1. 27

    A very bad day for privacy and internet freedom everywhere, great victory for the NSA. All your DNS traffic will now go to a single monopoly under US jurisdiction — Cloudflare.

    Here’s a useful comment showing the way to block this malignant traffic from leaving your network:

    Here’s the prior discussions for the issues with DoH in general and with Cloudflare in particular:

    It’s especially ironic that Mozilla is turning it on first in the US of A — literally a country comprised of collection of independent states, now all tracked under a single monopoly DoH provider. The only hope is that someone in the government will eventually wake up and see the issue where a single entity controls so much of consumer and business traffic that AT&T could only dream of; in an ideal world, Cloudflare should be the prime target of the antitrust legislation in the next decade.

    1. 12

      Mozilla advertises ‘privacy’ on literally the second sentence of the Firefox download page

      And yet they continue to depend on proprietary google tracking bits in order to generate a UUID (lol), and now this. Mozilla needs a major change in direction if they’re going to actually provide a product that respects user privacy.

      1. 7

        This feels like the typical response from the geek world where if Firefox only gets 99.99% of things right instead of exactly 100%, they will be portrayed and talked about as if they actually managed 0%.

        The threats involved in using your ISP’s DNS are pretty clear, and pretty clearly are attacks on your privacy. DoH is a significant upgrade over that, and the provider they chose to go with has taken steps to try to make it verifiable that they will not present the same kind of threat as your ISP.

        But because it only gets part of the way to where certain people would like to be, we get threads like this one, where the perfect is not just the enemy of the good, but is actively seeking to hinder and impair the good by any means available.

        1. 3

          The threats involved in using your ISP’s DNS are pretty clear, and pretty clearly are attacks on your privacy.

          The threats involving the world’s largest ad company and the threats involving a leading collector of internet traffic are pretty clear, and clearly are attacks on your privacy. So by your standards, ‘good’ is choosing one bad actor over another bad actor, when ‘good’ should really be avoiding all bad actors. ‘Perfect’ would be something like seemlessly integrating Tor, etc (which no one here is asking for).

          1. 2

            I don’t much like Cloudflare, but Mozilla seems to have used their leverage to enforce terms which are far more favorable to your privacy than anything a widely-available consumer ISP is going to offer. So, again, this seems to be a “they only got to 99.99% of what I want, not 100%”, and from there is being spun as complete failure.

            If you have actual demonstrable proof that Cloudflare is not abiding by those terms, feel free to bring it up.

    1. 2

      What’s the source for dates for the non-mathematical symbols?

      Quite a few symbols ‘invented’ between the year -2000 and -1999 using the slider :P

      1. 1

        The Wikipedia links attached to each key. But it’s pretty loosely goosey. Some letters have origins in Egypt, some Greece, some forms were refined in England millennium later. I just roughly grabbed the earliest range I saw. For ancient letters I used the -2000 cutoff. I should probably switch to a range of uncertainty for each. The range narrows greatly as you move closer to the present day.

      1. 0

        Firefox seems to either be moving really fast these days or simply not communicating well. Anyone know what that’s about? In the Firefox announcement, they say they’ve been working on / considering this for a year, but to me this seems to have come out of nowhere - especially when there was still a large debate around this topic.

          1. 2

            this has been discussed for a long time and even though DoH is a good thing in general, I’d only be OK with they transitioning all users to it if it was a big opt-in dialog.

          1. 27

            I wish they’d at least prompt to turn this on, instead of do it automatically. I don’t really trust cloudflare either, and have a different encrypted dns provider. I’m glad they at least allow you to disable this or change the provider, I just don’t like that out of the box firefox starts sending DNS traffic straight to cloudflare.

            1. 3

              I disabled it when the popup appeared for this reason. What’s the provider you use?

              1. 7

                I run a VPS that provides encrypted DNS. It gets DNS from running unbound querying root DNS servers directly.

                I wish that one day the root DNS servers themselves would support encrypted queries..

              2.  

                I wish they’d at least prompt to turn this on

                That would be the worst possible choice out of all possible choices I can think of. I would prefer DoH to be off-by-default, but I prefer on-by-default over a prompt.

                For one thing, encrypted DNS is a small, incremental improvement. It’s only really worthwhile because of a bunch of other improvements, like eSNI, tracker blocking, user-agent string size reduction, and all the Private Browsing hardening tricks that Tor has upstreamed. You prompting for all of the tweaks that have some sort of trade-off would just suck.

                Worse than that, though, is that most people would not be able to make an informed decision about a prompt like this. Warning fatigue is a real problem, and Firefox is frankly bad about this already. I wish they’d just turn address bar suggestions on or off by default instead of prompting for it.

              1. 9

                A company made some mistake, pissed off user assumes malice and posts their rant to ‘hacker’ ‘news’, and the company ‘makes it right’. Why does this belong on lobste.rs?

                1. 0

                  A company made some mistake, pissed off user assumes malice and posts their rant to ‘hacker’ ‘news’, and the company ‘makes it right’. Why does this belong on lobste.rs?

                  Did you not read past the erroneous tone disclaimer, or are you just trolling here? Where did Cloudflare make it right? What’s this whole “‘hacker’ ‘news’” in individual quotation marks that you’re referring to? Where did the user assume “malice”? What “mistake” did the company make, when it’s clearly written by the OP that all Cloudflare did was follow its own known policy of not notifying about the nuking of the site of a paying customer, where a simple Google Search query reveals it’s an issue known to the public at large since like two years ago?

                  Most importantly, why do you assume malice on part of the victim in this story, and believe Cloudflare the perpetrator, and why do you scorn the victim for doing exactly what Cloudflare told them to do — post the question in public forums, because they’re no longer a priority customer after having had the product they bought removed from their profile?

                  The OP has had their whole website and email nuked, potentially lost a lucrative contract with a client (10k USD+?), at the very least potentially lost several days worth of billable time (at kilobuck per day?), and here the tone-police are telling him he’s too quick to assume bad faith (???) on Cloudflare’s part when Cloudflare’s CTO chimed in for damage control, empty-saying they’re “investigating”? (As their CTO always does on HN, BTW.)

                  Note that Cloudflare’s CTO still never disputed nor apologised for Cloudflare’s blackbox policy of nuking your whole DNS without any notification (email or otherwise). This is probably the biggest complaint by the user, that Cloudflare didn’t even bother to tell him about this intentional takedown on Cloudflare’s part. It’s been almost a day now, with no updates; will Cloudflare be making it right by reimbursing the OP for the lost opportunities? Or is the victim supposed to issue a full official apology for being a victim of this awesome registrar with such a great CTO that’s “investigating” all issues that hit the media?

                  1. 0

                    So you can complain about it =)

                  1. 2

                    I have thought about this in relation to border crossings. I think the best solution is to create some very explicit procedure for retrieving your data that “Mallory” is unlikely to replicate.

                    For example: I am traveling to France, and tell my friend that I will send them a selfie from the Eiffel Tower within 24 hours of my plane landing. If I miss this window, they are instructed to throw my computer into a lake. If I make the window, they unlock my computer and send me my data.

                    In the event that I am detained, it is unlikely that Mallory will be able to replicate this selfie within the allotted time window, or believe that hitting me with a wrench will in any way convince my friend to dive to the bottom of the lake to restore my data.

                    1. 4

                      Yeah, but how often do you have data (or travel plans!) that are more important than not getting beaten with a wrench?

