Threads for aerique

  1. 8

    I’ll be a bit cheap and repeat my HN comment (but then extend a little).

    PDFs are indeed a bit scary.

    A few months back I was triaging a GH issue where someone had attached an .rtf of their failure log and I was definitely tingling at the thought of opening it.

    I felt a bit paranoid doing it, but I curled it down on a different laptop, went offline, and then checked to see what file thought. It reported that the file was actually a PDF and I was almost certain it was a spearphishing attempt. (I’m not a committer on this project, so I probably wouldn’t have been the target if it was.)

    I finally convinced myself to go online to fetch a PDF -> plaintext converter package, go back offline, and see what it found inside. (Though I wondered if the converter itself would ignore or could be vulnerable to the same kinds of exploits.)

    It ultimately just looked like an appropriate log, though I never directly opened it. I decided to risk coming off as paranoid and told the reporter not to do this going forward (and they promptly/happily replaced the attachment with an unformatted copy/paste–better than getting pwned).


    I’ve also heard at least twice in the past ~year through coworkers about attempted surprisingly high-effort (but ultimately not sophisticated) ~spearphishing/scam attempts that we had to assume were driven by orgchart knowledge gleaned from linkedin or facebook.

    • The first was an attempt to run a gift-card scam on someone in a running club by pretending to be president of said club.
    • The second was an attempt to perpetrate something similar (I didn’t get details this time) against a brand-new hire at a small (fewer than 30 employee) ~content company by pretending to be the chief creative talent.

    It seems like there’s more creativity out in this niche than there was a few years ago.

    1. 1

      I’m continually surprised by my peers in IT who should know better just casually sharing links to PDFs in corporate chat and on social media.

      1. 1

        The first was an attempt to run a gift-card scam on someone in a running club by pretending to be president of said club.

        This happens all the time for me.

        People I know get messages on all sorts of platforms, including ones I am not on, asking to buy gift cards and send “me” the code (but it is not me). The context varies. Sometimes it’s a work teammate getting a WhatsApp message that claims to be me (from a random number), sometimes a family member gets a Facebook message from a name like mine (I haven’t been on Facebook in 6 years), but it’s always the same bottom line (paraphrased) “I’m in a bind, I don’t have much time, and I need your help: Please run to a CVS, buy a $50 Amazon gift card and send me the code.”

        It has happened since about 2019 with some regularity.

      1. 4

        I don’t remember seeing the SteamDeck being discussed here. What’s y’all opinions on it?

        Is it the end of linux gaming as we know it with its emphasis on Proton or is it the beginning?

        Personally I finally started to play through my games that support linux backlog and I am impressed with the hardware quality and the improved UI.

        1. 7

          I use my steam deck religiously, albeit not with steamOS or to play much games.

          It is a fairly competent platform for a mobile cyberdeck when combined with Moverio BT-40 glasses, some bone conducting headphones and split thigh-mounted dactyls. Enough horse-power, interesting sensors and controllers and good driver support out of the box.

          1. 4

            That sounds like a very interesting set-up. I’d be interested in reading more about it. :)

          2. 4

            Some of the linux ports were buggy and not updated regulary. I have a few games where the game actually runs better with proton than native.

            The Steamdeck hardware seems to be quite good for the price and I ordered one, but am still on the waiting list.

            I like the idea of a reference platform with a known status for all steam games. Looking forward to use the hardware maybe even as my daily driver with an USB C dock. The power consumption seems to be quite good as well.

            1. 4

              I have one and am happy with it. If there’s ever official Lutris support I will be a very happy camper. (I know Lutris can be installed unofficially, I don’t want to spend time on it.)

              It’s quite a bit bigger than a Switch but for my old eyes that was an improvement. The hardware is not as solid as a Switch (think Steam Controller), I would be afraid of dropping it, but it is also not crap.

              Officially supported games (green checkmark) generally work flawless except sometimes fonts can be harder to read (I had this in Shadow of Mordor and Risk of Rain (2?)).

              I bought and tried about 10 games from this thread of Indie games on sale: https://twitter.com/DominicTarason/status/1541140227560964096 Most were marked “Untested” but worked just fine. Most didn’t even need controller tweaking. Also for mouse games the trackpads work well enough.

              There’s frequent updates to the base system.

              I would definitely recommend the Steam Deck as long as you do not expect AAA games marked as “Untested” to work flawlessly.

              1. 2

                The hardware is not as solid as a Switch (think Steam Controller), I would be afraid of dropping it, but it is also not crap.

                I think this feeling might be due to being quite a bit heavier than the switch. For me I think that’s the biggest issue, it’s heavy enough that I get uncomfortable if I play in certain positions for a while.

            1. 1

              No NoScript?! Possibly one of the greatest security improvements to the browser?

              Great list nevertheless and I learned some new things.

