1. 10

    TL;DR: A perfectly fine ext4 commit exposed an issue elsewhere in the kernel. This resulted in problematic system behaviour and had to be reverted.

    The original commit avoids large numbers of small I/O requests. Less I/O resulted in less entropy being available for the getrandom() syscall. At least for some Arch Linux system, systemd was using getrandom() during boot, which waited for entropy, but there was no other I/O to fill the entropy pool again.

    The proper fix (for getrandom()) needs more discussion, so the ext4 commit needs to be delayed until then.

    edit: related: https://lobste.rs/s/okrclo/linux_getrandom_boot_hangs

    1. 5

      To be precise, systemd isn’t the issue. Systemd has a target which purposefully waits for the crng to be initialized, and that doesn’t block the boot; it just looks suspicious in logs, which is why it got blamed. The real issue was that gnome-session blocked on getrandom.

      See https://lore.kernel.org/linux-ext4/20190915065142.GA29681@gardel-login/ where Pottering explains why Linus was incorrect in blaming systemd-random-seed, and https://lore.kernel.org/linux-ext4/CAHk-=wjPDR6_crhmvaoXDo8q6Joz5rD02bZpd2x9rr-LazPxRA@mail.gmail.com/ where Linus acknowledges that systemd is blameless and that the issue is that something is blocking to generate a cookie for X.

      EDIT: Also, fwiw, at https://lore.kernel.org/linux-ext4/20190915084802.GB29771@gardel-login/, Lennart describes why systemd doesn’t default to telling the kernel to account for the randomness from systemd-random-seed, which is what your linked article is complaining about. I don’t know it you agree with his reasons, but it’s good to realize it’s not just a bug or something they didn’t know they should’ve done.

        1. 4

          That’s an impressive URL slug.

      1. 17

        Why do we allow the jokes and the comments and everything small to just ‘slide’?

        Instead we should fire everyone? He doesn’t seem to be defending Minsky so much as saying we can’t equate what he did to a worse crime because we don’t know the details of it. That seems reasonable to me.

        And what does this even have to do with “men in tech”? It’s one guy.

        1. 17

          Knee-jerk reactions and misguided moral outrage seems to be the internet’s #1 hobby these days. Fact checking, skepticism, and independent thinking be damned. (And it’s the reason the U.S. is a slave to the two-party political system.)

          I’m not a member of the RMS fan club but I’ve been following his writings and positions for a long time now. He’s as crazy as the sky is blue but one thing he is not is careless or immoral. He can pick apart a poorly reasoned argument with surgical, dispassionate precision and this really gets under the skin of those who would rather try to rely on raw emotion alone to further their cause, noble or not.

          1. 6

            (And it’s the reason the U.S. is a slave to the two-party political system.)

            No it’s not, the US has been a two-party country since its founding (when presumably there was more “[f]act checking, skepticism, and independent thinking” according to your analysis).

            The reason the US has a two-party system is because congressional seats and electoral college seats are awarded by a first-past-the-post electoral system.

            1. 2

              Knee-jerk reactions and misguided moral outrage seems to be the internet’s #1 hobby these days.

              This is what I say whenever I read anyone saying anything negative on the internet

              1. 1

                (And it’s the reason the U.S. is a slave to the two-party political system.)

                That should probably be blamed on the spoiler effect, which is present in most voting systems but is extremely bad in first-past-the-post.

              2. 7

                I don’t want to live in a world where we have to constantly debate “but can children consent to sex?”. It should be simply that if anyone, even joking, asks something like that, they automatically disqualify themselves as an idiot. This includes RMS here, he is an idiot.

                1. 6

                  This depends on your jurisdiction as to what a “child” is as far as consent goes, though. 17 isn’t considered a “child” as far as consent goes in many areas.

                  Regardless, Stallman’s job has literally nothing to do with this as far as I can tell, so he shouldn’t be losing his job over what many would consider a bad opinion.

                  1. 4

                    It’s not about what I think is a child, it’s that Stallman thinks that children can consent. Stallman isn’t thinking ‘mempko thinks children are 17 and I think therefore that children can consent because 17 is a lot like 18’. He is thinking ‘children, whatever age, can consent’.

                    1. 5

                      It’s not about what I think is a child, it’s that Stallman thinks that children can consent. Stallman isn’t thinking ‘mempko thinks children are 17 and I think therefore that children can consent because 17 is a lot like 18’. He is thinking ‘children, whatever age, can consent’.

                      Actually, no, that is not what he said about the issue. Please read his original message again.

                      He states that there are cases where a child can consent. For example a 17 year old and an 18 year old in a relationship, where the age of consent is 18. In practice, we mostly allow such relationships to exist just about everywhere in the world, but if you apply the rules radically, like an algorithm would do, then the 18 year old would be a pedophile by definition.

                      Stallman wrote his statements with the use of an existential quantifier as opposed to a for-all quantifier, and argues that whether or not there is consent, should be judged on a case-by-case basis.

                      I will admit that Stallman is a terrible writer for not realizing that these details will be glossed over and not picked up by many. However that does not change his fundamental message that we as humans, do not always fit within the clearly defined borders.

                      He has been searching and (deliberately) constructing edge-cases for his entire life, this is just another one. It’s too bad the blind masses can’t see this in a time where his message is more relevant than ever.

                      1. 4

                        No one knows what Stallman thinks but him. If you want to get outraged, feel free, but I don’t see the warrant for it.

                        1. 4

                          He literally spells it out on his own website and you are still in denial. Also supports necrophilia and bestiality as long as it’s consensual. Think of that next time you look into your dogs eyes.

                          1. 4

                            Let me preface this by saying that I really could not care less about Stallman as a person. I don’t know him, have no interest in meeting him, and certainly don’t hold him up as some sort of standard of being.