                      1. 2

                        For example: I am traveling to France, and tell my friend that I will send them a selfie from the Eiffel Tower within 24 hours of my plane landing. If I miss this window, they are instructed to throw my computer into a lake. If I make the window, they unlock my computer and send me my data.

                        I’ve traveled a lot, and this proposal sounds absurd. Weather, mechanical problems, politics, etc etc can delay you beyond any timescale you’ve planned for. Regardless of your mode of transportation.

                      1. 3

                        “Please don’t post this article to Hacker News…”

                        I’m curious, why not?

                        1. 1

                          I just assumed that maybe their hosting cannot handle the load it would generate.

                          1. 2

                            Nah I just prefer to manage the S/N ratio when i can.

                            1. 1

                              Heh. I originally commented mentioning the huge amount of low quality ‘discussion’ that posting to ‘hacker’ ‘news’ would generate, but then changed my comment to go with the more neutral option.

                        1. 56

                          I’m not sure why Free Software was thrown into this. I fully agree with the author’s points regarding the severe lack of privacy associated with discord, BUT I disagree that Free Software can only be developed/supported using communication mechanisms that respect privacy.

                          Email is an acceptable choice for Free Software projects, and has been for many decades. Same for IRC. None of those are inherently secure/privacy-friendly.

                          Discord is a terrible choice for Free Software projects because it’s a proprietary walled garden, not because it’s ‘not private’.

                          1. 21

                            BUT I disagree that Free Software can only be developed/supported using communication mechanisms that respect privacy.

                            Of course you can develop free software with proprietary tools and services.

                            It’s just discriminatory and excludes those who need or want to maintain their privacy. I don’t think free software projects should be discriminatory or exclusionary.

                            Email is an acceptable choice for Free Software projects, and has been for many decades. Same for IRC. None of those are inherently secure/privacy-friendly.

                            Email and IRC are absolutely privacy-friendly, despite being unencrypted. You can create an entirely anonymous free account and use them, via Tor, just like any other participant and not be excluded.

                            From the article:

                            Discord is proprietary, non-free software, held closely by a for-profit company. How you personally feel about this is dependent upon your own philosophical views, but, objectively, it is not very consistent with the ideals of most groups dedicated to free software or open collaboration to produce and improve free software.

                            It seems to me inappropriate for an organization that believes in free software to choose proprietary and privacy-disrespecting tools when free and private alternatives are readily available and can be hosted very inexpensively.

                            1. 20

                              Yes, I read the bit about it being proprietary in the article, but the main points being made in the article are not about it being a poor choice because it’s non-free, but because it’s “not private”.

                              Anyways, I hope fewer projects choose this path (and slack, which i put squarely in the same boat as discord), and instead choose IRC, matrix, XMPP, and other similar protocols.

                              1. 6

                                Well, the main reason it’s discriminatory and exclusionary is because of privacy. Not everyone can give up their privacy, so any project using it is discriminating against all of those people.

                                Also from the article:

                                If you have done so in the past, please stop recommending IRC as a replacement for Slack and Discord. It’s absolutely not. IRC is great, but it is not simply “open source Slack” (that’s Mattermost). They are both chat systems, but they are different tools for different jobs. I love IRC, but it’s simply not a useful tool for most groups.

                                Are there any good matrix implementations yet? I’ve been meaning to run one.

                                1. 7

                                  If you have done so in the past, please stop recommending IRC as a replacement for Slack and Discord. It’s absolutely not. IRC is great, but it is not simply “open source Slack” (that’s Mattermost). They are both chat systems, but they are different tools for different jobs. I love IRC, but it’s simply not a useful tool for most groups.

                                  Yeah.. I disagree with that bit too. All of the Mesa development happens over IRC, and mailing lists (with some moving to gitlab, e.g. patch review). It works really, really great for that. For a (long) while, Mozilla used it. But I guess it wasn’t ‘hip’ enough so they moved to something else (matrix I think?)

                                  IRC is a very simple protocol, you can implement a client for it very easily, it has been ‘battle tested’ for decades. One of the big missing ‘features’ is accessing the backlog while you are away, and many folks (including myself) use a bouncer on some 24/7 system to fill that gap, but I understand that’s not for everyone.

                                  Are there any good matrix implementations yet? I’ve been meaning to run one.

                                  I’m also interested to know this. ~2yrs ago the (only?) homeserver implementation out there was hard to set up, and didn’t scale well at all (something about it being written in javascript? lol). Maybe that’s different now. I’ve yet to see any widespread adoption of E2EE in matrix, for any channels I’ve seen. People tout E2EE as the major reason to use matrix, but basically no one uses it, AFAIK.

                                  1. 16

                                    Yeah.. I disagree with that bit too. All of the Mesa development happens over IRC, and mailing lists (with some moving to gitlab, e.g. patch review). It works really, really great for that. For a (long) while, Mozilla used it. But I guess it wasn’t ‘hip’ enough so they moved to something else (matrix I think?)

                                    Because it works well for some groups does not mean it works well for most groups.

                                    Mozilla didn’t quit IRC because it wasn’t “hip” enough. They wrote about it when they did it: it wasn’t serving their needs.

                                    For most groups, asynchronous mobile applications with native notifications and multiclient are hard requirements. Unless you pay for irccloud, you’re not getting any of that. IRC’s “very simple protocol” is actually a hindrance for the majority of users: it means that if you can’t maintain a TCP connection, you can’t maintain an active session. The vast majority of people these days only access social networking via mobile devices. That forces them onto a paid bouncer like irccloud, or into a bad UX. There’s a reason that Slack and Discord are so massively popular. IRC advocates entirely fail to understand those reasons.

                                    Use of Discord discriminates against all the users who need privacy.

                                    Use of IRC discriminates against all the users who don’t know screen, znc, and the command line, or users who primarily use mobile phones.

                                    1. 7

                                      Use of Discord discriminates against all the users who need privacy.

                                      But in the context of publicly discussing open source development, I don’t see how you do? So frankly I don’t really see the objection here.

                                      The other day someone on Reddit was complaining about a Google mailing list not being private. The privacy of what? Your public messages sent to a public mailing group?

                                      I’m unconvinced by the “you need a telephone” argument; the fact is that spam and abuse are a serious problem, and it’s a reasonably effective at stopping it. I don’t buy the “complete privacy” argument, and I don’t think that they ask it “just to get more data about you”. That’s ignoring the very real problems people have to deal with.

                                      The “human right” argument seems misplaced. I also have the “human right” to call anyone an asshole here (freedom of speech) or to proselytize my religion (freedom of religion), but that doesn’t mean this platform needs to accept that. Again, the context here is publicly discussing a public project.

                                      In your article you wrote that “you should be able to use your communications tools to mock and ridicule people, if you so wish”. Seriously? If someone comes in a OSS project to “mock and ridicule people” then I’d kick them out faster than you can say “freedom of speech”.

                                      The word “privacy” seems to be subject to quite some inflation these days. I think this is a serious distraction from actual privacy issues.

                                      1. 6

                                        The privacy of what? Your public messages sent to a public mailing group?

                                        the connection between your web identity and your in-real-life identity. The messages are obviously public but you might not want, for example, your boss to know that “coder_742” is you.

                                        1. 2

                                          Do people not just make new email accounts for their “alt” identities? Virtually all online services use email as the primary proof of identity and it is trivial to create a new one. Discord requiring an email and an account are hardly barriers to privacy.

                                          1. 5

                                            They also require your physical location via your IP. If you use Tor or a VPN to preserve your personal privacy, the things that happen (dozens of captchas, frequent inability to log in, DMing links gets your account auto deleted) are huge barriers to entry.

