1. 2

    This doesn’t seem to work? At least not in firefox. https://codepen.io/flyingfisch/pen/wyjQGP

    1. 7

      This article really helps cement the need for a nsfw tag.

      1. 4

        It has “sex toy” in the subject line. I’m not sure that an additional nsfw tag is quite warranted.

        1. 9

          It has “sex toy” in the subject line. The nsfw tag is entirely mandatory, so it can be filtered and that subject line isn’t showing up on people’s screens at work.

          I am extremely militant about appropriate tagging of NSFW content, because as stupid as it may be, people’s jobs are potentially at stake. The potential harm is nontrivial, and the cost is extremely low. If the tag is inappropriate, so is this story; and I would like us to be permissive enough to consider and maturely discuss content like this, regardless of the strictness of our workplaces.

          1. 8

            These are fair points. I’d generally argue that if somebody is at a job where the mere string “sex toy” appearing in a text corpus is enough to get them in trouble then they should leave, but I understand that that isn’t always possible.

            1. 3

              Respectfully, I live in the american south. I would love to organize with my fellow laborers and overthrow the shackles of capitalism, but until that day can we please have an NSFW tag?

              1. 3

                Might have channeled angersock there, sorry. Was just frustrated with the apparent callousness of the link poster in the meta, and I let it leak out here.

            2. 5

              I’m completely on board with this. I spend a lot of time skirting the SFW/NSFW line extremely closely in what I make, but while my work usually doesn’t involve actual porn/nudes/etc that would be visually considered outright offensive, I still consider it NSFW ‘cause, well, it’s sex, at all. So unless you work in some sort of content or hardware production related to the industry, it usually /is/ NSFW.

            3. 0

              filtering.

            4. 3

              I look forward to being the constant recipient of that tag.

            1. 1

              Does anyone know why Aperture Science is included in the style guide but not Black Mesa?

              1. 2

                Black Mesa suffered a physical breach, Aperture Science didn’t?

                1. 1

                  It’s been a while since I played the Portal series but what kind of breach did Aperture Science experience? Would the Wheatley takeover be considered a breach? Or Chell’s escape?

                  1. 2

                    I now realized I misunderstood your question completely.

              1. 3

                This is such a crucial plugin. I absolutely hate reading through all the cruft just to get the recipe. Its a shame I don’t use Chrome as my daily driver but I do appreciate you for making this.

                1. 3

                  What browser are you using most often to look at recipes? I was thinking about porting to FF if there’s traction on this one.

                  edit: ok fellas, you talked me into it, I’ll work on a FF plugin this weekend

                  1. 4

                    I’ll add a second request for FF support, it’s easier than ever these days as they both use web extensions: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Porting_a_Google_Chrome_extension

                    1. 3

                      Yep, I’m a Firefox user. I think there’s enough of us now to make it worth your while. I would offer a helping hand but I have never made a browser extension so I don’t think I’d be much help.

                      1. 2

                        I also use firefox and would be interested in this extension.

                    1. 1

                      This is a good resource but wow do I hate this url. I’ll just link to the github repo I guess.

                      1. 2

                        I agree, I almost didn’t post the article at all. :|

                      1. 6

                        Wow I couldn’t agree more with his assertions around e-mail. I’m seeing a generational divide happen, ADD youngsters are telling me “Email is awful!” on a fairly regular basis now. WHY? I’ve yet to get an actual, viable, useful answer.

                        Mostly what I get is “It’s so 5 minutes ago”.

                        1. 6

                          This is a good point. Email and Slack are just communication tools. The workplace is full of low-quality communication because most workplaces are low in quality: inept management, no real desire to motivate people, stupid projects, and crappy ideas. The problem never was email itself. Nor is it Slack per se.

                          It’s like the common comment about dating sites: the sites are a solved problem, but people are broken.

                          Now, Jira is evil and should die in a taint fire. That’s just an objective fact.

                          1. 3

                            I’m on board with your core sentiment here, and broadly characterizing a generation as suffering from a disability isn’t much better of a rationale than those “youngsters” are giving you for not liking email.