              1. 1

                Can noscript be enabled on a container specific fashion?

                1. 1

                  I do not know.

                2. 1

                  Noscript is good for security - but for me it’s not worth how annoying as it breaks so many websites.

                  1. 2

                    That is a question of priorities. Also, it doesn’t really break websites, just web applications in disguise … ;)

                    Personally, I don’t touch the web without it. It really helps you understand what people are doing, and gives fine-grained control.

                    Another recommended extension is jshelter.org from FSF. And saving webpages with WebMemex is just so much nicer than any of the alternatives…

                1. 6

                  No, that would be guix 😼

                  1. 3

                    Great! I’ve yet to give guix a try because it feels like I wouldn’t gain a whole lot personally over what nix may offer me. What would you say are your main selling points?

                    1. 21

                      I think the main differences (as a NixOS user who played with guix) are:

                      • guile scheme instead of nix language.
                      • far better documentation and more coherent cli interface.
                      • GNU shepherd instead of systemd (one could argue whether that’s a drawback or a benefit. shepherd is impressive, but I personally prefer systemd because that’s what I know from other distros)
                      • much smaller community than nix
                      • tighter focus on bootstrap-able builds and a harder stance in the Free Software discourse
                      1. 7

                        Yes, thank you. That’s my impression being the main differences. All great points, but none are really things that weight heavy in my evaluation to be honest. At this point I think I’d rather help out resolving nix’s shortcomings than hopping over to something else.

                        I hope that more projects like guix challenge nix for pushing the technology and ideas behind the projects forwards. I think that’s really healthy for the evolution of these kind of tools.

                        1. 4

                          I’ve considered both recently for $WORK and found Guix technically superior and more consistent, but also less effective in practice for my use cases (provisioning tools and packaging make-built assets as containers). One of big problem I found is that Guix needs specific daemons to run properly, and if you have a problem with its setup, you can’t uninstall and reinstall. Getting support is patchy as well. I would really love Guix to be a little bit more standalone (uninstall like rm -rf /nix) and lightweight (no system daemon required). I also think that Nix is easier to grasp, the use of Scheme in Guix makes it harder as there is no initial primer on the key concepts and operations of Guix, while Nix’s DSL defines a relatively simple subset that you can figure out in a day.

                        2. 3

                          My problem with Guix is that IIRC it is available only on GNU/Linux and I am working on macOS.

                          1. 2

                            I started using Guix (as a whole OS) seriously[1] last month when I received my new work laptop and it’s going better than expected. I do use the Nonguix channel though and I had to write some packages for myself, but I knew this before.

                            The small community makes it harder to get support, especially since I’m probably the first person to run it on an MSI GS66 Stealth laptop (the enterprise laptops were backordered for months (thank god!)).

                            Nix and Guix users already know this but declarative system configuration is such a joy to work with.

                            [1] I made a few attempts in the years before.

                            1. 2

                              Interesting! I’ve been using nix for some projects for a few years, but only jumped to using NixOS full-time on all desktops and some servers about a month ago. It’s working really well so far, after some hiccups in the beginning, but I envy guix for scheme and their documentation.

                              Do you, by chance, have a link-able example of your guix config?

                              1. 2

                                Sure, hope I didn’t leave any credentials in there: https://gitlab.com/-/snippets/2237522

                                My biggest remaining issue is that I am not able to tweak the fan speeds. I expunged Windows with much fervor when I received the laptop but in hindsight I should perhaps have been a little less zealous.

                      1. 1

                        Looking at the author’s old post about Signal, I’m curious what the issues are with using Session for this…

                        1. 13

                          Author here. The reason is simple, and one that plagues every alternative messenger out there: crowd adoption. If your friends aren’t on it — what’s the point?

                          As it stands, getting “on” Session is somewhat harder for the layman than Signal, owing to its use of alphanumeric “hashes” to identify people. My mom will be thoroughly confused if I ask her to “copy that string, paste it in Session and then start messaging me”. On Signal, it’s simply “search for my contact name and message me”.

                          Until named addresses come about, Signal is where it’s at. And even then, I don’t think I want to go about convincing everyone I text to move to Session. It was hard enough to do once, heh.

                          1. 3

                            I don’t think I want to go about convincing everyone I text to move to Session. It was hard enough to do once, heh.

                            Which is why you shouldn’t do it for Signal. Wait for something worth sticking with.

                            1. 6

                              Indeed. This is the reason I have never installed signal, or any other silo’d messaging app. No matter how good it seems, I don’t want to be trapped there.

                              1. 3

                                Too late.

                                It’s still massively better than what came before it.

                                1. 4

                                  WhatsApp was massively better than SMS as well, look where that got us.

                                  1. 2

                                    The vast majority of people still use the default messaging apps on their phones (or WeChat). If the goal is mass adoption, it’s not too late to change course at all.

