1. 6

    If you’re looking for an excuse to learn Haskell, there’s also Hakyll, a static website generator built with Haskell and it’s pretty nice: https://jaspervdj.be/hakyll/

    1. 3

      Hakyll sure does seem to be the go-to static site generator for Haskellers or people interested in Haskell, but I’ve found it to be somewhat complex, at times needlessly so.

      I’d recommend checking out Slick (successor to SitePipe), built on top of the Shake build system. There’s also yst but I haven’t had a close look at it yet.

    1. 4

      It’s just embedded into bash like DSL’s do in LISP’s.

      And still suffers from all limitations of its host language. :)

      Don’t get me wrong, I do think it’s a noble effort, but myself I’m on a crusade to eliminate shell scripts as much as possible. I believe the future belongs to embedded DSLs that make executing and composing external commands easy. In my main project I rid the build configuration scripts of shell almost entirely, and it’s got so much easier to maintain and extend.

      1. 2

        That was my feeling when I looked at it as well.

        “Oh hey look, they built a skateboarding dog! Neat!”

        I hope someone got enjoyment out of building it, because I can’t ever imaging recommending this to anyone for anything serious.

        1. 2

          There’s one bash library that I actually find handy for testing command line utilities though: https://github.com/lehmannro/assert.sh

        2. 2

          Maybe the two don’t have to be mutually exclusive: Michael MacInnis: Oh a new Unix shell - BSDCan 2018

          Though, that said, I’d personally gravitate more towards DSLs than traditional shells if I were to choose.

        1. 5

          Neat stuff!

          I wonder what @andyc has to say about Oh vs. Oil :)

          1. 10

            Thanks for the shout out :) I listened to the end of the talk (thanks for the pointer by @msingle), and basically everything he says is accurate. I found his 2010 master’s thesis several years ago, and it is a great read. Section 3 on Related Work is very good.

            https://scholar.google.com/scholar?cluster=9993440116444147516&hl=en&as_sdt=0,33

            Oh and Oil have very similar motivations – treating shell as a real programming language while preserving the interactive shell. Oh seems to be more Lisp-like while Oil simply retains the compositionality of the shell; it doesn’t add the compositionality of Lisp. (In other words, functions and cons cells compose, but processes and files also compose).

            I mention NGS here, which probably has even more similar motivations:

            http://www.oilshell.org/blog/2018/01/28.html

            The main difference between Oh and Oil is the same as the difference between NGS/Elvish/etc. and Oil: Oil is designed to be automatically converted from sh/bash.

            My thesis is that if this conversion works well enough, Oil could replace bash. If I just designed a language from scratch, I don’t think anyone would use it. Many people seem to agree with this. After all, fish has existed for 15 years, and is a nicer language than bash for sure, but I’ve seen it used zero times for scripts (and I’ve looked at dozens if not a hundred open source projects with shell scripts.)

            However as he correctly notes (and I point out in the FAQ), Oil doesn’t exist yet! Only OSH exists.

            The experience of implementing OSH and prototyping the OSH-to-Oil gave me a lot of confidence that this scheme can work. However it’s taking a long time, longer than expected, like pretty much every software project ever.

            I’m not really sure how to accelerate it. Maybe it will get there and maybe it won’t :-/ No promises!

            I “front-loaded” the project so that if I only manage to create a high-quality implementation of OSH (a bash replacement), then I won’t feel bad. I’m pretty sure people will use that if it exists.

            I maintain a “help wanted” tag for anybody interested in contributing:

            https://github.com/oilshell/oil/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22

            This is mainly helping with OSH, as Oil is a concentrated design/implementation effort that is hard to parallelize. Feel free to join https://oilshell.zulipchat.com too!

            1. 3

              Michael MacInnis mentions talking to @andyc ~44:25 in the talk, but I’d also like to hear his opinion on Michael’s work.

              1. 1

                Oh! (no pun intended :p) I’m still at the ~33:00 mark into the video and hadn’t gotten to that part. But yeah, I’d like to hear that.

            1. 3

              Could a language like Coq be used for similar purposes than TLA while being able to extract useful programs?

              1. 1

                Yes. If your specification language of choice (and/or a framework built on top of it) can do synthesis and code generation, it’d be able to derive correct implementations of your spec.

              1. 21

                I personally use Bitwarden, which I would say that fulfills all 3 points that you want, but I never tinkered with the SSH sync (although its privacy section ensures that its part of how it syncs). If you want a simpler and lower level alternative, probably pushcx’s advice of checking out pass works best for you.