                            I have not read his website and I have no interest in doing so. I honestly don’t care about his opinions as they’re irrelevant to his (and my) job. I would like to see a citation for the necrophilia and bestiality because it sounds so absurd, though. All of this comes back to the fact that I really don’t care what he thinks and his opinions, bizarre as they may be, should not get him fired for his work in software.

                            1. 3

                              should not get him fired for his work in software.

                              This isn’t about his work in software (he’s a tenured professor) - this is about whether he’s the right leader for the FSF.

                              The head of the FSF has many responsibilities, none of which are to produce software.

                              1. 5

                                I fail to see what this has to do with the FSF either.

                                1. 6

                                  Richard Stallman is the president of the Free Software Foundation. He not only represents the foundation, but the free software movement as well.

                                  His behavior reflects on those two things.

                                  1. 4

                                    As far as I can tell, he hasn’t done anything. He is still free to voice his opinions, and he has been doing so forever. Everyone knows he’s a quirky (at best) character. The FSF is the foundation he started and remains president of. You are free to start your own foundation if you disagree with his personal opinions that have nothing to do with the FSF.

                                    1. 4

                                      He is still free to voice his opinions

                                      He is free to promote paedophilia, and hungariantoast is free to call for him to be censured for doing so.

                                      I’d ask you to examine why you have a problem with the latter but not the former.

                                      1. 4

                                        I don’t see him “promote paedophilia” anywhere and I have no problem with hungariantoast saying he disagrees. I do have a problem with people trying to get him ousted from his various positions over his opinions that are completely unrelated.

                                        1. 3

                                          Are those opinions “completely unrelated” to his job, though? At the surface-level, sure, his odd sexual libertarianism generally exists in a separate domain from software.

                                          But the FSF and MIT are communities made up of people with values. When someone like RMS espouses at-best-alienating views, that fundamentally drives wedges in these communities. When your organization has a political agenda, as does the FSF, people note value-level contradictions from leadership. When these people stick around, the community decomposes to those that either don’t know or agree/don’t care.

                                          Given the content of RMS’s recent emails (I used to be on csail-related, and his performances aren’t a new thing) - victim blaming, referring to Epstein’s victims as his “harem” - I’d guess that there are at least as many people in the community that are sick of his shit than think he should remain because his trolling is “completely unrelated” to software.

                                          1. 2

                                            But the FSF and MIT are communities made up of people with values. When someone like RMS espouses at-best-alienating views, that fundamentally drives wedges in these communities. When your organization has a political agenda, as does the FSF, people note value-level contradictions from leadership. When these people stick around, the community decomposes to those that either don’t know or agree/don’t care.

                                            Please read what I wrote above. Stallman’s views and the political agenda of the FSF do not necessarily have to contradict each other. In fact: The freedom to express your opinion against all censorship is one of their core principles. Deviating from it because of what Stallman says, would really be driving a wedge inside that community.

                                            In fact, I’m concerned much more by the fact it has become impossible to have a civilized discussion about these controversial topics anymore like sensible adults, without getting triggered and forming a rage-mob which goes after people’s jobs and/or blacklisting them…

                                            Which ironically is a message that Stallman has been sending for decades.

                                            1. 1

                                              The problem I see here is that almost everything “drives wedges” in a community. This can be related to a project (like a tabs vs spaces argument) or unrelated (like someone’s opinion on Crimea). Instead of discussion, the reaction is to demand resignation, send threats, try to shush people.

                                              I also don’t consider his statements as “trolling.” They’re his opinions. Just because you disagree with them doesn’t make them trolling.

                                              1. 1

                                                I hear you, but IMO you’re overgeneralizing and equating things that are fundamentally different; whether it’s an example or not, “tabs vs spaces” are nowhere near as fundamental to the functioning of a community as are views on sexual assault.

                                                And FWIW, we are literally part of a massive discussion right now which is continuing despite not being on the front page of the site. There was also a long discussion on csail-related. Many more discussions on all sorts of online and meatspace communities. Stallman resigned. I’m not aware of attempts to “shush” him. The thing about free speech is it comes along with accountability.

                                                Also, if I don’t respond it’s probably because I’ve quit this website lol.

                                                1. 0

                                                  The immediate response of firing people is the “shushing” – what he said is not an endorsement of sexual assault. His statement states he has been mischaracterized and I would 100% agree with that.

                                        2. 1

                                          He hasn’t done anything? Did you read the article? It’s pretty clear that Stallman, once again, said something outrageous, inappropriate, and insensitive.

                                          His shitty behavior reflects poorly on the FSF and that’s why him doing things like this is such an issue.

                                          There is a plethora of testimonies and evidence over the past few decades of Stallman’s shitty behavior. There is another plethora of testimonies and evidence showing that his behavior has alienated far more contributors from the FSF and free software than Stallman himself will ever be worth.

                                          Stallman is, especially today, a net negative for the Free Software Foundation, because he just won’t stop saying and doing stupid things.

                                          That is why he should be removed.


                                          Oh, and also, saying “You are free to start your own foundation if you disagree” is no better than saying “Oh yeah? Well just fork the project if you don’t like it.”

                                          At best, it’s a tone deaf, bottom feeding argument. At worst, it’s bad faith trolling.

                                          1. 0

                                            He started the foundation and has remained the head of it forever. You clearly have a problem with Stallman that goes well beyond this instance, so why do you support the FSF at all? If you see them as one and the same, then you shouldn’t support it. And if you don’t support it but want to support free software, the next logical step is to either find a different foundation or start your own.

                                            I’m not trolling. I’m keeping reason and objectiveness as paramount instead of emotion and knee-jerk reactions.

                                            1. 1

                                              You clearly have a problem with Stallman that goes well beyond this instance

                                              You’re right, I have a problem with Stallman not just because of this incident, but also the other incidents he has created over the past few decades. I have already acknowledged that I believed Stallman should resign from the FSF because of these problematic, recurring incidents.