                                            1. 1

                                              Hard disagree. Tor is very frequently used for spam (among other nefarious things), so it’s no surprise that IPs for exit nodes are blacklisted or put under more scrutiny. If you go out of your way to obfuscate your origin and you behave like a spambot, you’re going to get treated like one. These are good things, it makes the network better for the vast majority of people who use the service. That being said, I use Discord through a major VPN provider all the time and have never had any issues with retaining my session or logging in. Captchas are hardly an issue either, they’re just slightly annoying.

                                      2. 4

                                        Use of IRC discriminates against all the users who don’t know screen, znc, and the command line, or users who primarily use mobile phones.

                                        FYI, there are some great IRC clients for Android.

                                        Also, ‘discrimination’ is an intentional action, not accidental. When people set out to create IRC, they didn’t scheme in some dimly lit room and decide “we must prevent users who don’t know screen, znc, and command line from using this. Oh, and fuck mobile users too!”. They simply made a thing that lots and lots of people started using.

                                        1. 12

                                          Also, ‘discrimination’ is an intentional action, not accidental.

                                          Nah, you can absolutely discriminate accidentally. An app demanding only five digit US numeric zip codes or ten digit phone numbers that start with a +1 is discriminating against non-US users even if they didn’t intend to.

                                          They simply made a thing that lots and lots of people started using.

                                          Yeah, in like 1990, for 1990-style programs. Just because there are decent IRC clients for android doesn’t mean IRC’s protocol is good for modern communication. It doesn’t do multi-client, it needs a persistent TCP connection, it doesn’t do multiline or rich text or media, doesn’t have any sort of cryptography, et c. It’s a bad protocol, and it should be left in the past.

                                          1. 10

                                            You complain a lot, but most of the things you complain about are already solved, or being solved.

                                            IRC isn’t dead, it’s a living, breathing protocol, improving every day.

                                            And especially mobile usage isn’t that complicated to do right, especially if you treat IRC the way Matrix treats their protocol between homeservers, and have a separate protocol for clients (like e.g. IRCCloud or our own Quassel/Quasseldroid do: https://quasseldroid.info/).

                                            It’s being worked on, and it has a major community still using it. Which is a massive improvement over the flavour-of-the-day Slack clone you see elsewhere.

                                            Now to get into specifics:

                                            it doesn’t do multiline

                                            or rich text or media

                                            it needs a persistent TCP connection

                                            doesn’t have any sort of cryptography

                                            1. 14

                                              IRC isn’t dead, it’s a living, breathing protocol, improving every day.

                                              As a long time IRC user who has monitored the progress of IRCv3 for years, and talks to many of its former developers, I find this hard to believe. Even with IRCv3 efforts, everything was stillborn and many of those developers are sad at how everything passed them by.

                                              1. 4

                                                These are all open issues or PRs for the past couple of years. ‘These are being worked on’ does not make IRC a viable alternative for the required feature set of today.

                                              2. 3

                                                it doesn’t do multiline or rich text or media

                                                Those are definitely features, IMHO. But I can see there’s no way we can agree here :)

                                                I look forward to something like Matrix (if Matrix doesn’t improve), that is FLOSS, lightweight, secure, federated, and easy for all to use.

                                          2. 4

                                            The official reference implementation, synapse, has been production-ready for a long time and also scales pretty well nowadays. It can be easily hosted on NixOS, there are Docker images and a Debian repository. I have been running my personal Matrix server for 1-2 years now and I never had problems. Just make sure presence is turned off for better performance.

                                            E2EE adption has not been as widespread as it should because the UI/UX had been lacking. It’s not that easy to get right for a federated multi-device service. But a few weeks ago that last missing feature to make E2EE usable, cross-signing of devices, got implemented. It is now being integrated and tested and will soon go live. After that all new private rooms will be E2EE by default.

                                            Much has happened on the Matrix project in the last years, I suggest you give it another try :)

                                          3. 1

                                            Are there any good matrix implementations yet? I’ve been meaning to run one.

                                            See my comment below.

                                        2. 8

                                          It’s just discriminatory

                                          I’d say it’s exclusionary, not discriminatory. Discriminatory heavily implies it’s on the basis of an immutable category. But project leaders have to dictate to some extent what software their employees will use, and their employees have the ability to use other tools for private communication.

                                          You may say the bar to entry for those other tools is higher, but whose responsibility is that? The project leader’s? I think regardless of what you believe, your comment holds the wrong people to account—that is, if blame is even an apt paradigm here!

                                          1. 5

                                            Tools that spy on us are bad tools. If project leaders chose Discord, and Discord’s policies regarding privacy mean that people who need privacy are excluded from participating in that group, then I think it’s reasonable to say that group leaders should not make those sorts of choices.

                                            It’s just the same as if you had a club meeting at a place with a specific dress code that excludes a cultural form of dress. The people who organized the meeting who chose that venue would be legitimately open to criticism (just as would the venue be) for discriminating against people who dress that way.

                                            Free software and public benefit groups and projects should not be discriminatory or exclusionary, and they should not make tool choices that perpetuate discrimination.

                                          2. 4

                                            I care about privacy, but this definition of “exclusive” and “discrimination” is a bit silly. You could say any tool “discriminated against” or “excludes” anyone who doesn’t like it for any reason, and then wag your finger saying, “you don’t want to be discriminatory or exclusive, do you?”. It doesn’t exclude people who care about privacy, we just don’t like it. And as a maintainer, I’d probably elect for the usable tools over those that trade everything for privacy (or more likely, privacy theater).

                                        1. 66

                                          What should people use instead?

                                          Real secure messaging software. The standard and best answer here is Signal,

                                          Oh please. They aren’t even close to sharing the same level of functionality. If I want to use Signal, I have to commit to depending on essentially one person (moxie) who is hostile towards anyone who wants to fork his project, and who completely controls the server/infrastructure. And I’d have to severely limit the options I have for interfacing with this service (1 android app, 1 ios app, 1 electron [lol!] desktop app). None of those are problems/restrictions with email.

                                          I don’t know what the federated, encrypted ‘new’ email thing looks like, but it’s definitely not Signal. Signal is more a replacement for XMPP, if perhaps you wanted to restrict your freedom, give away a phone number, and rely on moxie.

                                          1. 13

                                            I think Matrix is getting closer to being a technically plausible email and IM replacement.

                                            The clients don’t do anything like html mail, but I don’t think I’d miss that much, and the message format doesn’t forbid it either.

                                            1. 27

                                              If you can’t send patches to mailing lists with them then they’re not alternatives to email. Email isn’t just IM-with-lag.

                                              1. 5

                                                Email can be exported as text and re-parsed by Perl or a different email client.

                                                Until that functionality is available, I won’t consider something a replacement for email.

                                                1. 4

                                                  In all fairness: cmcaine says “Matrix is getting closer”.

                                                  1. 3

                                                    Matrix is a federated messaging platform, like XMPP or email. You could definitely support email-style use of the system it’s just that the current clients don’t support that. The protocol itself would be fine for email, mailing lists and git-send-email.

                                                    The protocol also gives you the benefits of good end-to-end encryption support without faff, which is exactly what general email use and PGP don’t give you.

                                                    1. 2

                                                      Adding patch workflow to Matrix is no different to adding it to XMPP or any other messaging solution. Yes, it is possible but why?

