1. 26

    The security issues outlined by this article are clear, so I won’t comment on them. I did want to comment on this peripheral point:

    This same vulnerability also allowed the attacker to DOS any user’s machine. By simply sending repeated GET requests for a bad number, Zoom app would constantly request ‘focus’ from the OS.

    I’ve long thought that OSes (or WMs, whatever) should pretty much never bring a window (or dialogue box, or any such UI element) into view, or take input focus (keyboard or mouse) without explicit user interaction (i.e. key press, mouse click or screen tap). Instead, they should indicate to the user that some application or widget “wants attention”, for example by making an application’s entry in the WM’s task bar blink/flash. Then, the user can choose to take explicit, manual action (e.g. in this example, click on the task bar) to bring the window or other UI element up to z-index 0 and allow it to take input focus.

    Time and again, all through the years, we experience the UX pain of happily and intentionally typing (or clicking) in one UI element, and something pops up, takes input focus, and we unintentionally send keystrokes or mouse clicks into that surprise UI party crasher. How many decades of UI and UX research have come and gone since the earliest GUIs came on the scene? This kind of thing should never happen – yet, it does, and I find that just a little ridiculous.

    I welcome any counterexamples showing a case where it would be a good thing for a new UI element to steal input focus without the user first performing an input.

    1. 14

      If you peruse Raymond Chen’s blog at Microsoft, there are multiple entries about customers who want to make sure that their window is placed front and center and grabs all input. It’s easy for even a non-malicious application developer to convince themselves that their product is so good that this behavior will actually be welcomed by users.

      Chen does not agree, by the way.

        1. 1

          Thanks!

          It does look like both items link to the same post, though.

          1. 3

            Oops, copy/paste failure. Sorry about that! I’ve fixed the second one.

      1. 5

        I recently switched back to a Linux laptop, and a feature I love over OSX is that when an app wants focus, instead of just taking focus, PopOS (probably gnome?) displays a toast saying “NeedyApp is ready”. I can switch to it when I’m ready too.

        1. 3

          When my terminal opens a system dialog to unlock my password manager. I’ve hardcoded that as the only exception to “no stealing focus” in my i3 config.

          1. 3

            What does your “no stealing focus” config entry(-ies?) look like?

            1. 2

              I see your point, and can accept that others have different preferences, but if it were me, I’d let such a thing remain not an exception, and just stay unfocused and flashing in the task bar. But then, I reboot scarcely 5 times a year, so unlocking like this is something I rarely do.

            2. 1

              Indeed – I’ve been thinking lately that UIs should be given much of the same consideration we give to APIs regarding things like race conditions (as in your example) and backwards compatibility. The user, after all, is ultimately another component interacting with other components of the overall system…

              1. 1

                Reminds me of the javascript popup-bombs from the early 2000s. A never ending stream of popup windows and dialogues, close one and three appear.

              1. 16

                Using a static site generator means that you have to keep track of two sources: the actual Markdown source and the resulting HTML source.

                This is not representative of my experience. I can delete my generated /public folder and re-run Hugo again to generate a new site. I only have to keep track of my source.

                Finally, you constantly have to work around the limitations of your static site generator.

                This is very true. I use Hugo, and it changes very fast, often breaking some things. Also, it started out as a blog site generator, and adding features to make it a generic site generator has required paying attention to releases and updating my custom theme to prevent my site from breaking.

                But how can I then keep the style and layout of all my posts and pages in sync?

                I actually think this is kind of neat. I like the idea of a web of interconnected pages each similar but a little different, evolving over time. It reminds me of the old web.

                🤔 I should redesign my website.

                1. 5

                  Hugo is dang frustrating. Recently I accidentally updated it from the distro, jumping ahead 15 versions. At some point they made pygments go from rendering my site in <100ms to rendering in 15s. Then I tried switching to Chroma, but it turns out there’s no extension system, so to tweak my code highlighters I needed to manually compile Chroma and then manually compile Hugo.

                  Then I found out that you use a tweet shortcode, you can’t preview your site offline. That broke me and I went back to a 2016 build.

                  1. 1

                    I feel you. That is why I use specific versions of hugo for my site, not one supplied by a distro.

                    Also I recommend using hljs. I like it (progressive enhancement) better than the pygments. I’ve had some problems with pygments in the past, but I cannot recall it. (Also had some minor annoyances with hljs, but I’m generally OK with it).

                    Regarding the tweet shortcode… I never used that (I prefer screenshots of tweets and links, as I do not trust linking third party sources. They can change/disappear, and it would ruin my point). Could you link an issue or something so I could understand it? It made me curious.

                    1. 1

                      Yeah, I think I’ve been lucky in that not much has broken for me.

                      The biggest issue I ran into a couple of months ago was a change that prevent me from using a / in a tag name to fake sub-paths. I used this to match my old URL schema from before I was using Hugo.

                      Hugo removed (”“fixed””) the tag issue, so I updated my blog to use another solution, BUT then Hugo reverted the change. Ha!

                    2. 4

                      I used to write my blog (for the past 19 years) in raw HTML. Then a few months ago I implemented my own markup language (based upon Orgmode with a lot of extensions for how I write posts), but I still only keep the rendered HTML, not the original source. That way, I’m not stuck with supporting outdated versions of my markup formatter.

                      1. 2

                        This is not representative of my experience. I can delete my generated /public folder and re-run Hugo again to generate a new site. I only have to keep track of my source.

                        But even then, you must keep both the source and the result in your head, because you have to worry about how your Markdown will be translated to HTML (dependent on the version and implementation of Markdown) and how your posts will be arranged in public/.

