1. 2

    The current data points used for generating fingerprints are: user agent, screen print, color depth, current resolution, available resolution, device XDPI, device YDPI, plugin list, font list, local storage, session storage, timezone, language, system language, cookies, canvas print

    Curious if a browser plugin that randomizes or obfuscates these exists.

    1. 5

      The tor browser (which is a set of firefox configurations + extensions) blocked this successfully for me.

      1. 5

        The Tor browser does the best possible thing: it gives everyone the same UA, resolution, etc. And more importantly, it picks the most common values that are observed on the web for those. Every Tor browser user looks like the most statistically average web user in the world.

      2. 5

        Firefox has privacy.resistFingerprinting, which I’ve used reasonably successfully. Sometimes it breaks sites that display time e.g. Gmail other times it breaks in bigger ways e.g. when writing to a <canvas> element. So it’s not uncommon for me to need to temporarily disable it for a one-off basis.

        1. 3

          I’m running Firefox from the Debian repos with essentially all the privacy settings enabled as well as a bunch of extensions for fingerprint blocking, tracker blocking etc and it seems to have stopped this site from doing its tricks :)

          1. 1

            Brave has something builtin AFAIK

            1. 2

              I temporarily installed brave just to test this, then removed it because I find other things about it worrisome. But it did successfully block this specific site from identifying me. Vanilla firefox did not block it. tor browser successfully blocked it. So did vivaldi.

              1. 1

                What were worrisome parts? May be I can evaluate too.

                1. 5

                  They have, in the past, decided it was OK to inject content into websites for their own financial gain. Here’s an example. This is related. Their administration of the “Brave Rewards” program (stripping ads from sites, showing their own stuff, and holding payments until the sites step up and ask for them) is also a little disturbing if less likely to be privacy-violating.

                  In short, if I want an alternate blink-based thing, I think Vivaldi is less likely to have a profit motive where they benefit from compromising my interests. And If I want something really privacy focused, I don’t think a blink thing is likely the smart play anyway. So there’s no upside to make me want to keep Brave around given what they’ve shown me.

          1. 4

            I would go further and add that the essentialist view of categories underlying questions like “is X part of category A or B?” is not a useful model. Categories are better thought of as something acted out between a person or community and a thing rather than as a property of a thing. Different people or communities (or the same person or community in different contexts) may (and probably should) categorize a thing differently – this is expected and appropriate.

            1. 4

              See also, The Categories Were Made For Man, and the post it’s based on, How An Algorithm Feels From Inside.

              tl;dr We mentally use (semi-)binary classifiers to decide group membership, and that means we vacuously believe there’s “a state of a thing being a member of a group” that’s independent from all the individual factors playing into the question. This drives approximately every categorization debate ever.

              1. 1

                They both look super interesting, thanks for the links! :)

            1. 1

              Oh man this was so much fun

              1. 18

                It’s down to licensing.

                If specifications are open and there’s no restriction (e.g. patent licensing) so that everybody can freely design, make and sell specification-compliant modules (including the container/shell itself), welcome.

                Otherwise, good riddance.

                I am not optimistic, as I couldn’t easily find the information on licensing in the website.

                1. 9

                  The ars writeup of this makes promising sounds like

                  The company also pledges to open up its hardware ecosystem to third parties, which will be able to design, build, and sell compatible modules via a Framework Marketplace.

                  But as you point out, there’s no information on licensing, etc. in that handwaving. I’m optimistic that it’s at least on their radar as something they think is good for them. That said, I’ll be waiting to see what evolves once things are shipping before I get excited.

                  I do hope a system with field repairability by its owner becomes available. Because the ones I liked (Thinkpads) are going away from that lately.

                  1. 8

                    FWIW they did say on Twitter:

                    We’ll be publishing specifications and reference designs for the Expansion Card system under open licenses, and releasing documentation around the internal interfaces. Our focus is on building a hardware ecosystem around the Framework Laptop.

                    1. 5

                      Without this there’s a solid chance that new parts will cost more than a new laptop, which in the real world will kill the idea off.

                      1. 4

                        Good point about licensing. This needs to be open. It would be cool to see something like this but similar to Pine64 openness

                        1. 1

                          I’m pretty optimistic about this. It sounds like they paid enough attention to everything that techies were talking about. I think they’ll come up with reasonable licensing as well… at least in the beginning. I don’t think they’ll do a worse job than Apple regarding hardware lockdown.