                                                      I can understand you like Matrix but it’s not clear how Matrix is getting closer to e-mail replacement with just one almost-stable server implementation and the spec that’s not an IETF standard. I’d say Matrix is more similar to “open Signal” than to e-mail.

                                                      1. 2

                                                        “Getting closer” is a statement towards the future, yet all of your counter arguments are about the current state.

                                                        1. 2

                                                          If I only knew the future I’d counter argument that but given that the future is unknown I can only extrapolate the current and the past. Otherwise Matrix may be “getting closer” to anything.

                                                          Do you have any signs that Matrix is getting e-mail patch workflow?

                                                    2. 2

                                                      Mailing lists could move to federated chatrooms. They moved from Usenet before, and in some communities moved to forums before the now common use of Slack.

                                                      I’m not saying it would be the best solution, but it’s our most likely trajectory.

                                                      1. 6

                                                        Mailing lists existed in parallel with Usenet.

                                                        1. 5

                                                          Both still exist :)

                                                          I do think, actually, that converting most public mailing lists to newsgroups would have a few benefits:

                                                          1. It’d make their nature explicit.
                                                          2. It’d let us stop derailing designs for end-to-end encryption with concerns that really apply only to public mailing lists.
                                                          3. I could go back to reading them using tin.

                                                          Snark aside, I do think the newsgroup model is a better fit for most asynchronous group messaging than email is, and think it’s dramatically better than chat apps. Whether you read that to mean slack or any of the myriad superior alternatives to slack. But that ship sailed a long time ago.

                                                          1. 4

                                                            Mailing lists are more useful than Usenet. If nothing else, you have access control to the list.

                                                            1. 2

                                                              Correct, and the younger generation unfamiliar with Usenet gravitated towards mailing lists. The cycle repeats.

                                                            2. 4

                                                              Mailing lists don’t use slack and slack isn’t a mailing list. Slack is an instant messaging service. It has almost nothing in common with mailing lists.

                                                              It’s really important to drive this point home. People critical of email have a lot of good points. Anyone that has set up a mail server in the last few years knows what a pain it is. But you will not succeed in replacing something you don’t understand.

                                                              1. 4

                                                                The world has moved on from asynchronous communication for organizing around free software projects. It sucks, I know.

                                                                1. 3

                                                                  Yeah. Not everyone, though.

                                                                  Personally I think that GitHub’s culture is incredibly toxic. Only recently have there been tools added to allow repository owners to control discussions in their own issues and pull requests. Before that, if your issue got deep linked from Reddit you’d get hundreds of drive by comments saying all sorts of horrible and misinformed things.

                                                                  I think we’re starting to see a push back from this GitHub/Slack culture at last back to open, federated protocols like SMTP and plain git. Time will tell. Certainly there’s nothing stopping a project from moving to {git,lists}.sr.ht, mirroring their repo on GitHub, and accepting patches via mailing list. Eventually people will realise that this means a lower volume of contributions but with a much higher signal to noise ratio, which is a trade-off some will be happy to make.

                                                                  1. 2

                                                                    Only recently have there been tools added to allow repository owners to control discussions in their own issues and pull requests. Before that, if your issue got deep linked from Reddit you’d get hundreds of drive by comments saying all sorts of horrible and misinformed things.

                                                                    It’s not like you used to have levers for mailing lists, though, that would stop marc.org from archiving them or stop people from linking those marc.org (or kernel.org) threads. And drive-bys happened from that, too. I don’t think I’m disputing your larger point. Just saying that it’s really not related to the message transfer medium, at least as regards toxicity.

                                                                    1. 3

                                                                      Sure, I totally agree with you! Drive-bys happen on any platform. The difference is that (at least until recently) on GitHub you had basically zero control. Most people aren’t going to sign up to a mailing list to send an email. The barrier to sending an email to a mailing list is higher than the barrier to leaving a comment on GitHub. That has advantages and disadvantages. Drive-by contributions and drive-by toxicity are both lessened. It’s a trade-off I think.

                                                                      1. 3

                                                                        I guess I wasn’t considering a mailing list subscription as being meaningfully different than registering for a github account. But if you’ve already got a github account, that makes sense as a lower barrier.

                                                          2. 5

                                                            Matrix allows sending in the clear, so I suppose this has the “eventually it will leak” property that the OP discussed?

                                                            (A separate issue: I gave up on Matrix because its e2e functionality was too hard to use with multiple clients)

                                                            1. 5

                                                              (A separate issue: I gave up on Matrix because its e2e functionality was too hard to use with multiple clients)

                                                              and across UA versions. When I still used it I got hit when I realized it derived the key using the browser user agent, so when OpenBSD changed how the browser presented itself I was suddenly not able to read old conversations :)

                                                              1. 2

                                                                Oh! I didn’t know that!

                                                          3. 5

                                                            Functionality is literally irrelevant, because the premise is that we’re talking about secure communications, in cases where the secrecy actually matters.

                                                            Of course if security doesn’t matter then Signal is a limited tool, you can communicate in Slack/a shared google doc or in a public Markdown document hosted on Cloudflare at that point.

                                                            Signal is the state of the art in secure communications, because even though the project is heavily driven by Moxie, you don’t actually need to trust him. The Signal protocol is open and it’s basically the only one on the planet that goes out of it’s way to minimize server-side information storage and metadata. The phone number requirement is also explicitly a good design choice in this case: as a consequence Signal does not store your contact graph - that is kept on your phone in your contact store. The alternative would be that either users can’t find each other (defeating the point of a secure messaging tool) or that Signal would have to store the contact graph of every user - which is a way more invasive step than learning your phone number.

                                                            1. 9

                                                              even though the project is heavily driven by Moxie, you don’t actually need to trust him

                                                              Of course you must trust Moxie. A lot of the Signal privacy features is that you trust them not to store certain data that they have access to. The protocol allows for the data not to be stored, but it gives no guarantees. Moxie also makes the only client you can use to communicate with his servers, and you can’t build them yourself, at least not without jumping hoops.

                                                              The phone number issue is what’s keeping me away from Signal. It’s viral, in that everyone who has Signal will start using Signal to communicate with me, since the app indicates that they can. That makes it difficult to get out of Signal when it becomes too popular. I know many people that cannot get rid of WhatsApp anymore, since they still need it for a small group, but cannot get rid of the larger group because their phone number is their ID, and you’re either on WhatsApp completely or you’re not. Signal is no different.

                                                              And how can you see that a phone number is able to receive your Signal messages? You have to ask the Signal server somehow, which means that Signal then is able to make the contact graph you’re telling me Signal doesn’t have. They can also add your non-Signal friends to the graph, since you ask about their numbers too. Maybe you’re right and Moxie does indeed not store this information, but you cannot know for sure.

                                                              What happens when Moxie ends up under a bus, and Signal is bought by Facebook/Google/Microsoft/Apple and they suddenly start storing all this metadata?

                                                              1. 5

                                                                Signal is a 501c3 non-profit foundation in the US, Moxie does not control it nor able to sell it. In theory every organization can turn evil but there is still a big difference between non-profits who are legally not allowed to do certain things vs corporations who are legally required to serve their shareholders, mostly by seeking to turn a profit.

                                                                And how can you see that a phone number is able to receive your Signal messages? You have to ask the Signal server somehow, which means that Signal then is able to make the contact graph you’re telling me Signal doesn’t have.

                                                                There are two points here that I’d like to make, one broader and one specific. In a general sense, Signal does not implement a feature until they can figure out how to do that securely and with leaking as little information as possible. This has been the pattern for basically almost every feature that Signal has. Specifically, phone numbers are the same: The Signal app just sends a cryptographically hashed, truncated version of phone numbers in your address book to the server, and the server responds with the list of hashes that are signal users. This means that Signal on the server side knows if any one person is a Signal user, but not their contact graph.