                                              So yes, my opinion on Stallman and why I think/thought he should resign from the FSF goes beyond just this incident and is influenced by his past behavior as well.

                                              If you’re trying to insinuate that I have some other kind of motive behind wanting Stallman to resign, then please just say what other possible motives you think I could have.

                                              so why do you support the FSF at all? If you see them as one and the same, then you shouldn’t support it.

                                              I don’t see the FSF and Richard Stallman “as one and the same”. I never said that. I said that Stallman’s relationship, history, and influence over the FSF and the free software movement makes him a representative of both of those things. That doesn’t mean I think FSF == Stallman.

                                              And if you don’t support it but want to support free software, the next logical step is to either find a different foundation or start your own.

                                              Well, no, that doesn’t make any sense. First, like I just said, I don’t think Richard Stallman and the FSF are the same thing. I think the FSF is so much bigger, so much more important than Richard Stallman.

                                              Even if I didn’t think that though, even if I did think that the FSF and Stallman were the same thing, that still wouldn’t prevent me from understanding that they could be separated, for the better, by Stallman’s resignation and distancing from the foundation. Which is clearly a much more reasonable, actionable, and positive goal than “rolling my own” foundation from scratch.

                                              1. -1

                                                If you’re trying to insinuate that I have some other kind of motive behind wanting Stallman to resign, then please just say what other possible motives you think I could have.

                                                I am not insinuating anything. This whole thread has gone completely off the rails of the original post and has little to nothing to do with the incident that was brought up here. None of it matters, either, because he has resigned from both the FSF and whatever he was doing with MIT. Chalk up another one for mob justice.

                    1. 4

                      This article has a lot of good points, especially about dynamic certificate signing after seeing out-of-band authentication.

                      However, I disagree with calling TOFU (trust on first use) an anti-pattern. TOFU is completely fine if clients use a bit of caution. It’s worth mentioning that GnuPG seems to be transitioning towards a TOFU model from the current web-of-trust model. TOFU is not inherently insecure.

                      1. 7

                        It depends how stable the list of hosts is and how stable the route to connect to them is.

                        In a cloud setting where machines come and go, each ssh session might be a first use. IPs get re-allocated to different VMs over time so the known_hosts will have collisions. In that case TOFU becomes more or less useless.

                        Another issue is if you machine is always connecting using the same channel. Either because it’s on a fixed network, or because you are always using a VPN. In that case it becomes easier for an attacker to place himself as a MITM and not being detected.

                        1. 2

                          The only way TOFU works securely is if you manually validate (with your eyeballs) the key fingerprint for every single new host you encounter. Who does that? And if it’s a box you don’t manage, how do you even do that? Ask your buddy in the next cubicle if he has the same fingerprint? Maybe he’s been MITM’d too?

                          Even if you do validate the fingerprint of every host, that might scale for your homelab or toy k3s cluster on AWS but not much else. My ~/.ssh/known_hosts file at work is 9 years old and 1232 lines long. I can guarantee you that I did not (and still do not) have the time or inclination to verify all of those manually. I don’t have any evidence of it, and I generally trust the people I work with but it’s entirely technically possible that a bad actor somewhere in the company could have intercepted my SSH sessions.

                          Signing SSH host keys is relatively easy to set up and manage (compared to user key signing, which requires extra work of the users) and solves enough problems that it’s very much worth doing over TOFU.

                        1. 4

                          I’m on the tools team for a tech company with a lot of smart engineers. But not everyone who needs access to various hosts is an engineer. Many of them can barely generate an SSH key, asking them to be able to import a signed key into their client is a non-starter. And we have to support weird proprietary SSH clients for which bare SSH keys are a new and exotic thing.

                          The next best solution, for us anyway, is to have a centralized place where users can log in with their SSO credentials and manage their public keys and then have OpenSSH look up their public key(s) from there.

                          Signed host keys, however, solve a bunch of problems around automation on the tools side and are completely optional from the user’s perspective. We don’t have them yet but I really want to have them everywhere soon.

                          1. 1

                            oof why can’t devs use ssh-keygen?

                          1. 5

                            My experience with my own data is that almost all of it already has its own compressed file format optimised for the kind of data it is. E.g. JPEG for photos, MP4 for video, etc. Adding another layer of compression to that is not only a waste if time but often makes the dataset slightly bigger. Text, program binaries, and VM images could be compressed for archival storage but consider the fact that storage has gotten ridiculously cheap while your time has not. But if you really want to archive something just pick a format that’s been around for decades (gz, bzip2, xz) and call it a day.

                            1. 4

                              “consider the fact that storage has gotten ridiculously cheap while your time has not. “

                              This is true for middle class folks and up. Maybe working class folks without lots of bills. Anyone below them might be unable to afford extra storage or need to spend that money on necessities. The poverty rate in 2017 put that at 39.7 million Americans. Tricks like in the article might benefit them if they’re stretching out their existing storage assets.

                              1. 4

                                Consider that a 1TB hard drive costs $40 - $50. That’s $0.04 per gigabyte. Now say you value your time at $10 an hour. Even one minute spent archiving costs more than than a 1GB of extra space, and the space saved is unlikely to be that much. If you don’t have $40 - $50, then of course, you can’t buy more space. That doesn’t mean space isn’t cheaper than time. It’s just another example of how it’s expensive to be poor.

                                1. 1

                                  One other thing to add to the analysis is that one can burn DVD’s while doing other things. Each one only accounts for the time to put one in, click some buttons, take one out, label it, and store it. That’s under a minute. Just noting this in case anyone is guessing about how much work it is.

                                  The time vs space cost still supports your point, though. Anyone that can easily drop $40-100 on something is way better off.

