1. 3

    Now we get to enjoy cross-site-scripting in all desktop apps. Isnt that a wonderful world, we live in? /s

    1. 34

      It’s a hipster-free

      This may just be the most hipster thing I’ve seen since COBOL on Cogs

      1. 6

        COBOL on Wheelchair also exists.

        1. 5

          do not forget bash on balls: https://github.com/jneen/balls

        1. 9

          I have been doing remote work for 5 years and I think the “work room for work” and “don’t work in your pyjamas” rules are overrated. I am doing just fine typing this from my couch while waiting for a build to finish.

          1. 8

            For my first two years working remotely I had a dedicated office in my house. I think that helped me to build the discipline and boundaries necessary.

            6 years in, I can work effectively and with balance in about any situation.

            1. 5

              Same here; I think the rules for “transitioning from office-based work to remote work” are very different from “effective remote work for someone who’s used to it”.

              1. 1

                I found out that when my home office became my work office my new home office was the coffee shop after working hours.

              2. 1

                I work from home about 2 days a week (at my last job it was 3 to 4). I often didn’t shower until the end of my work day and I’ve never been in a place large enough to have a separate work room.

                I do run multiple X servers. Ctrl+Alt+F8 is my work X11 instance and I have a different username for it. My git repos have my work/home laptops as each others remotes so I can push branches back and fourth without touching origin. (I often squash some of those intermediate commits before creating a real origin pull request).

                I often find my time at home is way more productive. Open work spaces such and even my fancy noise cancelling headphones can’t drown out some of the chatter around me.

              1. 5

                this full-throttle tinfoily panic mode of some people right now. “move to hosted gitlab!!1 that will show ‘em!!11”. i’m not anti-gitlab, but hosted gitlab has the same set of problems like github. like, for example, being bought by $EVILCOMPANY

                if microsoft now decides there will be no more free repos, it’s ok! they can do with their property however they please (just like before that acquisition github could’ve done). don’t bitch about the free lunch not tasting right. that is the deal if you use resources of others for free.

                1. 3

                  I think for most people, if gitlab took a similar turn, a self-hosted (or pay someone else to host it) OSS version of GitLab would be fine.

                  People use gitlab.com because it’s hands-off, not because it’s the commercial version for free.

                  1. 3

                    It’s not “that will show em” at all. No idea where that is being quoted from.
                    I can say my statement was, IF the MS acquisition bothered you, and there is enough historical precedent that it may reasonably do so for reasonable people, then note that Gitlab does currently have 1-click repository migration from GitHub. In addition that is is also a possibility that Github may unilaterally sever that capability IF the migration becomes a flood. Ergo if you are going to do it, then do so now and don’t wait.

                    1. 1

                      it was a purposely overstated made-up-quote (easily spotted by the liberal use of “!!111”).

                      microsoft is an actor on the market and as a result does things to maximize profits. one only has to take that in account when choosing to use their services. i’m not overly happy with it either, but gitlab is an actor too and plays by the same rules, including the possibility of being acquired. just self host, it’s not even hard, scaleway has prepared images for that for example.

                      regarding the importing functionality: if they break the mechanisms to do that, i guess many other things won’t work as well, like bots acting on issues, etc. i don’t think they will break the whole ecosystem, as effectively that’s what they’ve paid for. maybe they’ll do that in the extended future, like twitter breaking their api for clients.

                    2. 2

                      Imagine what would happen when MSFT after buying GH also gets travisCi , which i believe they will do :)

                      1. 2

                        It should also be quite a bit cheaper, afaik they never took VC money.

                    1. 17

                      The vcs tag seems wrong. Git works fine without GitHub. This is more a business story.

                      1. 1

                        Why is there a fork icon next to your username?

                        1. 3

                          Maybe it’s a comment on the merged discussion submission?

                          1. 1

                            looks like it

                      1. 2

                        There is also a sub-category for “remote friendly”, which applies to me and a few collegues: You are remote all the time since you live on another continent or at least a few 1000km away from work, but you travel there occasionally. The company is mostly not remote though.

                        1. 3

                          Trying to stay sane while working through a massive merge at work. The things I have seen…

                          1. 2

                            How much traffic on average does each Netty node process? Kind of interesting that you can get the kind of performance you need out of a JVM app, but I suppose the secret is scale, not individual node throughput.

                            1. 2

                              The way we run it isn’t necessarily indicative of how performant the OSS core version is. We’ve added a ton of stuff to it like hashing, encryption, decryption, auth, metrics, geo etc. that makes us heavily CPU-bound. In terms of performance on the JVM, Netty is really good. They go to great lengths to limit the creation of garbage and use native bindings to optimize moving byte buffers around.