                                                                1. 3

                                                                  In theory every organization can turn evil

                                                                  Every organization can also be bought by an evil one. Facebook bought WhatsApp, remember?

                                                                  The Signal app just sends a cryptographically hashed, truncated version of phone numbers in your address book

                                                                  These truncated hashes can still be stored server-side, and be used to make graphs. With enough collected data, a lot of these truncated hashes can be reversed. Now I don’t think Signal currently stores this data, let alone do data analysis. But Facebook probably would, given the chance.

                                                                  1. 6

                                                                    Every organization can also be bought by an evil one. Facebook bought WhatsApp, remember?

                                                                    WhatsApp was a for-profit company, 501(c)3 work under quite different conditions. Not saying they can’t be taken over, but this argument doesn’t cut it.

                                                              2. 3

                                                                The phone number requirement is also explicitly a good design choice

                                                                No, it’s an absolutely terrible choice, just like it is a terrible choice for ‘two factor authentication’

                                                                Oh but Signal users can always meet in person to re-verify keys, which would prevent any sim swap attack from working? No, this (overwhelmingly) doesn’t happen. In an era where lots of people change phones every ~1-2yr, it’s super easy to ignore the warning because 99% of the time it’s a false positive.

                                                                The alternative would be that either users can’t find each other (defeating the point of a secure messaging tool)

                                                                This is a solved problem. I mean, how do you think you got the phone numbers for your contacts in the first place? You probably asked them, and they probably gave it to you. Done.

                                                              3. -8

                                                                Careful there… you can’t say bad things about electron in here….

                                                              1. 3

                                                                All reporters so far have been using Windows 10

                                                                I suggested the ‘windows’ tag for this, until someone can prove it happens when running in other operating systems.

                                                                1. 3

                                                                  I can confirm that this happens to me on Arch Linux.

                                                                  Edit: Whoops, I misread the thread. The restart bug mentioned by soc happens to me on Arch Linux, not the graphical glitching mentioned in the article.

                                                                  1. 3

                                                                    Please, Please tell them!

                                                                1. 11

                                                                  The password manager I use (pass) has a really simple and widely supported ‘backup’ mechanism built in (git).

                                                                  1. 7

                                                                    One downside of pass that I don’t see being talked about much is that the key names are not encrypted. This leaks a bit of metadata. Other than that’s it’s pretty much perfect for me.

                                                                    https://github.com/gopasspw/gopass is also quite good, uses the same storage as pass and adds a few interesting features like git auto-syncing and browser integration.

                                                                    1. 4

                                                                      Yeah this downside bothers me a lot and it felt I’m pretty much alone in that. It’s what prevented me from using pass for ages.

                                                                      I’d made the switch eventually and I’m really happy with it, but I had to add an the name obfuscation myself. The “unix philosophy” of pass is great because you can actually build stuff on top of it.

                                                                      1. 1

                                                                        Yeah the weird thing was all the outrage that 1Password got literally the same issue, but nobody it saying a thing for pass. Not that I recommend outrage but I think it’s important to be aware of the attack vectors.

                                                                        1. 6

                                                                          Every time I see pass come up, it’s not long before someone mentions that the names of passwords aren’t kept secret. This seems like the most frequently mentioned and most severe downside of pass. So I’m not sure that it isn’t talked about much.

                                                                          I do personally use pass and I do it in spite of the names being leaked. My threat model isn’t particularly sophisticated, so I’m generally okay with hiding the names simply by not sharing the repo.

                                                                      2. 4

                                                                        For the issue of having your names unencrypted, I came with the following idea for safe, which could also work with pass or similar secret keepers:

                                                                        When syncing your secrets online, you can obfuscate the whole directory renaming all your entries after their sha256’d names, and store the conversion in a new secret, say “hashmap”. Your directory structure is then totally unreadable, unless you have the key to read the secrets themselves.
                                                                        I like this approach, because your safe protects itself. Here is my implementation (again, using safe as a backend):

                                                                        #!/bin/sh
                                                                        ORIG=$HOME/.secrets
                                                                        HASH=$HOME/.hashes
                                                                        
                                                                        # Create a new vault with the same master password
                                                                        mkdir -p $HASH
                                                                        cp $ORIG/master $HASH
                                                                        
                                                                        # Copy all secret in new vault, using their hashed names as key
                                                                        for p in $(find $ORIG -type f | grep -v /master$); do
                                                                        	n="${p##$ORIG/}"
                                                                        	h=$(echo $n | openssl sha256 | cut -d' ' -f2)
                                                                        	cp $p "$HASH/$h"
                                                                        
                                                                        	# print "HASH	NAME" for the hashmap
                                                                        	printf '%s\t%s\n' "$h" "$n"
                                                                        done | safe -s $HASH -a hashmap
                                                                        

                                                                        Note: the hash is the one of the entry name, not the password itself of course ;)

                                                                        Then you end up with a password store like the following, which you can store in plain sight over git or whatever:

                                                                        .hashes/master
                                                                        .hashes/hashmap
                                                                        .hashes/455f66d5e5f75ec1334127d73a3479b7a66c69ef4cc094e28def2075cc731035
                                                                        .hashes/d3eb539a556352f3f47881d71fb0e5777b2f3e9a4251d283c18c67ce996774b7
                                                                        .hashes/98623d38989a6957ec74319dc4552480fa3d96a59c5ffcac76c0e080d3940406
                                                                        .hashes/df58574b01c57710a70ba201df6b5fb8dc0bf3906b8bf39f622936f92e6ffec7
                                                                        

                                                                        And when you want to de-obfuscate it, you can decrypt the secret “hashmap”, and used that to rename your entries:

                                                                        $ safe -s ~/.hashes "hashmap"
                                                                        455f66d5e5f75ec1334127d73a3479b7a66c69ef4cc094e28def2075cc731035        dedup.key
                                                                        d3eb539a556352f3f47881d71fb0e5777b2f3e9a4251d283c18c67ce996774b7        dummy
                                                                        98623d38989a6957ec74319dc4552480fa3d96a59c5ffcac76c0e080d3940406        token/gitlab
                                                                        df58574b01c57710a70ba201df6b5fb8dc0bf3906b8bf39f622936f92e6ffec7        switch
                                                                        
                                                                      3. 5

                                                                        Note that git use is optional. My ‘pass’ passwords are backed up daily along with the rest of the important files in my home directory, no extra work required as they’re just GPG-encrypted text files.

                                                                        1. 4

                                                                          Came here to say the same thing. My backup of my pass repo is a) it’s on every device I use and b) gets synced monthly to my off-site backup drive. If I lose the encryption key I’m in trouble, but I back that up, too.

                                                                          Using 2 password managers seems like a strange solution to me.

                                                                          1. 2

                                                                            I switched from pass to KeePassXC a while ago. I use Syncthing to get the DB to my phone for use with KeePassDX and encrypted backups are automatically taken overnight with borg.

                                                                            Recommending two password managers is a little odd, I agree, but he does bring up a good point that everything is fallible and multiple backups are a good thing to have.

                                                                            1. 3

                                                                              Eh, it’s 2 applications reading the same file format. Calling them 2 password managers would be the same as using 1password on 2 platforms, I don’t even see that worth mentioning.