                                    In fact the existence of countries that are U.S. adversaries means Signal will never be truly universal the way SMS, MMS, XMPP, and email are.

                                  2. 2

                                    The problem with “waiting” is I stick to WhatsApp, which is a hard no for me.

                                    1. 1

                                      That’s fair, I just use SMS with my carrier’s web texting interface. Signal and Telegram are both better than WhatsApp if you ignore adoption; Telegram has more adoption than Signal if the goal is to avoid bugging people to install an app.

                                      DeltaChat is also great I would honestly just use that, unless it’s harder to set up or something (don’t know, could be even easier).

                                  3. 2

                                    IIRC session does have named addresses but it’s based on the naming system lokinet uses, which means buying their crypto coins to set it up.

                                    1. 3

                                      I was wondering about this; had a suspicion there was an eye-rolling solution and sure enough…

                                      I guess people could mine for addresses, as Facebook did for their TOR onion address (see Wikipedia). But it’s probably hard to do on a smartphone.

                                    2. 2

                                      First tip, never use the word ‘string’ when talking to a non programmer, there are plenty of better words like: ‘phone number’, ‘id’, ‘unique code’

                                      1. 1

                                        Nice! Thanks for sharing.

                                    1. 2

                                      What do people prefer between KeePassXC and passwordstore.org? Personally I use the latter but mostly because I found it first and have invested effort into setting it up. But I was thinking of switching because since keepass(xc) stores passwords in a single file it seems easier to manage across devices. (As opposed to pass where files for each website are generally separate.)

                                      1. 12

                                        I don’t care for passwordstore.org, because as you mentioned, it leaks the accounts you have to the filesystem. If your threat model includes a multi-user system or cloud storage, then this might be a problem. With KeePassXC, this threat is mitigated as every entry in stored a single encrypted database.

                                        EDIT: typo

                                        1. 8

                                          But I was thinking of switching because since keepass(xc) stores passwords in a single file it seems easier to manage across devices

                                          It’s multiple files with pass but it can be a single git repo, which I’ve found is a lot more useful since it can detect conflicts and stuff. Running pass git pull --rebase otherlaptop fits a lot better with my mental model and existing tooling than “just put it in and the program performs some unspecified merge algorithm somehow”.

                                          1. 5

                                            I’m using Strongbox on iOS these days. When I started using it, I was hesitant to pay for the Pro Lifetime version ($60), dictated by how well it would work for at least a year. I’m happy to say that it’s been exceeding my expectations for well over two years now, and I did end up paying for the lifetime version.

                                            1. 4

                                              I used pass for a few years, but recently switched to Bitwarden. I did try KeePassXC, but didn’t like it because:

                                              • For some reason it was using 200+ MB of memory. I think that’s a bit much for something that has to run in the background.
                                              • Syncing would be a bit clunky. Technically you can stuff the DB in Git, but it’s not great.
                                              • Qt applications under GNOME/Gtk WMs always look/feel a bit clunky

                                              My main issues with pass were the usual ones:

                                              • It’s free-form nature makes it a bit difficult to keep password files consistent
                                              • You leak file names. This isn’t the biggest deal for me, but I’d prefer to avoid it if possible
                                              • Not necessarily a flaw of pass but more of my setup: I had pass auto-unlock upon logging in. This is great for me, but also means any application can just run pass ... and read passwords.

                                              Bitwarden is OK, though I really hate their CLI. There’s an unofficial one (https://github.com/doy/rbw) that’s nicer to use, but it doesn’t support YubiKey logins (https://github.com/doy/rbw/issues/7), so I can’t use it.

                                              1. 1

                                                Syncing would be a bit clunky. Technically you can stuff the DB in Git, but it’s not great.

                                                I do both. I have issues with neither method. My only problem with having the full history available is that there is no rekeying the database, you have to change every password for it to make sense. Or maybe it’s only making me aware of the actual implications of leaking the db.

                                                Qt applications under GNOME/Gtk WMs always look/feel a bit clunky

                                                Working in a terminal 99% of the time, I have no issue with this. In my barebones i3 setup every GUI is ugly anyway. That irked me at first, but I learned not to care a long time ago.

                                                1. 1

                                                  It depends on your threat model but I sync my KeePass file using cloud sync (Dropbox, Jottacloud, Syncthing).

                                                  Been doing this for several years and no issues.

                                                  What I like about KeePass is that it is available on so many platforms. So even using OpenBSD and SailfishOS, I had no issue finding clients.

                                                2. 2

                                                  I’ve found passwordstore to be a great “clearing house” for importing from elsewhere even if it isn’t my final destination. I used it to export from 1Password and the Keepass family (which I tried but didn’t really like). I’m currently polishing off a script to import my password store to Bitwarden.

