1. 9

    Maybe not everyone knows this, but instead of pressing ESC in vim, which is kind of far, you can do Ctrl+[, it will send the same signal to vim.
    Looking at the ASCII table (man 7 ascii) you’ll instantly know why, control is interpreted in terminals as nullifying the 6th and 7th bit:

           033   27    1B    ESC (escape)                133   91    5B    [
    

    This is also the reason why ESC often shows as ^[.

    1. 2

      Isn’t that even worse from the RSI-avoidance point of view?

      1. 2

        I have caps lock mapped to ctrl, so ESC is just a small movement away for my little fingers. Not sure if that helps RSI avoidance, but it’s a bit less stretching around.

      2. 2

        That’s very interesting, I did not know that.

        1. 2

          Or use something like xcape and turn Ctrl into ESC.

          1. 4

            Even better, bind caps lock to ESC (when tapped) and CTRL (when chorded) using e.g. caps2esc on Linux or AutoHotKey on Windows. This has dramatically reduced stress I was experiencing in my left forearm, as my wrists sit at a much more natural angle.

          2. 2

            Switching caps and esc is also really good tho! How often do you need to caps, really?

          1. 7

            I am curious, is this illegal in some way? They are effectively on purpose introducing bugs or security holes into a ton of computer systems including ones that are run by various government agencies and they admit openly to doing it.

            1. 7

              Probably not illegal, but there is no evidence of ethics approval. Chances are they can’t get ethics on it.

              I’ve spoken to a couple of academics about this case and they can’t quite believe someone is trying to pull this in the name of research.

              Also, looking at the funding sources they cite, they seem pretty out of bounds on that front:

              https://nsf.gov/awardsearch/showAward?AWD_ID=1931208 https://nsf.gov/awardsearch/showAward?AWD_ID=1815621

              1. 5

                I think it’s borderline. Pen-testing is legal, and it’s generally done “on the sly” but with management’s approval.

                1. 18

                  I don’t think this is pen-testing, their code reached the stable trees supposedly. Once that happens they actually introduced bugs and security issues and potentially compromised various systems. This is not pen-testing anymore.

                  https://lore.kernel.org/linux-nfs/CADVatmNgU7t-Co84tSS6VW=3NcPu=17qyVyEEtVMVR_g51Ma6Q@mail.gmail.com/

                  1. 1

                    Whether their code reached stable trees is irrelevant to whether or not it’s pen-testing - you can just as easily imagine a pen-tester accidentally leaving a back-door in a system after their contract has expired. Criminal negligence? Yes. Evidence of an unethical practice in the first place? Not in the slightest.

                    Similarly, the researchers said that, as soon as one of their patches was accepted, they would immediately notify the tree maintainer. If they did that, and the maintainer was paying attention, the patch would never make it to a stable tree.

                    Whether someone is ethical or not is completely unrelated to its outcome.

                  2. 2

                    Pentesting comes with contracts and project plans signed by both the tester(s) and the company main stakeholder(s). So, no it’s not at all the same.

                  3. 4

                    Probably not, opensource is “no warranty” all the down.

                    1. 1

                      Almost certainly… For instance the following seems appropriate.

                      18 U.S. Code § 2154 - Production of defective war material, war premises, or war utilities

                      Whoever, when the United States is at war, or in times of national emergency as declared by the President or by the Congress, […] with reason to believe that his act may injure, interfere with, or obstruct the United States or any associate nation in preparing for or carrying on the war or defense activities, willfully makes, constructs, or causes to be made or constructed in a defective manner, or attempts to make, construct, or cause to be made or constructed in a defective manner any war material, war premises or war utilities, or any tool, implement, machine, utensil, or receptacle used or employed in making, producing, manufacturing, or repairing any such war material, war premises or war utilities, shall be fined under this title or imprisoned not more than thirty years, or both

                      Probably also various crimes relating to fraud…

                      1. 8

                        when the United States is at war,

                        Except it’s not, so, this is not appropriated at all.

                        There’s no contract, no relationship, no agreement at all between an opensource contributor and the project they contribute to. At most some sort of contributor agreement that is usually in there only for handling patents. When someone submits a patch they’re making absolutely no legal promises as for the quality of said patch, and this propagates all the way to whoever uses the software. The licenses don’t say THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND for nothing. Sure, the US army or whatever might use Linux, but they do it at their own peril.

                        Now, they might get in trouble for being sketchy about the ethical approval and stuff, but that will only get them in professional trouble at most, like loosing their jobs.

                        1. 3

                          You missed the second half of the disjunction

                          or in times of national emergency as declared by the President or by the Congress,

                          This clause is true… many times over https://en.m.wikipedia.org/wiki/List_of_national_emergencies_in_the_United_States

                          Edit: The US army does not do it at their own peril against actively malicious activities. Civil contracts do not override statutory law, rather the other way around.

                          1. 2

                            Hmm, yeah, I stand corrected (partially, at least).

                            However, the law you’re quoting says war stuff or stuff used to make war stuff. I’m not even sure software would qualify as stuff, as described in there. But yeah, I’m less sure they are not screwed now. Also, from the names, they might not be US citizens, which could make things worse.

                            That said, I’m somewhat skeptical anyone would pursue this kind of legal action.

                            1. 7

                              The definition of what’s protected here is really broad. Is the linux kernel used a tool to help operate the telecommunications infrastructure for the company making uniforms for the military? If so it’s protected.

                              It’s almost like it was written for actual times of war, not this nonsense of a constant 30 national emergencies going on. Blame congress.

                              I agree it’s unlikely to be prosecuted, unless there is significant damage attributable to the act of sabotage (someone deploys some ransomware to a hospital that exploits something they did, for instance), or someone in power decides that the act of sabotage’s main purpose was actually sabotage not getting papers… If it is prosecuted I also think it’s likely that they’ll find some more minor fraud related crime to actually charge… I just found this one by googling “sabotage, us law”.

                              1. 3

                                There’s what the law says (or can be construed to say) and what a court will actually accept. I think a lawyer would have a hard time convincing a jury that a silly research paper was war sabotage.

                                1. 3

                                  I wish I had your faith in the system. I think a lot of this stuff depends on whether prosecutors choose to make an example of the person. I can’t see that happening here; I very much doubt that the US federal government sees its own power threatened by this irresponsible research. However, if you look at the history, there are examples that I find similarly absurd which did lead to convictions. The differentiating factor seems to not be any genuine legal distinction, but simply whether prosecutors want to go all-out.

                                  Furthermore, the ones the public knows about are the ones that happened in regular courts. Decisions by FISA courts or by military tribunals do not receive the same scrutiny, and thus we must assume the injustice is even greater in those venues.

                                  1. 1

                                    I don’t deny that unjust laws are often enforced, despite jury trial, I just think that in this case it would be pretty unlikely for that to happen.

                                    I think the state/ruling class is more likely to abuse its power when it is threatened, embarassed (journalists, whistleblowers (Wikileaks), minor hackers) or when there is the opportunity to harm an out-group or political opponent (e.g. non-dominant ethnic groups, leftist movements, sometimes extreme right-wing groups); and I don’t think any of those really apply here.

                                    1. 2

                                      I apologize for the belated reply. I do agree with all of that.

                                  2. 1

                                    Feels like a case ripe for independent reinvention of jury nullification.

                      1. 3

                        I have noticed that zerotier doesn’t even bother with DNS on linux.

                        One interesting idea that hadn’t crossed my mind before was to just use public DNS. I saw this in the tailscale docs and while it feels wrong, I don’t think it is wrong.

