Threads for donpdonp

  1. 11

    For those confused by the title, “Linus Gabriel Sebastian is a Canadian YouTube personality. He is the creator and host of the YouTube channel Linus Tech Tips.”[1] Hence LTT on the front page of the linked site.

    [1] https://en.wikipedia.org/wiki/Linus_Sebastian

    1. 5

      A friend pointed me to a ‘gopher successor’ called Gemini. https://gemini.circumlunar.space/

      1. 7

        Right at the top of that page, it doesn’t claim to be a Gopher successor:

        Gemini is a new internet protocol which:

        • Is heavier than gopher
        • Is lighter than the web
        • Will not replace either

        My big beef with Gemini is mandatory TLS. If you’re hosting your own server anyway, avoiding the overreach of adtech oriented HTML/CSS/JS is easy to do. TLS appears to be on a path to being unavoidable, which ends up obsoleting older clients even for public content that’s intended to be globally accessible. Since it requires annual cert renewal and contains periodic protocol changes, this isn’t a one time thing: it turns the web into a sliding compatibility window, where if you want your server to talk to the install base of browsers you have to drop support for older ones. That, in turn, forces your users to run software that’s written by companies doing adtech.

        In fairness, Gemini addresses the last point: a sliding compatibility where the client is written by people who aren’t trying to abuse you. But it’s still a sliding compatibility window.

        At some point I’ll end up hosting Gopher (still haven’t yet) mainly to opt out of TLS and use a protocol that can be reached from anything. FTP is another option that’s more specific in nature but is more widely supported than Gopher. Both feel like a computing form of Latin: being obsolete means being unchanging means very broad compatibility.

        1. 5

          What I find amusing about your reply is that there is a group of people who are adding TLS to gopher.

          FTP is not popular anymore due to it’s lack of encryption (kids today!) and it’s rather baroque method of working (client connects to send commands, but the server then connects back to the client to send a file), but it does have a feature I haven’t seen on HTTP—the ability to direct a transfer of a file from server A to server B from a client on C.

          1. 2

            Since it requires annual cert renewal and contains periodic protocol changes, this isn’t a one time thing: it turns the web into a sliding compatibility window, where if you want your server to talk to the install base of browsers you have to drop support for older ones. That, in turn, forces your users to run software that’s written by companies doing adtech.

            Adtech company effects aside, the main reason behind both certificate renewal (at least according to Comodo) and TLS version updates is to force servers to stop using ciphers that have vulnerabilities. I don’t know the answer here myself, so I present the questions to others on this site: Is there a way to design an evergreen cipher, or will changing our ciphers be a constant battle against humans and increasing compute?

            1. 4

              Is there a way to design an evergreen cipher

              Personally I think the first step is to stop and ask “why do we encrypt data?”

              It’s true that some applications require confidentiality, like when interacting with a bank website.

              But I’d argue the vast majority of cases here - essentially every Let’s Encrypt user - is really trying to achieve tamper resistance, despite the content being well known. The post you just wrote is public - it’s not encrypted in transit because it’s sensitive information, and it seems highly unlikely that the fact that I read your post is confidential either (particularly now I’m replying.)

              But if the real problem is tamper resistance, the obvious solution is digital signatures, not encryption. The great thing about digital signatures is you can have many of them. You have a cleartext message, so any client can see the contents; an old client can verify contents to some outdated level; and a new client can verify contents more thoroughly.

              At the risk of going conspiratorial, I think Comodo have a financial interest in frequent certificate purchases. The real question is why the browser vendors are in favor of it, but their identities hint at potential answers. Compute capacity doesn’t increase enough in 365 days for that to be the real reason. Perhaps ciphers can be flawed (in the design sense), or perhaps this is trying to prevent a brute force attack that takes >365 days to complete from being feasible, but both of these seem unlikely to be the real reasons.

          1. 17

            Can we please not start posting random wikipedia articles on lobste.rs? It’s extremely low effort..

