took a lot of effort and is not quite finished yet. In PHP 8, a lot of things that were previously warnings are now exceptions. This includes the changes done by https://wiki.php.net/rfc/engine_warnings, but also a huge number of error conditions in standard library functions. The general guideline is that any error condition that indicates a programming error and that the programmer should never be explicitly checking for becomes an Error exception. Everything else stays as warnings. This is also still work in progress.

        https://old.reddit.com/r/PHP/comments/ev543b/new_in_php_8/ffu0cj4/

        1. 3

          Great article. As someone who traveled around the world for a few years, earning money from playing street music (then building my own company). We are lucky enough to live in a time where you can work from anywhere in the world.

          I can tell you that it doesn’t matter if you’re a programmer, designer, or a marketer. There are so many different sites like Upwork where you can build your rep and scale.

          1. 1

            Thanks! And also, hey I also used to play street music!

            I played drums in orchestras, rock bands, pop groups, big bands, small jazz groups, latin groups, and also did quite a bit of stilt walking dressed as various kinds of giant animal or robot while also playing drums.

            Here’s a shot of me performing in Dunfermline when I was 16. I’m one of the black ones.

            https://nwsi.co.uk/wp-content/uploads/2013/11/ant-ork-dunfermline.jpg

            1. 2

              Brilliant haha. You should try Perth in Australia ;) Best place for street music

              I sometimes share my experience playing street music while building my company on Quora

              https://www.quora.com/How-do-entrepreneurs-live-without-a-salary-to-sustain-their-families-and-pay-bills/answer/Yuval-Halevi?ch=10&share=9a8ed214&srid=43O3

          1. 1

            Apple should make software improvements that will keep Mac from overheating first tbh

            1. 2

              Are there any benchmarks that actually compare between HTTP/1, HTTP/2 and HTTP/3?

              1. 3

                Talk says no reliable numbers yet.

                Number of round trips can be way down, which helps a lot for latency.

                CPU use is currently higher because of unoptimised UDP stacks and other issues. CPU use throughout the internet will be higher too because there isn’t dedicated hardware for quic routing or quic TLS yet.

              1. 1

                Did anyone try Honeypot? What are the pros and cons compare to CAPTCHA?

                1. 4

                  You can run a headless browser to easily get around most of these, as they’ll render a page just like a legitimate user-agent would. Also, almost everything you try would be an accessibility issue. I’d say just use a captcha technique, and as always, don’t rely on the client for security.

                  Edit: But a few of these would prevent the most basic spam attempts, which is probably a lot of them, so you might as well.

                  1. 4

                    It works very well for some of my forms. It has huge benefit over captcha:

                    • it’s effortless and accessible for users (when done well: be careful about trap fields showing up in screen readers or for keyboard users).

                    • it doesn’t discriminate against users who block trackers. Google’s new Re-CAPTCHA assumes that if Google can’t track you (you’re not logged in to gmail), you must be evil and have to repent by filling the captcha over and over again.

                    The reason it works is that majority of spambots by volume are the dumbest ones. A bot that only does a regex over plain HTML will be sending spams orders of magnitude faster than a bot that runs headless Chrome for every page, and therefore you’re orders of magnitude more likely to be spammed by a dumb bot.

                  1. 1

                    This blog post made me look at Kraken in a positive light. It’s hard to find a crypto exchange who makes you feel like they put security as their highest priority

                    We responsibly disclosed the full details of this attack to the Trezor team on October 30, 2019. We are going public with this vulnerability disclosure now so that the crypto community can protect themselves before a fix is released by the Trezor team.

                    Also, they act in a professional way

                    1. 12

                      With companies like Microsoft and Google stand behind some major open source projects, the “Us” vs. “Them” mentality that ruled in the early days of open source is long gone.

                      Strongly disagree. It’s more like “If we use a Free Software license there’s nothing at all in for Us when FAANG end up reimplementing it but Open Source”, and BigCorp using an open source model to get developers to test and bugcheck (and sometimes develop) their product for free (while the maintainers and core team are still BigCorp employees, making their decision final). The whole Open Source ecosystem is “Us v. Them”, but they are better at propaganda.

                      1. 6

                        We should also always bring up their patent trolling in this. Microsoft has taken over a billion in patent royalties from Android despite not contributing crap. Then, they didn’t use that money to create a great experience for their Windows customer or expand the F/OSS ecosystem. Just enriching themselves in shady ways at other companies’ expense.

                        1. 1

                          “Us v. Them” I find this kind of approach in many niche industries Like the blockchain for example

                          1. 3

                            The sprit of blockchain is an “us v. them” spirit; Satoshi’s words:

                            [Lengthy exposition of vulnerability of a systm to use-of-force monopolies ellided.]