                        Sadly, some routers (or even perhaps ISPs) block this, so I have to run a private server also. Private takes priority, then linux users and servers can use public DNS. If that fails then they have to manually configure the private server - this hasn’t happened yet. The drawback is that you have to update two places, but I have a script for that…

                        1. 4

                          Some internal Tailscale services use public DNS pointing to their Tailscale IP addresses (such as the grafana instance). There’s no shame in doing it with public DNS in ways that only work behind your private network. It may not be the thing you want for all circumstances, however it does work at the risk of potentially making it easier for attackers to do service enumeration via DNS.

                        1. 1

                          This has come at a good time for me, I have been trialling a few of these p2p systems, and I’m looking forward to trying this one (no mobile support for now makes it a no-go). I love the simplicity of the whole concept and what it can achieve. As soon as I saw tailscale the penny dropped for me.

                          So far:

                          • Tailscale works but is pricey as you scale. Still considering it however.
                          • Nebula is a bit under-documented and requires config files everywhere. Also, it didn’t connect or even try to relay in a few tests I did.
                          • Zerotier. What we are using at the moment. Very easy to run, even for free with a self-hosted controller. Good platform coverage including synology. However:
                            • It does rely on zerotier servers to some degree
                            • Occasional connection issues
                            • No linux DNS so you either manually set servers or use public DNS (a trick I picked up from tailscale docs actually)
                          1. 1

                            I’ll have to finally give this a try.

                            I am not after pro-audio but I do have an audio interface for mic’d up zoom calls etc, and the latency on it is bad when I monitor from my PC rather than directly from the interface itself. This isn’t a massive problem but I’d quite like to route the audio through my laptop so I can use my bluetooth headphones…!

                            The only solution I can see is some pulse-jack hybrid which scares me…

                            1. 5

                              The Mudita phone is huge for the few things it does, isn’t it? it’s almost as big as my Samsung Galaxy S8. In particular, the Mudita is ~5 cm thicker that the S8. That’s gonna feel bulky in the pocket of my jeans.

                              1. 7

                                I thought you’d made a mistake here, from the photos I’d assumed it was relatively small. That was part of its appeal to me.

                                Nope, it is indeed massive. My TV remote is not far off this size.

                                1. 3

                                  Exactly. I made the same mistake and thought it was a small, handy phone. Not so. It’s big and bulky (and expensive).

                              1. 14

                                I love this, the screen is a cool idea, but I am struggling to talk myself into it, even without taking cost into account, and even as a person who likes shiny nerd things that then sit in a drawer.

                                I am in the target market for this sort of thing. I don’t use social media on my phone, or email. I don’t like devices with pointless tracking features. I don’t even have google play installed on my phone.

                                However over the years the smartphone has become a swiss army knife for me, rather than an annoyance. I just don’t install social media, and turn off all notifications.

                                Things I don’t want to leave behind:
                                • TOTP app (could be done on mudita I guess)
                                • Maps - osmand is like having a little pocket atlas on you at all times. I don’t even use navigation, but I do use the map.
                                • Contacts syncing, there is no way I am re-entering everything into this phone.
                                  • If there were a way to sync via USB I could live with that- there is
                                Things I do all the time that I could leave behind (but I don’t see why I would want to):
                                • Signal, XMPP et al
                                • Unit conversion. Metric to imperial. Temperature. Weight etc
                                  • Could be done on this phone
                                • Calculator
                                  • Could (should?!?) be done on this phone
                                • Currency
                                  • Hard to do on this phone without price updates
                                • Impromptu notepad/drawing pad
                                  • I prefer paper but the best notepad is the one you have on you
                                • Camera
                                  • See above. I don’t like phone cameras but it has its uses.

                                I also don’t see why they are focusing on music so much when there is no SD card slot, it seems.

                                1. 10

                                  I’ve seen a similar device advertised on Instagram and the comments on those ads (which are just sponsored posts, so they have comments and such) explain why I don’t see anything like this taking off. Nearly every commenter is enthusiastic but identifies one or two dealbreakers, and they’re all different. One person would buy it if it included email, another person wants directions (but maps are optional), another (like you) wants maps (but directions are optional), someone else needs a camera, yet another wants to be able to read books on it, and so on. I’ve seen a couple people who even require social media, but they want a stripped-down experience, just messaging for example.

                                  In order for the phone to have a broad market appeal, at least if the comments are to be trusted, the manufacturer would have to effectively turn the device into a modern smart phone. The E-ink screen alone probably condemns it to niche-product status because it can’t do photos and video (and I say this as someone who loves reading E-ink).

                                  I think the reason we settled on smart phones (and convergence in general) is that the most efficient way to serve a diverse market is to offer a product that contains flexible and extensive hardware and can therefore be adapted to do many things (via apps).

                                  A phone like the one here might work as a niche device for a handful of enthusiasts, but that means it’s always going to be expensive and the economics are unlikely to work for the manufacturer in the long term.

                                  1. 3

                                    The page says they support contacts syncing. “You can easily sync your contacts with the Google Account or iCloud”.

                                    1. 1

                                      Ah I missed that! It’s also cool how you can write messages from your laptop.

                                  1. 12

                                    I typically write user-visible dates as “26 Feb 2021”: this way it’s always clear for pretty much anyone who can speak English (and also many who don’t, since month names tend to be very similar across languages). You could argue that “2021-02-26” is better, but many people aren’t used to it so I don’t think it’s very user-friendly.

                                    For databases and other technical (non-user visible) there is no discussion that ISO 8601(-ish) dates formatted as “2021-02-25” is the only acceptable format.

                                    This is also why I often use (thin) spaces for thousands separators by the way: “64 737” instead of “64,737”.

                                    1. 17

                                      I’m using ISO8601 whenever i have to sign something. Never had any complaints or problems.

                                      1. 1

                                        Same, but I wonder if that’s because I’m in the US where everyone expects the month to come before the day anyway. I’m moving the year to the beginning but otherwise it is a normal human-readable date. Does it go over as well in countries that use DD/MM dates normally?

                                        1. 1

                                          Always has for me! (Australia.) I think people here are more sensitive to different date formats, given we use the less popular of the two and everyone’s online.

                                      2. 7

                                        I do the same when communicating professionally. We use English mostly and I tend to refer to dates as “26 Feb 2021 12:00 CET (UTC+1)” because spending a couple of seconds writing usually saves hours of confusion when scheduling meetings etc.

                                        How do you output thin spaces? It’s part of Swedish typographical standard to use for thousands separators but it’s a pain online because of bad support for thin spaces (that also have to be non-breaking).

                                        1. 7

                                          I have it set up in XCompose:

                                          <Multi_key> <space> <space> : " " U202F # NARROW NO-BREAK SPACE
                                          

                                          So pressing right alt + space + space will insert U+202F.

                                          1. 2

                                            I have this:

                                            <Multi_key> <space> <t> : " "   U2009    # Thin space
                                            <Multi_key> <space> <m> : " "   U2003    # Wide (em) space
                                            

                                            Is U202F a thin space too?

                                            1. 2

                                              I think they render pretty much identical, although this depends on the font. The advantage of the non-breaking space is that it shouldn’t be used as a line-break: https://imgur.com/a/tbVnamc

                                              Neither is “more correct”, in English at least, and using just a thin space is fine too, but I think the first looks a bit nicer.

                                          2. 3

                                            It’s part of Swedish typographical standard to use for thousands separators but it’s a pain online because of bad support for thin spaces (that also have to be non-breaking).

                                            I thought the thousands separator was just a non-breaking space, not a thin non-breaking space.

                                            1. 3

                                              No, it’s a thin one. Source: Typografisk handbok.

                                              1. 2

                                                Huh – thanks for the tip. Just made my life a tiny bit harder… :-)

                                                1. 1

                                                  You only have to care when typesetting professionally. The web is a lost cause.

                                                  1. 1

                                                    It’s kind of been a lost cause ever since the printing press was invented 🙃 I don’t think simplification is necessarily a bad thing though.