            1. 6

              Voting is supposed to take care of uninteresting/low-effort posts. Seems like people like this post anyways. I love ncdu! Cuts through disk cruft like a laser-sword.

              1. 3

                As an aside, this Wikipedia article definitely doesn’t meet their notability guidelines as written. Not criticizing the tool itself, but the article has 0 secondary sources

                  1. 1

                    Was the screenshots link on the tool’s homepage not working? That includes many screenshots including a better version of the one attached to the wikipedia article.

                    1. 1

                      Ah, I was only looking at the homepage and missed that page. Those are great. Thanks

                1. 2

                  What’s the story with regards to delivery to major providers and self hosting email these days?

                  1. 3

                    I can’t speak for others, but I’ve been self hosting my email for a few months now, with no delivery problems whatsoever. Configuring the server to get messages to actually send and not end up in spam was difficult, but once it was done, things basically worked without issue.

                    1. 3

                      you don’t always know when mails you sent end up in the recipient’s spam folder.

                      1. 2

                        Or when Gmail silently throws them away with no error or warning. Don’t even show in spam. Just <poof> and … gone.

                      2. 2

                        I’ve had the same experience running Maddy on Hetzner.

                        1. 1

                          Considering how much of my life depends on a working email address and seeing all the horror stories of Gmail blocking accounts apparently for no good reason and with limited ability to appeal, I’m seriously considering hosting email myself too.

                          Could you elaborate what were steps you needed to do for outgoing messages not to end up in the receiver’s spam folder?

                          1. 2

                            It mostly came down to properly setting up the DNS records for authentication. The Arch Wiki page for setting up a mail server is a very useful resource for this. For the most part, setting things up was just trial and error, troubleshooting until things worked. In my experience, hosting email actually isn’t that difficult. It’s definitely not easy, but if you know what you’re doing, it’s definitely doable, and it’s far from the hardest thing I’ve hosted in the past. Of course, this is just my experience, and obviously others have had experiences that differ a lot from mine, so definitely do your research before committing. Especially if you’re extremely dependent on having a working email address, it may be safer to either keep your current email, or just migrate it to a service other than Gmail if you feel uncomfortable with them.

                            One other thing to note is that if you’re using a VPS, make sure your VPS provider actually allows you to self host email. Many VPS providers block crucial ports such as port 25. The process for getting these port(s) unblocked for your server differs from host to host; some don’t let you unblock it at all, for others you just have to open a support ticket and request it.

                            1. 2

                              Using some form of domain authentication is crucial. https://explained-from-first-principles.com/email/#domain-authentication

                          1. 7

                            I had a coding interview this year that did not go well and felt really misplaced. My entire 20 year career had no bearing on the interview (other than to get it in the first place). It was to code a representation and traversal function of a directional graph. Yes the topic is applicable but the conditions are very artificial. It felt like for example a famous geometric mathemetician with numerous published papers, and the interview is - here solve this rubix cube in the next 5 minutes. What?

                            What I’d like to see is an analysis of what I have done. Instead of hunting resumes, there should be an automated analysis of all my github repos, looking for certain patterns or structures applicable to the job being filled. Then the job is more or less offered up front - hey we see you’re already good at this. If you want the job, its yours.

                            1. 1

                              Continuing development on a matrix-irc bridge in vlang. The existing bridge can be difficult to get information from when things go wrong. Also its a chance to work with vlang in a ‘real’ project. https://nest.pijul.com/donpdonp/ircbr

                              1. 1

                                The Cosmopolitan build is intriguing but a bit confusing:

                                $ file wasm3-cosmopolitan.com 
                                wasm3-cosmopolitan.com: DOS/MBR boot sector
                                

                                which is supposedly in APE format. from the readme: “APE is a polyglot format that runs natively on Linux + Mac + Windows + FreeBSD + OpenBSD + NetBSD + BIOS.” not sure how to run this. simply setting the execute bit gives “zsh: exec format error: ./wasm3-cosmopolitan.com”