                              2. 3

                                Adding another layer of compression, especially if it’s the same algorithm, often won’t shrink the file size that much. However, it does make it very convenient to zip up hundreds of files for old projects, freelance work, and have it as a single file to reason about.

                                I would not be so cavalier with the archive file format. For me, it is far more important to ensure reliability and surviveability of my data. Zipping up the files is just for convenience.

                                1. 4

                                  That’s why there is tar, which, by itself, doesn’t do any compression.

                                  1. 1

                                    I was thinking that tar suffers from the same file concatenation issue that affects other SOLID container formats. But it looks like cpio can be used to extract a tarball skipping any damaged sections.

                                  2. 1

                                    A benefit of zipping together files is that it makes transferring the zipped archive between machines/disks much easier and faster. Your computer will crawl at writing out a hundred small files, and one equally-sized file will be much faster.

                                1. 4

                                  Also worth remembering that Linux distributions with long term support like Debian, Ubuntu and RHEL will continue to support and patch Python 2 as needed for a number of years.

                                  1. 2

                                    True, it’s part of the current stable release of Debian. However, Python 2 is going away in Debian’s next release, “bullseye”.

                                  1. 9

                                    Does anyone else think this announcement is written using unusually simple English prose? It has a sort of Simple English Wikipedia vibe to it.

                                    1. 41

                                      Python has a massive user base, many for whom English is not their first language. Making this as clear and unambiguous as possible is good.

                                      1. 9

                                        That’s one reason I advocate for plain English in business (esp support/docs/training) and government (esp anything mandatory). It also helps the illiterate and people with bad memory that forget uncommon words.

                                        1. 11

                                          Applicable: Native English speakers are the world’s worst communicators

                                          often talk too fast for others to follow, and use jokes, slang and references specific to their own culture

                                          This can even be a problem among English speaker. I was meeting this fella from NYC a few weeks ago via couchsurfing, and told him via WhatsApp that I’d join him for the craic after getting back from the chipper. He had no idea what I was on about. English is tricky because there are so many variants, and once you get in to the habit of using a regional variant of it, it’s hard to get rid of that.

                                          1. 10

                                            Applicable: Native English speakers are the world’s worst communicators

                                            More accurate title: “Native English speakers are worse at communicating with ESL folk than ESL folk are at communicating with other ESL folk, in English.”

                                            Like c’mon it’s not like English is the only language with slang

                                            1. 1

                                              Did he ask if there was chance for a shift? (… in your diction?)

                                        2. 14

                                          What language would you expect? It’s specifically meant for all users, including those that “just use” Python 2.

                                          I think it is very clear (except the word “sunsetting”, which is worst of US marketing speak and is not understandable to many second language speakers).

                                          1. 3

                                            I believe you meant to write “sunsetting”. I do agree that “subsetting” is hard to understand 😉

                                            1. 8

                                              Correct. lobste.rs is pretty usable on mobile, but that also makes it vulnerable to autocorrect :D.

                                          2. 11

                                            They’re trying to communicate with people who are still using Python 2 in 2019.

                                            1. 2

                                              I bet there are a lot. The “tech industry” is lead by people following closely the upstream projects, but a long long tail of activities just getting stuff done imitating the others follow, and changing that will be long.

                                              There are also many code bases in production to convert. There is a tendency to not daring to touch to anything in production if it works, even though maintenance is required.

                                            2. 5

                                              A lot of people don’t have the necessary attention span time to be able to read long blog posts, announcements or messages. They refer to such messages as “it doesn’t tell about anything”, “meaningless” and “they don’t want to waste time”. I think by using simplest language possible, they’re trying to embrace the short-attention-span people so that they’ll be able to actually read and “digest” the message.

                                              I’ve used “they”, but I know I’m not separated from this issue myself. Many times when I’m stumbling over some article in English, I’m discouraged by the overly flowery language, which I often can’t easily understand (as I’m not a native speaker). So I perfectly understand why the Python note uses Simple English mode :)

                                              1. 4

                                                It’s not you, I had the same reaction. From the tone of the article my impression was that their target audience is four years old. I get that shrouding a simple message in complicated verbiage is a great way to alienate readers but going to far in the opposite direction makes it sound condescending which is possibly worse. But in this case I’m sure that was not the intent of the author, my assumption is that English is not the writer’s first language and they were trying to be very sure they didn’t make anything unclear or misleading. Sometimes my own writing turns into this after I’ve rewritten it 20 times.

                                                1. 6

                                                  To quote my mentor at Amazon: “Communication is impossible”.

                                                  Have you ever watched a really painful exchange between a non native English speaker and well meaning but frustrated people on a chat channel trying to help?

                                                  The non native English speaker asks a question in the best way they can, using imprecise wording and breaking every rule in the English language because, to non speakers, they make no sense :)

                                                  So yeah, this announcement is written in a way that optimizes for minimizing mis-understanding, and in this context I see that as the right choice, and if I’m reading you right, so do you :)

                                                2. 1

                                                  I’m guessing it’s because they wrote sentences starting with And and But a fair bit, which is potentially easy to read but makes all of the sentences seem really short. It’s a little strange, but much better than paragraph-length sentences.

                                                1. 2

                                                  Most of people there want additional tags to add them to blacklist.

                                                  And this is quite worrying - that’s not why tags should exist, they’re to indicate and sometimes promote the certain category of posts, but not to forward them to /dev/null - that’s more how Linux Netfilter works, by the way ;)

                                                  1. 3

                                                    I don’t want to blacklist email, to the contrary. I’d enjoy following exactly this tag instead of a plethora of different tags that don’t quite capture the topic, but are only tangentially related.

                                                    1. 3

                                                      Why do you think people should not be able to filter out topics they find uninteresting? I could quite do without anything tagged “culture,” for example, because I’m here entirely for the technical articles and discussion.