                        1. 10

                          I’m always happy to see Racket going forward. It’s the best language (I know of) for learning about languages, especially with How to Design Programs. I write Clojure at $dayjob but find Racket more enjoyable and cleaner as a Lisp.

                          AFAICT Racket is a reasonable choice for real-world applications, but it’s not very commonly used. Common Lisp is more common (no pun intended) though still rare. (Anyone else hate how no pun intended is always a lie?)

                          1. 14

                            Oh, I’m cons-tantly making lisp puns.

                            1. 6

                              ☝️ Yes, officer, this is the criminal right here.

                              1. 4

                                Perhaps you meant to say: “Yes, cons-table…”

                                1. 3

                                  criminal? cdo?

                                  explain!

                            1. 18

                              People who stress over code style, linting rules, or other minutia are insane weirdos

                              Having an automatic clang-format filter on git check-in solves so many of these pointless arguments.

                              1. 20

                                Oh, the insane weirdos will find things to bicker about even if you pass every linter rule there is.

                                I wish I were kidding but you’ll find, for example, that if you do something like this:

                                buffer.append("\r\n");
                                buffer_len += 2;
                                

                                in a single place, as part of a completely non-essential function in a 2,000-line program, they’ll complain about the magic number on the second line. Rewrite it like this:

                                buffer.append("\r\n");
                                buffer_len += len("\r\n");
                                

                                yep, you’ve got it, they’ll complain about the magic string on both lines, plus what happens if someone changes the first one and forgets to update the second one (“yes I know the spec says lines are always terminated with \r\n but it’s not good programming practice!”)

                                No problem, you say – ironically, they’re kindda right this time, so okay:

                                buffer.append(CR_LF);
                                buffer_len += len(CR_LF);
                                

                                …but the meaning of CR_LF is very opaque, it doesn’t emphasize that this is meant as a line terminator and it may not be obvious to people who come from a Unix background, rather than Windows (oh yeah, totally, I always wondered what those weird ^M signs were in my files, yeah, it’s not obvious at all). Perhaps we should call it CR_LF_TERMINATE_LINE instead?

                                Sure,

                                buffer.append(CR_LF_TERMINATE_LINE);
                                buffer._len += len(CR_LF_TERMINATE_LINE);
                                

                                Okay, you say to yourself, clearly this is the end of the line? Nope, they’ll get back to you with something like:

                                “I think it’s okay in terms of variable names but the code as it is right now is inelegant to the point where it’s unmaintainable. It’s bad programming practice to repeat yourself (links to DRY entry on Wikipedia) – you should refactor this into a single, general function that appends a user-defined sequence to the original buffer and modifies its length accordingly.”

                                When you do that, the problem, of course, will be that the function is too general now, and you’ll really want is to add a separate, buffer_terminate_line function that calls the more general “append” function with "\r\n". Of course, you’ll now have two functions, both called from just one place: one is called by the other function, the other one is called in your code above. You got a longer, probably buggier program, but it’s so much more readable now. Assuming you named the functions correctly, that is ;-).

                                The example above is fictional for obvious reasons but I ran into it regularly throughout my career.

                                It’s a little better now that I’m a contractor – I no longer fuss about these things and will happily bill companies that don’t keep their “well ackshually” developers in check, unless they want something that’s literally wrong.

                                Edit: some of the comments around here are… like, so blissful, like y’all think these are just things that you read about on The Daily WTF but surely nobody encounters this all the time, right? You have no idea how lucky you are and I have no nice words to say to you, your happiness fills me with dread and the fact that there are programmers who don’t experience these things on a weekly basis is so foreign to me I just hate you all right now and I’m going to go to bed and hate you all while I’m waiting to fall sleep! Did I say how much I hate you, lobste.rs? Ugh!

                                Okay, no, seriously, these things are just so common that, with every year that passes, I find myself spending more and more time wondering why I still put up with it instead of, I dunno, anything?

                                1. 4
                                  buffer.append("\r\n");
                                  buffer_len += 2;
                                  

                                  Dumb question but, ah, is there some reason why buffer_len isn’t a field on buffer which is updated for you by the .append() call? ;)

                                  weirdos will find things to bicker about even if you pass every linter rule there is

                                  The inverse of this is finding weird people who go to elaborate lengths to defeat a linter a rule that is pointing out a genuine bug in software, rather than just fixing it.

                                  (This is not an accusation towards you, just that sentence reminded me of it.)