                                1. 6

                                  zsh currently has some POSIX incompatibility, but you can run it with

                                  sh -c "./wasm3-cosmopolitan.com <args>"
                                  

                                  also if you have wine installed or some specific environment, you may need to register the binfmt:

                                  sudo sh -c "echo ':APE:M::MZqFpD::/bin/sh:' >/proc/sys/fs/binfmt_misc/register"
                                  
                                  1. 2

                                    Same error here. @jart got a patch merged into ZSH, so it’s probably that you don’t have master. It works on modern Bash versions though

                                  1. 1

                                    a no-nonsense terminal is a handy thing indeed. http://nanocom.sourceforge.net/ has been my go-to for a long time. nice to have another option though.

                                    1. 1

                                      wcalc is a great, simple, text-mode calculator. its been in the ubuntu package archive since at least 16.04.

                                      1. 5

                                        If there is one thing I wish configuration languages would adopt, its to drop commas all together. Clojure’s EDN format does this and its great. Whitespace is a natural separator for lists.

                                        1. 3

                                          i have a config language that i wrote that does that. it converts to json, so for a while i was writing configs with this as a json preprocessor; the moon command converts moon files to json with moon to json; programs would just use the json file. i haven’t used it much recently because it drives other people nuts when you say “hey let’s use this config format that i invented that nobody else has ever seen”. https://github.com/jordanorelli/moon

                                          1. 1

                                            A project with 30 stars isn’t really unknown. It looks like a good configuration language at first glance.

                                            It would be interesting to have a precise comparison of the differences with what looks like the nearest one: Hjson.

                                          2. 2

                                            Hjson lets you totally drop commas if you want. There’s none in my example.

                                          1. 7

                                            For some reason I was hoping this client was entirely browser client-side. I guess thats not possible since the browser cannot open a generic TCP port (is this still true?). Since Convos uses a server side daemon, its worth comparing to https://thelounge.chat/ which is a fantastic self-hosted web irc client.

                                            1. 4

                                              Yes, that’s basically true. IIRC the javascript on FFOS could do it, but the javascript used in browsers cannot.

                                              Good thing too, or shady web pages could do a lot of fun things with the services on your local network.

                                            1. 1

                                              First I’ve heard of WebMentions, what an incredibly odd RFC. What’s the need here and how does WebMentions fulfill it?

                                              1. 7

                                                I think it is a neat idea.

                                                It allows me to know when someone mentions one of my blog posts, so I can check what they have to say about it. If I ever need to, I can write a response to an article on my blog and let the original author automatically know about it, without needing to use their comment system (if they even have one).

                                                As a reader, if well implemented, it allows me to follow the discussion about a given article across the web (something I would have a hard time to do without it).

                                                I would define the need as: having a way to discuss and share ideas without the usual limitations of a traditional comment system.

                                                1. 2

                                                  Well explained!

                                                2. 2

                                                  Maybe this helps to understand it: https://indieweb.org/Webmention

                                                  1. 1

                                                    I mean, I get what it is, I just don’t get why it is or what it solves. In principle, it is a way to notify someone (if you choose) that you have linked to their site (if they support it). So is the need here to know when your site was linked to? This doesn’t really provide a complete view of that and seems to rely heavily on scraping services to tell you that someone linked to you anyway. Why even have the spec at that point? That’s what I mean by I don’t get the problem that this solves.

                                                    1. 3

                                                      The “Indieweb” reason for webmention is to host your own comments/replies. If your comments on an article live on the server of the article, they can be removed. Hosting it yourself means more control over your content. If a service were to be taken down permanently, take medium.com for example, the comments from all the indieweb folks would remain online in some form.

                                                      1. 2

                                                        I lack the resources to scrape every new site that appears (or indeed the ones that already exist).

                                                        1. 1

                                                          But this doesn’t do that for you. It just gives someone the option to notify you if they want to.

                                                          1. 3

                                                            It tells me where I might want to scrape. You’ll never get everything, but you don’t have to.