                                                1. 7

                                                  I don’t believe the headline to be accurate:

                                                  • Firefox still does not do process isolation as thoroughly as chromium. Iirc GPU, audio, and networking is all done on the same process in Linux.
                                                  • I believe Firefox still does not match Chrome’s level of site isolation either, though that could have changed in recent times.
                                                  • Firefox uses a fork of jemalloc (an allocator aimed at performance, and not security), while they have added security improvements it isn’t as hardened as the one chromium uses.
                                                  • My source for all these claims, and more: https://madaidans-insecurities.github.io/firefox-chromium.html (a good in-depth comparison IMO).

                                                  Full disclosure: I use Firefox daily. I love it, but I don’t believe it to match Chromium’s security. It has gotten better in recent times though.
                                                  @freddyb, please correct any misinformation in my post, I very well could be wrong about some of this.

                                                  1. 17

                                                    GPU and Networking are in their own socket where supported. We do have Site Isolation. The blog post you’re quoting is a bit out of date.

                                                    1. 2

                                                      Thanks. I figured it was out if a bit out of date :)
                                                      Keep up the great work!

                                                    2. 5

                                                      GPU process is not used on Wayland yet but I think there was an old implementation for GLX (no idea about X11-EGL probably also no). Audio process is used on Linux for sure (I did some work to enable audioipc on FreeBSD).

                                                      Fission is the same site isolation, but it’s still not on by default. Check fission.autostart (or the friendly checkbox in Nightly about:preferences).

                                                      1. 4

                                                        On the other hand, blocking ads and JS is much easier on Firefox so in that regard it has better security than Chrome (although not necessarily Chromium).

                                                        And Google continues to clamp down on it.

                                                        1. 2

                                                          Chrome and Chromium support a user-visible per-site JS and per-domain cookie toggle. chromium also supports making third party frames opt-in by default.

                                                        2. 3

                                                          While Mozilla has made progress on multiprocess and site isolation, Chromium is actually upgrading from site isolation to strict origin isolation. Chromium also has separate sandboxed processes for TTS, printing, and other functionality.

                                                          Chromium is also the only browser to support trusted-types for XSS protection.

                                                          Right now the chromium team is working on the V8 memory cage. They’re researching expanding toolchain hardening to leverage Clang’s shadow call stacks on top of its CFI implementation; Mozilla hasn’t enabled Clang’s CFI yet. Neither will matter much if you use distro packages that use system libs built with gcc, or worse: distro packages that build the whole browser with unsupported toolchains.

                                                          That being said, Firefox’s sandboxing of graphite and hunspell along with finally getting some site isolation with Fission are important steps forward, and I’m glad to see Firefox catching up. Hopefully they swap out mozjemalloc with something resembling ptmalloc. Or musl’s mallocng. Or…hardened_malloc…

                                                          1. 1

                                                            Hopefully they swap out mozjemalloc with something resembling ptmalloc. Or musl’s mallocng. Or…hardened_malloc…

                                                            I’d definitely love to see hardened_malloc in Firefox.

                                                        1. 5

                                                          I’ve spent 3 weeks trying to get started with emacs and could not even manage to edit file quickly, let alone doing stuff mu4e. I’ve been playing with Doom and Space without understanding anything. Your most makes me want to try again but, this time, by first buying a book and start very gradually. I appreciate your 5 steps to start with emacs.

                                                          I’m thorn. It looks really cool. It looks exactly what I want (everything in the command line). On the other hand, I feel I really appreciate the Unix philosophy “one tool-one function” and can reconcile the two views.

                                                          1. 4

                                                            Emacs, in the beginning, is kind of strange to think about. The keybinds are all over the place, the people using Emacs seem to be these mystic wizards akin to the Greybeards in Skyrim, and the application itself has so much wording all over the place, it’s a lot to take in.

                                                            But in my experience, if you are/were a Vim user, is to simply use evil-mode, where I feel I get the best of both worlds of the two. I didn’t like using Spacemacs or Doom Emacs simply because the upstart was far more confusing for me. It was easier to add packages through the package.el library and play around with different modes and tweak things as I went. I added things like rainbow parentheses, Racket mode, neotree, and all these other tiny things that slowly built up to my current .emacs configuration.

                                                            There’s a whole lot of Emacs goodness that I probably don’t take advantage of, but the niceness of Emacs is too comfortable for me to want to leave. It’s easier to start small then gradually work your way up.

                                                            1. 2

                                                              It’s been so long since I started with Vi(m) and Emacs I don’t quite remember how it was but I do recall that I really wanted to learn them and invested (and set aside) some time to do that.

                                                              I’m not sure that’s much of a recommendation for these tools though, these days.