                            You will not find a solution to political problems in cryptography.

                            Yes, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

                            Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own.

                            1. 1

                              Tor

                              It helps Tor is a government project…

                          2. 0

                            Free software and open source are synonyms for all intents and purposes. Do you mean ‘If we use a copyleft licenses there’s nothing in it for us when FAANG end up reimplementing it and releasing their version under a permissive license’?

                          1. 15

                            Great info, just a bit annoying it’s via twitter. Here’s the complete text from all the tweets:

                            As of today, we have about eighteen years to go until the Y2038 problem occurs.

                            But the Y2038 problem will be giving us headaches long, long before 2038 arrives.

                            I’d like to tell you a story about this. One of my clients is responsible for several of the world’s top 100 pension funds.

                            They had a nightly batch job that computed the required contributions, made from projections 20 years into the future.

                            It crashed on January 19, 2018 — 20 years before Y2038. No one knew what was wrong at first.

                            This batch job had never, ever crashed before, as far as anyone remembered or had logs for.

                            The person who originally wrote it had been dead for at least 15 years, and in any case hadn’t been employed by the firm for decades. The program was not that big, maybe a few hundred lines.

                            But it was fairly impenetrable — written in a style that favored computational efficiency over human readability.

                            And of course, there were zero tests. As luck would have it, a change in the orchestration of the scripts that ran in this environment had been pushed the day before.

                            This was believed to be the culprit. Engineering rolled things back to the previous release.

                            Unfortunately, this made the problem worse. You see, the program’s purpose was to compute certain contribution rates for certain kinds of pension funds.

                            It did this by writing out a big CSV file. The results of this CSV file were inputs to other programs.

                            Those ran at various times each day. Another program, the benefits distributor, was supposed to alert people when contributions weren’t enough for projections.

                            It hadn’t run yet when the initial problem occurred. But it did now. Noticing that there was no output from the first program since it had crashed, it treated this case as “all contributions are 0”.

                            This, of course, was not what it should do.

                            But no one knew it behaved this way since, again, the first program had never crashed. This immediately caused a massive cascade of alert emails to the internal pension fund managers.

                            They promptly started flipping out, because one reason contributions might show up as insufficient is if projections think the economy is about to tank. The firm had recently moved to the cloud and I had been retained to architect the transition and make the migration go smoothly.

                            They’d completed the work months before. I got an unexpected text from the CIO: https://pbs.twimg.com/media/EOrKh7AXsAETk4e?format=jpg&name=360x360

                            S1X is their word for “worse than severity 1 because it’s cascading other unrelated parts of the business”.

                            There had only been one other S1X in twelve months. I got onsite late that night. We eventually diagnosed the issue by firing up an environment and isolating the script so that only it was running.

                            The problem immediately became more obvious; there was a helpful error message that pointed to the problematic part. We were able to resolve the issue by hotpatching the script.

                            But by then, substantive damage had already been done because contributions hadn’t been processed that day.

                            It cost about $1.7M to manually catch up over the next two weeks. The moral of the story is that Y2038 isn’t “coming”.

                            It’s already here. Fix your stuff. ⏹️

                            Postscript: there’s lots more that I think would be interesting to say on this matter that won’t fit in a tweet.

                            If you’re looking for speakers at your next conference on this topic, I’d be glad to expound further. I don’t want to be cleaning up more Y2038 messes! 😄

                            1. 7

                              Saw this comment on HN

                              Good lord, this long-winded writing style is maddening to read! Here’s what he changed:

                              Set aSet = new HashSet();

                              to:

                              Set aSet = new HashSet(0);

                              His explanation:

                              “Most of these sets were empty for the entirety of their life, but each one was consuming enough memory to hold the default number of entries. Huge numbers of these empty sets were created and together they consumed over half a gigabyte of memory. Over a third of our available heap.”

                              I’m not sure he ever got around to explaining how it saved “half a million dollars”, though.

                              1. 5

                                Do you agree with this quoted comment, or are you critical of it?

                                Because to me it’s the worst of HN - an attempt at a TL;DR that’s simultaneously wrong and snarky.

                                There’s no mention of the discussion about how and when to optimize, no mention of the circumstances of the fix (old legacy code written in old Java), and it implies that anything longer than a tweet is not worth anyone’s time.

                                I was going to ask for a link to the quote but now I’m glad to let the author of this comment languish in obscurity.

                                1. 5

                                  I kind of agree with the meat of the comment, though the tone seems a bit harsh. It’d be nice IMO to start with the change itself, then go onto why it was a huge boost, and then go into the discussion on how and when to optimize etc.