                        This is very true. I use Hugo, and it changes very fast, often breaking some things. Also, it started out as a blog site generator, and adding features to make it a generic site generator has required paying attention to releases and updating my custom theme to prevent my site from breaking.

                        This is a great summary of the problem! Websites created with static site generators are quite fragile.

                        1. 4

                          But even then, you must keep both the source and the result in your head, because you have to worry about how your Markdown will be translated to HTML (dependent on the version and implementation of Markdown) and how your posts will be arranged in public/.

                          I’m still not aligned with you on this. I do have to think about my HTML when I am building my custom theme, not when I’m building the site or uploading it.

                          The only thing I have to consider when creating new content is where my feature image is located and use the correct path in my content’s meta data. The thumbnails and their use in the page are auto-generate, and the content is put where it needs to be, and related links menu items and homepages are all updated per my theme.

                          1. 1

                            I suppose it depends on what type of content you write, but I find it hard to maintain things like footnotes and tables across different implementations of Markdown and static site generators (or even the same generator but a different version). Not to mention things like elements with custom classes and inline HTML.

                            What I mean is, if you’re writing HTML directly you always know what the resulting HTML will be. If you write in Markdown, you always have to spend time thinking about what the HTML will look like. You usually have a good enough idea, but you could be wrong.

                            1. 1

                              What I mean is, if you’re writing HTML directly you always know what the resulting HTML will be. If you write in Markdown, you always have to spend time thinking about what the HTML will look like.

                              I think this is why I hate ORMs. Instead of just writing the SQL I want, I have to learn how to express it in whatever weird interface the library exposes – assuming it’s even expressive enough.

                              1. 1

                                Is Markdown really in that much of a state of flux?

                                I’m using the OG Daring Fireball edition, I do know that there’s been some work to integrate stuff like footnotes and ToC (which Gruber opposed on philosophical grounds). It’s been frozen since… 2011? 2004

                                I’d rather use a tool that made it easier for me to write a blog post every day (let’s face it, every month more like it) than worry about future incompatibility in the HTML rendering tool I’m using.

                                1. 1

                                  Is Markdown really in that much of a state of flux?

                                  Not Gruber’s Markdown, but yes, certainly if you’re switching between implementations (or versions thereof) or static site generators (or versions thereof) that use different implementations.

                                  I’d rather use a tool that made it easier for me to write a blog post every day (let’s face it, every month more like it) than worry about future incompatibility in the HTML rendering tool I’m using.

                                  Indeed – that’s exactly how I feel writing posts in HTML. Nothing can go wrong, no matter what system I’m using or what programs I have installed.

                            2. 2

                              Websites created with static site generators are quite fragile.

                              Only if the site generator ever changes. I use one written in Clojure that has not been changed in years.

                              1. 1

                                That is why I made my own. A few lines of Python and your ready.

                              2. 1

                                I actually think this is kind of neat. I like the idea of a web of interconnected pages each similar but a little different, evolving over time. It reminds me of the old web.

                                🤔 I should redesign my website.

                                This cracked me the hell up :D

                              1. 12

                                This appeals to me. However:

                                But how can I then keep the style and layout of all my posts and pages in sync? Simple: don’t! It’s more fun that way. Look at this website: if you read any previous blog post, you’ll notice that they have a different stylesheet. This is because they were written at different times. As such, they’re like time capsules.

                                While that’s kind of cool in its own way, I don’t prefer it. Especially when it comes to a site menu.

                                My first web sites were hand-coded HTML. My motivation to learn PHP was that I wanted a consistent menu across all pages, and copy-paste was not maintainable, so I landed on PHP’s include. From there it was down the rabbit hole to becoming a web developer.

                                I use a static site generator now for nathanmlong.com, which I mostly write in Markdown. It wouldn’t kill me to write HTML, but I don’t want to copy and paste a menu everywhere.

                                1. 8

                                  Case in point about the downsides, the cv link is correct on the author’s homepage. It is not correct on this page. That’s an easy mistake to make, and I’ve definitely made versions of it. However, it’s much more pleasant to fix when you can fix it everywhere by updating a template.

                                  1. 3

                                    Thanks for the heads up :-)

                                    Edit: Solved by sed -i 's,href="cv",href="../cv",' */*.html. In my mind, simpler than a CMS or static site generator.

                                    1. 3

                                      “Simpler”, sure, maybe. At least for now. But maybe it won’t always be such a trivial sed command. Maybe you wrote the html slightly different in certain spots.

                                      A simple or custom-built static site generator would avoid mistakes like this altogether. You could have one file for your head element. Nicer menus, sidebar, etc. And you could still write most or all of it in pure html if you wanted to.

                                      Simpler doesn’t necessarily mean better.

                                      1. 1

                                        If you need the same template for all of your pages, then yes – a templating engine is a good idea.

                                        But if you don’t need this, then a templating system makes the process unnecessarily complicated. Creating a template in a special language and fitting all pages to the same mold takes much more effort than most realize, especially in comparison with just writing single HTML pages.

                                        For example, look at my software page. I have some fancy HTML and CSS to render sidenotes in the margin (unless you use a small screen). Because the page is “self-contained”, I don’t have to worry if I ever edit the style sheet for other posts. But if I used a templating engine, I would have to worry about it.

                                  2. 5

                                    Everything old is new again (or something like that)… you can always use server side includes for common elements.

                                    1. 2

                                      I like keeping my content and the final HTML site separate, and using the content to generate the site. It makes my content more flexible, but also makes generating the global menus easy, which is important to me so that my readers get a good experience.