                              Generally you are correct though, it’s not about individual nodes, it’s about fleet size. We tend to favor running more, smaller nodes than few large ones. This lessens the impact of any single node failing and allows us to do incremental rollouts to test new features (i.e. canary testing).

                              1. 3

                                Very cool, thanks!

                                Always makes me laugh when I hear hipsters bemoaning the death of Java, they get so incredulous when you mention that it’s still running everywhere doing mission critical work and shows no signs of slowing up anytime soon.

                                1. 2

                                  The local, grocery chain just upgraded to touch screens from their DOS-looking stuff. The menu’s have little coffee icons on top of a weird UI. Gotta be a Java app with its non-native GUI. Most of the jobs out in my area similarly are asking for C# or Java. Stuff is everywhere.

                                  1. 3

                                    Gotta be a Java app with its non-native GUI

                                    I am always baffled by these comments. We are living in a world where almost everything is a web-app (chat, email, documents, wikis, sales processes whatnot) and they all look totally different. Nobody seems to care there.

                                    1. 2

                                      On desktop, we should do better, expected better, and we used to be better. But I guess Swing begets Electron in the end…

                            1. 19

                              Kind of funny to see this coming from Gruber, who has been a consistent defender of keeping systems closed in the name of user experience. Facebook used to have RSS feeds, too, and Google Chat used to support XMPP; the writing’s been on the wall for a while. I am surprised that he (and the third-party app maintainers) are really naïve enough to imagine that Twitter can be talked into maintaining these APIs (which allow people to use their service without being advertised to) in the long term.

                              1. 7

                                Indeed. The problem (for both Twitter and Gruber) is that Twitter started out as a classic Web 2.0 play with open APIs, and only later realized that can be a money drain. Later services like Instagram only offer API access for the real customers - the advertisers.

                                1. 12

                                  Yup. This alone makes Mastodon a superior alternative. Now the trick is getting the masses to move over :) (Though, I’m not REALLY sure I want that :)

                                  1. 3

                                    Yeah, or Twitter could have a paid tier that allowed 3rd party apps, better privacy tools, etc. But that’s not the way they want to roll, apparently.

                                    1. 2

                                      (Though, I’m not REALLY sure I want that :)

                                      I know the feeling! I kinda liked Twitter better when my acquaintances weren’t in it, and we had actual meetups of Twitter users

                                    2. 3

                                      Later services like Instagram only offer API access for the real customers - the advertisers.

                                      Instagram is an even worse example of API bait-and-switch than Twitter - they offered API access to developers (in 2014), deprecated it this January ¹, and then completely removed access this spring, months before the deprecation deadline ².

                                    3. 2

                                      I honestly never understood why anyone cares what Gruber has to say. I give him credit for inventing markdown. Really great idea!

                                      All the rest he produces seems to be some variation of “apples is so amazing” and “google is so awful”. Most probably that is confirmation bias on my end, but really: Why does anyone care what Gruber has to say?

                                    1. 14

                                      There’s also rlwrap for the occasional interactive utility that doesn’t support all these familiar keybindings.

                                      1. 1

                                        +1 for rlwrap. Back when I had to use the oracle cli I praised the day that I discovered it.

                                      1. 4

                                        I am doing remote work for 5 years now and it is always on the JVM. I am working in the big-data area, but I have touched the frontend from time to time as well.

                                        For me personally the biggest hurdle with remote work is not the remoteness, but the time zone difference. I am 9 hours ahead of the company I work for, so that can be very challenging at times, but so far, it seems to work okay.

                                        1. 1

                                          I am doing remote work for 5 years now and it is always on the JVM.

                                          That’s interesting, thank you. I was once quite proficient at Java - back in the days of Java 1.5/6 - but I didn’t like it much so have avoided it for the last decade or so. There’s a lot more running on the JVM these days though. Do you see much demand for Clojure, for example?

                                          I am 9 hours ahead of the company I work for

                                          I used to be 8 hours ahead of most of my company (I was in a satellite office). I loved it! I got most of my work done when the rest of the company was asleep.

                                          1. 1

                                            This is my second remote Java job in a row and it was always pure java. In BigData-land you see a lot of scala, but not much clojure.

                                        1. 3

                                          Does anyone know if there’s a simpler alternative to Google Analytics which only shows hit counts? For my site, all I’d love to know is which pages have been viewed how many times. I really don’t care about anything else.