                                                                              FWIW, I also use KeepassXC on Linux+Windows, and Keepass2Android on Android, and Syncthing. I only sync down to my phone like once a month, and it works beautifully.

                                                                            2. 2

                                                                              If I lose the encryption key I’m in trouble, but I back that up, too.

                                                                              I use gopass, which allows for multiple encryption keys for the same password store. This is very useful in the case of losing access to one of them, or the intended purpose, having multiple users of the same store.

                                                                            3. 4

                                                                              The unfortunate issue with pass is that when it uses git to back itself up, you still need a way to backup your GPG key, which is of course incompatible with git. Even if your GPG key is encrypted, I doubt you’d want to publish it online. So in order to backup your password manager, you must come up with 2 different backup medium, which means twice as much possibilities to lock yourself out.

                                                                              Also, managing a GPG keyring can have a lot of problems on its own on a daily usage basis (using a device without your keys, syncing keys, …). On this topic, using password managers based on a master password can help a lot.

                                                                              1. 1

                                                                                Those are all good points. Since I use GPG for basically everything else (signing commits, communication, etc), the work to back that up I don’t really consider it to be part of the ‘backup my password manager’ activity.

                                                                                The beauty of pass is that the storage mechanism is just a bunch of flat text files. Back them up however you want, you don’t have to use git (but it is nice that git support is built in).

                                                                                I doubt you’d want to publish it online

                                                                                Who said anything about it being public? Private git repos exist, either self hosted or with some paid service.

                                                                                1. 1

                                                                                  When you use GPG on a daily basis for other stuff, this would make more sense indeed. It is not my case though, so it bothered me a lot. So much that I ended up writing my own to mirror “pass” usage but with a master password. The cool stuff about it is that I can now store my GPG key inside my secret manager 😉

                                                                                  You’re right about private repos indeed, I think making it private makes it more complex to use git to sync it across devices. It makes for a good backup anyway as you said ! The flat file structure is great, and the composability of the tool makes it a breeze to obfuscate, backup, convert or integrate to any workflow !

                                                                                  1. 1

                                                                                    I think making it private makes it more complex to use git to sync it across devices.

                                                                                    Not that complex, but yes, you now have to use either password or key auth to access it. And keep track of that, etc. The main thing I like about this setup is that it’s made from several simple components. Any of which could be replaced without affecting the others (or affecting them enough to require significant changes). And the architecture is simple enough for me to understand it without having to trust some external entity to always do the right thing and not break.

                                                                            1. 3

                                                                              You can look at the whole history over the last 10 years, and 1Password has never been down for more than 3 hours. Most outages are <1 hour, scheduled ahead of time for maintenance in the middle of the night. :shrug:

                                                                              I feel really good about giving them money!

                                                                              1. 5

                                                                                1password is a proprietary service, one day they will no longer exist.

                                                                                1. 4

                                                                                  There are many solid businesses that have been around since before the notion of free software even existed. And the average open source project doesn’t exactly have a long maintenance lifetime. I think I’ll take my chances.

                                                                                  1. 3

                                                                                    Pass is simple enough that it could be reimplemented in an afternoon if its ‘maintenance lifetime’ ended and it was (magically, for some reason, but I’ll play along) no longer available to decrypt my passwords.

                                                                                  2. 3

                                                                                    Is it more probable that I’ll stop existing first, though?

                                                                                    1. 4

                                                                                      Recent history is full of technology companies that have gone under, or were acquired and their services shuttered.

                                                                                    2. 1

                                                                                      However the 1Password apps store a local copy of the data so even if the servers go offline (or down forever) you can still access the data and the desktop app lets you export the data.

                                                                                      1. 3

                                                                                        That’s how it works today, but there’s no guarantee it’ll work like that tomorrow. And since it’s proprietary, you’re just along for the ride.

                                                                                        1. 0

                                                                                          That’s a little too cynical for my liking.

                                                                                        2. 1

                                                                                          LastPass and Bitwarden does this too. However, you can’t access it in situations when you’re online and they have a problem with their logon servers. Their apps reach out to the server to verify the login and get a fault condition. Their apps don’t then allow you to access the password vaults even though you have all you need to decrypt it locally. The local copy only works if you go offline first and then try to login.

                                                                                    1. 1

                                                                                      Nice! I recently went through this (also using Prosody) a few months ago, and it was relatively straight forward.

                                                                                      FYI the Conversations folks (of the android client app) have a XMPP server conformance tester you can point to your server to see what XEPs you might be missing: https://compliance.conversations.im/

                                                                                      Another thing that doesn’t work in Conversations is adding an account using an SRV record.2 Which kinda sucks, because having a chat. subdomain isn’t very clean, but whatever.

                                                                                      Weird, this works for me. It may be that you aren’t setting up the SRV records correctly? It was a little confusing how to make it work with the DNS provider I had at the time, since they obfuscated some of the fields. You can verify it with something like

                                                                                      dig _xmpp-client._tcp.example.com SRV

                                                                                      1. 5

                                                                                        Thank you for posting this. I like the analogy with learning to cook vs becoming a chef. It puts things in perspective!

                                                                                        I’ve been working on and off on a baby naming website for many months now. Based on user testing with a few friends I can tell the idea isn’t there yet. However my wife and I enjoy using it and are homing in on names that we both like. It’s tough because I think there’s a viable business and app here but so far it’s just me and my wife who enjoy using it!

                                                                                        You’re welcome to try it out: https://babynamer01.ihsan.io

                                                                                        Our plan is to go over previous lists of names we’ve liked, put a few into the fridge, and vote on them repeatedly every few days and see what sticks. I’m glad the app is able to help us and I’m glad it’s a home cooked meal :)

                                                                                        1. 3

                                                                                          I went through the ‘choose a name’ exercise ~6 months ago. One thing that we did, which sounds silly, but was actually really useful, was to pit names against each other, 1:1, tournament style. Each winner went on to the next round to be compared to another winner from the round. More than once we were stuck debating which of two names we each thought were better, and it was amazing! This technique relies on there being an existing pool of names you’re considering though, but maybe it could be included in some way into your tool.

                                                                                          1. 1

                                                                                            Thank you for this advice, we will try it by hand for now and I’d love to also include it in the tool.

                                                                                          2. 2

                                                                                            Where do you pull those names from? Are they common names somewhere in the world? Because to me they sound mostly like something out of a fantasy book. And I really liked a lot of them and would definitely think them good baby names.

                                                                                            1. 3

                                                                                              Where do you pull those names from? Are they common names somewhere in the world?

                                                                                              I get these from public government datasets. One of the most remarkable things I’ve learned out of this app is how many strange and wonderful names people give their children all over the world.

                                                                                              Here are links to the datasets:

                                                                                              USA names

                                                                                              US SSA: https://www.ssa.gov/oact/babynames/names.zip

                                                                                              UK names

                                                                                              https://github.com/leeper/ukbabynames/blob/master/data-raw/ukbabynames.csv

                                                                                              https://www.ons.gov.uk/peoplepopulationandcommunity/birthsdeathsandmarriages/livebirths/datasets/babynamesenglandandwalesbabynamesstatisticsboys

                                                                                              CAN names
                                                                                              1. 1

                                                                                                And of course I saw “Chlorine” cross my screen too. Some names are better than others :)

                                                                                                How do you handle religious names? I haven’t seen any deliberately religious names yet…

                                                                                                1. 1

                                                                                                  And of course I saw “Chlorine” cross my screen too. Some names are better than others :)

                                                                                                  In the US 5 female children were named Chlorine in 1919 and 5 female children in 1924, but not in the UK or Canada. The Social Security Administration (SSA) only records names used 5 or more times per year. I’ve played around with excluding names not used NNN times per year, I should expose this as a configuration parameter.