                            (Having spent a decade as a teacher and middle school administrator before venturing into dev work, I’m well aware of the very real challenges of keeping the attention of people younger than me…)

                            Not trying to poke you in the eye (metaphorically or otherwise). Just saying… 🍻

                            1. 2

                              What’s doubly amusing about your choice of wording is that I am in fact blind in one eye and low vision in the other, so go ahead and poke away as long as it’s the left side :)

                              And, to address the meat of what you’re saying, you’re right. I had no business being cavalier about the term ADD. Thanks for pointing that out.

                              I need to find a new turn of phrase to describe the ever shortening attention span of humans :)

                              1. 2

                                Haha… Well clearly I stepped in it there with my choice of metaphor. 🤦🏻‍♂️

                                Agreed. We definitely need a better shorthand for shrinking attention spans…

                            2. 2

                              My main issue with email is that unless everyone uses the same email client and email client settings things become a mess. Some people add replies at the bottom of the chain, others at the top. Some people use HTML email, some don’t. Some people have signatures 8 miles long.

                              It’s just so darn messy.

                              What I like about instant messaging is that it is quicker, (to me) more organized, and most of his arguments against it are mostly due to not knowing how to set status. If you don’t want to be distracted set yourself to “do not disturb”. I haven’t worked with a team where this was a problem (assuming you do eventually answer questions).

                              1. 2

                                It doesn’t have to be messy. HTML versus not should be transparent to you (I use mutt for work) - the top posting problem is a larger issue, and I blame Google and Microsoft. They’ve attempted to make mail act like IM.

                                There is only one true way to respond to email messages, and it was defined in RFC-1855

                                1. 2

                                  I’m not saying it has to be messy, I’m just saying it is in the real world. And while I could start sending mail that complies with RFC-1855, I still have to deal with everyone who sends me mail and doesn’t comply to any standard.

                                  HTML versus not should be transparent to you

                                  How? I use outlook at work because I need it for meeting requests, shared address books, etc.

                                  1. 1

                                    So, wait, you’re complaining about HTML email because you choose to use a GUI client?

                                    Fascinating, captain :)

                                    I too use Outlook/Exchange for meetings, but that’s all I use it for. My mail pipeline is fetcmail/procmail and mutt and it works famously with Exchange. Google it and see :)

                                    Your point about not being able to control unruly senders is valid, but I’m not sure that merits throwing the baby out with the bath water.

                              2. 2

                                Email has good properties, but I see many problems with email that other tools avoid:

                                • With email, it’s harder to jump into an existing conversation. You can’t just visit a link and read the existing conversation. You have to wait for someone to post something new to the mailing list, or ask someone to forward you the discussion so far. And then you have to read the previous messages with a zig-zag path – read top to bottom within each message, but read the list of messages bottom to top.

                                • The culture of email suggests that you surround your message with salutations and sign-offs. In most environments, every time you write a new email, you have to write “Hi John,” or “Greetings all,” at the beginning, and then “Thanks, Rory” or “Sincerely, Rory” at the end. It takes time away from writing the content of the message, time that is usually not worth the signaling it provides.

                                • In some companies, emails have signatures at the bottom that repeat information you already know such as the contact information of the company. It requires more scrolling and mental filtering to see the actual content.

                                • Emails have a sending delay and require writing subject lines. This makes them less appropriate for messages that should be sent in real time, because they are relevant to a real-time conversation. For example, if you are telling a coworker about a relevant blog post and why they should read it, it’s better if you can just paste the URL into a message with them and they get it instantly.

                                • Emails can’t be edited. If you make a stupid typo or forget an attachment, you have no choice but to either accept the error or to send another email with the correction. If you send a correction email, all readers have to manually apply in their heads your described patch to the original email – no one can apply the fix so the others don’t have to. And if someone else sends an email with a subject line that is revealed to be irrelevant, you can’t change the subject line to focus future discussion – the best you can do is send a correction email.

                              1. 9

                                This is a terrible idea. All lobste.rs meetups should be in Maine.

                                1. 5

                                  I think you meant to say “Nova Scotia”. ;-)

                                  1. 1

                                    Farewell to Nova Scotia, the sea bound coast

                                    1. 2

                                      Farewell to Nova Scotia, the sea bound coast

                                      Thanks for broadening my horizons. :-)

                                      https://en.wikipedia.org/wiki/Farewell_to_Nova_Scotia

                                      1. 1

                                        Haha, no problem, it’s one of my favorite folk songs :)

                                  2. 2

                                    That’s a funny way to spell Shediac, New Brunswick.