                                      1. 2

                                        I haven’t actually used it but the caddy web server appears to have built-in templating features: https://caddyserver.com/docs/template-actions

                                        1. 1

                                          Dreamweaver supported keeping sites’ themes consistent when I tried it long ago. It was templates or something. Maybe one of the open editors can do that, too. Otherwise, it would be a good feature for them to add.

                                          1. 1

                                            I hear you. I think the obvious solution then is to use something like PHP or SSI. Of course, that’s another layer of complexity, but not as much as a static site generator or CSS.

                                          1. 10

                                            Meditate Before Interviews - Even if it’s just watching your breath for 5 minutes. I find that doing this helps reset the mind and reduces subjective experiences of anxiety.

                                            This is good advice, but a surprising number of people have a real trigger around the word “meditation”.

                                            It’s super silly but it’s a thing. For a great example of this listen to the end of the latest “User Error” podcast (bunch of guys from the Linux community discussing generally non technical questions asked by listeners) around 19:20-19:30 where one of the hosts meditates, and the other two British guys utterly TRASH the idea.

                                            It’s a good point overall though. You’ve got to be relaxed and, in my view, at least as importantly, projecting an air of utter “I’ve GOT this” self confidence. People can positively smell it, and in my career I have found it to be essential in successful interviews.

                                            On a totally unrelated note, was the use of visible #####’s as headers intended or was that supposed to be rendered markdown?

                                            1. 8

                                              That’s an intentional part of the CSS. I wanted it to look hackery.

                                              1. 7

                                                That’s clever. I was so pleased when I went into readability mode and it actually worked!

                                              2. 6

                                                For people who are not open to meditation there is Progress muscle relaxation, a technique that can be used to calm down. It involves focusing one’s attention on a muscle group, tensing it, holding, then releasing it, and allowing oneself to calm as the tension leaves.

                                                I use it as part of my meditation practice.

                                                1. 2

                                                  Thanks for that. Gonna see if my wife will give that a go, she’s definitely in the “meditation? I can’t do that” camp.

                                                  1. 4

                                                    Progressive, muscle relaxation worked for me as a sleep aid when I was younger. I think it’s a mix of physical and placebo effects.

                                                    1. 3

                                                      I think there’s a goodly dollop of neurological in there too.

                                                      Even if the phrase “meditation” gives you hives, I’m pretty sure there’s a fair bit of science around the idea of a relaxed state with very regular brain wave patterns having various positive effects on the subject.

                                                      I don’t know if it’s gone out of vogue or disproven, but I remember some such being under the heading of “the relaxation response”.

                                                      1. 3

                                                        My dad brought someone in to teach me this when I was a teenager too. It was surprisingly effective, I’ve got to be honest.

                                                1. 6

                                                  I like to buy from Manning. I get PDF/Epub/Mobi and a physical book. For novels and most non-fiction I prefer to read on my eInk reader. It’s nice. For technical books, or where I know I’ll be flipping back and forth, I find it easier to read a physical book, but I also want the PDF because it is very convenient to have it on my iPad.

                                                  1. 10

                                                    Back when WordPress was released in 2003, the competition was unconvincing.

                                                    One of the competitors was Movable Type, which ironically was a static site generated from templates. WP won in part because it was purely database-backed and could be generated dynamically.

                                                    Markdown was developed in part as a plugin to Movable Type:

                                                    Markdown works with Movable Type version 2.6 or later (including Movable Type 3.0).

                                                    1. 3

                                                      I originally used Movable Type for a punk rock blog, and migrated to WordPress because it was easier and faster to add new content. Movable Type was a Perl application, and required a rebuild on every change. It wasn’t so bad when add a new individual piece of content, as that page would be build and saved. It was with theme development that Movable Type became clunky. A rebuild was required for every change. The rebuild time really wasn’t that long, but it did not lend itself to small quick changes in quick succession. WordPress was nice because a change/save/F5 was all that was needed to see my little tweak.

                                                      Movable Type wasn’t horrible on a rebuild. For new individual content it only rebuilt the content and any tags or category pages needed. Even the full site rebuild had options to limit what was actually rebuilt. If they had made it faster, as fast as Hugo is now, I would have been happier with it and might have stayed away from WordPress.

                                                      1. 1

                                                        Yeah, I started using a hosted MT blog (hi Symbiandiaries!) then migrated to a (dynamically) generated Blosxom install. I’ve since started using Blosxom in static mode.

                                                        Interestingly, MT is still around - https://www.movabletype.com/. I think they pivoted to professional CMS’ a while ago.

                                                        1. 1

                                                          Isn’t it weird how a fork of b2 because the world’s most popular CMS?

                                                          1. 1

                                                            What was B2?

                                                            1. 3

                                                              A PHP based CMS.

                                                              https://b2evolution.net/about/b2evolution-vs-wordpress

                                                              I actually know the creator of the software, I’ll see if he’s interested in commenting.

                                                      2. 2

                                                        Bruce Schneier’s blog uses Movable Type. That’s how I found out about it.

                                                        1. 2

                                                          Way back in the day, so many important/interesting people in the web design and dev world used MT that it still biases my reaction to sites that obviously run MT today, or use a theme based on the old MT default.

                                                          1. 1

                                                            Was moveable type closed source back then?

                                                          1. 27

                                                            Maybe I’m old and bitter.. but I have serious concerns about how we as a community can get captured by Microsoft via things like GitHub and their Citus Data purchase. “We” struggled to keep up with free implementations of things like CIFS and now some popular open source resources are under Microsoft’s control.