                                                      1. 2

                                                        that’s not why tags should exist

                                                        But Lobsters explicitly has blacklisting as a functionality, no? That would seem to indicate that it’s a valid use case.

                                                      1. 5

                                                        So you can in theory do this with a ESP32, but it’s going to be hard. OTOH, with PlatformIO you could do something simple, and there’s even an example HTTP server that someone already built. However, SD card reading is harder, and you’ll need to do something with an external module. http://www.esp32learning.com/code/esp32-and-microsd-card-example.php might get you started, but you’ll probably need to do some soldering. Good luck!

                                                        For something a bit easier, how about a Pi Zero W? Does that fit your price range? If so, it’ll basically just be a little Linux machine, which will be much simpler. Sparkfun have a good tutorial on it

                                                        1. 1

                                                          Thanks for the reply, palfrey. Didn’t expect a Pi Zero W to be that cheap. I might go with it!

                                                          1. 2

                                                            An ESP-32 board with SD card slot is about $6 shipped from China and then you can choose from a bunch of different ways to program it (C, C++, MicroPython, Lua, JS).

                                                            But yes it’s absolutely impossible to beat the RPi Zero for what you want to do. Put Raspbian on the SD card, apt install nginx and away you go.

                                                            1. 1

                                                              ESP boards are the cheapest wifi boards you can get, but i am not sure about the sdcard part. It has GPIO connector and sdcard libs, so I will assume it will work. And yes, MicroWebSrv works on ESP boards.

                                                          2. 1

                                                            TCP/IP in Arduino-ESP32 is rather hacky, with weird polling-based API, so maybe freertos-based ESP-IDF is worth considering (AFAIK it uses lwip as TCP/IP stack).

                                                          1. 2

                                                            As someone with something of a–let’s say focus–problem, I’ve tried various methods of GTD, todo lists, and personal organization and none of them have quite panned out but one thing that keeps me at least halfway productive on a day to day basis is a list that I call Done Today. When I finish a task, I write it down under Done Today and then look another thing to work on for the next hour or two. There’s something about that process that keeps me moving forward, especially on days where without it, I’m likely to just say, “eh, I’ve done some stuff now I’m going to waste time on Imgur.”

                                                            I originally started Done Today as a defensive measure… there was some churn in our department, changes in management, etc, and the work I was doing was critical to keeping things working but not very visible. (I work closely with developers who post code reviews but I write very little code and thus post few reviews.) I have a horrible memory and mediocre social skills so the conversation I feared most from my new boss started out, “So, bityard, tell me about what you’ve been working on lately…” If there was any question about my productivity, or what I was working on for a given day, I had everything documented.

                                                            Thankfully I haven’t had to use it in defense but when I got yet another manager, he wanted me to email him weekly status updates. No problem, I just copy and paste from my own notes that I keep anyway.

                                                            I tried plain text files first and that was a hassle. So far the thing I like best is RedNotebook, a simple diary app. I just open it up, type in my stuff, and close it at the end of the day. I really like the idea of the app linked to by the blog article but keeping important state open in a web browser makes me nervous. I have PTSD from losing data in browser crashes. If I were implementing this, I would rather keep a running list in an email client or some other small, local program and ship that off at the end of the day.

                                                            1. 13

                                                              From TFA:

                                                              First, large scale blocking of cookies undermine people’s privacy by encouraging opaque techniques such as fingerprinting.

                                                              I just want to point out that for everyone who thinks Firefox is the paragon of privacy, this is the same argument that Mozilla used when deciding to implement link-tracking in Firefox. To paraphrase it, “We know this is going to be used to track people’s movements on the web but it at least when done this way, it results in a better user experience while their rights are being violated.”

                                                              1. 17

                                                                Mozilla is no paragon, but when the credible browser vendors consist of

                                                                • Cartoonishly evil for-profit corporation no longer pretending to be benevolent
                                                                • Cartoonishly evil for-profit corporation that recently began pretending to be benevolent
                                                                • Imperfect non-profit

                                                                …the most reasonable choice is extremely clear.

                                                                1. 0

                                                                  Or you could use a Macintosh?

                                                                  1. 2
                                                                    • Cartoonishly evil for-profit corporation no longer pretending to be benevolent and also no longer making its web browser not suck
                                                                  2. -2

                                                                    Cartoonishly evil for-profit corporation pretending to be an imperfect non-profit?

                                                                    1. 2

                                                                      Which corporation are you thinking of here? The Mozilla Corporation is wholly owned by the Mozilla Foundation.

                                                                  3. 9

                                                                    I fully support Mozilla’s decision here. The options were:

                                                                    • do nothing about HTTP-based link tracking,
                                                                    • drop support for HTTP redirects (good luck with that!)
                                                                    • incentivize sites to replace tracking via HTTP redirects with a method that is more transparent, performant, and — for those who really want to — can be blocked without breaking the sites.
                                                                  1. 11

                                                                    Conspicuously absent is xfig, an easy-to-use vector image editor. I used it for a bunch of projects before Inkscape rolled into town. Looks to still be maintained today unlike most of the programs in this list.

                                                                    1. 2

                                                                      xfig also has one of the few implementations of x-splines (x means “cross” here, like “pedestrian xing”, unrelated to the X window system). I find x-splines very nice and intuitive.

                                                                      Here’s a little x-spline implementation I made:

                                                                      https://jordi.platinum.edu.pl/xsplines/splines.html

                                                                      1. 1

                                                                        It was easy to learn because at each step, it showed an explanation what would happen if you clicked the left, right, or middle button. It was a very simple affordance that few applications since have copied.

                                                                        I used it long after ‘better’ tools became available. It was ridiculously easy for making diagrams.

                                                                      1. 1

                                                                        Patch notes say “TLS 1.0-1.2”.