                                  1. 12

                                    I never understood the popularity of solarized. It lacks contrast and makes my eyes hurt.

                                    1. 12

                                      There was a blog post which said it was made with science or whatever. Science can’t be wrong.

                                      1. 3

                                        The implication that the goodness of something so subjective can be quantified really irks me. However, I think a lot of people ate this up, as I’ve seen people non-ironically citing this as a reason it is good.

                                        1. 3
                                          1. 2

                                            I hear it’s Cave Johnson’s favorite IDE color scheme.

                                          2. 5

                                            I’m more and more in favour of highlighting comments more than the individual parts in the code (variables, strings, …) – and I find that comments often have the least contrast :(

                                            1. 2

                                              In Visual Studio Code you can quite easily try this out since you can add your own customizations to the highlighting in the settings. For instance, you could add

                                                  "editor.tokenColorCustomizations": {
                                                      "comments": "#e1a866"
                                                  }
                                              

                                              to change the color of all comments.

                                            2. 1

                                              I think it depends a lot on lighting. I use the dark theme at evening/night, and don’t have a lot of light in the room. More contrast rich themes like Monokai hurt my eyes in that setting.

                                              The Solarized theme that comes with Visual Studio Code actually uses a base color with more contrast than the original design. But I find that rather annoying in the light theme, especially since they also use bold.

                                              1. 2

                                                More contrast rich themes like Monokai hurt my eyes in that setting.

                                                That makes sense. It’s funny, at night I will continue using typical white-on-black high-contrast color schemes but just drop the monitor brightness a lot if I happen to be hacking away in the dark. Usually I just turn the lights on, though.

                                                1. 1

                                                  For me both variants of Solarized are difficult to read in the daytime on a nice display and borderline unusable at any time of day on a low-end display. On the other hand, I find high-contrast dark themes too harsh, so I tend to use dark themes that are somewhere in the middle (~#999 on ~#222) and higher-contrast light themes (~#222 on ~#f5f5f5).

                                                  1. 1

                                                    gruvbox dark works well for me :)

                                                    1. 2

                                                      I think the red is perhaps, well, a bit too red in gruvbox. The (over-)use of red/orange/pink in many Solarized themes was part of the reason I made this variant.

                                                      Darktooth is another interesting gruvbox-like theme.

                                                2. 1

                                                  Agree on the importance of contrast. Lots of color themes are happy to use tons of different colors on things that aren’t completely semantically different (a numeric literal doesn’t always need to stand out a lot) while ignoring the more subtle details such as contrast.

                                                  I want the attention to detail Solarized has, but with more contrast, and something besides an ocean or a piece of parchment as the background. I’ve been using a version of Github’s color scheme in my editor for awhile, but have yet to really find a color theme that I really like.

                                                1. 12

                                                  Suggestion for the website itself: Don’t have the auto-load happen when you first scroll down to the bottom of the page. Let the user initiate that action so that the footer is still accessible. The Instagram website is a good example of this design pattern. Otherwise, really interesting stuff, thanks for sharing!

                                                  1. 5

                                                    Thanks!

                                                    This is somewhat of a meta-joke we have — autoload and unreachable footer are clear anti-patterns, yet we force them ourselves. But you’re right, we should eventually switch to initiating the autoload by user.

                                                    1. 1

                                                      Or make the footer stick to the bottom of the browser frame.

                                                      1. 9

                                                        ugh please no, floating elements are terrible and only limit screen real estate on small devices.

                                                        1. 2

                                                          I think floating navigation can make sense in some contexts since having navigation easily accessible can be important. A footer is not important to have always accessible though, so I would agree that it probably isn’t the best choice here.

                                                    2. 1

                                                      For me, it loads the rest of the page before Safari can even finish the bounce-back animation, so it just cuts it off in the middle.

                                                    1. 10

                                                      This add-on was installed and set to ‘OFF’ and made no changes in the user experience unless it was explicitly turned on by a user, but it was added. Even when turned on no user data was collected or shared.

                                                      Dear Chief Marketing Officer, you know better than to hide behind passive voice sentences. Did you ask legal to write this? I strongly urge you to resign effective immediately.