                                                            We risk that all the people able and willing to do important work are all tied up on Microsoft products and don’t have the energy or legal freedom to work on open source.

                                                            1. 24

                                                              I think we should be extremely careful. For may people e-mail means Google Mail, search means Google search, social network means Facebook/Instagram/WhatsApp.

                                                              It is not inconceivable that GitHub becomes synonymous with development, especially with the strong backing of Microsoft. Network effects are extremely strong and I think we are already at a point where a lot of (newer) developers don’t know how to do code reviews outside GitHub PRs, only consider putting their open source projects on GitHub in the fear of missing out on contributions, and/or put their projects on GitHub since it gives the largest opportunity to get stars which are good for their resume/careers.

                                                              This trend of tying more and more things from GitHub into GitHub makes things worse, since additions to GitHub are not a level playing field anymore. GitHub can make all the APIs that they need, 3rd parties have to use whatever APIs GitHub chooses to make available.

                                                              We should try to make more and more projects available through sr.ht, GitLab, and other ‘forges’ to ensure that there are healthy and viable alternatives.

                                                              1. 8

                                                                I hesitate to reply since I don’t have much to say that goes beyond “me too”, but in this case I think the importance of the subject merits a supportive response anyway. I very much agree with these concerns and would like to thank everyone who’s raising them.

                                                                1. 2

                                                                  I would love to ditch GitHub as:

                                                                  1. its been ugly for 2 years now https://twitter.com/mdo/status/830138373230653440

                                                                  2. its been bloated for several years

                                                                  3. its closed source https://github.com/github/pages-gem/issues/160

                                                                  but the alternatives i know of are even worse. sourcehut doesnt even offer HTTPS push:

                                                                  Date: Fri, 16 Nov 2018 14:07:39 -0500
                                                                  From: Drew DeVault <sir@cmpwn.com>
                                                                  Subject: Re: Welcome to sr.ht!'
                                                                  
                                                                  On 2018-11-16  1:04 PM, Steven Penny wrote:
                                                                  > I would prefer to write over https not ssh, is it possible
                                                                  
                                                                  This is deliberately unsupported - SSH is more secure.
                                                                  

                                                                  GitLab doesnt offer contributions in last year:

                                                                  https://gitlab.com/gitlab-org/gitlab-ce/issues/47320

                                                                  and their commits use… shudder infinite scrolling:

                                                                  https://gitlab.com/gitlab-org/release/tasks/commits/master

                                                                  1. 2

                                                                    sourcehut supports HTTPS cloning but only SSH pushing

                                                                    1. 1

                                                                      corrected thanks - I want HTTPS clone and push - seems silly to offer only 1

                                                                2. 5

                                                                  GitHub is popular now. If they start abusing their power too much then there is plenty of competition.

                                                                  Since you mention you’re old, do you remember when SourceForge was great and all the developers would host their projects there?

                                                                  1. 4

                                                                    I don’t remember SourceForge relying on network effects that much though. Sure, the source and releases were there, but I don’t think all of the development activity was tied up to it, was it?

                                                                    1. 7

                                                                      SourceForge also provided mailing lists and that was probably the primary code review and support channel for many projects.

                                                                      1. 5

                                                                        SourceForge also had issue tracker. It was headache to migrate. For example, Python project wrote custom tooling to migrate SourceForge issues.

                                                                        1. 3

                                                                          It was also a all-in-one platform and people who learned to contribute to one project could translate that knowledge to the other projects.

                                                                          At the time there were much less integrations between services and there were at least an order of magnitude less developers, so it doesn’t translate 1:1.

                                                                          One advantage GitHub has is all the special treatment for tooling but other than that I don’t see the network effect being too strong. Developers are the best equipped to escape. Projects are still independent from each-other and it’s easy to migrate projects to GitLab if necessary. If fact they must have seen a lot of projects leave already after the Microsoft acquisition and I bet they are being extra careful, which is good for us :)

                                                                      2. 3

                                                                        We risk that all the people able and willing to do important work are all tied up on Microsoft products and don’t have the energy or legal freedom to work on open source.

                                                                        Is this risk related to GitHub Sponsors in any way?

                                                                        1. 2

                                                                          Agreed. This should be obvious and I’m surprised people who care about free software are giving GitHub any attention at all.

                                                                          1. 1

                                                                            And our battle cry will be “Remember Stacker”.

                                                                          1. 4

                                                                            Does anyone know if this is intended to be a separate product, or if it a test ground and would eventually replace Firefox on Android, and carry the Firefox name instead of Fenix.

                                                                            Fenix, if I remember correctly, was the original name of Mozilla’s Android browser.

                                                                            1. 4

                                                                              It will replace the old Firefox for Android browser. Fenix is the internal code name (just like the old browser’s code name is Fennec), and won’t be branded that way to the public.

                                                                              1. 1

                                                                                Fennec

                                                                                ah.. that’s what I remember. The little fox with the huge ears.

                                                                              2. 1

                                                                                I believe that it is expected that Fenix eventually becomes the “regular” Firefox for Android.

                                                                              1. 3

                                                                                I remember Matt’s Script Archive was the premier place to get software. I used the Perl message board for a long time.

                                                                                1. 14

                                                                                  Nice write up. I actually didn’t know about A, so I’ll be using that today. I usually do $i or $a to insert at the end of a line.

                                                                                  52gg jump to line 52

                                                                                  I might be wrong, but I think you can also do :52 to go to line 52.