                                                              However, my opinion was that much of what I was doing -and would be doing- was text based and I wanted a tool that was future-proof. I did not want to use different and every changing tools for editing, e-mail, news (Usenet), writing, etc.

                                                              I have not regretted investing the time.

                                                              (Vi(m) I accepted as it was and did not customize much, so I could use it wherever. Emacs (especially the default keybindings, which SUCK) is meant to be molded to your liking.)

                                                            1. 3

                                                              One of the things that trip me when I first tried emacs is what I wanted it to do too much without having any clue what was happening. I wanted it to replace by go IDE (GoLand), my JS and Rust tools (VS Code) and work perfectly with the language I was just learning (Elixir).

                                                              After a bunch of copy/paste and like 500 lines in init.el that I didn’t know what they where doing I obviously felt flat on my face.

                                                              Nowadays I’ve come back to it with more curiosity and less expectations. Got it working perfectly for beancount, got rid of the awkward (for me) hotkeys with evil, got the fonts and colors that I like, and now I’m free to explore and grow from here :-)

                                                              The rest of the tools are fine and I’m sure that emacs could replace them, but Idk how nor I need to know right now… I can just enjoy the experience!

                                                              1. 4

                                                                Glad to hear it’s now working for you.

                                                                For those wanting to start, I suggest either:

                                                                The only config I’d recommend from the beginning is (fido-mode), https://www.gnu.org/software/emacs/manual/html_node/emacs/Icomplete.html .

                                                                1. 2

                                                                  If you are looking for something between Doom and vanilla, the author’s prelude starter kit is great. And if you use org-mode, the sci-max kit has some really helpful utilities.

                                                                  I personally can’t seem to feel at home adding on to any of the starter kits, but I’ve pulled in some things from both of these to my hot garbage of an ancient config mess. :)

                                                                  1. 2

                                                                    I think doom is an incredible mix of out of box power, emacs customizability, and evil mode. Even as a power user, distributions ensure I don’t miss out on new features, as my dot files over time are likely to lag behind without a lot of attention.

                                                                    1. 3

                                                                      Also recommending Doom Emacs. After 20 (25ish?) years of Emacs I switched to Doom Emacs so I could throw away a large part of my homegrown config and not having to maintain it anymore.

                                                                      For me it does the same as the i3 window manager and the Fish shell: it has sensible defaults that I am mostly willing to accept to save time on config maintenance. (Ofcourse I still have my own customizations to these tools.)

                                                                      1. 1

                                                                        Same, as a long-time Emacs greybeard. I switched to Doom and got rid of a lot of garbage that I had accumulated over the years.

                                                                1. 18

                                                                  I actually wound up switching off i3 (well, sway, but they’re basically the same) because I kept getting things into weird situations where I didn’t understand how the tiling works. Containers with only one child, that sort of thing.

                                                                  river, my current wm, has an interesting model: the layout management is done in an entirely separate process that communicates over an IPC mechanism. river sends it a list of windows, and the layout daemon responds with where to put them.

                                                                  Also, since you brought it up: sway is almost entirely compatible with i3. The biggest missing feature is layout save/restore. But it can do one thing i3 can’t do, and that’s rearranging windows by dragging them.

                                                                  1. 26

                                                                    That’s pretty much why I wrote river. I was using sway beforehand as well but grew increasingly frustrated with how much implicit state i3-style window management required me to keep in my head and how unpredictable that state makes managing windows if your mental model/memory of the tree isn’t accurate.

                                                                    1. 19

                                                                      link to the project: https://github.com/ifreund/river

                                                                      Looks interesting!

                                                                    2. 6

                                                                      I’m in the same boat (pre-switch). I use sway but, after many years, still don’t really understand how I sometimes end up with single child (sometimes multi generational) containers.

                                                                      My personal ideal was spectrwm, which simply had a single primary window and then, to the right, an infinitely subdividing tower of smaller windows which could be swapped in. I briefly toyed with the idea of writing a wayland spectrwm clone.

                                                                      1. 7

                                                                        That sounds exactly like the default layout of dwm, awesomewm, xmonad, and river. If you’re looking for that kind of dynamic tiling on wayland feel free to give river a try!

                                                                        1. 4

                                                                          I will! I had some trouble compiling it last time I tried. But I will return to it.

                                                                          1. 4

                                                                            Feel free to stop by #river on irc.libera.chat if you run into issues compiling again!

                                                                        2. 1

                                                                          Your reasons for spectrwm (and xmonad’s, etc. model) is exactly the reason I use tiling window managers like i3, exwm and StumpWM: I don’t like that dynamic at all ;-)

                                                                          No accounting for different tastes.

                                                                          Is there a name for those two different tiling models?

                                                                          1. 1

                                                                            automatic vs manual?

                                                                            1. 1

                                                                              I’ve seen the terms static (for when the containers have to be created by the user) vs dynamic used.