                                                      Sincerely, Yours truly

                                                      1. 10

                                                        Painful. But as much as I’d love to see it, it is rare for institutions to fully own their mistakes, no matter how obvious.

                                                        1. 2

                                                          I feel like I’m missing something. Can someone highlight how this is skewing the truth?

                                                        1. 30

                                                          I agree that the page should be served over HTTPS. I’m not sure I agree that the lecture which followed was necessary. Yes, the person replying to his initial tweet didn’t get it. It’s clear that this individual does not understand the importance of HTTPS. But within 30 minutes, they offer to forward his concern to the technical staff. Within 24 hours, there are comments on this blog post that the page has been switched to HTTPS. This indicates that someone of those technical people, in the space of a workday, corrected the mistake. I’m not convinced that this incident is evidence (in and of itself) of anything more than a nontechnical person unwittingly deploying a customer relations strategy that is inappropriate for the situation. Yes, banks and other institutions handling sensitive data should not make these mistakes, etc. But, like Torvalds, I’m also getting tired of the sanctimonious, unwarranted lectures from the infosec crowd. Not everyone understands the importance of SSL. Making people feel bad about this only makes the problem worse. In an era where everyone needs the benefits of infosec expertise and technology, the infosec community has a real user experience and user relations problem.

                                                          1. 18

                                                            Wow, I didn’t realize this was fixed within a day. That changes a lot of things, this article can now be summed up as “I didn’t like the way the PR person for NatWest’s twitter account answered me”.

                                                            1. 7

                                                              It’s pretty insane that he expects some social media person to understand what he is on about and be able to reply instantly with the right info.

                                                              1. 3

                                                                Truth me told, I do. Social media people are supposed to communicate between users and the company so I would expect whenever there is a chance that a user is reporting something important to forward it to an internal tech contact at the company. If your contact people don’t do that, what is their purpose? Pure marketing? Then don’t answer customers at all on these channels.

                                                                (And I do think that deploying HTTPS within 24 hours is actually pretty good within a big organization, so they do seem to employ competent people)

                                                                1. 1

                                                                  I’m sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy? DC

                                                                  They passed the feedback to the correct team. In my opinion, the social media people did their job at this point. It isn’t their job to understand what he’s saying, it is their job to pass the information to the right people. Apparently it wasn’t phrased well enough for this guy though.

                                                            2. 7

                                                              Just to play devil’s advocate:

                                                              • what about the 4 month old XSS vuln mentioned towards the bottom of the article, reported by @huykha10?
                                                              • their rushed-out fix now has problems of its own with mixed protocols, bad certs, and still no upgrade-insecure-requests

                                                              I side with you in that public shaming isn’t helping how people feel about properly implementing security, but it sure seems like it took someone making the news before they leapt into action.

                                                              1. 2

                                                                You’re right - it’s not as simple as they fixed it in a day. There is additional evidence of incompetence and not all of it seems to be simple ignorance. I’m not defending any of their sloppy security practices, including those in your list. At some point, publicly shaming them is a reasonable way to seek the desired outcome. I just don’t think it should be the first step. Tone is very hard to read on the web; to me, the author’s tone indicated that he assumed the worst from the start. It seems like many people now use accusative tweets to threaten public embarrassment as a way to quickly get what they want. The result of this routine, reflexive public shaming is a culture where people are afraid to admit what they don’t know or don’t understand. If the goal is to have a population that values security, I would guess (without any data) that it’s more effective to treat the uninitiated kindly and save the shaming for those who willfully and maliciously disregard well-established social norms (of information security or whatever else).

                                                                1. 1

                                                                  Thanks for the response! I totally agree with you.

                                                                  I’m also guilty of being flip sometimes when frustrated by something that I can’t get traction on. It’s tough to continue being helpful and polite when faced with a lack of ownership for an issue that you yourself can’t fix.

                                                            1. 3

                                                              And I’ll probably still manage to lose. :|

                                                              1. 2

                                                                Does anyone know what material was used to make this?

                                                                1. 2

                                                                  Someone else opened an issue asking this yesterday: https://github.com/ergenekonyigit/diy-macbook-stand/issues/1

                                                                  1. 2

                                                                    Look unanswered still. I’d suspect some type of 3d printed plastic? I’m not sure if I’d trust my laptop to live on a cardboard stand.