                                                                                  1. 10

                                                                                    And also 52G

                                                                                    (gg is a vim-ism, so if you’re just using plain old vi you need to use <number>G or :<number>)

                                                                                    1. 10

                                                                                      I might be wrong, but I think you can also do :52 to go to line 52.

                                                                                      I love using this command. It is also possible to copy or move by expanding the command. Using :52co12 will copy line 52 to below 12. Using :52co. will copy below the current line. It even works with ranges :52,55mo. will move 52 through 55 to the current line.

                                                                                      1. 10

                                                                                        53,55norm! A; will at a semicolon to the end of every line in that range

                                                                                      2. 3

                                                                                        Thank you!

                                                                                        Yep, I actually prefer the :52 style but I didn’t want to get into explaining : commands for beginners for this article. ;-)

                                                                                        1. 1

                                                                                          I usually avoid ‘$’ because I’m less accurate typing it haha!

                                                                                          1. 3

                                                                                            I have a very small keyboard so R, $, and 4 are the same key, but with different modifiers.

                                                                                            1. 2

                                                                                              is it a Planck?

                                                                                              1. 2

                                                                                                Yup!

                                                                                                1. 2

                                                                                                  I’ve been using one for more than a year now. I like it so much, specially that, by default, the escape key replaces caps lock, it’s perfect for vim.

                                                                                            2. 1

                                                                                              Cool kids do nnoremap L $.

                                                                                              1. 1

                                                                                                That’s a good idea. Unfortunately, I work in two separate vim-emulating editors which don’t support these gizmos.

                                                                                                1. 1

                                                                                                  I actually use L M and H quite a bit, especially when I need to look at neighbouring code. I don’t use the split feature very often, though, do you?

                                                                                                  1. 1

                                                                                                    Even cooler kids do:

                                                                                                    " Jump to first character or column
                                                                                                    noremap <silent> H :call FirstCharOrFirstCol()<cr>
                                                                                                    
                                                                                                    function! FirstCharOrFirstCol()
                                                                                                      let current_col = virtcol('.')
                                                                                                      normal ^
                                                                                                      let first_char = virtcol('.')
                                                                                                      if current_col <= first_char
                                                                                                        normal 0
                                                                                                      endif
                                                                                                    endfunction
                                                                                                    

                                                                                                    Explanation.

                                                                                                    (I realise you were talking about nnoremap L $ and not nnoremap H 0, but I think the two ideas are related and I thought this might useful to somebody out there).

                                                                                                    1. 2

                                                                                                      That can be a lot shorter with expression mappings. This is what I map (to Home):

                                                                                                      noremap <expr> <Home> col('.') is# match(getline('.'), '\S') + 1 ? '0' : '^'
                                                                                                      imap <silent> <Home> <C-O><Home>
                                                                                                      

                                                                                                      Expression mappings are really useful!

                                                                                                      Some other notes:

                                                                                                      • normal means that Vim will use the currently mapped key, rather than the default one. So if you nnoremap 0 .... then your mapping may break since normal 0 will run that mapping. Use normal! to always ignore user mappings. You should almost always use normal! unless you have a specific reason not to.

                                                                                                      • You can create a script-local function with fun s:FirstCharOrFirstCol() and then refer to it with nnoremap H <SID>FirstCharOrFirstCol(). I personally much prefer this as it doesn’t pollute the global namespace so much with what is essentially useless stuff.

                                                                                              1. 1

                                                                                                I’m always a little amazed at my personal preferences. I can barely look at a website with a dark background before my eyes go sideways, but I have to have a dark background for cli and neovim or it’s too bright to focus.

                                                                                                1. 11

                                                                                                  I’ve always wondered why these vi/ex love-letters never mention the use-case of using vi in a shell pipeline[1], which seems to me natural and reasonable. But this use-case is never discussed[2], never featured in breathless one-liners. Anyways I wrote some notes here:

                                                                                                  https://vimways.org/2018/vims-social-life/

                                                                                                  That post is Vim-specific, but Vim follows what POSIX has to say on the matter.

                                                                                                  [1] “in a pipeline” here means pipes on both sides, e.g. echo foo | vim +bar | baz

                                                                                                  [2] yes, I know about vipe.

                                                                                                  1. 3

                                                                                                    Your article is awesome and highly educative, thanks a lot! But then, doesn’t it also kinda answer your own question? In the closing remarks, you seem to mention, that “the precise behavior of -es, for example, was broken in Nvim for years but no one complained”; given that the original vim incantation you listed is quite elaborate already, it could mean that hardly anyone might even know about this feature at all.

                                                                                                    1. 3

                                                                                                      I love using nvim - for reading from stdin. I use it when I know I’m going need more than less to comb through some logs, or odd output.

                                                                                                      I also use nvim + when I generate templates and then want to edit them. I remember being overjoyed when I discovered that it was even possible.

                                                                                                      1. 2

                                                                                                        I love using nvim - for reading from stdin.

                                                                                                        FWIW, the - is not needed since Nvim 0.3.1.[1]

                                                                                                        It’s not clear if your reply is meant to address the question of “using Vim in a pipeline”, but the use-case I was referring to is when something is on the RHS of vim in the pipeline, not just the LHS :)

                                                                                                        [1] When people ask me “what is Neovim’s killer feature”, I just mention this and drop the mic.

                                                                                                        1. 2

                                                                                                          I just tested sending stdout to nvim and it worked without the -.

                                                                                                          Thank you for the tip, and thank you for working so hard on NeoVim.

                                                                                                          1. 1

                                                                                                            That’s wonderful news. I will test with omitting the dash next time. Thank you.

                                                                                                            Yes, my use so far has been limited to the right hand side.