                                                                              ArchLinux seems to call them dynamic vs manual. See the management style column https://wiki.archlinux.org/title/Comparison_of_tiling_window_managers

                                                                          2. 1

                                                                            I was also quite lost with the way tiling works at the beginning. There is not much resource around this subject. It seems people just get used to it and avoid creating these useless containers. I am lucky, it was my case.

                                                                          1. 25

                                                                            Nope. I would say that client TLS certificates are the most underused browser feature.

                                                                            1. 5

                                                                              Mercifully so! Client certs are a UX disaster.

                                                                              1. 7

                                                                                I don’t find that to be true, but even if it were that’s a reason to invest in the UX, not abandon the tech.

                                                                              2. 4

                                                                                Huh – I was thinking control-Q.

                                                                                1. 4

                                                                                  Sadly not, as it’s right next to control-W.

                                                                                  1. 2

                                                                                    I always need to download a Firefox add-on to fix that screwup.

                                                                                    Why is this still a thing?

                                                                                    1. 1

                                                                                      I’ll hazard a guess that it comes from Mac OS where ⌘W is Close Window (or close tab if there are tabs, for the past decade or two) because it’s next to ⌘Q, Quit an application.

                                                                                      1. 1

                                                                                        There’s a setting you can toggle in about:config to disable this behavior: https://bugzilla.mozilla.org/show_bug.cgi?id=52821#c315

                                                                                        1. 1

                                                                                          Wow, that’s quite the discussion and it started 21 years ago!

                                                                                1. 5

                                                                                  I admit to having mostly skimmed the presentation, on account of not having had my coffee yet, but this reminded me of Dylan a little, and it’s probably no coincidence considering Dylan’s history. Anyone remember that?

                                                                                  https://en.wikipedia.org/wiki/Dylan_(programming_language)

                                                                                  E.g. a fibonacci implementation lifted right off that page because I never was fluent in Dylan, and the last time I even tried to be was like fifteen years ago:

                                                                                  define function factorial (n :: <integer>) => (n! :: <integer>)
                                                                                    case
                                                                                      n < 0     => error("Can't take factorial of negative integer: %d\n", n);
                                                                                      n = 0     => 1;
                                                                                      otherwise => n * factorial(n - 1);
                                                                                    end
                                                                                  end;
                                                                                  

                                                                                  Granted, Dylan is (was?) explicitly typed and integrated a bunch of other paradigms and so on, it was very much a child of the 1990s. But in some ways it was a Lisp without all the parentheses. It’s an interesting precedent.

                                                                                  1. 1

                                                                                    I mainly remember Dylan because one of (the main? the only?) people working on it were in comp.lang.lisp when Usenet still was a thing.

                                                                                    Dylan never really attracted me because I actually like SEXPs and languages with all that semi-colon & braces line-noise annoy me, although Python is an okey compromise.

                                                                                    1. 2

                                                                                      @brucem was a developer on it (still is?). He’s probably who you were thinking of.

                                                                                      1. 1

                                                                                        Yes, that was him, thanks.

                                                                                      2. 2

                                                                                        Oh, yeah. Dylan was a nice and fun language but I never really learned it, because I never really felt like I needed a programming language with all the good parts of Lisp, minus the Lisp syntax. The Lisp syntax is one of the good parts of Lisp in my book :-D.

                                                                                    1. 2

                                                                                      One of the best features of cron is its automatic email

                                                                                      I don’t run e-mail on any of my machines (attack surface) and Cron is the only program that would need it, so this hasn’t been Cron’s best feature for decades for me. I’d rather Cron log to the system facilities like any other program.

                                                                                      1. 1

                                                                                        You mean you don’t send e-mail out from any of your machines?

                                                                                        1. 1

                                                                                          My e-mail client connects to an external IMAP server and besides cron that wants to send e-mail there’s nothing else on my machines that needs it.

                                                                                      1. 7

                                                                                        I use Gnus, which is a news/mail reader in Emacs. It does threading and quoting correctly and display of HTML messages pretty well.

                                                                                        In the past I went through a period of Mutt usage, and found the tutorial by Steve Losh at https://stevelosh.com/blog/2012/10/the-homely-mutt/ to be very helpful

                                                                                        If you prefer Vim I think Mutt is a very good option. It can be configured to render HTML via lynx or w3m IIRC (I think it’s mentioned in the above tutorial) ISTR Losh’s preferred mutt keys are also quite vimmish

                                                                                        1. 2

                                                                                          I also use Gnus. I found it very strange to begin with, but got used to it. The splitting and scoring features are incredibly powerful, especially for high-traffic mailing lists

                                                                                          1. 1

                                                                                            Gnus here as well, but I blew away all the keybindings[1] and have a few of my own (that are intuitive to me having a history of mutt, pine, etc. and also because I use Evil mode).