                                                                                                  This is why something I experiment with is leaving out names from the US, and only including UK and/or Canada.

                                                                                                  How do you handle religious names? I haven’t seen any deliberately religious names yet…

                                                                                                  I have also not noticed many religious names. I do not handle them explicitly…one of my main goals in this tool was to do as little manual (biased) intervention as possible. I

                                                                                                  • read in all names ever used in lots of countries (around 110,000 names),
                                                                                                  • do some pre-processing to for each name pre-calculate:
                                                                                                    • a) a dense vector that represents the pronunciation and estimated syllable count of the name using a hand-built model, and
                                                                                                    • b) a dense vector that represents the “cultural context” of the name using an open-source off-the-shelf model.
                                                                                                  • as you vote on names a per-name score is estimated, then a model is generated and updated to learn a relationship between the scores and the names’ pronunciation and cultural context.

                                                                                                  If you’d like to help me continue testing this app or learn more please message me. I hope to have some time soon to work on the tool.

                                                                                          1. 15

                                                                                            I love it, we all need a reminder that fully-fledged apps ≠ potential commercial apps. Stop shooting down that app idea you won’t make time for, just because it won’t sell!

                                                                                            Also relevant: “Snaplight serves an extremely niche need: mine.”

                                                                                            1. 10

                                                                                              And for us that want to make applications not for commercial/financial success, but to help people: your thing will likely be helpful for others long before it reaches your idea of being ‘complete’. Don’t give up because you feel like it doesn’t do everything you think it should.

                                                                                              I fall into this trap often, and need constant reminding.

                                                                                              1. 5

                                                                                                That’s also a great example of the principle! Like many devs, I have a secret plan to make some software for myself, sell it in the millions of copies and be the most successful, and when I seriously consider doing a project on the side with the purpose of it making me money, I’m stuck on “what problem should I solve”. But when I’m just writing a small CLI tool for me to automate importing that JSON output into this database over here, I’m just enjoying and frequently, when I show the tool to, say, teammates, they’d approve and I’d feel proud and be happy about it.

                                                                                              1. 5

                                                                                                If you’re looking for something a little different and a lot of fun, might I recommend GNUstep?

                                                                                                It might also be interesting to play with one of the less mainstream paradigms, like immediate mode GUIs.

                                                                                                1. 3

                                                                                                  imgui is not suitable for people who require accessibility features.

                                                                                                  1. 4

                                                                                                    True. A11y and, to a lesser extent, i10n are often completely ignored in the smaller or lesser-known toolkits. Electron and things built on it seem to be an a11y nightmare from what I can tell.

                                                                                                    My comment was more a “here’s some fun things you can mess around with that you may not have considered.”

                                                                                                  2. 2

                                                                                                    I did think about imgui a bit. I think that for my purposes it will require me to keep a lot of extra state, though. Also, re-render every frame is a bit expensive. I will take a look at gnustep.

                                                                                                    1. 2

                                                                                                      The “re-render every step” semantics aren’t meant to imply that that’s the implementation. That’s just the mental model for working with it, and libraries like Conrod work to only re-render the things that have changed.

                                                                                                      1. 1

                                                                                                        I mean like, you have to rebuild the tree every frame.

                                                                                                        Remember that imgui was created by a game developer; games tend not to have super complex UIs, and have to re-render every frame anyway.

                                                                                                        1. 2

                                                                                                          imgui was created really for game development tools, not even real game UIs. It’s meant to be quick and easy debug UIs, asset editors, etc. The kinds of things you get loads and loads of in game development. I think almost all commercial games just do their UIs from scratch.

                                                                                                          1. 2

                                                                                                            AAA game dev here. We used Coherent UI for our most recent project which is WebKit based. It’s just easier to find people who write HTML/CSS. Previous project was ScaleForm but no one would recommend that anymore as it’s Flash based.

                                                                                                    2. 1

                                                                                                      might I recommend GNUstep

                                                                                                      Is objective-c still a thing? IIRC GCC’s support for it has diminished, which is rather ironic for a project that includes ‘GNU’ in the name.

                                                                                                      1. 1

                                                                                                        Afaik, clang still has good support.

                                                                                                    1. 14

                                                                                                      There is a reason for the proliferation of Electron apps. There is a huge ecosystem, and the time to ship is fairly low. There are tonnes of FOSS IDEs in electron that you could take inspiration from as well. Don’t worry about the size of binary - the intersection of people interested in IDEs/notebooks and people interested in minimal memory footprint is tiny.

                                                                                                      1. 36

                                                                                                        No, just.. no. The whole idea of making individual applications that each depend on their own copy of a fully featured web browser that, get this, will almost never be updated to patch future security issues is an extremely flawed and dangerous practice. You do not need an entire copy of chromium to edit text.

                                                                                                        1. 11

                                                                                                          you’re right that you don’t need it, but that analysis is only considering the user’s perspective, and is only considering it from a narrow frame of reference.

                                                                                                          For one thing: most Electron apps in most situations are being deployed to users who will run just a few applications at a time; less than ten. I agree that you don’t need to run a web browser to edit text. The reality is that the vast majority of users will only run one instance of VS Code (or Atom). The question is not whether or not you need it, it’s whether or not you can get away with it.

                                                                                                          For the majority of orgs, staffing is significantly simplified with Electron, because it has significant overlap with the web as a platform. You can’t seriously consider the merits of Electron without acknowledging how much Electron lowers the barrier to entry.

                                                                                                          With that said: I absolutely despise building Electron apps personally, and I loathe using them. It is, in my opinion, a terrible platform. It does, however, solve real problems that are not solved by the alternatives.

                                                                                                          My hope is that the proliferation of Electron will give Microsoft pause, and will encourage innovation in the desktop application development space. (I don’t think this is likely, but that’s a topic for another day.) It’s an absolute embarrassment that Slack takes about 3x as much memory to run as Blender, when the former is just a glorified IRC client and the latter is literally a world-building tool. But at the end of the day, Slack is taking 350mb of memory in an age where entry-level machines have 4 or 8gb of memory. For most users in most situations, the bloat just doesn’t actually matter. The irony is that the people most affected by this bloat are software people, who are the exact people that have the power to stop it.

                                                                                                          1. 14

                                                                                                            The irony is that the people most affected by this bloat are software people, who are the exact people that have the power to stop it.

                                                                                                            This is a pretty shallow analysis. The people most affected by this bloat are the people with the least capable hardware, which is not usually people in software engineering positions, and certainly not the people choosing to write Electron apps in the first place.

                                                                                                            1. 3

                                                                                                              I think that’s broadly true but I left it off because I’m having a very hard time imagining a user persona that describes this problem in a way where it really is a problem, and where there are realistic alternatives.

                                                                                                              A big sector of the low-end PC market now is Chromebooks (you can get a Chromebook with 4gb of memory for under a hundred dollars), but that’s a circular issue since Chromebooks can’t run Electron apps directly anyway, they have to run Chrome Apps, which are … themselves Chromium contexts. That user persona only increases the utility of Electron, inasmuch as that entire market is only capable of running the execution context that Electron is already using: the web. By targeting that execution context, you’re lowering the barrier to entry for serving that market since much of what you write for Electron will be portable to a Chrome App. The existence of Electron is probably a net positive for that market, even if, yes, as I said before, it’s a very wasteful foundation on which to build your software.