                                                                                                        2. 1

                                                                                                          in my experience vim doesn’t work well with pipes, e.g. opening a list of files with ls | vim doesn’t work, I have to do vim $(ls) (bash) (maybe it works fine in neovim, I should try).

                                                                                                          (for text processing, I prefer using ruby (basically a ruby -e on steroids) as that’s what I’m most familiar with)

                                                                                                          1. 1

                                                                                                            you can type :E to open the file explorer in the current directory which would do that. There also ‘reading from stdin’ like: “ls | vim -”

                                                                                                            https://askubuntu.com/questions/510890/how-do-i-redirect-command-output-to-vim-in-bash

                                                                                                            1. 1

                                                                                                              ls | vim - opens the output of ls, not the files listed by ls. about :E, it’s probably a plugin because in my vim it says:

                                                                                                              Forward to the end of WORD [count] inclusive.

                                                                                                              and I know a lot of people like to browse files in vim (nerdtree, cmd p, etc.) but I prefer using fish’s auto completion from a regular shell

                                                                                                              1. 2

                                                                                                                probably a plugin

                                                                                                                No, :E has standard in vim for a few years, at least since I’ve been using it. I don’t know if it’s in “tiny vim” a lot of distros ship with though.

                                                                                                        1. -1

                                                                                                          Sometimes the politeness is hedging against wasting time typing up a long an lengthy question that it turns out no one is around who can answer.

                                                                                                          1. 4

                                                                                                            Any time spent typing the question generally helps clarify it in the asker’s mind—I’ve often answered my own questions just through the process of thinking hard enough about how to ask them, be it after joining an IRC channel in order to ask the question or going to a colleague. I wouldn’t say it’s ever a waste!

                                                                                                            1. 1

                                                                                                              At least when you type it once, you can copy/paste it around to different places

                                                                                                            1. 2

                                                                                                              OP here,

                                                                                                              wow so many good answers, I am a bit overwhelmed. I’ve been following the replies and checked most of the apps mentioned here, even if only briefly by going to their website. I didn’t mentioned there but I was a user of Day One long time ago, before switching away from macs for some years. It was the first thing I checked this week when I got back on a mac and deciding against it was what actually drove me here in the first place.

                                                                                                              org-mode sounds fantastic, I haven’t yet heard any bad review about it from anyone who uses it but even though I know just enough emacs to cause me trouble, I think I’d probably spend more time tweaking my .emacs then actually journaling.

                                                                                                              While I was reviewing the awesome options shown here, I came to realize that my main problem regards journaling is actually friction. I want to have minimum friction and a flexible system, mostly to work as a fancy diary. TiddlyWiki sounds like the perfect solution for recording documentation for my clients, so that if I need to revisit their project in the future it becomes easier, but maybe it is not the journaling solution I am looking for.

                                                                                                              As mentioned in the original question, I was temped to just dump digital and go with paper. And then the reply by @objectif_lune got me quite curious. So I ended up going with paper and got myself a really nice Hobonichi Techo Planner in red. I already kept other notebooks and have a more pens that it should be allowed.

                                                                                                              For searching and tagging, I will try to keep an index page like people who do bullet journal do. Maybe it will be enough. If it isn’t I will probably pick one of the nice CLI tools mentioned here like jrnl, they look quite good.

                                                                                                              Anyway, thanks a lot for all the replies. This community is great. Thanks for en arging my knowledge of note taking apps and providing me with a window to glimpse into everyone routine. I really appreciate that.

                                                                                                              1. 1

                                                                                                                One of the challenges I’ve had with journaling software is local versus cloud/web. I used to use WordPress as a private blog. Being that it was available to me in any web browser I wrote in it very often. Once I moved to editing text files on my computer I wrote less, as I was on my work computer, or phone, more often than on my personal laptop.

                                                                                                                I’m working on my journaling tool now, and these are questions I need to answer. Should I make it a desktop app, should I make it a web based tool. If it’s web based it will be really convenient for me to use, and I’ll probably use it more often. But the cloud is just someone else’s computer, so how do I balance privacy and security with convenience.

                                                                                                                1. 1

                                                                                                                  I personally am very glad that I made my own journaling tool web based. I had a desktop app prototype, but having a place to dump my thoughts that both my phone and laptop(s) can use has been quite handy

                                                                                                                  1. 1

                                                                                                                    I was thinking about it again today, and I agree with you, it’s going to better if it’s a web app.

                                                                                                              1. 20

                                                                                                                As the article points out, this wasn’t due to vandalism, but merely negligence — they never made backups. But it’s even worse than that — this wasn’t a sudden hard drive failure, but a server migration gone wrong. It was entirely self-inflicted.

                                                                                                                1. 4

                                                                                                                  It’s not clear to me that MySpace didn’t have any backups at all; this just seems like an assumption. Another possibility is that they did have backups but lost the backups as well, or that the backups were corrupted too.

                                                                                                                  I tried to find a more detailed article, but I can’t find anything. This reddit post inspired a few news stories, but this looks like all the info we have from MySpace (which is from 7 months ago).

                                                                                                                  It’s not hard to imagine how that may have happened; the old servers were set up by people who no longer work there. Due to full disk or whatever the backups aren’t being created any more, and the alerts for that go to an email address that no one reads.

                                                                                                                  1. 1

                                                                                                                    Another option is that they lost it on purpose, and saying it was a failure is an easier for users to accept than thinking MySpace deliberately deleted everything because they don’t want to pay to host it.