                                                    1. 1

                                                      OK, so I tried to implement this on my blog, with an idea of adding a filter so that I could use commas as thousands separators in Markdown, then they would be replaced by non-breaking thin spaces during rendering.

                                                      But while it works in the main matter, it does not work in headings for some reason.

                                          3. 13

                                            many people aren’t used to it

                                            My approach is that they will have to deal with it.

                                            1. 3

                                              “26 Feb 2021” is often recommended or even required, to avoid confusion between dd/mm/yyyy and mm/dd/yyyy when dealing with cases across borders.

                                              1. 2

                                                For databases and other technical (non-user visible) there is no discussion that ISO 8601(-ish) dates formatted as “2021-02-25” is the only acceptable format.

                                                Depending on application, unix timestamp may also be the way to go.

                                                1. 11

                                                  Unix timestamps is the worst of both worlds - not human readable and affected by leap seconds.

                                                  Use TAI timestamps instead.

                                                  1. 3

                                                    Except usually I want leap seconds in there so my time isn’t wrong?

                                                    1. 4

                                                      Then you implement a lookup table with historical leapseconds, and use that to display the current UTC time.

                                                      If you are ambitious, you can amend the lookup table as soon as a new leapsecond is announced.

                                                      The point is that from the point of view of your code (or database), there’s only a monotonical increase of seconds. You effectively treat the difference between TAI and UTC as a sort of timezone.

                                                      Of course, to be really useful, each clock in your system that emits events needs to use TAI (or some other time scale without leap seconds, like GPS time). Then it’s up to the user-facing interface to translate to civil time.

                                                2. 1

                                                  “thin spaces” has really made me stop and wonder…

                                                  1. 4

                                                    Unicode has spaces for many tastes - http://jkorpela.fi/chars/spaces.html

                                                    1. 1

                                                      I like the idea of “taste” in a field so normally strict. I should look for more of that sort of thing…

                                                1. 18

                                                  It’s down to licensing.

                                                  If specifications are open and there’s no restriction (e.g. patent licensing) so that everybody can freely design, make and sell specification-compliant modules (including the container/shell itself), welcome.

                                                  Otherwise, good riddance.

                                                  I am not optimistic, as I couldn’t easily find the information on licensing in the website.

                                                  1. 9

                                                    The ars writeup of this makes promising sounds like

                                                    The company also pledges to open up its hardware ecosystem to third parties, which will be able to design, build, and sell compatible modules via a Framework Marketplace.

                                                    But as you point out, there’s no information on licensing, etc. in that handwaving. I’m optimistic that it’s at least on their radar as something they think is good for them. That said, I’ll be waiting to see what evolves once things are shipping before I get excited.

                                                    I do hope a system with field repairability by its owner becomes available. Because the ones I liked (Thinkpads) are going away from that lately.

                                                    1. 8

                                                      FWIW they did say on Twitter:

                                                      We’ll be publishing specifications and reference designs for the Expansion Card system under open licenses, and releasing documentation around the internal interfaces. Our focus is on building a hardware ecosystem around the Framework Laptop.

                                                      1. 5

                                                        Without this there’s a solid chance that new parts will cost more than a new laptop, which in the real world will kill the idea off.

                                                        1. 4

                                                          Good point about licensing. This needs to be open. It would be cool to see something like this but similar to Pine64 openness

                                                          1. 1

                                                            I’m pretty optimistic about this. It sounds like they paid enough attention to everything that techies were talking about. I think they’ll come up with reasonable licensing as well… at least in the beginning. I don’t think they’ll do a worse job than Apple regarding hardware lockdown.

                                                          1. 8

                                                            This feels like a more hands-off and user friendly version of Temporary Containers, which if it works is only a good thing.

                                                            I guess the main difference is that nothing gets deleted, so for example google will remember your search history.

                                                            1. 7

                                                              If you’re using integer IDs to identify data or objects, don’t start your IDs at 1. Start them at a huge number (e.g., 2^33) so that no object ID will ever appear in any other role in your application (like a count, a natural index, a byte size, a timestamp, etc).

                                                              Passing around random integers and logic like “well it’s somewhere in the order of eight and a half billion, so it must be a user” sounds like a really fucking shitty way to write most programs - both in terms of making assumptions, and in terms of developer productivity.

                                                              Ok, very memory sensitive, massively concurrent systems will see a noticeable operational benefit to passing around an integer, rather than an Object, but I’d wager that 99.9% of people will never work on such a project. Even if you don’t want to go full on Model Objects, at least use wrapped integers for your IDs (e.g. class UserID { public int $id } - and then your methods (or your global functions if that’s your kink) can at least typehint to require a UserID, so a function hypothetical get_friends(UserID $id): array will throw immediately if you pass in say a PhotoID, or a GroupID, or any other random integer.

                                                              1. 8

                                                                well it’s somewhere in the order of eight and a half billion, so it must be a user

                                                                That’s not what they’re saying: What the article states is “if you put your user IDs outside the accidentally reachable number space, accidentally trying to parse a small number won’t hand out some user data”. At no point is that arrangement supposed to mean if x >= large_num { x_is_user = true; }

                                                                1. 4

                                                                  Like I said: relying on an arbitrary integer being “outside accidentally reachable space” sounds like a fucking terrible idea, rather than just, you know, using the type system available to you, to say “hey we need a fucking User ID, not just any random integer”.

                                                                  You (the proverbial you not you specifically) may as well also propose using ranges of integers starting at each billion, for different object types, so you can do away with foreign keys in your RDBMS.

                                                                  Let me put this another way: if your codebase is written in such a way that you’re relying on user ID’s being some magically unique number, not appearing in any other form, to provide any semblance of security or privacy, you’ve already failed.

                                                                  1. 3

                                                                    It’s very poorly explained, but the idea is that you have a bunch of things indexed by some kind of numerical ID. If your language doesn’t give you nice unit types, it’s very easy to confuse integer-representing-a-Foo-ID and integer-representing-a-Bar-ID (and loop induction variable that was supposed to be an index into an array of Foo IDs, and many other things). If you start everything at 0, then an accidental type confusion in your program will probably still find a valid thing. If you start both at different, moderately large, random indexes, then type confusion will probably trigger some kind of thing-not-found error. This is much easier to find in testing: the observable failure is close to the bug.

                                                                    It’s not about segregating the types and guaranteeing that different numerical ranges refer to different types, it’s about finding the errors where you make the confusion.

                                                                    If you were doing this in a language like C++, you’d have a separate type for each of these IDs and mark the casts to and from ints as explicit, so you’d have to explicitly write something like: ProductID id(sessionid.as_integer()) and that would be likely to be picked up in code review. PHP doesn’t really help you here.

                                                                    1. 3

                                                                      PHP doesn’t really help you here.

                                                                      Like I said, if your scale is such that passing around actual model instances isn’t feasible (so already a pretty slim minority of the software world), a wrapper class with a single integer property is going to use minimal memory, and still lets you use types to only accept/return an object that is “known” to be a User ID, or Product ID or whatever.

                                                                      I’m not sure why you would think this won’t work in PHP, or pretty much any language that has even the most basic concept of classes.

                                                                      1. 3

                                                                        So you use this nice user type in your code but at some point your code is supposed to present a list of users (e.g. their facebook friends) to the user on the other side of the HTTP connection. For that, you read out the user data (name, picture, …) and present them, but you also need some identifier to put into the URL that is opened when they click on the friend’s link. Now what?

                                                                        Of course that data gets sanitized on input (and could be wrapped into a User ID object at that point) again, but still: there’s this number floating around in some shape or form. Doesn’t hurt to keep it outside the “normal” number space to avoid running into funny issues down the road (because, you know, coders make mistakes).

                                                                        I’ve seen similar advice to start such numbers at 2^53 if there’s a chance that double-by-default languages such as Javascript (or JSON parsers that try to be compliant) mess with them, just so developers see resulting issues immediately rather than at some distant point in time when nobody remembers what’s going on.