                                                                                            I use Gnus over other Emacs clients because it can do IMAP and so I do not need to depend on something like fetchmail (or whatever is popular these days), meaning it’s easy to bring up on different machines and platforms. UI-wise I’d prefer mu4e.

                                                                                            [1] Gnus is a bit vi-like in it’s keybindings: there are a lot of them and accidentally touching the wrong one might delete or kill something you did not want to lose. (Or at least, I could never figure out how to recover.)

                                                                                          1. 23

                                                                                            What I also find frustrating on macOS is the fact you need to download Xcode packages to get basic stuff such as Git. Even though I don’t use it, Xcode is bloating my drive on this machine.

                                                                                            We iOS developers are also not pleased with the size on disk of an Xcode installation. But you only need the total package if you are using Xcode itself.

                                                                                            A lighter option is to delete Xcode.app and its related components like ~/Library/Developer, then get its command line tools separately with xcode-select --install. Git is included; iOS simulators are not.

                                                                                            1. 7

                                                                                              I’m always surprised when I see people complain about how much space programs occupy on disk. It has been perhaps a decade since I even knew (off the top of my head) how big my hard drive was, let alone how much space any particular program required. Does it matter for some reason that I don’t understand?

                                                                                              1. 20

                                                                                                Perhaps you don’t, but some of us do fill up our drives if we don’t stay on top of usage. And yes, Xcode is one of the worst offenders, especially if you need to keep more than one version around. (Current versions occupy 18-19GB when installed. It’s common to have at least the latest release and the latest beta around, I personally need to keep a larger back catalogue.)

                                                                                                Other common storage hogs are VM images and videos.

                                                                                                1. 4
                                                                                                  $ df -h / /data
                                                                                                  Filesystem      Size  Used Avail Use% Mounted on
                                                                                                  /dev/nvme0n1p6  134G  121G  6.0G  96% /
                                                                                                  /dev/sda1       110G   95G  9.9G  91% /data
                                                                                                  

                                                                                                  I don’t know how large XCode is; a quick internet search reveals it’s about 13GB, someone else mentioned almost 20GB in another comment there. Neither would not fit on my machine unless I delete some other stuff. I’d rather not do that just to install git.

                                                                                                  The MacBook Pro comes with 256GB by default, so my 244GB spread out over two SSDs isn’t that unusually small. You can upgrade it to 512GB, 1TB, or 2TB, which will set you back $200, $400, or $800 so it’s not cheap. You can literally buy an entire laptop for that $400, and quite a nice laptop for that $800.

                                                                                                  1. 6

                                                                                                    $800 for 2TB is ridiculous. If I had to use a laptop with soldered storage chips as my main machine, I’d rather deal with an external USB-NVMe adapter.

                                                                                                    1. 2

                                                                                                      I was about to complain about this, but actually check first (for a comment on the internet!) and holy heck prices have come down since I last had to buy an ssd

                                                                                                    2. 1

                                                                                                      I guess disk usage can be a problem when you have to overpay for storage. On the desktop I built at home my Samsung 970 EVO Plus (2TB NVMe) cost me $250 and the 512GB NVMe for OS partition was $60. My two 2TB HDDs went into a small Synology NAS for bulk/slow storage.

                                                                                                    3. 4

                                                                                                      It matters because a lot of people’s main machines are laptops, and even at 256 GB (base storage of a macbook pro) and not storing media or anything, you can easily fill that up.

                                                                                                      When I started working I didn’t have that much disposable income, I bought an Air with 128GB, and later “upgraded” with an sd card slot 128gb thing. Having stuff like xcode (but to be honest even stuff like a debug build of certain kinds of rust programs) would take up _so much space. Docker images and stuff are also an issue, but at least I understand that. Lots of dev tools are ginoromous and it’s painful.

                                                                                                      “Just buy a bigger hard drive from the outset” is not really useful advice when you’re sitting there trying to do a thing and don’t want to spend, what, $1500 to resolve this problem

                                                                                                      1. 1

                                                                                                        I don’t know. Buying laptops for Unix and Windows (gaming) size hasn’t really been an issue since 2010 or so? These days you can buy at least 512GB without make much of a dent in the price. Is Apple that much more expensive?

                                                                                                        (I’ll probably buy a new one this year and would go with at least a 512GB SSD and 1TB HDD.)

                                                                                                        1. 3

                                                                                                          Apple under-specs their entry level machines to make the base prices look good, and then criminally overcharges for things like memory and storage upgrades.

                                                                                                          1. 1

                                                                                                            Not to be too dismissive but I literally just talked about what I experienced with my air (that I ended up using up until…2016 or so? But my replacement was still only 256GB that I used up until last year). And loads of people buy the minimum spec thing (I’m lucky enough now to be able to upgrade beyond my needs at this point tho)

                                                                                                            I’m not lying to prove a point. Also not justifying my choices, just saying that people with small SSDs aren’t theoretical

                                                                                                      2. 1

                                                                                                        Yup, it’s actually what is written on the homebrew website and what I used at first.