                                  1. 7

                                    Dumb question but, ah, is there some reason why buffer_len isn’t a field on buffer which is updated for you by the .append() call? ;)

                                    The fictional code example above is written in a fictional language that doesn’t allow integer fields for objects called “buffer” :-P

                                    The inverse of this is finding weird people who go to elaborate lengths to defeat a linter a rule that is pointing out a genuine bug in software, rather than just fixing it.

                                    Oooh, I have a collection of stories about this one, too :(. Way back when I was working for $megacorp, I was more or less the chief intern herder in the worst internship program you’ve ever seen. They’d hire a bunch of interns over the summer and the only plan about what to have them do was “something easy because we don’t have anyone to supervise them”. I was in one of the few teams that wasn’t ran by morons and I had some idle cycles to spare once in a while, so I’d try to help the poor souls who ended up there over the summer.

                                    One of the things they regularly ended up doing was run Coverity scans, fix the trivial bugs and report the more complex ones (super easy to quantify, right?). This would roughly go as follows:

                                    1. Ian Intern would report a bug to Grumpy Senior

                                    2. Grumpy Senior would close it without even looking at it because he had no idea who Ian Intern was, probably an intern

                                    3. I’d reopen the bug, ask them to at least confirm it before closing it.

                                    4. Grumpy Senior would close the bug immediately saying there’s nothing to confirm, it’s just a linter warning

                                    5. Ian Intern would reopen the bug with a crash dump

                                    6. Grumpy Senior would close the bug as unreproducible, Ian Intern probably did something wrong

                                    7. I’d reopen the bug because it’s a fuckin’ crash and we can’t tell our users they’re holding it wrong (this is usually where I started bringing out the tiny guns, i.e. Cc-ing managers in bug reports).

                                    8. Grumpy Senior would reluctantly look at it but it’s definitely not that, that’s just a linter warning.

                                    Now comes the beautiful part:

                                    1. Three days later, Grumpy Senior would push a bullshit fix and close the bug.

                                    2. That same day, they’d push the actual fix, with a commit message saying “Misc. style and Coverity warnings fixes”

                                    And so on – multiplied by about 40 Grumpy Seniors all over the organisation, and about six months’ worth of bad code because Coverity fixes took a lot of work so they only ran the scan once every six months :-D.

                                    1. 1

                                      The fictional code example above is…

                                      Heh. ♥️

                                      the worst internship program

                                      Oh the poor little darlings. The way the org behaved to them sounds toxic. Good on you for trying to improve it. (But alas maybe Sisyphean.)

                                      1. 2

                                        Sisyphus the game (for the Atari 2600 no less!).

                                2. 7

                                  found the weirdo! (I’m only poking fun at you)

                                  I have 100% grown to appreciate “deciding once” with automatic formatters, and resisting urges to “re-decide” as much as possible. I have ALSO realized that it can be a HUGE pain to “decide once” after you’ve already scaled to many teams + lots of code. You want to do that up front, early-on, and stick with it.

                                  1. 4

                                    :)

                                    The big advantage of having settled on a particular clang-format is that it’s not someone else’s choices that annoy, but just the arbitrary decisions of the formatter & that seems to defang the drive to nit-pick over formatting choices.

                                    I agree that it’s a huge pain to enforce a format late into a project though.

                                    1. 3

                                      My biggest gripe with many automatic formatting tools is that they pointlessly frob with line endings: clang-format will enthusiastically add or remove them by default, leading to code that I can describe as nothing short of butt-ugly by any standard. Luckily you can disable this with ColumnLimit: 0, but it’s a horrible default that too many projects use IMO. Splitting a 81-column sting over two lines is silly, and forcibly put all the arguments for XCreateWindow() on 1 or 2 lines “just because there is space” is even worse.

                                      1. 2

                                        Personally, I find working with a column limit set to around 120 nice and comfy, so I set clang-format to that & if it occasionally does something a bit odd I decide not to care about it. I save more time by never having to hand format code than I do obsessing over the odd corner case where it doesn’t make the “perfect” aesthetic choice.

                                        1. 1

                                          yep, or messing with vertically aligned code

                                        2. 2

                                          It’s not even that, I think. Not that the automation makes it so you’re not mad about the choices, but rather that you’re not forced for manually reformat a fuckload of code to please some arbitrary whinging program as the final step of every change.

                                          1. 6

                                            I often just write stuff like if x==y{return 42} now and just let gofmt deal with all of that. A small but measurable productivity boost.