                                                                        It’s simply a very cheap defensive programming technique when you deal with something that carries an ID somewhere.

                                                                        1. 5

                                                                          Now what? Now you have some actual security. You lookup a user in a table, you check if the active session user has permissions to do whatever the link is supposed to do - neither of those is different logic if the underlying integer is 8 or 8 billion.

                                                                          Doesn’t hurt to keep it outside the normal search space to avoid running into funny issues down the road (because, you know, coders make mistakes).

                                                                          What the fuck is “normal search space”?

                                                                          No user input should be trusted. Your argument is proof of why this ridiculous theory is bad security theatre - there’s nothing to stop a client sending a request with 8 rather than 2^33 in the parameter that identifies the user. If your application is written well, that shouldn’t matter: regular security/privacy should prevent them from seeing/doing things they shouldn’t. At worst they should get an error message.

                                                                          Your suggestion implies that they might be able to do/see something they shouldn’t be able to, because e.g. the number they send happens to be the ID of a non-user object.

                                                                          If that is the case, you’re basically arguing in favour of security by obscurity. If that is not the case, then you’re arguing in favour of security theatre.

                                                                          So which is it?

                                                                          1. 4

                                                                            Your suggestion implies that they might be able to do/see something they shouldn’t be able to, because e.g. the number they send happens to be the ID of a non-user object.

                                                                            I’m arguing that some coder might factor out some user ID handling code into a piece of work that translates it into a plain integer type and write their functions around that. And then have some coder (maybe the same, but just as clueless) cast values when using those function instead of fixing the mess, and again by mistake, they happen to cast an enum type (which typically cast into the 0..n range for small n). And this is all in a strongly-typed environment: The Phabricator folks use PHP and therefore I’d assume that they write their blog posts for a PHP-using audience, and PHP’s type system provides fewer guarantees (although they’re cleaning up their act. slowly.)

                                                                            I’d rather have it explode on them then, than give reasonably-looking-at-a-glance data because the CEO thought it’s cool to have UID 1.

                                                                            As I wrote, coders make mistake.

                                                                            Counter question: what irritates you so much about simply starting a counter at a large value that you exploded like that (see the expletives in the first post)? It’s a no-cost guard rail that is ideally never needed, but as it costs nothing, and might protect against stupid mistakes (even though it’s pretty weak), why bother?

                                                                            1. 2

                                                                              I would rather have it explode at them as soon as possible rather than when you reach 2^n users, by which time a fix might be much more difficult both to do and to trace.

                                                                              1. 2

                                                                                “It’s a no-cost guard rail that is ideally never needed, but as it costs nothing, and might protect against stupid mistakes (even though it’s pretty weak), why bother?”

                                                                                I think the problem is that, as stephenr says in his reply, it’s akin security by obscurity. It’s convincing yourself - or your future self, or whoever looks at this system later, that all’s fine because these numbers are big and therefore we’ve solved the problem. By doing something that ‘might protect’ rather than something that will protect, the problem gets worse, as now we’re lulled into a false sense of security.

                                                                                Yes, a system shouldn’t explode because someone wanted UID 1, but the system shouldn’t act like it’s fine for 4 years and then explode because we’ve been comparing UIDs and creation timestamps like that joke signpost that seems to be all over the world (population + height above sea level … total = …) and we’ve only just hit the timestamp and the UID where that mattered.

                                                                                Typing is important and what the article advocates is an easy ‘solution’ that’s dangerous and is something software development should have moved past by now. UUIDs/GUIDs are now commonplace and absolutely appropriate for, well, unique identifiers. Namespacing prefixes work reasonably well (UID-123) but are prone to humans making up rules (‘I’ve only ever seen UIDs with 3 digits so therefore if someone tells me they have UID 1 that means I should write UID-001 and an ID of UID-1000 is invalid’).

                                                                                1. 2

                                                                                  as it costs nothing, and might protect against stupid mistakes, why bother

                                                                                  Lots of things cost nothing and someone claims “might” do something. I’d rather just do something that does protect against the issue, and ignore the security theatre.

                                                                                  Edited, @vakradrz makes a good point.

                                                                                  1. 3

                                                                                    I agree with your argument (and have made my own reply to the parent comment) but please try to keep it civil, as while it’s an important topic and I’m sure we’ve seen disasters due to such designs, there’s still good intention here and education is more difficult with this kind of tone.

                                                                                    1. 2

                                                                                      You make a good point.

                                                                    2. 4

                                                                      For me, the most compelling reason to assign IDs as described in the article is so that you can grep your log files for those IDs and probably not get false positives. Even just starting your IDs at 256 means that you won’t get collisions with the components of IPv4 addresses. Starting at 10,000 means you won’t get collisions with the components of IPv6 addresses, starting at 32,769 means you won’t collide with PIDs (depending on how your system is configured), and so on. You can go whole-hog with this and use UUIDs for everything, and then you’re even less likely to have collisions, but that has its own drawbacks.

                                                                      That being said, I think it’s important to view this as a minor developer affordance and not as a substitute for a type system. If you find yourself doing this because you’re getting loop counters confused with entity IDs… I don’t think making the entity IDs larger is the right solution.

                                                                      1. 2

                                                                        … is it really that hard to have your logs reflect the type as well as the ID? How do you grep for anything that isn’t using an artificially large PK?. I’d have thought user:123 was easier to get a valid result against than just 9993939191939393

                                                                        1. 2

                                                                          Sure, of course your logs should be clear about the meaning of each piece of information. But if you’re grepping through logs multiple times per day, every day, then not having to type user: each time starts to give you a nontrivial time savings—and, more significantly, it feels like there’s less friction in the process. I’m assuming that the numbers are going to be copied and pasted anyway, which means there isn’t a time difference between grepping for a shorter number or a longer one. And your approach depends on a higher level of consistency in writing log messages than I think is common at most places—if someone leaves out the user: in one particular message, you’re back at grep -w.

                                                                          1. 3

                                                                            This logic doesn’t make any sense to me, because in any non-trivial application, users are just one type of thing that you’d want to be able to identify.

                                                                            I don’t buy the idea that users are some unique thing you’d want to search for, but products, sales, payments, groups, etc etc - whatever the actual business items of the application are - are not equally as important. This is why none of the arguments presented make any sense to me: offsetting one type of object by 2^33 doesn’t solve the same supposed issue for all the other object types you have, so unless your application is so trivial you only have two object types: users and… something else, the offset mechanism is not a useful solution to any of the problems presented, IMO.

                                                                            1. 2

                                                                              I think the idea is that you would offset users by 2^33 (for example), products by 2^34, sales by 2^35, and so on. Of course there are obvious problems with this scheme: if you have more than 2^34 products, the IDs for those are going to start overlapping with the IDs for sales. If you have more than around 30 entities in your system, you won’t be able to offset all of them like this and stay within 64 bits.

                                                                              That’s why I think it’s vital to treat this scheme as just a developer affordance and not any kind of data integrity or type safety feature. Like I said, I think this is only really helpful for grepping logs… I think I may disagree with some of the other commenters on that point.

                                                                              1. 1

                                                                                Your comment actually made me go back and re-read the article. I think you’re right that they are talking about all objects, not just users specifically, but their reasoning seems to be essentially, what you alluded to before:

                                                                                If you find yourself doing this because you’re getting loop counters confused with entity IDs… I don’t think making the entity IDs larger is the right solution.

                                                                                In the example given, getting a list of users returns an associative array using integer IDs as the key, and boolean true as the value. They then proceed to call array_slice without setting the preserve_keys flag to true, and get back a 0-indexed array of boolean true.

                                                                                I wouldn’t be surprised if this is a real world example from Facebook, given some of the absolutely garbage examples shown in the leaked dumps of the codebase from several years ago - but to use this ridiculous pattern as a reason for starting your object IDs at 34 billion, is beyond stupid.