                                                                1. 13

                                                                  Finally! This article is about desktop, but OpenSSH is coming to all of Windows, including IoT Core where I work. I’ve been championing the upgrade for years now. Compared to our old SSH implementation, OpenSSH is more stable, supports newer encryption standards, and can send files over sftp.

                                                                  Very excited to see this land. Kudos to the Powershell team for putting in most of the porting work, and of course to OpenBSD for developing OpenSSH in the first place.

                                                                  1. 5

                                                                    Last time I tried anything microsofty in that sort of realm I started throwing things at the screen. (Can’t remember what it was telnet maybe? Their built in “term” thing?)

                                                                    It obstinately refused to resize, and got the wrapping horribly wrong and clearly had been written by somebody who had an ideological hatred of the command line.

                                                                    Downloaded putty and…. Oh My! It all just worked and worked correctly!

                                                                    So merely having a ssh client will not cause me to shift from putty, having a ssh client that works properly and slickly might convince me.

                                                                    1. 7

                                                                      Well, for IoT Core I’m more excited about the OpenSSH server than the client. I’ve been connecting to it with PuTTY.

                                                                      That said, the Windows command-line has vastly improved from 8.1 to 10. The biggest improvement is that text reflows as you resize the window. Copy/paste was also improved.

                                                                      Telnet and SSH are just transports. I bet your frustration was due to the old Windows conhost.exe being a terrible terminal.

                                                                      1. 2

                                                                        When you connect to IoT Core via SSH what shell are you dropped in to?

                                                                        1. 1

                                                                          Just plain old CMD. Usually Powershell is present too, but OEMs can choose to build an image without Powershell.

                                                                          If you want to connect directly to a Powershell session, it has its own remote shell feature, enter-pssession.

                                                                          1. 1

                                                                            There’s a more detailed answer by Joey Aiello in the HN thread.

                                                                        2. 3

                                                                          Their built in “term” thing?

                                                                          AFAIK some projects such as the Git command line utilities for Windows have for years now shipped with a TTY which is based on PuTTY’s TTY (just not using any of the SSH code or anything) and it’s much nicer.

                                                                          1. 2

                                                                            ConEmu is another tool that will improve your commandline life on Windows. As for Microsoft products, there are many people who swear by Powershell!

                                                                            1. 2

                                                                              Powershell is a nice shell, but it lives inside the same terminal (conhost.exe) that CMD does.

                                                                              1. 1

                                                                                Cmder is a great shell built on top of ConEmu that even has support for the quake-style appear/disappear animation.

                                                                            2. 2

                                                                              Try cmder for a decent terminal. The git version comes with a bunch of tools (including ssh, ls, etc) and provides a terminal experience on Windows that won’t make you throw things at the screen (hopefully!).

                                                                            3. 1

                                                                              That’s pretty impressive. OpenSSH makes a lot of POSIX assumptions about things like PTYs and fork.

                                                                            1. 1

                                                                              Is it available for download somewhere? I’m only seeing download links for 2.8.22.

                                                                              EDIT: Woops, completely missed the link to the development downloads: https://www.gimp.org/downloads/devel/

                                                                              1. 1

                                                                                Question is very relevant.

                                                                                https://download.gimp.org/pub/gimp/v2.9/windows/

                                                                                Windows users cannot easily get 2.9.8, as it’s simply not available. I wish that binaries were provided before sending such posts.

                                                                                1. 2

                                                                                  Use https://testpilot.firefox.com/experiments/snooze-tabs to remind yourself about it in a week or so :-)

                                                                                1. 3

                                                                                  Legos are basically the best toy ever, in my opinion. If your kids don’t have legos yet, buy some! :)

                                                                                  Especially just the brick sets as opposed to the kits, the kits always made me feel like I was forced into a limited number of designs. That said some of the bricks in the kits are super nice to have, like wheels and stuff.

                                                                                1. [Comment removed by author]

                                                                                  1. 3

                                                                                    I think that programming is like any other skill. Some people are born with a knack for it, some people can achieve proficiency through education, and some people won’t be able to learn it or won’t want to learn it. I don’t think there’s anything magical with programming that makes it different than other skills.