                                          I wish Netlify would provide some sort of basic log analysis of static sites, telling me the view count of each page.

                                          1. 5

                                            If you have access to your web-server logs, Goaccess may be a good candidate. It’s quite easy to use and not really intrusive.

                                            1. 1

                                              I actually don’t since I’m on Netlify. Otherwise this would be an ideal solution.

                                              Most of the static websites are hosted on either Github Pages or Netlify and (as far as I know) neither of those allow you to see the access logs.

                                              1. 4

                                                You can host a 1x1 pixel on Amazon S3 and enable logging for the associated bucket. Add a query string to identify the current page. A simple transformation on the logs (to remove original URI, keeping only the one in query string) and you should be able to use GoAccess.

                                            2. 1

                                              Does anyone know if there’s a simpler alternative to Google Analytics which only shows hit counts?

                                              I think what you’re looking for is a web counter from the 90’s :)

                                              1. 1

                                                I don’t! But this sounds like a good service for someone to provide. Something SUPER lightweight. Could even eventually show it on https://barnacl.es

                                                1. 1

                                                  back in the days https://www.awstats.org/ was a thing

                                                  1. 1

                                                    It still is. I know quite a few customers who still use awstats.

                                                1. 2

                                                  That google font tool is nice. Finally I can get rid of the last google dependency on my site.

                                                  1. 2

                                                    as a non ruby programmer I wonder: What do you all need infinite ranges for that you need a special syntax for it. I think I never had a need for that. So I wonder, what are they used for?

                                                    1. 2

                                                      How about a game loop that keeps track of ticks?

                                                      As a Ruby programmer I have definitely written infinite ranges a handful of times - it does come up, though it’s not common.

                                                      1. 1

                                                        there are examples in the blog post, but (also as a non ruby programmer) I don’t find any of them particularly compelling

                                                        1. 1

                                                          I am a Ruby programmer, and I’m also not sure what people need infinite ranges for so often.

                                                          1. 1

                                                            I use them, but that’s probably me porting Hasellisms to Ruby more than a common Rubyism. Things like: (0..1.0/0).zip(array)

                                                            1. 1

                                                              Yeah it’s probably more Ruby-ist to use each_with_index for that, but it’s interesting that that works.

                                                        1. 1

                                                          The true about this blocking isn’t “counter-terrorist and counter-extremist”, they are scared TOR tokens.

                                                          1. 2

                                                            What is a Tor token?

                                                          1. 2

                                                            Am I the only one that thinks that all these netflix things are extremely over-engineered? The bulk of their content is not even served from AWS, but from boxes that are close to the eyeballs.

                                                            I am not saying, I could build one in a weekend or anything like it, but what do all these servers do? There is hardly any user interaction, except search and maybe giving a rating. The search is also not that big, given the size of the catalog they serve per country. The traffic comes from local caches. What is all this for, except keeping engineers in the bay area busy?

                                                            1. 19

                                                              just a psa, I don’t and have never worked for Netflix, all of this is mostly conjecture from experience.

                                                              sure, I think that micro service bloat is probably a problem that they have. and many of the FANG companies suffer from NIH (not invented here syndrome), in some cases because of (IMO) broken promotion processes that require engineers to ship “impactful” work at all costs, and in others just because they have an unlimited amount of money to spend on engineering time.

                                                              That being said, even the most trivial problems become quite difficult at the scale that they’re working at – they have 125 million subscribers worldwide, which means peak time is almost all of the time. In addition, maybe you only use search and ratings, but what about admin UI’s? What do customer service teams use? What tooling do content creators use to get materials onto their platform, and what do they use to monitor metrics for content once it’s uploaded? What about ML and BI concerns, SOC2 concerns, GDPR concerns? I could go on forever perhaps. It’s very difficult to reconstruct all of the reasons for the way any platform evolved the way it did without getting a historical architecture overview. But! Their service is very reliable and their business is profitable, so they must be doing something right. (not that there isn’t always room for improvement)

                                                              1. 15

                                                                There was a good presentation at StrangeLoop last year: Antics, Drift, and Chaos. The short version is “Netflix is a monitoring company that, as an interesting and unexpected byproduct, also streams movies.”

                                                                1. 1

                                                                  this is great! thanks for the link – I’ve got to get to strangeloop next year.

                                                                  1. 1

                                                                    What kind of monitoring do they do, do you know?

                                                                    1. 3

                                                                      We use Atlas for monitoring.