                                                                                1. 2

                                                                                  Agreed. I ended up re-reading the article too, and apparently the “larger IDs make searching logs easier” point was something I made up; the article didn’t say that. None of the reasons they give for making the IDs larger seem like sound engineering to me.

                                                                      2. 3

                                                                        This isn’t meant to be a primary way to distinguish valid IDs from random numbers, but as a defense in depth in case you screw up your code.

                                                                        Most likely you’re going to need to work with SQL, JSON, URLs, and other places where you’ll have to put an untyped number. Newtype in the language doesn’t help in cases like this:

                                                                        get_friends(new UserID($_GET['photo_id']))
                                                                        
                                                                        1. 2

                                                                          So what happens when someone changes your URL from ?uid=9809890809809890 to ?uid=9.

                                                                          SQL of all places is a ridiculous example. Are you searching every table looking for a PK match?

                                                                          1. 3

                                                                            I think you’re still reframing this as if it was meant to be a security measure or some kind of bullet-proof protection. It’s not. It’s a “lint” that may help catch a programmer’s error. It is not intended to catch nor detect any outside interference.

                                                                            I’ve chosen SQL, because SQL doesn’t accept PHP types as arguments (unless you implement a very fancy type-safe ORM, I guess?). There could be mistakes like misaligning ? placeholders and their values, or selecting columns in a wrong order. Even when you only use named placeholders and fetch rows as assoc arrays, if you join multiple tables with an id column, you might accidentally pick the wrong one. Bugs can happen. The trick is about making such bugs fail louder, sooner.

                                                                            1. 2

                                                                              The trick is about making such bugs fail louder, sooner.

                                                                              If your developers don’t notice that their piece of code is returning the wrong user, I honestly don’t think they’ll notice that it’s not returning any user, because they’re clearly not testing what they write, even in the most basic of “I tried this once on my local machine” sense.

                                                                        2. 1

                                                                          Yeah this is weird. If am doing ‘get friends’ I want a list of friends, not integers.

                                                                        1. 2

                                                                          My strategy against this BS at the moment is to use temporary containers for every tab.

                                                                          You open your tab, do your thing, when it closes everything gets wiped.

                                                                          If you click on a link to another domain, it opens in a new container.

                                                                          Then I just have an extension that auto-clicks ‘accept all cookies’ because they all disappear when I close the tab anyway.

                                                                          Some of those dialogs where you choose what cookies you want are painful to use!

                                                                          1. 2

                                                                            Keeping the cookies at bay is easy. What measures do you take against more advanced tracking techniques like canvas render fingerprints? There are many such techniques that go far beyond just cookies. Do you use straight NoScript? The internet is woefully broken without JavaScript.

                                                                            1. 2

                                                                              Nothing more than what ublock origin provides, plus some router level ad/tracker blocking. Blocking 3rd party trackers is an easy measure I can take that doesn’t break the internet, and this includes a lot of companies known to use fingerprinting. It’s not perfect, but then nothing is.

                                                                              Aside from that I don’t really want to go down the canvas blocking, noscript rabbit hole. I used to do it and found I was just spending too much time disabling noscript for sites I was never going to revisit. Places I frequent tend to have RSS so I just use that anyway.

                                                                            2. 1

                                                                              This isn’t about cookies. The laws talk about personally identifiable information. Cookies are one way of collecting this, but they’re not the only way. With your approach, if the site uses some other mechanism (tied to IP address, for example), then it is completely legal. If you don’t permit it and the site is found to be violating the law then the information commissioner can impose huge fines.

                                                                              1. 1

                                                                                I do the same on my laptop. On my iPhone I’ve started strictly using private browsing mode. No problems accepting all cookies when I kill the tab in 3 minutes anyways.

                                                                              1. 18

                                                                                Just use federated systems like Matrix or Tox. Signal is just yet another silo and not a long-term solution amid increasing government censorship. The same applies to Threema, Telegram and others.

                                                                                1. 13

                                                                                  Now I’m feeling like a broken record, but…

                                                                                  Domain-name-based federation is a half-assed solution to data portability. It gives special privileges to people who can run always-on nodes, which not everyone can or should be doing. It’s also tied to the domain name system, which is neither practical nor ideal.

                                                                                  Either do real P2P, or don’t bother pretending.

                                                                                  1. 10

                                                                                    I really want to disagree with you but I have come to think the same way over the last few months, having myself run a matrix home server and an XMPP server.

                                                                                    • If my server gets taken down, people have to regroup and find a new one somehow.
                                                                                    • If Signal goes down, people have to regroup and find a new service somehow.

                                                                                    There’s not much difference here to the average user. If they can’t talk they can’t talk, regardless of everyone else.

                                                                                    Sure, the first option is better because the rest of network stays up, but it’s not enough of an advantage compared to the benefits of a centralised system.

                                                                                    If anything, the ease of moving from WhatsApp to Signal highlighted just how easy it can be to go from silo to silo. It doesn’t even feel like you have an ‘account’ in the traditional sense.

                                                                                    There are lots of big problems to solve with P2P, most of them to do with mobile and multiple devices, but until someone gets there I’m just glad that people are looking at Signal over WhatsApp.

                                                                                    1. 4

                                                                                      Who says you need to use matrix.org? There are many, many options…

                                                                                      Far more than just the 1 single option you get with moxiechat.

                                                                                    2. 3

                                                                                      I tend to believe that federated networks, while obviously being harder to block than centralized ones, are also no panacea against government censorship. Because as censor, you now have to block not a single entity, but multiple, which is also doable. And the nodes in a federated network are also inflexible, as they have a unique name that identifies them. Which is nice for users, but also helps the censor to track them. As soon as a node is one the censor’s list, it’s only option is to reappear under a different name (which is bad for users).

                                                                                      Not sure if this applies to all federated networks, but probably to most. If you have counterexamples then please share and explain how they avoid those, IHMO inherent properties of federated networks.

                                                                                      1. 1

                                                                                        How do federated systems approach problems that require hardware solutions (e.g. Signal’s use of SGX)? Is there a way to guarantee that whatever server is running for a particular federated node is using the correct hardware?

                                                                                        1. 3

                                                                                          That’s exactly what SGX does - it guarantees that the in-enclave code matches the recorded signature (or that intel have been compromised). Every federated node would need an intel SGX-compatible CPU but no other issues.

                                                                                          In the case of signal, the server sends a blob signed by intel (very difficult to forge) which confirms

                                                                                          • The hash of the server code
                                                                                          • The hash of signals public key
                                                                                          • The version of intel CPU / enclave
                                                                                          • Arbitrary data sent by the signal server

                                                                                          One approach from there would be: the ‘arbitrary data’ bit contains a public key, which your signal client can use to encrypt messages to the server. The corresponding private key does not leave the enclave (and you can verify that by comparing the open source implementation with the hash of the server code).

                                                                                      1. 2

                                                                                        Strictly at home, I have a media server for blu ray/dvd rips and storage of photos etc. Also has syncthing running on it.

                                                                                        I also have a little IntelNUC with a USB hard drive full of music. The ‘main’ server is noisy and lives in the office, so this lets me listen to my stuff without turning it on. I use MoodeAudio for this, which is the based MPD based distro I could find.

                                                                                        Cloud based, I run:

                                                                                        • ZNC (IRC bouncer)
                                                                                        • Syncthing (a ‘main’ node for good availability)
                                                                                        • Gotify (push notifications)
                                                                                        • Minecraft to play with my nephews, this is an overpowered server than gets turned on and off on demand. Digital Ocean API ftw.
                                                                                        • Most of my personal git repos push to a VPS

                                                                                        I used to do:

                                                                                        • Huginn (IFTTT replacement). Brilliant, but I just don’t actually need it.
                                                                                        • RSS (ttrss)
                                                                                        • GNUSocial
                                                                                        • Diaspora
                                                                                        • OpenVPN server (always works fine then suddenly doesn’t)

                                                                                        Any cloud services I rely on (RSS, email, bookmarks etc) I make sure they stay portable. It takes me 1 minute to move my RSS feeds elsewhere. I always keep a full local copy of my email inbox, contacts and calendar.