                1. 5

                  Strong +1. Been using Bitwarden for 1.5 years now and it’s everything I hoped it would be.

                  • It’s open source, which is a must-have for a password manager for me.
                  • I used it on ~every platform (Linux, Mac, Windows, Android, iOS) and it’s more than functional–a pleasure to use on most. More than I can say for any other password manager.
                  • It’s a tiny team (of ~1?) but it’s very active and has solid contributions from random people. Responses to issues are prompt and effective.
                  • There are several independent backend implementations (in Rust, Go, Ruby that I’ve seen, probably more now).
                  • I’ve read through big chunks of the code and it seems solid–something I could contribute back to. My only complaint was that the sync API was designed to do separate requests per entry, so some metadata about the number of entries does leak unnecessarily. I haven’t checked if that was fixed, but it’s fairly minor.

                  Overall the experience has only improved. I’m sure it has a bright future.

                  1. 3

                    Thanks for introducing me to this, it’s about what I am looking for. Time to ditch manually synced (& merged, of inevitable forks) KeePass.

                    1. 2

                      Can also recommend Bitwarden, I have not tried the desktop application, but the mobile version on Android and browser extensions have worked without any issues for me so far across different browsers and operating systems.

                      Edit: Apparently, I posted the same comment twice, my mistake.

                      1. 1

                        Is this one open source?

                        1. 4
                          1. 3

                            It is indeed, but there’s a caveat with self-hosting it that irks me. Though apparently there are ways to work around it, as mentioned.

                            1. 1

                              Well, that’s cool! Thanks! :)

                            2. 1

                              a few people incl. me have been able to code a client-compatible self-hosted version as well, gives you a lot of insight and trust in it

                              https://github.com/vvondra/bitwarden-serverless https://github.com/jcs/bitwarden-ruby

                              1. 1

                                Nice! :)

                            1. 4

                              I’m in the middle of switching from bspwm to swaywm on wayland. I’m hoping to be able to contribute a few patches down the line, especially for simulating keyboard presses so I can get rofi-pass’s autotype working under sway.

                              1. 5

                                Hi! Thanks @aminb for inviting. I’m the new guy mentioned in the article, you can ask me anything here.

                                1. 2

                                  Happy to have you here! (and on emacs-devel :p)

                                1. 1

                                  Submission on /r/emacs, where Jimmy Yuen Ho Wong left a comment and might do an AMA.

                                  1. 3

                                    Uses Viper. Paper and project page for that.

                                    1. 2

                                      Had the pleasure of being introduced to and hanging out with Malte and Alex back in CAV 2016. Wonderful people who definitely know their stuff :)

                                    1. 5

                                      I’m revamping various parts of the EmacsConf website:

                                      • migrate the main site from Django to a simpler wiki (using either Oddmuse or DokuWiki),
                                      • archive our Discourse forum and use a simple Mailman list on lists.gnu.org, and
                                      • deploy the Let’s Encrypt certs I got a while back.

                                      It’s been far too long since the last EmacsConf, back in 2015 :)

                                      1. 14

                                        I’ve been using Macs for nearly a decade on the desktop and switched to Linux a couple of months ago. The 2016 MacBook Pro finally drove me to try something different. Between macOS getting more bloated each release, defective keyboard, terrible battery life, and the touch bar I realized that at some point I stopped being the target demographic.

                                        I switched to Manjaro and while there are a few rough edges as the article notes, overall there really isn’t that much difference in my opinion. I’m running Gnome and it does a decent enough job aping macOS. I went with Dell Precision 5520, and everything just worked out of the box. All the apps that I use are available or have equivalents, and I haven’t found myself missing anything so far. Meanwhile it’s really refreshing to be able to configure the system exactly the way I want.

                                        Overall, I’d say that if you haven’t tried Linux in a while, then it’s definitely worth giving another shot even though YMMV.

                                        1. 4

                                          terrible battery life

                                          Really? It’s that bad? The Dell is better?

                                          1. 3

                                            I don’t know about Dell, but my 2016 MacBook Pro was hit pretty hard after the Specter/Meltdown fix came out. I used to go 5 or 6 hours before I was down to 35-40%. Now I’m down to %20-25% after about 4 hours.