                                                                                  1. 9

                                                                                    “Falsehoods programmers believe about X” considered harmful.

                                                                                    1. 8

                                                                                      Falsehoods programmers believe about the phrase “X considered Harmful.”

                                                                                      Falsehoods programmers believe about the phrase “X considered harmful,” considered harmful.

                                                                                      Falsehoods programmers believe about the phrase “Falsehoods programmers believe about the phrase ‘X considered harmful,’ considered harmful,” considered harmful.

                                                                                      1. 5

                                                                                        Recursion considered recursive.

                                                                                        1. 3

                                                                                          “Recursion considered recursive” considered falsehood believed by programmers about the phrase “Recursion considered.”

                                                                                          if you torture the English language hard enough, you get poetry.

                                                                                          Haiku are easy.

                                                                                          But sometimes they don’t make sense

                                                                                          Refrigerator.

                                                                                      2. 2

                                                                                        Why? I find these sorts of posts quite illuminating, as they often skewer conventional wisdom.

                                                                                        1. 5

                                                                                          In my opinion it’s usually because they list the falsehood without listing an example of where it breaks down. These lists work better when you can point at a real-world case why X is a falsehood.

                                                                                          1. 2

                                                                                            Bingo!

                                                                                            1. 1

                                                                                              Exactly. Who cares if they skewer conventional wisdom if there is no evidence to prove that conventional wisdom should be skewered?

                                                                                            2. 3

                                                                                              The notion that such lists represent conventional wisdom is perhaps itself a falsehood.

                                                                                          1. 1

                                                                                            VS Code is very close to what I want. I just wish it’d somehow stop tempting me to use my mouse. I have a hard time learning keyboard-only interaction with any GUI editor it seems.

                                                                                            I’m normally on ViM, but tried VS Code for a good month at work. In that time I got RSI symptoms back.

                                                                                            I like my ViM setup, but it is dog slow. I really appreciated the speed in VS Code and editing in variable width font is awesome.

                                                                                            1. 3

                                                                                              editing in variable width font is awesome.

                                                                                              Could you expand on this? I’ve only ever worked with fixed width fonts, what are the benefits of a variable width font for programming?

                                                                                              1. 2

                                                                                                It’s entirely subjective, and I only did so for a month, but it just felt nice to read. It works well for code styles that don’t align stuff (like variable assignments, or ObjC messaging.)

                                                                                            1. 3

                                                                                              Visual studio code is amazing. There are tons of reasons here, but even without them I think the consistent performance in both Windows and Mac says a lot.

                                                                                              1. 10

                                                                                                Consistent performance on Windows, Mac, AND LINUX! I’ve been using it for Go Development on arch for a while and it’s extremely good. To the point where I’m thinking of switching from Sublime Text entirely. I was really resistant to trying it (M$) but it’s probably the nicest GUI Editor/semi-IDE-thing that I’ve used.

                                                                                                1. 4

                                                                                                  Does it have good vim emulation yet? Haven’t tried it as my main editor in a few months now.

                                                                                                  1. 4

                                                                                                    It’s not perfect (my comparison is evil-mode in Emacs which is close to perfect) but it’s good enough. Basic editing/movement is great, but it runs into trouble with things like multiple-cursor support (it tries to implement block-visual mode with multiple cursors and sometimes gets into a…situation).

                                                                                                    1. 5

                                                                                                      heretical statement: i prefer evil-mode in Emacs to Vim.

                                                                                                      1. 2

                                                                                                        Oh, me too, and maybe I should have mentioned I do miss Spacemacs terribly in VS Code. But most people wouldn’t file that under “vim emulation”. :) [Edit: and also it occurs to me that macros run really, really slow, so I switch back to Emacs for complex editing.]

                                                                                                        1. 1

                                                                                                          Same

                                                                                                    2. 3

                                                                                                      It has “fine” vim emulation, but not good enough to feel natural when I’m pairing with my coworker who uses it.

                                                                                                      1. 2

                                                                                                        It has some okay keystroke emulation, but I miss a lot of the more niche features of vim, like page marks, bufdo, and good macros. I realize it’s all of the stuff that makes vim “vim” to me, and not just modal editing.