                                                                        Any particular reason for the omission of TLS-1.3?
                                                                        Also, I thought TLS-1.0 was considered pretty insecure[1] at this point?

                                                                        [1]: from: wikipedia TLS_1.0

                                                                        The PCI Council suggested that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018.[20][21] In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020.

                                                                        1. 2

                                                                          I don’t think Netflix is focusing on TLS 1.3 because it’s not widely implemented yet. And 1.0 is fallback for older devices. Netflix doesn’t really care so much of someone does a MITM of your movie.

                                                                          Edit: I’m sure there are smart TVs with the Netflix app that can’t go newer than TLS 1.0 and Netflix is contractually obligated to keep it functioning for now

                                                                          1. 2

                                                                            In which way do you think TLS 1.3 is not widely implemented? According to [1] it’s supported by all mainstream browsers in the latest version.

                                                                            Things have changed in this regard. For the majority of users these days it’s normal to have a browser that will update itself automatically on a regular basis. I’m pretty sure major sites already see >50% TLS 1.3 traffic.

                                                                            Consider this is a performance feature. Which means a) you don’t need 100%, if you support it for 80% you’re already doing pretty fine and b) it seems strange to want the performance of in-kernel TLS and skip the performance benefits of TLS 1.3.

                                                                            [1] https://caniuse.com/#feat=tls1-3

                                                                            1. 4

                                                                              You’re thinking browsers and I’m thinking devices:

                                                                              AppleTV/iOS - not yet

                                                                              Roku - not yet

                                                                              Etc

                                                                              And who watches Netflix in their browser? In all the years I’ve been a customer I don’t think I’ve ever watched in my browser :)

                                                                              1. 1

                                                                                I occasionally watch Netflix in Firefox on Linux. Not happy about the DRM aspect of it all, but…

                                                                            2. 1

                                                                              Ah right, forgot this is a Netflix thing. That makes sense that they would want to support TLS 1.0 for a while yet.
                                                                              Still seems weird to import a possible footgun (TLS-1.0) that will have to be maintained for 5 years (minimum release support guarantee under the new support model?).

                                                                              1. 2

                                                                                Still seems weird to import a possible footgun (TLS-1.0) that will have to be maintained for 5 years (minimum release support guarantee under the new support model?).

                                                                                Like linux, the key negotiation is still done in userland, it’s just the encryption of packets that is being moved to kernel space and closer to the network driver. I wouldn’t exactly call TLS 1.0 a footgun in that regard.

                                                                          1. 5

                                                                            Users are now able to save and (automatically) restore complete multi-display configurations, which is especially helpful for those who frequently connect their laptop to varying docking stations or setups.

                                                                            YES, FINALLY!

                                                                            1. 3

                                                                              Nice. I’ve been using Xubuntu as my daily driver for years now and my major gripe with it is the incredibly bad multi-head support. Which is a problem for me because I dock and undock my laptop many times a day. I have to be careful to undock the laptop before putting it to sleep because the session will freeze if it wakes up with fewer displays than it had while awake. To say nothing of the total lack of sanity in the window manager when displays are added and removed. I’ve tried a bunch of other desktop environments but XFCE gets everything else so right that it’s hard to switch away.

                                                                              Sounds like they’re making headway on that front finally. Can’t wait to try it out.

                                                                              1. 1

                                                                                I honestly don’t mind having to pull up ARandr and select “Work”, “Living Room”, etc manually when I plug into an external display. I also have been using the Xfce4 Panel Switch to go from work (panel on my second screen) and just the natural single panel.

                                                                                I’m fine with doing this but I can see it deterring a lot of other users. So I welcome this change!

                                                                                1. 2

                                                                                  Also, if you do mind, look into autorandr. It’s a minimalist, window-manager-agnostic tool to automatically set screen layouts when you connect or disconnect displays.

                                                                                  1. 1

                                                                                    Will it set the display to my left when I’m at work and then to the right when I’m in the living room? I haven’t actually ever looked into doing anything like this automatically.

                                                                                    1. 2

                                                                                      I believe it recognizes the specific monitors you have it hooked up to, so yes. I’ve actually only used it at work where the possible settings are “laptop” and “docked”, though, so I can’t say for sure from experience.

                                                                              1. 18

                                                                                In this case, isn’t it better to reply to the comment, explaining why you think it’s misunderstood?

                                                                                1. 7

                                                                                  This seems right to me. If you want to convey something specific to the person you’re downvoting, then reply to them. The categories, as I understand it, exist to curb reflexive downvoting.

                                                                                  1. 7

                                                                                    There are plenty of times I downvote without leaving a comment. Either because I’ve tried leaving a comment before and they were hostile/unreceptive, or because others have tried leaving a comment and failed to make any noticeable impression. It’s much easier to just downvote and move on than it is to engage in a hopeless battle to change someone’s behavior.

                                                                                    1. 7

                                                                                      Regrettably, downvoting without explanation provides very weak signal and as a community norm is toxic.

                                                                                      1. 17

                                                                                        There’s a lot more that’s toxic about this place than downvotes. Other than certain members who continue to be inflammatory (which is not a synonym for “expressing opinions I disagree with,” as so many like to believe), for example, I think a legitimate argument could be made that upvotes are more toxic than downvotes. We continually have short, low-efffort, low-content comments upvoted, usually because they are “clever” or are a “zinger.” The upvotes, at minimum, encourage this type of behavior. If I want that shit, I’ll go to r/programming.

                                                                                        Either way, one can’t be expected to do battle with folks whose comments are so predictably tired and inflammatory, that I can often say, “oh there’s one comment, and given the title of the post, I can bet that so-and-so said something like such-and-such.” There’s just no point. And then you have other members that just repeatedly grind the same ol’ political axe any chance they get. Nobody has the energy to respond to all of these comments. And even when you do, you’ll invariably be accused of tone policing (or similar) and “shutting down alternative opinions.” So then you have to deal with those folks too.