                                                                  2. 1

                                                                    The result and the press is not as important as the journey. Being able to failover that quickly such a huge infrastructure is impressive, but the most important part is how they managed to achieve this and improve their work-flow, resiliency, and many other things along the way!

                                                                    1. 1

                                                                      I assume these other boxes are Very Important^TM for authorization and provides the search/indexing functionality of their service. The CDN boxes they ship out do nothing but host the videos, and not all videos exist on each box, so something would have to handle directing you to the correct node.

                                                                      You can’t stream the videos if you can’t get authorization, so…

                                                                      1. 1

                                                                        Those boxes they ship to ISPs only hold a subset of content. They still have to deal with routing a request to the closest node with the content they want, and update the ISP cache box with that content when there’s a spike in demand for something that isn’t cached locally. If your AWS nodes are down and nobody on the ISP requested Star Trek in the last N hours, you’re up shit creek with the customer requesting it unless you have a good fail over strategy.

                                                                        I doubt those ISP cache nodes do local authentication or billing, either.

                                                                        1. 1

                                                                          Do you know where the movie content lives though? I’d be surprised if any of it was served from AWS hosts, instead I’d expect it on a CDN somewhere. I don’t think @fs111 is saying that Netflix doesn’t do anything, but rather does their architecture actually make sense given what they do?

                                                                          My two cents is that it is probably overengineered and that is probably because it happened organically because nobody really knew what they were doing. With hindsight we could probably say some things are needed or could be done simpler.

                                                                          1. 2

                                                                            The video content, at least as of a couple of years ago, is encoded by EC2 instances into a bunch of qualities/formats (some on demand, I believe?), which live in S3 and are shuttled to around to various ISP cache nodes as needed.

                                                                            Netflix doesn’t use a CDN, they are a CDN.

                                                                            1. -1

                                                                              Netflix doesn’t run S3, though, which, for my point, is not different than outsourcing to some CDN.

                                                                              1. 2

                                                                                S3 isn’t geographically distributed at all. It’s RAID with a REST API. It’s nothing like a CDN – Netflix does all the CDN things (replication, dynamic routing-by-proximity, distributing content to multiple edges close to customers) at their own layer above the storage layer.

                                                                      1. 1

                                                                        I came from a gradle company to a maven company and the amount of support-wrapper-scripts and duct-tape around maven here is crazy. Maven says that all builds are the same, except that they are not. Gradle would be so much better here, but I have other things to focus on right now…

                                                                        1. 18

                                                                          Why do you need REST to send an email? All programming languages have libraries to send emails via SMTP.

                                                                          1. 11

                                                                            Hi,

                                                                            It’s my personal opinion (I haven’t synced with @pushcx about this) that allowing image embeds was a bad idea - I’d go so far as to say irresponsible, as several of you have. It opened the way to privacy violations of the type @liwakura’s post exemplifies, as well as wasting people’s bandwidth. I’m actually a bit surprised that the bandwidth is the bigger concern for most of you, but that’s my personal bias.

                                                                            With that said, as somebody who reviews a lot of launches, I know that it’s always easy to miss things. It’s always about asking myself “what’s missing from this picture” - what part of the implications isn’t part of the write-up, which is going to be a surprise later. I wasn’t in the loop about the April Fools theme change, but I don’t blame @pushcx for not thinking about the implications of allowing embeds. It was one small detail in a much bigger effort, and it’s a lot more obvious in hindsight than it would have been while writing it.

                                                                            Catching every negative consequence of a new feature is a lot of work, and I imagine it was overshadowed by the work of building something meant to be fun - it must have been a significant amount of engineering work to build. I hope some of you did enjoy it. I personally didn’t like the UX, but I thought it was hilarious, and I probably would have agreed with the general concept if I’d been asked.

                                                                            I ask everyone to try not to argue with each other. Yes, mistakes were made. We’ll have to talk through what action is appropriate as mods, if any. Meanwhile, I ask people to show empathy for each other and not let this devolve into arguments. I promise that your concerns have been heard.

                                                                            Thanks,

                                                                            Irene

                                                                            1. 7

                                                                              This is a solid roundup. I’m sorry I didn’t think to proxy the images, I missed the privacy issue. @liwakura missed the consequences of his prank and has apologized and, no, I’m not going to ban him for it.

                                                                              1. 6

                                                                                In addition to what Irene said, i want to apologize for the harm i caused to several users. Mistakes were made, forgetting about mobile crustaceans was one of it.