                                                        2. 1

                                                          It enables communication in a decentralized web. Webmentions are like “reply”, “like” or “mention” notifications on Twitter. On the one hand it can be used as notifications, but it can also be used to automatically parse the source and display some context on the target, like comments.

                                                          For example, see the “Interactions” at the bottom of this page: https://jlelse.blog/dev/aoc-2020-day1-2

                                                          1. 2

                                                            Right, that’s still the what rather than the why. Assuming the why is “I want to have replies, likes, and mentions on my site for no specific purpose.” This spec feels like a poor way to accomplish that. There’s no verification of authenticity. You just get a GET request from something and post it on your site? Or don’t and just say you did? Or spam someone’s poor implementation for some free link backs?

                                                            1. 2

                                                              The spec (https://www.w3.org/TR/webmention/) includes verification (point 3.2.1 and 3.2.2). And it’s up to you how to process and display mentions or whether to display them at all. I don’t use any scraper service or social media like Twitter. It’s nice to see when people mention my posts though. And the spec is quite simple. It’s usually the first build block people implement when they get into the IndieWeb.

                                                              1. 3

                                                                I’m thinking about adding webmention support to my blog, and the reason is that I think it’d be fun see if and when someone references my posts and what they’re saying about them. Possibly I could reply to them if I think it’s warranted.

                                                                In my case I’d probably implement it as an email sent to me on each mention, and not automatically add links to the posts referenced (both to avoid spam, and my blog is static and javascript free, so it’d be complicated to do).

                                                                1. 1

                                                                  Sounds like a good idea :)

                                                    1. 6

                                                      This is one of the biggest advantages of mocks, that you don’t need their underlying type to be extensible, just their API stable.

                                                      I don’t understand why it’s not “make your code interface stable, and add new interfaces rather than upgrade old” as opposed to “just don’t assume any code you call’s behavior will follow any assumptions at any time”.

                                                      1. 1

                                                        Make new interfaces but keep the old. One is silver, the other is gold.

                                                      1. 2

                                                        Interesting detail on resierfs(3) and nicely presented. I figured there would be a tie-in to resier4 but there is not.

                                                        1. 6

                                                          Now that laptops regularly reach $2k at the same time $40 arm boards provide enough power for many uses, I am hoping something comes out the “cyberdeck” camp (try an image search). Something that uses a 3d printed case, an existing laptop keyboard and screen, that people inclined to modify and upgrade their laptops the way they do their desktops might be possible.

                                                          1. 4

                                                            thats great to see RethinkDB still lives. Last release is Dec-2019. I found it’s client library query style was fantastic, and the server side management very usable.

                                                            https://github.com/rethinkdb/rethinkdb/blob/v2.4.x/NOTES.md

                                                            1. 3

                                                              Yeah, I got into it last summer and was initially saddened to learn that it had been considered dead for quite some time. Then, elated when I learned they were doing things behind the scenes to get the communitiy up again.

                                                              I truly believe RethinkDB is the superior and developer friendly alternative to MongoDB and have been singing its praises. I’m excited for what the team will release this year.

                                                            1. 21

                                                              I love having a home server that is something I can ssh into from anywhere and takes only 5W of power. I use it for tmux+weechat (IRC), HomeAssistant, a few web pages served by nginx, and a USB Disk is connected to send backup data from my laptop.

                                                              1. 9

                                                                This is awesome! mrustc is used by Guix to bootstrap Rust. This drastically shortens the current bootstrapping chain:

                                                                https://guix.gnu.org/blog/2018/bootstrapping-rust/

                                                                1. 1

                                                                  While an amazing accomplishment in its own right I couldnt find an answer to “but why?” until now. Thanks.

                                                                  Favorite line item: “mrustc currently does no borrow checking – so memory safety of our rust@1.19.0 is mostly guaranteed in the sense of ‘someone else built rust@1.19.0 using another Rust compiler and thus ran the borrow checker already’.”