                                                                                        1. 13

                                                                                          Matrix is not decentralised. I suspect that if users jumped onto it like they are right now with Signal, they would head to one instance and we would experience the same issues.

                                                                                          True decentralisation would be wonderful, but right now it’s not offering what a secure centralised service can, so I have to recommend Signal.

                                                                                          1. 5

                                                                                            I don’t see why users joining one server because it’s the default in the most common client makes a protocol centralized.

                                                                                            1. 4

                                                                                              I don’t see silo-to-silo communication as fully decentralised, which is why I said “not decentralised” instead of “centralised”. You are still beholden to a server and client model, where you have to trust the server.

                                                                                              I completely agree with all the trust issues have people have with Signal, I think that for most people they don’t go away with matrix.

                                                                                              1. 5

                                                                                                Secure Scuttlebutt is perhaps closer to properly decentralized. There are servers (termed “pubs”), but any client can sync via any pub it has access to.

                                                                                                Unfortunately, it’s quite hard on the CPU, and hard to write clients for.

                                                                                                1. 1

                                                                                                  I like ssb but yeah to me it shows that we’re just not quite there yet.

                                                                                                2. 5

                                                                                                  So what if 80% use the most common 2 servers (like with email)? There’s still the option of going elsewhere without burning all bridges:

                                                                                                  Everybody can (in principle) set up a server and still communicate with the rest. The hard part here is making that process simple enough that everybody does, but at least it’s possible. With Signal (or Whatsapp, Telegram, Threema) you don’t have that option.

                                                                                                  Also there’s work in Matrix-land to distribute the server function (see https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix/), so the federated system may not be the end of the road.

                                                                                                  There are other systems that provide a p2p experience now (such as SSB) but they’re even less mass-marketable than Matrix, and with communication systems, mass market appeal is, sadly, important.

                                                                                                  1. 5

                                                                                                    How many bridges were burnt in the move from Whatsapp to Signal? The transition is almost completely seamless. If this is the benefit of federated systems, why would people care when moving between two different centralised services was this easy?

                                                                                                    To be clear, I’m not happy with having one person run one server that controls everything. I just haven’t seen anything else that I could give to my non-techie friends and say ‘use this and you won’t notice the difference’. Maybe that’s coming, but for now we have Signal.

                                                                                                    1. 2

                                                                                                      How many bridges were burnt in the move from Whatsapp to Signal? The transition is almost completely seamless.

                                                                                                      Except for those who went for Telegram, Threema or any other platform over Signal. They can either go to Signal too, or they’re cut off.

                                                                                                3. 4

                                                                                                  It’s the duck test. “A protocol if walks/quacks like a centralised one if there exists some server that affects most of the chat groups yo’re in because at least one member of that group relies on that server.” Disagree if you want, set the threshold where you want, reword the test to be about your correspondents instead of groups, but that’s roughly the argument.

                                                                                                  1. 2

                                                                                                    That “test” is not very useful: If your own server goes down, all chat groups you’re in are affected because you’re gone.

                                                                                                    For a true peer to peer system with absolutely no coordinating node (no super nodes, no seed nodes, no query services, no NAT penetrating reflection services) I’d still argue that your own system is your server. And guess what: if that goes down, all your groups are affected because at least one of their members (you) relies on that server.

                                                                                                  2. 2

                                                                                                    At the very least it makes us think about what it means for a protocol to be centralized or decentralized.

                                                                                                    Protocols are super interesting, but the reason we discuss (de)centralization is generally due to issues of power and agency that people experience using technology. So I think to a lot of us the more important question is how the system itself - built on the network, implemented by the protocols - is centralized/federated/decentralized and how that impacts the people that interact with it.

                                                                                                    The web is built on a whole stack of decentralized protocols developed in the open, but it’s also more centralized than its ever been.

                                                                                                    1. 2

                                                                                                      I’m not exactly fond of Matrix but I agree.

                                                                                                  1. 35

                                                                                                    e-mail has a lot of legacy cruft. Regardless of the technical merits of e-mail or Telegram or Delta Chat, Signal, matrix.org or whatever, what people need to be hearing today is “WhatsApp and Facebook Messenger are unnecessarily invasive. Everyone is moving to X.” If there isn’t a clear message on what X is, then people will just keep on using WhatsApp and Facebook Messenger.

                                                                                                    It seems clear to me that e-mail is not the frontrunner for X, so by presenting it as a candidate for replacing WhatsApp and Facebook Messenger, I think the author is actually decreasing the likelihood that most people will migrate to a better messaging platform.

                                                                                                    My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                                                    1. 26

                                                                                                      Signal is a silo and I dislike silos. That’s why I post on my blog instead of Twitter. What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                                                                      1. 10

                                                                                                        Signal isn’t perfect. My point is that Signal is better than WhatsApp and that presenting many alternatives to WhatsApp is harmful to Signal adoption. If Signal can’t reach critical mass like WhatsApp has it will fizzle out and we will be using WhatsApp again.

                                                                                                        1. 12

                                                                                                          If Signal can’t reach critical mass like WhatsApp has it will fizzle out

                                                                                                          Great! We don’t need more silos.

                                                                                                          and we will be using WhatsApp again.

                                                                                                          What about XMPP or Matrix? They can (and should!) be improved so that they are viable alternatives.

                                                                                                          1. 13

                                                                                                            (Majority of) People don’t care about technology (how), they care about goal (why).

                                                                                                            They don’t care if it’s Facebook, Whatsapp, Signal, Email, XMPP, they want to communicate.

                                                                                                            1. 14

                                                                                                              Yeah, I think the point of the previous poster was that these systems should be improved to a point where they’re just really good alternatives, which includes branding and the like. Element (formerly riot.im) has the right idea on this IMHO, instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                                                                              Of course, die-hard decentralisation advocates don’t like this. But this is pretty much the only way you will get any serious mainstream adoption as far as I can see. Certainly none of the other approaches that have been tried over the last ~15 years worked.

                                                                                                              1. 7

                                                                                                                …instead of talking about all sorts of tech details and presenting 500 clients like xmpp.org, it just says “here are the features element has, here’s how you can use it”.

                                                                                                                Same problem with all the decentralized social networks and microblogging services. I was on Mastodon for a bit. I didn’t log in very often because I only followed a handful of privacy advocate types since none of my friends or other random people I followed on Twitter were on it. It was fine, though. But then they shut down the server I was on and apparently I missed whatever notification was sent out.

                                                                                                                People always say crap like “What will you do if Twitter shuts down?”. Well, so far 100% of the federated / distributed social networks I’ve tried (I also tried that Facebook clone from way back when and then Identi.ca at some point) have shut down in one way or another and none of the conventional ones I’ve used have done so. I realize it’s a potential problem, but in my experience it just doesn’t matter.

                                                                                                                1. 4

                                                                                                                  The main feature that cannot be listed in good faith and which is the one that everybody cares about is: “It has all my friend and family on it”.

                                                                                                                  I know it’s just a matter of critical mass and if nobody switches this will never happen.

                                                                                                                2. 1

                                                                                                                  Sure, but we’re not the majority of people.. and we shouldn’t be choosing yet another silo to promote.

                                                                                                                3. 5

                                                                                                                  XMPP and (to a lesser extent) Matrix do need to be improved before they are viable alternatives, though. Signal is already there. You may feel that ideological advantages make up for the UI shortcomings, but very few nontechnical users feel the same way.