                                                                                        So, from my perspective, we have a culture we’ve established here of very light moderation, and a very high tolerance for asinine/unconstructive behavior. Every time I come here, I more and more think about just deleting my account and leaving. I don’t see any of this changing, and my guess is that it’s only going to get worse as the number of members increase.

                                                                                        1. 14

                                                                                          The downvote category I have wished for much more often than the proposed one is “Rude”. Replying to an inflammatory or ad hominem comment often just makes the commenter escalate, and best-case it derails the discussion. “Troll” isn’t right because the commenter isn’t deliberately trolling (at least I’d like to think things aren’t that bad). If someone is being blatantly uncivil I’d like to be able to downvote that behavior, regardless of content.

                                                                                          1. 2

                                                                                            I could go for a category like that. Anything along the lines of: mean, disrespectful, uncharitable.

                                                                                          2. 8

                                                                                            I often get a lot of ‘troll’ down votes mixed with lots of up votes. I don’t think I am a troll, so don’t really know what to do when that happens and nobody says anything. It is just an anonymous ‘fuck you’ from someone out there for some reason I don’t understand.

                                                                                            One thing I found is If you want to make long form comments and have people see it, you are better off making a submission or blog post than trying to convince a single person of anything via comments.

                                                                                            anyway, if it was me who annoyed you, sorry about that, its not something I’m doing on purpose.

                                                                                            1. 6

                                                                                              I hear you. I don’t have an answer - if I did, I’d be doing it.

                                                                                              I definitely agree that there’s a trap where short jokes rise to the top. I think upvotes do have some value in letting people feel good for saying something that was received well, but it’s an open question whether the benefits outweigh the costs.

                                                                                              I don’t have any special insight to offer on the other issues you mentioned, other than to say that for a place to be a community requires members to be committed to positive engagement. It isn’t easy.

                                                                                              1. 4

                                                                                                Yeah, indeed, it is quite hard. IMO, probably the only path is to 1) convince existing moderators or new moderators to devote more time to policing this place and 2) shift the culture of the community to welcome stricter moderation of content. That’s… hard for any number of reasons!

                                                                                              2. 5

                                                                                                We continually have short, low-efffort, low-content comments upvoted, usually because they are “clever” or are a “zinger.” The upvotes, at minimum, encourage this type of behavior.

                                                                                                How often does this happen, though? Anecdotally, I only ever see the low-effort comments once in a while - usually on the more popular posts that have been simmering on the front page for more than a day. And usually those replies aren’t ever top-level, usually a reply to something else. In my experience, the vast majority of posts on this site feel thoughtful and sincere. When the “clever” posts happen, I’m actually relieved and reminded, “oh yeah, lobste.rs folks do have a sense of humor”, even if it wasn’t all that clever or funny.

                                                                                                Either way, one can’t be expected to do battle with folks whose comments are so predictably tired and inflammatory, that I can often say, “oh there’s one comment, and given the title of the post, I can bet that so-and-so said something like such-and-such.”

                                                                                                This is something I endorse. I will often see people attacking other peoples’ opinions directly on this website. I’m sure that a certain subset of folks here toe the line between “strong opinion” and “inflammatory”, and they know they’re toeing the line, but they haven’t done anything technically against the rules - but after reading their comments, there’s a bad taste left in your mouth. They may use harsh language directed at the person they’re replying to, or deliberately insult a piece of what they’re saying in a curt manner, or being just plain rude. Perhaps a “arguing in bad faith” or “rude” downvote option might help, but then again, we already have a “troll” downvote option - so that may just be what we want to use in those situations.

                                                                                                I suppose I don’t really browse the site as often as other people here, so my experience may not be in line with yours. Thoughts?

                                                                                                (postscript: I’m always worried I’m going to misunderstand someone’s argument and then have a whole thing where it feels like I’m arguing in bad faith when in reality, I’m being confident about the entirely wrong thing because my reading comprehension sucks. When faced with “post opinion” or “delete and avoid possible misunderstanding” I will more often than not choose the latter to avoid uncomfortable confrontation.)

                                                                                                1. 7

                                                                                                  I personally feel like I see those low effort zingers a lot. The linked thread from this meta thread has them, for example. On the one hand, I think humor is good, but on the other, a lot of it that I see here do it at the expense of others. I see a lot of comments in the style of n-gate.com, which I personally think is just a complete and total pile of garbage, although it’s perhaps less on-the-nose in comments here at lobste.rs.

                                                                                                  But, everyone is likely to have their own standards for what kind of conversations they want to see here. I’d prefer to keep high standards. We already have places on the Internet where the n-gate style of humor is encouraged and accepted. In contrast, we have precious few places where we can expect continued high quality discussion. Lobste.rs is decent in the grand scheme of things; I’m likely a harsh critic because I sense the potential to be something better.

                                                                                                2. 1

                                                                                                  I think a legitimate argument could be made that upvotes are more toxic than downvotes.

                                                                                                  (my emphasis)

                                                                                                  Why? A comment with a large number of upvotes is not promoted in any way apart from the small number inside the arrows. There’s no sorting algorithm like on Reddit that promotes this.

                                                                                                  If you believe that people are changing their commenting style for karma points, thus degrading the site for everyone else, you may have a point. But “toxic” is a very strong word.

                                                                                                  1. 4

                                                                                                    I don’t really want to get lost in definitions of words. I used toxic because friendlysock did. If you want to choose a different word for describing both situations that is less strong, then sure, go right ahead. Also, saying it’s about karma kind of undervalues it. Most of us are human, and it’s not unlikely that we get a dopamine hit when we say something that is popularly validated.