                                                                                                              The Raspberry Pi userbase is particularly notable here. Electron is probably a net harm to RPi 3 and Pi Zero users. Electron is a problem for the RPi userbase, but that’s a highly specialized market to begin with, and newer models of the RPi are fast enough that Electron’s bloat stops being as punitive. (when I say specialized here I don’t mean unimportant or rare, I mean that it’s notably different from other desktop environments both in terms of technical constraints and user needs.)

                                                                                                              It’s easy to say “Electron is bloated, therefore harmful to people with slow computers”, but as a decision-making tool, that conclusion is too blunt to be useful. Which users, on which hardware, in which situations, attempting to access which software?

                                                                                                              And besides, it’s not like Electron has cornered the market on writing bloated software. Adobe Photoshop is written in C++ and uses a cool 1gb of memory without a single document open. The reality is that Electron empowers beginner developers to create cross-platform desktop apps in a way that is absolutely dominating the space because it focuses on solving problems that actually exist, instead of problems that are only believed to exist. The path to getting people away from Electron is not to say “don’t use Electron because it’s bloated”, it’s for other tools to figure out what needs Electron is satisfying that are not satisfied by the alternatives.

                                                                                                              1. 4

                                                                                                                And besides, it’s not like Electron has cornered the market on writing bloated software. Adobe Photoshop is written in C++ and uses a cool 1gb of memory without a single document open. The reality is that Electron empowers beginner developers to create cross-platform desktop apps in a way that is absolutely dominating the space because it focuses on solving problems that actually exist, instead of problems that are only believed to exist. The path to getting people away from Electron is not to say “don’t use Electron because it’s bloated”, it’s for other tools to figure out what needs Electron is satisfying that are not satisfied by the alternatives.

                                                                                                                That’s not a fair comparison given how many plugins and features out of the box Photoshop has.

                                                                                                                1. 1

                                                                                                                  The path to getting people away from Electron is not to say “don’t use Electron because it’s bloated”, it’s for other tools to figure out what needs Electron is satisfying that are not satisfied by the alternatives

                                                                                                                  We need basically the Flash Player, without the legacy timeline or embedded VM. A cross-platform, high-performance scene graph with a small but complete API surface that developers can mate to the language of their choice, be it a VM like JS or Lua, or Python, or with D / Rust or C++ code.

                                                                                                                  1. 2

                                                                                                                    the timeline and the AS3 VM are … kinda the core of Flash, so I’m not really sure what would be left. Without that stuff isn’t it basically just Cairo?

                                                                                                                    anyway, you know about Scaleform, right? Not clear by your answer if it’s already on your radar, but it was a licensed implementation of Flash, significantly more performant that Adobe’s implementation, that supported C++ interoperability, that was in its later years owned and run by AutoDesk. Using Scaleform to build the 2D UI for 3D games was a dominant trend in the games industry for over 15 years. Some people still use it today but it was cancelled years ago. https://en.wikipedia.org/wiki/Scaleform_GFx

                                                                                                                    1. 1

                                                                                                                      Not at all. Most (complex) software written in Flash over the last few years of its meaningful existence completely ignored the timeline, and consisted of only 2 frames, once being the preloader and the other being the application. The reason I think it should separate out the VM and provide only an API is to share the load / interest across people coming from different language communities who all want to show something on-screen without Electron.

                                                                                                                      Flash 2d was a lot more than Cairo, which is comparable to the flash.display.Graphics API used to draw each individual item on the stage. It’s a proper retained-mode scene graph with events and a pretty good text API built in. And Flex, which was built entirely in AS3 on top of the basic scene graph was and still is the most well-thought-out, well-documented, and easy-to-use (both for beginners and advanced cases) UI framework I’ve ever had the pleasure of working with, and I’ve messed about with bunch of them over the years. Adobe Corporate (and Jobs’ pique) screwed over a great team of talented people who built and maintained Flex, robbed us hackers of an excellent cross-platform… platform, and created billions of dollars of waste heat running multiple redundant entire copies of Chromium on desktops everywhere for years.

                                                                                                              2. 3

                                                                                                                My hope is that the proliferation of Electron will give Microsoft pause, and will encourage innovation in the desktop application development space. (I don’t think this is likely, but that’s a topic for another day.)

                                                                                                                Nope, they’re huge users of it.

                                                                                                                1. 1

                                                                                                                  I mean, my first example was VS Code and I said I thought this result was highly unlikely so … I feel like I’ve already demonstrated an awareness of that fact and I’m not sure what you’re getting at.

                                                                                                                  1. 2

                                                                                                                    Eep, I read it but didn’t catch that line. Sorry.

                                                                                                            2. 3

                                                                                                              the intersection of people interested in IDEs/notebooks and people interested in minimal memory footprint is tiny.

                                                                                                              In my experience the more someone crafts code, the more they care about memory footprint- even if it’s in the sense of “I’ll have less memory for testing my application”.

                                                                                                              1. 1

                                                                                                                In my experience the more someone crafts code, the more they care about memory footprint- even if it’s in the sense of “I’ll have less memory for testing my application”.

                                                                                                                I am with you to some degree - but we are talking about Notebook/repl-style applications here. These aren’t traditional applications in the sense that they are never daemonized, are always foreground applications, and are tested by manually tweaking and observing (or at least that is how I use notebooks). Also, I probably should clarify - if the application actually ships and people feel it is slow, then the effort involved in porting over to Qt or something might be justified. Most of the times, in crowded spaces, getting things to ship is more important than quibbling about memory use.

                                                                                                            1. 9

                                                                                                              Nokia N900. The official support has ended, but there’s still communities doing the work

                                                                                                              1. 1

                                                                                                                Are you still running stock Maemo, or something else?

                                                                                                                1. 2

                                                                                                                  running stock maemo with the upgrades from cssu

                                                                                                                  1. 1

                                                                                                                    Wow, I remember hearing of cssu a long time ago, I’m surprised it’s still going. It seems like one major issue now is that there aren’t any browsers supporting TLS 1.2 (since openssl on stock maemo is old), is that a problem for you?

                                                                                                                    1. 1

                                                                                                                      nope. mostly because i don’t use it for browsing the internet. but apparently there are ways to get around this by using things like: maemo leste or postmarket os (not sure about how usable those are)

                                                                                                                      1. 1

                                                                                                                        I’m one of the main contributors to N900 support in postmarketOS, and the situation there is better for browsing but the lack of any userspace 3D acceleration contributes to some poor UI performance. I’ve tried maemo leste recently, which uses the powervr sgx userspace driver, and the UI is (obviously) much better.

                                                                                                                        What do you use your N900 for exactly? (sorry for the questioning, I’m genuinely curious. I often dream about using only my N900 again for mobile whatever stuff)

                                                                                                                        1. 1

                                                                                                                          interesting, and what about performance in general?
                                                                                                                          i use mostly to: gaming, listening to music, reading, watching movies, and programming.
                                                                                                                          also like to take pictures, the camera is pretty good.

                                                                                                                          1. 1

                                                                                                                            Performance with Leste seems better than with stock Maemo (I didn’t measure it directly, it just felt like hildon was flying). It’s based on Devuan Linux, so quite a lot of software is available for it. I think audio (it works, but AFAIK there are no protections to prevent the speakers from being blown) and the camera are still WIP though, but I’m not really involved in that project so I don’t know what’s left to make those functional. Also telephone calls and SMS don’t really work unless you’re willing to play with ofono on the commandline.