                                                                                                                  1. 1

                                                                                                                    Have you tried joining a busy Matrix channel from a federated homeserver? It can take an hour. I think it needs some improvement too.

                                                                                                                    1. 2

                                                                                                                      Oh, definitely. At least in the case of Matrix it’s clear that (1) the developers regard usability as an actual goal, (2) they know their usability could be improved, and (3) they’re working on improving it. I admit I don’t follow the XMPP ecosystem as closely, so the same could be the same there, but… XMPP has been around for 20 years, so what’s going to change now to make it more approachable?

                                                                                                                  2. 4

                                                                                                                    […] it will fizzle out

                                                                                                                    Great! We don’t need more silos.

                                                                                                                    Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                                                                    Chat platforms have a strong network effect. We’re going to be stuck with Facebook’s network for as long as other networks are fragmented due to people disagreeing which one is the perfect one to end all other ones, and keep waiting for a pie in the sky, while all of them keep failing to reach the critical mass.

                                                                                                                    1. 1

                                                                                                                      Do you realize you’re cheering for keeping the WhatsApp silo?

                                                                                                                      Uh, not sure how you pulled that out of what I said, but I’m actually cheering for the downfall of all silos.

                                                                                                                      1. 2

                                                                                                                        I mean that by opposing the shift to the less-bad silo you’re not actually advancing the no-silo case, but keeping the status quo of the worst-silo.

                                                                                                                        There is currently no decentralized option that is secure, practical, and popular enough to be adopted by mainstream consumers in numbers that could beat WhatsApp.

                                                                                                                        If the choice is between WhatsApp and “just wait until we make one that is”, it means keeping WhatsApp.

                                                                                                                    2. 3

                                                                                                                      They can be improved so that they are viable alternatives.

                                                                                                                      Debatable.

                                                                                                                      Great! We don’t need more silos.

                                                                                                                      Domain-name federation is a half-assed solution to data portability. Domain names basically need to be backed by always-on servers, not everybody can have one, and not everybody should. Either make it really P2P (Scuttlebutt?) or don’t bother.

                                                                                                                      1. 2

                                                                                                                        I sadly agree, which is why logically I always end up recommend signal as ‘the best of a bad bunch’.

                                                                                                                        I like XMPP, but for true silo-avoidance you need you run your own server (or at least have someone run it under your domain, so you can move away). This sucks. It’s sort of the same with matrix.

                                                                                                                        The only way around this is real p2p as you say. So far I haven’t seen anything that I could recommend to former whatsapp users on this front however. I love scuttlebutt but I can’t see it as a good mobile solution.

                                                                                                                    3. 8

                                                                                                                      Signal really needs a “web.signal.com”; typing on phones suck, and the destop app is ugh. I can’t write my own app either so I’m stuck with two bad options.

                                                                                                                      This is actually a big reason I like Telegram: the web client is pretty good.

                                                                                                                      1. 3

                                                                                                                        I can’t write my own app either so I’m stuck with two bad options.

                                                                                                                        FWIW I’m involved with Whisperfish, the Signal client for Sailfish OS. There has been a constant worry about 3rd party clients, but it does seem like OWS has loosened its policy.

                                                                                                                        The current Whisperfish is written in Rust, with separate libraries for the protocol and service. OWS is also putting work into their own Rust library, which we may switch to.

                                                                                                                        Technically you can, and the risk should be quite minimal. At the end of the, as OWS doesn’t support these efforts, and if you don’t make a fool of them, availability and use increases their brand value.

                                                                                                                        Don’t want to know what happens if someone writes a horrible client and steps on their brand, so let’s be careful out there.

                                                                                                                        1. 2

                                                                                                                          Oh right; that’s good to know. I just searched for “Signal API” a while ago and nothing really obvious turned up so I assumed it’s either impossible or hard/hackish. To be honest I didn’t look very deeply at it, since I don’t really care all that much about Signal that much 😅 It’s just a single not-very-active chatgroup.

                                                                                                                          1. 1

                                                                                                                            Fair enough, sure. An API might sound too much like some raw web thing - it is based on HTTPS after all - but I don’t think all of it would be that simple ;)

                                                                                                                            The work gone into the libraries has not been trivial, so if you do ever find yourself caring, I hope it’ll be a happy surprise!

                                                                                                                        2. 2

                                                                                                                          The Telegram desktop client is even better than the web client.

                                                                                                                          1. 3

                                                                                                                            I don’t like desktop clients.

                                                                                                                            1. 4

                                                                                                                              Is there a specific reason why? The desktop version of Telegram is butter smooth and has the same capabilities as the phone version (I’m pretty sure they’re built from the same source as well).

                                                                                                                              1. 3

                                                                                                                                Security is the biggest reason for me. Every other week, you hear about a fiasco where a desktop client for some communication service had some sort of remote code execution vulnerability. But there can be other reasons as well, like them being sloppy with their .deb packages and messing up with my update manager etc. As a potential user, I see no benefit in installing a desktop client over a web client.

                                                                                                                                1. 4

                                                                                                                                  Security is the reason that you can’t easily have a web-based Signal client. Signal is end-to-end encrypted. In a web app, it’s impossible to isolate the keying material from whoever provides the service so it would be trivial for Signal to intercept all of your messages (even if they did the decryption client-side, they could push an update that uploads the plaintext after decryption).

                                                                                                                                  It also makes targeted attacks trivial: with the mobile and desktop apps, it’s possible to publish the hash that you get for the download and compare it against the versions other people run, so that you can see if you’re running a malicious version (I hope a future version of Signal will integrate that and use it to validate updates before it installs them by checking that other users in your network see the same series of updates). With a web app, you have no way of verifying that you’re running the same code that you were one page refresh ago, let alone the same code as someone else.

                                                                                                                                  1. 1

                                                                                                                                    A web based client has no advantages with regards to security. They are discrete topics. As a web developer, I would argue that a web based client has a significantly larger surface area for attacks.

                                                                                                                                    1. 1

                                                                                                                                      When I say security, I don’t mean the security of my communications over that particular application. That’s important too, but it’s nothing compared to my personal computer getting hacked, which means my entire digital life getting compromised. Now you could say a web site could also hijack my entire computer by exploiting weaknesses in the browser, which is definitely a possibility, but that’s not what we hear every other week. We hear stupid zoom or slack desktop client containing a critical remote code execution vulnerability that allows a completely unrelated third party complete access to your computer.

                                                                                                                                  2. 1

                                                                                                                                    I just don’t like opening a new window/application. Almost all of my work is done with one terminal window (in tmux, on workspace 1) and a browser (workspace 2). This works very well for me as I hate dealing with window management. Obviously I do open other applications for specific purposes (GIMP, Geeqie, etc) but I find having an extra window just to chat occasionally is annoying. Much easier to open a tab in my browser, send my message, and close it again.

                                                                                                                          2. 3

                                                                                                                            The same thing that’s happening now with whatsapp - users move.

                                                                                                                            1. 2

                                                                                                                              A fraction of users is moving, the technically literate ones. Everyone else stays where their contacts are, or which is often the case, installs another messenger and then uses n+1.

                                                                                                                              1. 2

                                                                                                                                A fraction of users is moving, the technically literate ones

                                                                                                                                I don’t think that’s what’s happening now. There have been a lot of mainstream press articles about WhatsApp. The technical users moved to Signal when Facebook bought WhatsApp, I’m now hearing non-technical folks ask what they should migrate to from WhatsApp. For example, one of our administrators recently asked about Signal because some of her family want to move their family chat there from WhatsApp.

                                                                                                                                1. 1

                                                                                                                                  Yeah these last two days I have been asked a few times about chat apps. I have also noticed my signal contacts list expand by quite a few contacts, and there are lots of friends/family who I would not have expected to make the switch in there. I asked one family member, a doctor, what brought her in and she said that her group of doctors on whatsapp became concerned after the recent announcements.