                                                                                                      1. 12

                                                                                                        Is this corroborated by vulnerability counts in the respective browsers? TFA links to reports that

                                                                                                        [Firefox] gets routinely exploited by Law Enforcement

                                                                                                        and

                                                                                                        If you are in any way at risk, you should be using Chrome, no matter how much Firefox has improved.

                                                                                                        Be _very_ wary of anyone who tells you that Firefox security is comparable to that of Chrome.

                                                                                                        Which I’m not inclined to doubt these per se, but they’re undefended and I’m not familiar with the people who made those claims.

                                                                                                        1. 4

                                                                                                          Be very wary of anyone who tells you that Firefox security is comparable to that of Chrome.

                                                                                                          Are we talking default installs here? A lot of people use Firefox because one can (and always could) install addons like NoScript, uBlock, etc. I wonder how comparable security is then.

                                                                                                          (Yes, these addons have become available for Chrome as well but I doubt they’re as integrated and pervasive and one is still at the mercy of Google allowing them.)

                                                                                                        1. 14

                                                                                                          Would have been nice to mention the type builtin, at least for bash, that helps newcomers distinguish between different kinds of commands:

                                                                                                          $ type cat
                                                                                                          cat is /usr/bin/cat
                                                                                                          $ type cd
                                                                                                          cd is a shell builtin
                                                                                                          $ type ls
                                                                                                          ls is aliased to `ls -Fh'
                                                                                                          
                                                                                                          1. 5

                                                                                                            Wow, I’ve been using Unix for most of my computing life (30 years?) and I didn’t know about type.

                                                                                                            1. 1

                                                                                                              It is great to find duplicates in your PATH: type - all Shows you all places where exists

                                                                                                            2. 2

                                                                                                              I use which as opposed to type and it seems to do the exact same thing.

                                                                                                              1. 9

                                                                                                                You should use type instead. More than you ever wanted to know on why:

                                                                                                                https://unix.stackexchange.com/questions/85249/why-not-use-which-what-to-use-then

                                                                                                                1. 1

                                                                                                                  Interesting. As a long time DOS user, I expected type to behave like cat. I typically use which as if it is just returning the first result from whereis, e.g. xxd $(which foo) | vim -R -. I didn’t know about the csh aliases, because the last time I used csh was in the nineties when I thought that since I use C, surely csh is a better fit for me than something whose name starts with a B, which clearly must be related to BCPL.

                                                                                                                  1. 1

                                                                                                                    I did not know about type and after knowing about it for 15 seconds now I almost completely agree with you. The only reason you could want to use which is to avoid complicating the readlink $(which <someprogram>) invocation on guix or nixos systems. That is; which is still useful in scripts that intend to use the path, type has an output of the form <someprogram> is <path to someprogram>.

                                                                                                                    Edit: OK I followed a link from the article to some stackoverflow that goes through the whole bonanza of these scripts and I think whereis <someprogram> is probably better than readlink $(which <someprogram>).

                                                                                                                    1. 3

                                                                                                                      @ilmu type -p will return just the path.

                                                                                                                      1. 2

                                                                                                                        Two problems with whereis: 1) it’s not available everywhere, and 2) it can return more than one result, so you have to parse its output. So for that use case I’ll probably stick with which until someone points me at a simple program that does the same thing without the csh aliases.

                                                                                                                  2. 1

                                                                                                                    Interesting. In fish shell, type gives you the full definition of the function for built-ins that are written in fish, and builtin -n lists all the bultins. There’s a surprising about of fish code around the cd builtin.

                                                                                                                  1. 10

                                                                                                                    Print debugging can produce logs that I can view after the process in question is long dead and gone. Nothing wrong with richer debugging tools, but there’s no need for it to be an exclusive relationship.

                                                                                                                    1. 7

                                                                                                                      This is also true for the debugging tools he talks about (rr, pernosco). They create a recording that can be stepped through interactively.

                                                                                                                      1. 1

                                                                                                                        Print debugging also works in (pretty much) all programming languages while these discussions usually center on C(++), GDB and their ilk.

                                                                                                                      1. 1

                                                                                                                        I’ve had similar functionality more than 10 years ago on my jail-broken iPhone 3GS, which might have been the most solid mobile phone I’ve had so far. (And I say this as someone who’s not very enthusiastic about Apple in general.) I used that phone for years, but only because it was twice as useful when jail-broken (and IMHO more secure, because of the OpenSnitch-like firewall and also because a PDF exploit got fixed in a day while Apple took it’s sweet time)).