                                                                                For the people worrying about the data: My logs are stripped of the last 8 bits of IPv4 and last 64 bits of IPv6 addresses. The data points i have are thus not traceable to your home or phone.

                                                                                I also want to encourage the community to keep calm, i’ll be cooperating with the staff to address open concerns.

                                                                                1. 2

                                                                                  Thanks for taking time to address this. I’ll leave it to yall as to how.

                                                                                  Far as you wondering about data used vs stolen, many folks (me included) assume about anything online might get hit by hackers at some point. Double true if it’s not designed for security like a forum software. We just hope to be notified so we can change passwords, tell friends why they’re getting odd emails, etc. Whereas, data use on mobile is something that might cost us money directly or even cut off our ability to receive important communications.

                                                                                  So, at least for those like me, we’d find a data leak (esp non-malicious) to be eyerolling or irritating with its hypotheticals whereas massive data use might do real damage. This time I was lucky enough to have a good plan. :)

                                                                                  1. 2

                                                                                    That explanation makes sense. Thank you.

                                                                                  2. 2

                                                                                    I get your point, but maybe we did not need the “launch” in question at all. I personally find all these Aprils fools things super annoying. Maybe less is more and next year lobste.rs is not participating. That would be great.

                                                                                    1. 3

                                                                                      I definitely consider that a valid option. I feel bad telling other people not to have fun, but I’m not really a fan of April Fool’s.

                                                                                      I can promise your view is noted and will be weighed for next year.

                                                                                  1. [Comment removed by author]

                                                                                    1. 9

                                                                                      If the forum allows it, anyone who can link an image in their signature is “tracking” users and has access to this information.

                                                                                      The 600MB file, I’d agree with, though.

                                                                                      1. 0

                                                                                        By the way, it was pushcx himself who replaced the big image with an humerous remark. Might not have been the brightest idea to put it there in the first place.

                                                                                      2. 4

                                                                                        The lack of response or action from @pushcx is sad to say the least.

                                                                                        1. 3

                                                                                          He was there when it happened. They saw the picture, people joked on it, pushcx removed it, put his own comment on it into my signature, i liked it, other people liked it, i kept it. Some people had a good laugh. At this point, i was still assuming that most lobste.rs users were on desktop.

                                                                                          After compiling the statistics, i felt like, “Oh shit”. Mistakes were made. I can’t turn that back now.

                                                                                          You should have been there when it happened, then maybe you would have an different perspective on it. I dont want that pushcx now gets shit from people missing context. Mistakes were made.

                                                                                          1. 1

                                                                                            Just because @pushcx was “there” when it happened doesn’t mean that it’s OK. You abused the trust we all have in this website and I’m starting to feel like @pushcx is abusing my trust in him as the sysop to act fairly across the board. Not only did you pry into the privacy of users you wasted their time, money and energy doing so.

                                                                                            1. 2

                                                                                              users weren’t required to download his tracking pixel. they chose to run software that would download it by default. i consider this a lesson about the state of our software ecosystem.

                                                                                              1. 5

                                                                                                This is a strawman. Every browser behaves this way. What is the lesson supposed to be? Do not trust lobste.rs and move to a better community?

                                                                                                1. 2

                                                                                                  are you using the term strawman to refer to any argument you disagree with? or did i actually construct some sort of strawman?

                                                                                                  lynx doesn’t behave this way. firefox doesn’t behave this way, with 3rd party images disabled in matrix. the tor browser would not leak data this way. the lesson is that the web is a hostile environment because we allow it to be. if we all used more secure browsers, sites that are broken by the security features would lose traffic. but we allow it to happen.

                                                                                                  1. 0

                                                                                                    No, the lesson should be do not trust the browser.

                                                                                                    1. 3

                                                                                                      so you have a whitelist of domains that you trust or how do you use the www?

                                                                                                      1. 1

                                                                                                        I try to use it as little as possible and when I use it, I consider it a hostile attacker that I don’t trust.

                                                                                                        If at some point there will be a bitcoin miner on the site, I won’t consider myself betrayed by anyone, as nobody made any promise to me, nor I expected anything from anyone. I will simply move on with my life. If I am concerned about blowing through my data allowance, I won’t visit radom websites in the first place.

                                                                                                        It seems that currently there aren’t any javascript bitcoin miners here on this site, but I have no expectations that there won’t be any tomorrow or some other day.

                                                                                          2. 2

                                                                                            Probably worth probation for a week or two.

                                                                                            Hey, if we are doing the 2000s BB thing, let’s go all in! ;)