                                            1. 1

                                              Exactly. Code formatters let you get on with with the actual job of writing code.

                                              I setup emacs to invoke the formatter on every enter, or with a key-binding when I want to invoke it directly. Why waste time inserting spaces / carriage returns when the formatter does a perfectly good job?

                                      2. 1

                                        Tried that in the last place I worked and people just started complaining about the formatter configuration ahaha

                                        1. 1

                                          That probably depends on the team. We have a clang-format style that isn’t my preferred style but it’s consistent and I’d much rather use a consistent style that is not quite my ideal than argue about style. Because everything is consistently formatted, if I cared enough, I could apply a different style, modify the code, and then format it back. I actually supervised a student building a tool designed for exactly that workflow (which he presented at EuroLLVM some years back; CELS: Code Editing in Local Style). I wish GitHub would integrate something like that into their code view. Don’t like the style of the project? Render it in a different style in code reviews and when you browse their code.

                                          1. 1

                                            I’m kind of okay with that in theory as long as the result is (possibly rejected) patches to the repo containing the formatter config.

                                            It might be helpful if the formatter config looks scary so people are hesitant to frob it unnecessarily.

                                        1. 2

                                          If anyone else finds themselves looking for a decent calculator program - I recommend giving frink a try.

                                          It’s a units-aware calculator - that is, if you multiply 3 meters / 5 seconds you get 15 meters per second.

                                          In my experience using it, this wipes out a substantial class of bugs - if the final result is not in the expected units (whether that be US dollars or kg/m^2), you know you’ve made an error.

                                          1. 1

                                            Frink looks awesome, definitely going to give it a spin :)

                                          1. 3

                                            In my view, the reason to learn “fancy” stuff like Haskell, Prolog, Idris, what have you is not to use them in production, it’s for the exposure to a new approach to system design. I think it can be very easy to get caught in a local minimum if all you focus on is pure pragmatism and getting the job done; building something in an entirely novel and perhaps quite bizarre way can be a good way to explore the landscape. Of course, there is a time and a place for all that – if you are building some safety-critical system that might kill someone or cost millions if it goes wrong then of course you stick to the tried and tested solutions, but only ever doing that I think is losing out in the long term.

                                            1. 2

                                              One thing sorely missing from Nest in order to bootstrap is the ability to download a tarball/zipfile/etc.

                                              I see a nix file, so eager to try it out but I cannot get anu without having anu…

                                              1. 3

                                                Here you go:

                                                $ curl https://static.crates.io/crates/anu/anu-1.0.0-alpha.crate | tar -tzvf -
                                                
                                                1. 2

                                                  Here’s a nix expression (that delegates to cargo): https://github.com/NixOS/nixpkgs/pull/102968

                                                  1. 1
                                                  1. 6

                                                    Gonna learn some Forth, because it seems very cool :)

                                                    1. 2

                                                      A great way to learn forth is to either implement a forth, or read through the implementation of a forth. Jones’ Forth is pretty good for this if you’re familiar with 32-bit x86 assembly.

                                                    1. 8

                                                      I did try out using dark-on-light a while ago, mostly because it allows me to have the brightness of my screen much lower while still being able to read text clearly without eye strain. However, I feel like “Light colour schemes are better, based on science” is really quite a stretch – the evidence for this is sparse and in as complicated a topic as human perception I’d want to see a big meta-analysis, or at least a decent number of papers finding similar results before making any conclusions. Though perhaps there is more evidence than they cited here.

                                                      1. 1

                                                        Working on an ordering website for a local food cooperative (at the moment they’re using google sheets), learning more about RISC-V and reading Programming Algorithms by Vsevolod Domkin! Also been learning Korean slowly but surely over the past month or so, I’ll be doing some of that too :)

                                                          1. 3

                                                            I’ve played around working like this with Git but I feel like this kind of workflow is so much better served by VCSs like Darcs and the more recent Pijul. You can often end up fixing a lot of trivial conflicts when doing things like reordering commits due to their snapshot nature in Git.

                                                            1. 37

                                                              How do i stop the cube from spinning

                                                              no

                                                              the best part in my book

                                                              1. 4

                                                                My favourite is the how do I exit vim issue :)

                                                                1. 5

                                                                  My favorite is the “vim³ isn’t for quitters” response to that issue

                                                                2. 4

                                                                  That had me giggling as well

                                                                  1. 7

                                                                    Reminds me of one of my favorite FAQ items a grabbed from some README, long ago:

                                                                    Q: Why is it written in Mono/C#?