                                                                                                                                  I wish I could recommend xmpp/OMEMO, but it’s just not as easy to set up. You can use conversations.im, and it’s a great service, but if you are worried about silos you are back to square one if you use their domain. They make using a custom domain as friction-free as possible but it still involves DNS settings.

                                                                                                                                  I feel the same way about matrix etc. Most people won’t run their own instance, so you end up in a silo again.

                                                                                                                                  For the closest thing to whatsapp, I have to recommend Signal. It’s not perfect, but it’s good. I wish you didn’t have to use a phone number…

                                                                                                                            2. 2

                                                                                                                              What happens when someone buys Signal, the US government forces Signal to implement backdoors or Signal runs out of donation money?

                                                                                                                              Not supporting signal in any way, but how would your preferred solution actually mitigate those risks?

                                                                                                                              1. 1

                                                                                                                                Many different email providers all over the world and multiple clients based on the same standards.

                                                                                                                                1. 6

                                                                                                                                  Anyone who has written email software used at scale by the general public can tell you that you will spend a lot of time working around servers and clients which do all sorts of weird things. Sometimes with good reasons, often times with … not so good reasons. This sucks but there’s nothing I can change about that, so I’ll need to deal with it.

                                                                                                                                  Getting something basic working is pretty easy. Getting all emails handled correctly is much harder. Actually displaying all emails well even harder still. There’s tons of edge cases.

                                                                                                                                  The entire system is incredibly messy, and we’re actually a few steps up from 20 years ago when it was even worse.

                                                                                                                                  And we still haven’t solved the damn line wrapping problem 30 years after we identified it…

                                                                                                                                  Email both proves Postel’s law correct and wrong: it’s correct in the sense that it does work, it’s wrong because it takes far more time and effort than it really needs to.

                                                                                                                                  1. 2

                                                                                                                                    I hear you (spent a few years at an ESP). It’s still better than some siloed walled garden proprietary thing that looks pretty but could disappear for any reason in a moment. The worst of all worlds except all others.

                                                                                                                                    1. 2

                                                                                                                                      could disappear for any reason in a moment

                                                                                                                                      I’m not so worried about this; all of these services have been around for ages and I’m not seeing them disappear from one day to the next in the foreseeable future. And even if it does happen: okay, just move somewhere else. It’s not even that big of a deal.

                                                                                                                                      1. 1

                                                                                                                                        Especially with chat services. There’s not that much to lose. Your contacts are almost always backed up elsewhere. I guess people value their chat history more than I do, however.

                                                                                                                            3. 11

                                                                                                                              My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                                                                              I’ve recently started using it, and while it’s fine, I’m no fan. As @jlelse, it is another closed-off platform that you have to use, making me depend on someone else.

                                                                                                                              They seem to (as of writing) prioritize “security” over “user freedom”, which I don’t agree with. There’s the famous thread, where they reject the notion of distributing Signal over F-Droid (instead having their own special updater, in their Google-less APK). What also annoys me is that their desktop client is based on Electron, which would have been very hard for me to use before upgrading my desktop last year.

                                                                                                                              1. 6

                                                                                                                                My vote is for Signal. It has good clients for Android and iOS and it’s secure. It’s also simple enough that non-technical people can use it comfortably.

                                                                                                                                What I hate about signal is that it requires a mobile phone and an associated phone number. That makes it essentially useless - I loathe mobile phones - and very suspect to me. Why can’t the desktop client actually work?

                                                                                                                                1. 2

                                                                                                                                  I completely agree. At the beginning of 2020 I gave up my smartphone and haven’t looked back. I’ve got a great dumb phone for voice and SMS, and the occasional photo. But now I can’t use Signal as I don’t have a mobile device to sign in to. In a word where Windows, Mac OS, Linux, Android, and iOS all exist as widely used operating systems, Signal is untenable as it only as full featured clients for two of these operating systems.

                                                                                                                                  Signal isn’t perfect.

                                                                                                                                  This isn’t about being perfect, this is about being accessible to everyone. It doesn’t matter how popular it becomes, I can’t use it.

                                                                                                                                  1. 1

                                                                                                                                    They’ve been planning on fixing that for a while, I don’t know what the status is. The advantage of using mobile phone numbers is bootstrapping. My address book is already full of phone numbers for my contacts. When I installed Signal, it told me which of them are already using it. When other folks joined, I got a notification. While I agree that it’s not a great long-term strategy, it worked very well for both WhatsApp and Signal to quickly bootstrap a large connected userbase.

                                                                                                                                    In contrast, most folks XMPP addresses were not the same as their email addresses and I don’t have a lot of email addresses in my address book anyway because my mail clients are all good at autocompleting them from people who have sent me mail before, so I don’t bother adding them. As a result, my Signal contact list was instantly as big as my Jabber Roster became after about six months of trying to get folks to use Jabber. The only reason Jabber was useable at all for me initially was that it was easy to run an ICQ bridge so I could bring my ICQ contacts across.

                                                                                                                                    1. 1

                                                                                                                                      Support for using it without a phone number remains a work in progress. The introduction of PINs was a stepping stone towards that.

                                                                                                                                    2. 1

                                                                                                                                      What I hate about signal is that it requires a mobile phone and an associated phone number.

                                                                                                                                      On the bright side, Signal’s started to use UUIDs as well, so this may change. Some people may think it’s gonna be too late whenever it happens, if it does, but at least the protocols aren’t stagnant!

                                                                                                                                  1. 3

                                                                                                                                    quiterss

                                                                                                                                    1. 1

                                                                                                                                      I just switched to quiterss from newsboat, it’s great. Really impressed with how quickly it manages to reload feeds.

                                                                                                                                    1. 10

                                                                                                                                      Until March this year I was using an x200, partly because I’m a nerd and wanted to use libreboot and partly because it just kept working and working.

                                                                                                                                      Most old laptops are fine for day to day use if you stick an SSD in there and maybe upgrade the RAM, get a not-too-bloated linux distro.

                                                                                                                                      Now I have a T495, it’s fine. I miss the keyboard off the old one and it feels far less well built. I also miss the 4:3 screen.

                                                                                                                                      The biggest thing that keeps the x200 in the cupboard now is the screen brightness. It’s a small detail, but it’s so so dim compared to anything you get on later models. In the light it’s hard to use, and I have a bright living room. I even replaced the panel which improved things, but not enough.

                                                                                                                                      When I compare the two, the x200 at 100% brightness is about the same as the T495 at 10%.

                                                                                                                                      1. 2

                                                                                                                                        I don’t think the x200 has a 4:3 screen. The last 4:3 was the x61s.

                                                                                                                                        1. 1

                                                                                                                                          A lot of those laptops have a screen brightness setting buried in the BIOS, just in case you haven’t already seen it.

                                                                                                                                        1. 8

                                                                                                                                          I love your pricing page - those ‘our choice’ tags are such bullshit.

                                                                                                                                          1. 4

                                                                                                                                            What, like somehow $999,999.98 isn’t the best value for you?

                                                                                                                                            1. 2

                                                                                                                                              What happens if someone seriously wants the $999k plan?

                                                                                                                                              1. 17

                                                                                                                                                I write an “amazing journey” post detailing how the service is seriously definitely never getting shut down for at least three days and retire on a beach while you deal with the rotting service.

                                                                                                                                                1. 1

                                                                                                                                                  What startup is the phrase “amazing journey” in reference to?

                                                                                                                                                  1. 15

                                                                                                                                                    Many.

                                                                                                                                                    1. 4

                                                                                                                                                      Many! I think I’ve seen “incredible journey” used with that one email program you had to wait in line to get, one of the post-Flickr photo sites, Vine maybe?

                                                                                                                                                  2. 1

                                                                                                                                                    He throws a party… I mean… hires a lawyer and makes a Series-A announcement?