                                                                                                    1. 2

                                                                                                      There’s a big difference between a forum which is genuinely toxic - where newcomers are looked down upon and insulted, where snark reigns supreme, and trolls run unchecked - and a forum that might tend towards silliness and unseriousness but doesn’t literally make people anxious to visit.

                                                                                                      I’m fine with zingers and one-liners being downvoted - “me-too” and “off-topic” work for this - if the community feels they have no place here. I don’t see it at this moment in time as a big deal though.

                                                                                                3. 2

                                                                                                  What if a comment couldn’t be downvoted unless it has at least one reply? Or a given person is not allowed to downvote unless they have left a reply?

                                                                                                  1. 3

                                                                                                    That would just play into the hands of literal trolls. A downvote is all the response a troll comment deserves.

                                                                                                4. 3

                                                                                                  I’ve done this too. My comment above was solely in the case where it seems as if a commenter has specifically misunderstood a post or a comment. In that case, I believe it’s more constructive to reply and ask for clarification, instead of leaving a hypothetical “misunderstood” downvote.

                                                                                                  1. 3

                                                                                                    I’d prefer that the default behavior was moving on with no action.

                                                                                                    1. 2

                                                                                                      Oh I don’t mean to suggest anyone has a responsibility to reply whenever they downvote. I think I’ve done the same thing. I only mean to say that if you do want to communicate something specific, they say it.

                                                                                                      1. 1

                                                                                                        Aye yeah, that makes sense!

                                                                                                  2. 4

                                                                                                    I’m of the opinion that the reply should be in addition to the downvote, to keep the discussion on track. Otherwise the comment will have the same moderation value as other comments, increasing its exposure and causing more confusion.

                                                                                                    1. 3

                                                                                                      I would echo this, misunderstandings happen, it doesn’t necessarily warrant a downvote. If you feel like clearing it up, that keeps the conversation going in what is hopefully a constructive way. If you don’t feel like clearing it up, that is also fine.

                                                                                                      And perhaps I am misunderstanding here, but a downvote says you were wrong to misunderstand and I may or may not clear up the misunderstanding.

                                                                                                    1. 3

                                                                                                      Pardon my naivety but isn’t this a case of your load balancer not… balancing load?

                                                                                                      What is the load balancer actually for, then?

                                                                                                      How do other load balancers successfully handle stateful protocols like SSH?

                                                                                                      1. 3

                                                                                                        Who load balances SSH?

                                                                                                        1. 1

                                                                                                          What is the load balancer actually for, then?

                                                                                                          For giving you a chance to use your resources, and justifying your on call team.

                                                                                                        1. 5

                                                                                                          It’s a wonderfully small editor which I use as my scratchpad and to keep a notes.txt open with a low memory footprint. (My only editor without vim keybindings, and I don’t like gvim either).

                                                                                                          1. 2

                                                                                                            I do the same thing, although I usually just use whatever text editor comes with the desktop environment I happen to have installed at the moment. This is a nice little editor, surprised I haven’t come across it before.

                                                                                                            1. 4

                                                                                                              I’ve also been looking at it for a while, but what surprises me is that it doesn’t seem to be distributed in many package managers, otherwise I might be using it more.

                                                                                                          1. 5

                                                                                                            Note that finding a camera on the network is not a guarantee you’re being spied on. Could just be a security cam.

                                                                                                            1. 5

                                                                                                              I’m pretty sure most renters who put up cameras do it for security purposes, not to capture n00ds. But from the perspective of the person being filmed, it’s moot. The invasion of privacy is the same.

                                                                                                              1. 2

                                                                                                                What if the camera is on the outside of the house? Or in the shared hallway? Or some other public(ish) location?

                                                                                                                1. 3

                                                                                                                  At least here in Sweden, such an arrangement requires clear signage.

                                                                                                                  I mean, I’d be “ok” if the rental agreement stated that the premises were under 24hr video surveillance by the owners. I’d not rent the property but at least it would be up front.

                                                                                                                  1. 1

                                                                                                                    Then, they can show you that if you ask about it. If they don’t, then they might be up to something.

                                                                                                                  2. 1

                                                                                                                    The invasion of privacy is the same.

                                                                                                                    It’s only an invasion of privacy if you didn’t agree to it or didn’t know about it, and/or there was some expectation of privacy to begin with. Security cameras are generally not hidden and generally monitor public space, and usually there is no expectation of privacy in a public space.

                                                                                                                    1. 2

                                                                                                                      The point of the linked article is to detect and find surveillance devices that are not visible.

                                                                                                                      “Public space” is a bit mutable in a rented area, but I’d consider the bathroom and bedroom to be private, even if they’re rented. Yes, a renter might say they want to keep those spaces under surveillance to detect and prove breaches of the contract, but unless this is explicitly agreed upon beforehand it would be considered an invasion of privacy to have such devices installed.

                                                                                                                      And again, good luck renting out your AirBnB with the provision that you have cameras in the bedrooms and bathrooms.

                                                                                                                1. 1

                                                                                                                  Literally just forward all of your Gmail email to your new account. You’ll miss nothing, never have to log into Gmail and still have the benefit of their excellent spam filtering. Migrate your other accounts to your new address at your leisure. And then you’re done

                                                                                                                  1. 4

                                                                                                                    The problem with this is it still allows google to scan/mine every email you receive.

                                                                                                                  1. 4

                                                                                                                    Neat project and an interesting way to go about it. This is definitely something you learn from.

                                                                                                                    For my home router, the simplest and most flexible solution was an APU2 router board. Cheap as chips and it’s x86, so that means literally any OS will run on it, although Windows probably wouldn’t be a good idea due to lack of video output.

                                                                                                                    1. 1

                                                                                                                      I really wish they’d release a new board with a faster CPU. I want something that can do traffic shaping and support some tunnels at a full 1Gbps, while remaining relatively low power and purpose-built. I’m skeptical the APU2 can manage that.