                                            1. 2

                                              Same here. I wonder if the specter/meltdown fiasco has at all accelerated Apple’s (hypothetical) internal timeline for ARM laptops. Quite the debacle.

                                              In regards to the parent, I have actually been considering moving from an aged Macbook Pro 15” (last of the matte screen models – I have avoided all the bad keyboards so far), to a Mac /desktop/ (mac pro maybe). You can choose your own keyboard, screen, and still get good usability and high performance. Then moving to a linux laptop for “on the road” type requirements. Being able to leave work “at my desk” might be nice too.

                                              (note: I work remotely)

                                              1. 3

                                                I honestly don’t understand the fetish for issuing people laptops, particularly for software development type jobs. The money is way better spent (IMHO) on a fast desktop and a great monitor/keyboard.

                                                1. 2

                                                  Might be the ability to work remotely. I’m with you, though, that laptops are a bizarre fetish, as is working from Anywhere You Want(!)

                                                  1. 2

                                                    It’s an artifact of, among other things, the idea that you PURSUE YOUR PASSIONS and DO WHAT YOU LOVE*; I don’t want to “work anywhere” – I want to work from work, and leave that behind when I go home to my family. But hey, I’m an old, what do I know.

                                                    *: what you love must be writing web software for a venture funded startup in San Francisco

                                                2. 2

                                                  Same here. I wonder if the specter/meltdown fiasco has at all accelerated Apple’s (hypothetical) internal timeline for ARM laptops.

                                                  I wouldn’t guess that. Apples ARM design was one of the few also affected by meltdown. Using it for a laptop wouldn’t have helped.

                                                  1. 1

                                                    I bought a Matebook X to run Arch Linux on and it’s been pretty great so far.

                                                    1. 1

                                                      I’ve been thinking about a librem 13. I’ll take a look at the matebook too. Thanks!

                                                3. 2

                                                  Yeah I get 4-6 hours with the Dell, and I was literally getting about 2-3 hours on the Mac with the same usage patterns and apps running. I think the fact that you can be a lot more granular regarding what’s running on Linux really helps in that regard.

                                                  1. 5

                                                    +1 about deciding what you run on GNU/Linux.

                                                    I have a Dell XPS 15 9560 currently running Arch (considering switching to NixOS soon), and with Powertop and TLP set up I usually get around 20 hours (yes, 20 hours) per charge on light/normal use.

                                                    1. 1

                                                      Ha! Thanks for this I didn’t know these were available!

                                                      1. 1

                                                        No problems! They’re very effective, and are just about the first package I install on a new setup.

                                              1. 5

                                                It’s not so well known outside the francophone world, but French non-profit organisation framasoft host a wide range of free (libre) alternatives to various online services. They have an ongoing campaign to de-google-ify the internet: https://degooglisons-internet.org/.

                                                1. 3

                                                  Another French service I happen to know: TeDomum

                                                1. 3

                                                  Nice. Disroot at https://disroot.org also offer various services, free of charge, and are definitely worth checking out.

                                                  Disroot is a platform providing online services based on principles of freedom, privacy, federation and decentralization.

                                                  1. 4

                                                    I’m going to start this message the same as I am the Hashbang one:

                                                    I’ve heard of them, and I’m pretty sure I have an account! It’s great that there are multiple communities in this space (Hashbang, Disroot, SDF, etc.), it fits perfectly into my philosophy that there should be many communities rather than single organizations serving tons of people.

                                                    Disroot’s awesome, and I think I subconsciously took inspiration from them when making Asymptote. My only real issues are that 1) they’re quite large, much larger than my target member count for Asymptote and 2) they describe themselves as a “platform,” which feels more impersonal to me than “community” or “club.” I realize those issues are petty, but as I said above the presence of competition shouldn’t affect the existence of Asymptote.

                                                    1. 3

                                                      Thank you for the reply. I hear your reasons :) Indeed, I’m happy to see people forming these communities and offering hosted services, helping others get off of proprietary corporate-owned platforms, onto the libre ones.

                                                      Another one that comes to mind is @SirCmpwn’s sr.ht.

                                                      1. 2

                                                        Oh, that one’s new to me! I might look into the feasibility of switching to some of that software in Stage 2, it seems nice and UNIX-y.

                                                    1. 5

                                                      From the I title I thought it was going to be a post about the layout/structure of files (e.g. for JPEG and for ELF), but it’s actually a post about file/folder paths and their components.