                                                                    A: Because I hate freedom.

                                                                    1. 5

                                                                      I think my favourite comes from the zlib FAQ:

                                                                      Can you please sign these lengthy legal documents and fax them back to us so that we can use your software in our product?

                                                                      No. Go away. Shoo.

                                                                      1. 3
                                                                1. 5

                                                                  If you want to conserve your cognitive resources you should probably just throw your smartphone off a bridge.

                                                                  1. 1

                                                                    But isn’t that sad? We have capable support machines in our pockets and all they do is distract us.

                                                                  1. 4

                                                                    Scheme: car and cdr just upset me; who cares how they were originally implemented on the IBM 704? Also, as much as part of the reason I love Scheme is how small it is, there are some very blaring omissions that virtually every implementation adds as (incompatible) extensions, and that is pretty silly.

                                                                    1. 7

                                                                      I for one use permissive licenses in the hope that one day an aerospace company will use my code and it will end up in orbit.

                                                                      1. 10

                                                                        Maybe they already do? With a permissive license you have good chances of never finding out.

                                                                        1. 3

                                                                          And how would the GPL change that?

                                                                          1. 2

                                                                            Because the aerospace company would have to publish their code.

                                                                            1. 11

                                                                              s/publish/provide to customers/

                                                                              1. 6

                                                                                No. It is not required to publish GPL code of the modified version if it remains private (= not distributed).

                                                                                So you have the same chances of never finding out about usage in either case (but the virality of GPL might actually decrease the odds).

                                                                                1. 1

                                                                                  I was referring to this aspect of the license:

                                                                                  But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL.

                                                                                  Whether or not that would come into play with the hypothetical aerospace company in question is beside the point.

                                                                                2. 0

                                                                                  Or not.

                                                                              2. 1

                                                                                https://www.gnu.org/licenses/gpl-faq.en.html#GPLRequireSourcePostedPublic

                                                                                I guess what you mean is better chances of finding out?

                                                                              3. 7

                                                                                I found out that my open source code was being used in nuclear missiles. It did not make me feel good.

                                                                                1. 2

                                                                                  What license were you using?

                                                                                  1. 2

                                                                                    GPL

                                                                                    1. 2

                                                                                      Interesting that you could have discovered this, would presume such things would be quite secretive. I guess there’s nothing you can do to stop them using it either?

                                                                                      1. 2

                                                                                        It was a shock. And nope, nothing could be done. In fact, I suspect that Stallman would say restricting someone from using software for nuclear weapons (or torture devices or landmines or surviellance systems) would be a violation of the all important issue of software freedom.

                                                                                          1. 1

                                                                                            It would be an interesting argument to try to make. The FSF already recognizes the AGPL – which explicitly does not grant Freedom Zero as defined by the FSF – as a Free Software license, and the general argument for that is one of taking a small bit of freedom to preserve a greater amount over time. A similar argument could be made about weapons (i.e., that disallowing use for weapons purposes preserves the greatest amount of long-term freedom).

                                                                                            1. 1

                                                                                              … Stallman would say … violation of the all important issue of software freedom

                                                                                              Restricting use on ethical basis is quite difficult to implement for practical reasons.

                                                                                              1. 1

                                                                                                That’s not really the issue. One of the things I dislike about FSF/Stallman is that they claim, on moral principal, that denying a software license to , let’s say, Infant Labor Camp and Organ Mart Inc. would be wrong. I think that “software freedom” is pretty low down on the list of moral imperatives.

                                                                                                1. 1

                                                                                                  Being able to (legally) restrict the use of my creative output (photographs in my case) is the reason I retain the “all rights reserved” setting on Flickr. I’d hate to see an image of mine promote some odious company or political party, which is what can happen were I to license it using Creative Commons.

                                                                                      2. 2

                                                                                        How did you find out?

                                                                                        1. 2

                                                                                          They asked me to advise them.

                                                                                        2. 2

                                                                                          For ethical reasons or for fear of some possible liabilities somewhere down the line?

                                                                                          1. 11

                                                                                            What a question. I didn’t want to be a mass murderer.

                                                                                      1. 2

                                                                                        try #![no_std]

                                                                                        1. 2

                                                                                          Of course, requiring an account to watch iPlayer and requiring a TV license number to make an account is not an option.