                                  1. 3

                                    My bad, I should have given some more context

                                    Link to the original comment:

                                    https://news.ycombinator.com/item?id=21937783

                                    I commented it here because I found it pretty odd. As a non-developer guy who is pretty into tech, I think that HN community (also /r/programming on reddit) people are too critic towards other community members

                                    1. 2

                                      Thanks for clarifying, and I’m not going to interact with that comment on HN ;)

                                      I do hope that the discussion here is held to a higher standard. I enjoyed the linked post, and found it insightful.

                                1. 10

                                  It is buried in the footnotes of the post, but the ultimate reason behind going closed source is that Google built their enterprise GDrive syncing client for mac off a fork of osxfuse. The original author of osxfuse feels entitled to some compensation for that and is doing his damnedest to make it happen.

                                  source

                                  1. 8

                                    The original author of osxfuse feels entitled to some compensation for that and is doing his damnedest to make it happen.

                                    If he have used copyleft (GNU GPL) license, he would be able to do dual-licensing and negotiate that compensation.

                                    1. 3

                                      He didn’t really choose the license though. This is a fork of macfuse, which was written and released as open source by… Umm… Google.

                                      1. 4

                                        I do not know the history of this software. But (3-clause) BSD is compatible with GPL so you can license your contributions (new code) under GPL and distribute the whole work under GPL.

                                      2. 2

                                        That applies to the previous BSD style licence too. I.e. if a giant megacorp like Google wanted to support this single developer they could have, but they chose not to. I don’t think GPL would have changed this. I suspect it would have meant they would have just developed the necessary features themselves, in house.

                                    1. 41

                                      Saw this comment and I couldn’t agree more:

                                      Twitter has repeatedly demonstrated that they are not a developer-friendly company and that you should never build anything on their APIs. Since day one, they’ve done nothing but crack down on 3rd party development and peel away access. They are the last company that should be trusted to develop an open standard.

                                      1. 1

                                        The developers behind Redox are great

                                        1. 2

                                          What did they use to build the moving illustration at the beginning?

                                          1. 3

                                            Maybe mathbox according to the HTML.

                                          1. 1

                                            Mostly applications that have been port to browser, are just not working as good as the original

                                            1. 2

                                              The next challenge should randomly change the input focus of the window

                                              1. 31

                                                You took the UX to a whole new level. Good one.

                                                1. 7

                                                  I disagree, since it took me a few to realize the sliders were even moveable, and moving them at an angle is a PITA. It looks just fine without the rotation. Function > form, please.

                                                  You can fix it using your browser’s inspector to disable the transforms in the TelescopeExplorable__controls CSS class.

                                                  1. 14

                                                    I’d say you’re right when it comes to a real-world application, but for a demonstration/PoC, I was quite impressed, even if a linear transformation isn’t that foreign at first.

                                                    1. 11

                                                      It seems to be just a bit of fun and made me say, “Wow!” It would seem appropriate to be positive about this rather than complain.

                                                      1. 0

                                                        I find @icefox disagreement explained and well justified.

                                                        You might not like the negativity of the comment, nevertheless it’s pretty subjective and probably helpful for the author of the page.

                                                      2. 8

                                                        This is definitely something I was worried about when I skewed the controls, which is why I limited it to a 6 degree rotation. Thanks for the feedback - sometimes it’s a balancing act between whimsy and usable, and I tend to agree with you that usability is non-negotiable.

                                                        What were you looking for with the sliders - an initial focus state?

                                                        1. 3

                                                          Thanks for taking my griping gracefully, sorry if I was overly grumpy. I should maybe just not post first thing in the morning. :-)

                                                          With the sliders, it was more the fact that they were rotated at all that made my mind skim over the fact that they were real, and the fact that they’re in a non-platform color/style didn’t really help. I just automatically assumed it was a static image, ‘cause it countered expectations. It just took a while for my coffee-deprived brain to process “wait, you CAN rotate UI elements, can’t you?” and try it.

                                                          1. 1

                                                            no worries! I always appreciate feedback. And that makes total sense about the rotation and custom styles - I’ll keep that in mind for the future. Thanks!

                                                    1. 1

                                                      Vitalik should discuss how we can stop the price manipulation by fraudulent actors.

                                                      1. 1

                                                        Vitalik was the most fraudulent actor in Etherum from day one.

                                                        1. 2

                                                          Hm, if you founded/invented it and people believe in you without checking it, can you even call that fraudulent if he benefits the most? :)

                                                          PS: Not a fan of cryptocurrencies, so I assume the worst scams per default. I know nothing about Vitalik Buterin except what’s on the wikipedia page.

                                                      1. 0

                                                        I mainly use Facebook for events, it feels like there’s no alternative for it atm, partly because of the network effect where small and large organizations keep posting their events only to Facebook.