                                                                                                                1. 3

                                                                                                                  I was not very happy with any of the journaling tools that I found, so I started to write my own. https://github.com/NorthernPath/north

                                                                                                                  I want something that saves my data in a format that can be long archived. So I built around everything being stored in simple text files with TOML meta-data, and the directory structure. But, I also want to see related content, and entries over time, which is what North is, it is a viewer into the journal. I believe that journaling is amazing, but reviewing one’s life by looking at past entries is just as important as writing them, and that is the goal of North.

                                                                                                                  1. 1

                                                                                                                    Was interested but there was no description and no screenshots that I could find. Did I miss a giant blinking link?

                                                                                                                  1. 4

                                                                                                                    Bye bye Nginx. It was a great run.

                                                                                                                    1. 9

                                                                                                                      People who immediately say that they’re going to switch to Apache. How exactly do you expect OSS to be developed and paid for? Would you really be much happier if it was part-time volunteers instead of a paid dev team who are the shareholders of their success?

                                                                                                                      Nginx is all BSD licensed, anyone can fork it at any time, if need be. Yet so far, it’s still maintained by nginx.com, even though there was already a fuss once the Inc got formed and funded a number of years ago.

                                                                                                                      P.S. Out of curiosity, how’s the switchover from GitHub to GitLab going, past the Microsoft acquisition?

                                                                                                                      1. 5

                                                                                                                        I do agree that switching just because of such move is not feasible.

                                                                                                                        However, not all Nginx is OSS AFAIK, all Nginx plus features are closed source. I think.

                                                                                                                        1. 5

                                                                                                                          However, not all Nginx is OSS AFAIK, all Nginx plus features are closed source. I think.

                                                                                                                          Yes, and NGINX Plus is not available for a download unless you’re a paying or an evaluating customer, so, what difference does it make?

                                                                                                                          OSS NGINX is a great product by itself, unless you need some of the enterprise-level features, which are often not available in the lightweight alternatives anyways, so, it’s really kind of pointless to be speaking about switching just because the authors got a bit of cash for their hard work.

                                                                                                                          1. 3

                                                                                                                            I agree. I also don’t believe that it’ll make things “worse”, maybe it’ll make things even better with a company at the size of f5 supporting the OSS efforts as well.

                                                                                                                          2. 3

                                                                                                                            And Apache is not a viable choice after Nginx.

                                                                                                                            1. 1

                                                                                                                              I’m curious as to your reasons why not? Doesn’t Apache httpd have event and worker modules that preform as well as nginx? Do you have reasons other than performance?

                                                                                                                              1. 3

                                                                                                                                My concern is ease of configuration. I mostly understand the parts of Nginx config I use, I never really understood the Apache config.

                                                                                                                                1. 2

                                                                                                                                  I have a long history with both, so I feel qualified to answer this. Apache is larger, slower, and is more cumbersome to configure. But it is well tested, packed with features, and is the de facto reference implementation for anything to do with HTTP.

                                                                                                                                  Nginx has a smaller footprint, is fast, easier to configure, and scales much better.

                                                                                                                                  I have heard the difference between the two reduced to this sound bite: Apache is an HTTP server, Nginx is a web server.

                                                                                                                                  1. 4

                                                                                                                                    That sound bite doesn’t make any sense for multiple reasons, one being that Nginx can actually reverse proxy / load balance other protocols than HTTP…

                                                                                                                                    edit: Apache is nearly the same performance today, and Apache has actual features like Cache Invalidation which Nginx doesn’t offer in the open source codebase… which makes object caching useless.

                                                                                                                            2. 3

                                                                                                                              P.S. Out of curiosity, how’s the switchover from GitHub to GitLab going, past the Microsoft acquisition?

                                                                                                                              It’s going great, thanks for asking.

                                                                                                                              1. 1

                                                                                                                                P.S. Out of curiosity, how’s the switchover from GitHub to GitLab going, past the Microsoft acquisition?

                                                                                                                                All came back to GitHub when they enabled free private repositories.

                                                                                                                              2. 3

                                                                                                                                This is precisely the same super flawed logic people used when Redhat bought IBM, Microsoft bought Github. Lather, rinse, repeat.

                                                                                                                                Open source is big business now. This isn’t necessarily a bad thing (though I’ll admit it can be).

                                                                                                                                We have to wait and see how F5 handles their new acquisition..

                                                                                                                              1. 11

                                                                                                                                Here’s the issue:

                                                                                                                                • I write a post on kineticdial.com—it receives a couple hundred reads.
                                                                                                                                • I write a post on Medium—it receives tens of thousands of reads.

                                                                                                                                It really depends on what problem I am trying to solve for. Am I trying to get the content I write to be read by the most people or am I trying to develop a personal brand largely for employers considering hiring me?

                                                                                                                                1. 16

                                                                                                                                  Or you write it on your site and duplicate to medium. Two birds, two stones

                                                                                                                                  1. 11

                                                                                                                                    Or write a new post for Medium and link to a ton of old content on your site.

                                                                                                                                    1. 2

                                                                                                                                      Very true!

                                                                                                                                    2. 13

                                                                                                                                      Genuinely honest question: if it’s a personal blog, why do you care about how many readers you’re getting? I understand that getting absolutely zero views is kinda depressing, but with a few dozen readers, I feel like content. My blog is just my personal space for me to ramble on about things I care. It’s personal.

                                                                                                                                      I guess it’s human nature to always want more, but I dunno, I just don’t feel that with the number of readers reading my blog.

                                                                                                                                      1. 11

                                                                                                                                        Zero views can be depressing only if you measure it :)

                                                                                                                                        I removed all statistics from my pages a while ago (did not check GA before anyway). While I don’t write as often as I’d like to, when I do, I find obliviousness to my content’s reach liberating.