                                                        1. 2

                                                          The Hint Generation paper looks like it’s worth its own submission. People might like it. You should submit it with the video in the text field.

                                                          Edit: And thanks for the other links, too. :)

                                                          1. 2

                                                            Thanks for the suggestion; done: https://lobste.rs/s/rro40w/high_coverage_hint_generation_for

                                                            Previous discussion on Rosette (also submitted by nick):
                                                            https://lobste.rs/s/upoeur/rosetta_solver_aided_programming

                                                            P.S. No problems :)

                                                        1. 11

                                                          Nice. If you distribute pre-compiled binaries, please gpg-sign them and perhaps provide sha512 checksums of them as well.

                                                          1. 5

                                                            Thank you. I was planning on GPG signing and using SHA256. Is that OK?

                                                            I also hope to make the build reproducible on linux, using debian’s reproducible build tools.

                                                            1. 3

                                                              Reproducible builds would be awesome.

                                                              As for SHA256 vs. SHA512, from a performance point of view, SHA512 seems to perform ~1.5x faster than SHA256 on 64-bit platforms. Not that that matters much in a case like this, where we’re calculating it for a very small file, and very infrequently. Just thought I’d put it out there. So, yeah, SHA256 works too if you want to go with that :)

                                                              1. 2

                                                                Also remember defaulting on SHA-1 or SHA-256 means hardware acceleration might be possible for some users.

                                                                1. 2

                                                                  SHA-1 has been on the way out for a while, and browsers refuse SHA-1 certificates these days. It might be a good idea to just skip SHA-1 entirely and rely on the SHA-2 family.

                                                                  1. 1

                                                                    True. I was just noting there’s accelerators for it in many chips.

                                                                  2. 2

                                                                    Isn’t SHA-512 faster on most modern hardware? ZFS uses SHA-512 cut down to SHA-256 for this reason, AFAIK.

                                                                    A benchmark: https://crypto.stackexchange.com/questions/26336/sha512-faster-than-sha256

                                                                    1. 1

                                                                      Oh idk. I havent looked at the numbers in a while. I recall some systems, esp cost- or performance-sensitive, stuck with SHA-1 over SHA-256 years ago when I was doing comparisons. It was fine if basic collisions weren’t an issue in thd use case.

                                                                      1. 4

                                                                        Anecdotal, but I just timed running sha 512 and 256 10 times each, on a largeish (512MB) file. Made sure to run them a couple of times before starting the timer to make sure it was in cache. Results for sha-512 were:

                                                                        27.66s user 2.86s system 99% cpu 30.562 total
                                                                        

                                                                        And 256:

                                                                        42.18s user 2.72s system 99% cpu 44.943 total
                                                                        

                                                                        So it looks like sha-512 pretty clearly wins. (CPU is an i3-5005u).

                                                                        1. 2

                                                                          Cool stuff. Modern chips handle good algorithms pretty well. What I might look up later is where the dirt-cheap chips are on offload performance and if they’ve upgraded algorithms yet. That will be important for IoT applications as hackers focus on them more.

                                                                        2. 0

                                                                          You should probably be sure to have your facts straight before giving security advice.

                                                                          1. 1

                                                                            I said there’s hardware accelerators for SHA-1 and SHA-2. Both are in use in new deployments with one used sometimes for weak-CPU devices or legacy support. Others added more points to the discussion with current, performance stats something I couldnt comment on.

                                                                            Now, which of my two claims do you think is wrong?

                                                                            1. 3
                                                                              1. As noted, SHA-1 has been on its way out for awhile and shouldn’t be suggested.
                                                                              2. I don’t know if your claim on weak-CPU devices or legacy support is true, plus you mentioned IoT in response elsewhere, it clearly doesn’t apply in the context of filezilla, an FTP app people will be running on desktops/laptops. Even if one is using the a new ARM laptop that is somewhat under powered…
                                                                              3. As the comment you responded to points out, one installs new software quite infrequently, so the suggestion based on performance seems odd, especially since the comment you responded to already points out that SHA-512 is generally faster to compute than SHA-256. In any case, suggesting SHA-1 for performance reasons seems unsecure.
                                                                2. 2

                                                                  Ideally, OP would also get a code signing certificate from Microsoft to decrease the amount of warnings Windows spouts about the executable.

                                                                1. 4
                                                                  1. 2

                                                                    Coincidentally I was just looking at the EmacsWiki: DWIM last night.