                                                                                                                                        1. 4

                                                                                                                                          I’ve found that just getting higher numbers stops mattering pretty quickly for my personal satisfaction. If someone emails me with a genuine question or complement, it would make my day!

                                                                                                                                          The other day I gave a training talk to a bunch of new employees via video call. One of them recognized me in the hallways and said he thought it was funny, engaging, and interesting. It really did make my day! Much more so than knowing I’m impacting a dozen products by training a dozen engineers. Same goes for code. I know for a fact code that I’ve written touches millions of people every day. But that stat became pretty meaningless quickly. If one of them said they liked a feature I worked on, that would mean a lot more to me.

                                                                                                                                          Fuzzy feelings beat pure numbers for me. I suspect looking at blogging from that perspective will push you toward enabling comments and encouraging tweets and email.

                                                                                                                                          1. 2

                                                                                                                                            True. I don’t have any kind of analytics on my blog either. But I have a couple of friends who follow my blog, so that’s how I know :) But it wouldn’t matter if they stopped reading (perhaps they have already and they’re too polite to tell me), I’d still write about the same things at the same frequency with the same writing style. That’s the beauty of the internet. I hope we don’t ever lose that.

                                                                                                                                        2. 10

                                                                                                                                          I’ve had the opposite experience: my website pieces got far more readers than my medium pieces. This could just be because I’ve written a lot more and my topic has changed, but it’s still a data point.

                                                                                                                                          More importantly to me, I’ve gotten more engagement from website pieces. People are more likely to email me about them.

                                                                                                                                          1. 6

                                                                                                                                            I speculate, but can’t prove, that it helps that the website is a straight-forward, minimalist design that takes people straight to good content without distractions or asking pardon for interruptions. A better, user experience.

                                                                                                                                          2. 4

                                                                                                                                            Interesting; why do you get so many more reads on Medium?

                                                                                                                                            1. 9

                                                                                                                                              Medium has tools for discovering interesting content. You can browse blog posts not just by author, but by category and tag, and at the bottom of every post are “related reads” - links to articles by the same author or by other authors that might be relevant to your interests. Combined with the traffic generated by a cohort of popular bloggers, that means impressions on your own writing are much more likely.

                                                                                                                                              Compare that with a personal website, where people will only discover it if they go to your site specifically, happen to find you on google, or have you in their RSS feed.

                                                                                                                                              1. 3

                                                                                                                                                Medium also recently rolled out a feature where you’re not allowed to read more than N articles without paying.

                                                                                                                                                No idea if it was a one-time thing, as my wife and I haven’t seen it since. But we were both wtf’ing about it.

                                                                                                                                                Beware the shiny tools.

                                                                                                                                                1. 9

                                                                                                                                                  Not the shiny tools: putting trust and data in an organization whose incentives are aligned against you now or potentially in the future. It’s why I strongly push for:

                                                                                                                                                  1. Open formats and protocols with open-source implementations available to dodge vendor lock-in. Enjoy the good, proprietary stuff while their good behavior lasts. Exit easily if it doesn’t.

                                                                                                                                                  2. Public-benefit and/or non-profit organizations chartered to do specific good things and not do specific bad things. Ghost is best example in that area. Alternatively, self-hosting something that’s easy to install, sync, and move on a VPS at a good company like Prgmr.com with local copies of everything.

                                                                                                                                                  Then, you don’t care if the vendor with shiny tools wants to put up a paywall on their version of the service. It will be their loss (No 1) or not happen at all (No 2.) We must always consider economic and legal incentives in our investments of time, money, and data. That’s the lesson I took way too long to learn as a technical person.

                                                                                                                                                  1. 3

                                                                                                                                                    You’re referring to the Medium Partner Program to which the author has to explicitly opt in to. If they do, they get a cut of the payday.

                                                                                                                                              2. 2

                                                                                                                                                what is a read? i have a feeling that most pageloads on medium are not actual reads, unless there are active metrics on the client side.

                                                                                                                                                1. 1

                                                                                                                                                  They distinguish reads from views in their stats page so there’s some sort of client-side logic that tries to determine true reads.

                                                                                                                                                2. 1

                                                                                                                                                  I write on my own website and post it to websites like this. Someone posted a link to my website on hacker news and it hit the top and I got thousands of views without any need for medium

                                                                                                                                                1. 8

                                                                                                                                                  I often follow the same process of ignoring technology until it seems like a long term and viable tool. Though, this has, at times, bitten me. For the most part I try to stay away from anything that looks too cool.

                                                                                                                                                  1. 6

                                                                                                                                                    Past a certain age/maturity you eventually see the things that make something be successful on /r/programming or Hacker News aren’t always the things you’d want to put in production.

                                                                                                                                                    Later, you stop caring about new and shiny altogether.

                                                                                                                                                    1. 1

                                                                                                                                                      Everything old is new, again.

                                                                                                                                                  1. 1

                                                                                                                                                    I’ve been using buffers for 6 to 9 months, or so, and it has drastically changed my workflow. Where I used to have multiple nvim open in multiple tmux windows I now only have one nvim running.

                                                                                                                                                    I have had a couple of hurdles. Switching nvim windows and tmux windows are different key commands, where they used to be the same. It adds a little cogitative overhead.

                                                                                                                                                    Another oddity that I’v experienced is that :bn and :bp don’t seem to cycle in a consistent way. I’ve run :bn and :bp and the buffer is a third buffer altogether.