1. 11

    There seemed to be quite a bit of interest when I mentioned what I was doing in the What are you doing this week? post, so thought I would polish off the blog post sharpish and get it shared!

    I don’t normally write this much about a topic, but I had to stop myself going too in the reeds for this one. If there is a specific subject that people find interesting I could deep dive though

    1. 2

      but I had to stop myself going too in the reeds for this one

      If you ever felt like going far off in the reeds, I would click that link so hard. Did you tweak kern.bufcachepercent or whatever it’s called to keep YAML files in memory?

      1. 2

        Thanks for the encouragement. I haven’t needed to change it from the default, mainly because the data volumes I have right now are relatively small.

        One of my hobby projects is a clone of Lobste.rs written in this stack and while it is functional it isn’t ready for an onslaught of traffic yet.

        Memory usage is of course something that gets constant attention though, so if it transpires I need to up kern.bufcachepercent then the option is there like you say.

    1. 22

      The youtube link is broken because I moved to vimeo when youtube started unconditionally showing ads on all videos. Here’s the vimeo link

      edit: never mind, I figured out how to get the embed code for vimeo and updated the article itself to have the new video link.

      edit2: this article (and the syntax highlighting, formatting, etc) is the main reason I have been dragging my feet to redo my personal web site. I want to avoid breaking this page. it’s encouraging to see that this is not in vain, and that it is worth preserving. cheers

      1. 3

        I remember seeing this article around the time it was published and I think I wrote to you. It’s still one of the most impressive write-ups I have seen.

      1. 2

        I use rsync.net for off-site backups.

        1. 3

          This is a great review, even taking OpenBSD aside! In particular:

          New to the seventh generation is a Dolby Atmos four-speaker sound system, which thankfully does not need any awful hacks to get working, and produces a very full, loud sound. There are now two speaker grilles on the top of the keyboard deck in addition to the two on the underside of the laptop. The new sound system is pretty much the only reason I decided to get another X1 Carbon, as the speakers on my Matebook X are also Dolby Atmos powered and it’s hard to use any other laptop that doesn’t sound as good.

          This is huge. I switched from Mac back to PC last year and bought an Alienware 17 R5 because I wanted the big display and scissor keyboard with lots of travel and good feedback. The laptop is overall really really nice but… The built in speaker is AW-FUL.

          Why do so many PC makers think they can cheap out on this? You’re paying serious $$$ for a machine is a decent sounding speaker too much to ask?

          1. 4

            I am the complete opposite: I plug headphones in when I want sound. I hate that laptops ship with speakers at all.

            1. 1

              You don’t EVER want to fill your room with the sound of the game you’re playing or the music you’re listening to?

              Fascinating, captain :)

              1. 1

                Can relate. The only 2-3 times I’ve ever used the laptop speakers was on business trips when I was alone in my hotel room and didn’t want to use headphones… and ofc when I didn’t have speakers with me.

                1. 1

                  So, that’s my point.

                  Mac laptop speakers are of good enough sound quality that in ~15ish years of using Mac laptops I never felt the need for external speakers. It’s that good.

                  Given that the tech exists, I’d expect PC laptop makers to do the same.

                  1. 1

                    Guess we have to agree to disagree then. Never owned any MacBook but whenever someone was playing music in the office from a MBP.. I’d day Lenov is 2-3/10 and a MBP is maybe 5-6/10. I never thought “Wow, this sounds awesome” - more like “Wow, this is only 40% terrible” ;)

                    NB: My main machine has never been a laptop, so I’m really used to a 5.1 system or big speakers or headphones.

                    1. 1

                      No disagreement really!

                      NB: My main machine has never been a laptop, so I’m really used to a 5.1 system or big speakers or headphones.

                      Ah, THIS makes perfect sense!

                      If you’ve got your ears/brain tuned to the sound of a full bore 5.3 setup, no laptop speaker is ever going to cut it.

                      Been thinking about buying a SMALL 5.3 system for my home office, but we’re super crunched for space and the center speakers all seem beastly big.

          1. 6

            Sure, it may be hard, but it is possible to give up graphical interfaces entirely—even in 2019.

            Graphical browsers have the benefit of presenting a readable layout. Most webpages are difficult to navigate in w3m, unless they are extremely barebones. Looks like w3m is not fully pledged, either.

            I live in the terminal for most non-browser things and being able to SSH from my wimpy laptop/desktop to a beast of a server is my killer feature.

            Editing images, audio and video from the commandline is something I rarely do but I have seen people do it.

            1. 7

              Editing images, audio and video from the commandline is something I rarely do but I have seen people do it.

              I’m not sure command line tools are capable of editting images and video in any useful or meaningful sense. Adjusting color, touching up areas, checking focus, etc. are innately visual thing to do, and by their nature don’t lend themselves to bulk processing and automation in most situations.

              1. 3

                Depends on the edit, doesn’t it? If you have two images and you just want to place one next to the other, that’s easy. If you have an audio file and you want to splice out the section from 1:30 to 1:45 and cut the volume on everything after 3:00 to 50%, you don’t need anything visual for that.

                1. 6

                  I didn’t mention audio, and it does seem more amenable to command line processing than images and video because it doesn’t really have a visual component.

                  For images and video it does depend somewhat on what the task is. Certainly specific edits lend themselves to command line tools, but it’s such a small subset of possible edits I don’t think it’s very useful.

                  The image editting I’m most familiar with is photo touch up and RAW conversion, and even the most basic adjustments like white balance or exposure would be incredibly tedious and error prone with command line tools.

                  In a sense the whole concept of image editting is pointless without a way to view the results anyway.

                  1. 1

                    I agree with you, for an image here or there, when you aren’t quite sure exactly what you want done, a GUI image editor is generally easier.

                    When you need to edit more than 10 images… or automate your editing(as part of some application/website) then a CLI interface to do these things is beautiful.

                    If you know exactly what you want done, regardless of file count, then a CLI might be easier. Like @technomancy said, or stripping JPEG metadata or something.

                    So I think it has a lot more to do with what you are doing and why, as to the CLI being better or not for editing of images, movies, etc.

                    1. 1

                      When you need to edit more than 10 images… or automate your editing (as part of some application/website) then a CLI interface to do these things is beautiful.

                      Interesting. Do you have any suggestions for a tool to do these things that is more amenable to the task of on-the-fly image editing than, say, GIMP or Photoshop?

                      1. 3

                        I use python’s pil/pillow[0] for automation stuff, and for CLI imagemagick[1].

                        Both are great ways to mess around with images. There is ffmpeg[2] and vlc[3] for video, etc.

                        As I mentioned before none of these CLI tools are particularly great for on-the-fly, not sure what you want done sort of tasks. But they are great tools to have in your toolbelt for automation or repetition.

                        0: https://pillow.readthedocs.io/

                        1: https://imagemagick.org/script/command-line-tools.php

                        2: https://ffmpeg.org/

                        3: https://www.videolan.org/

                      2. 1

                        or automate your editing(as part of some application/website) then a CLI interface to do these things is beautiful.

                        I feel like the ideal here is a gui tool with an internal shell without its own language just with several new shell builtins to handle the work.

                2. 4

                  One thing I’ve been experimenting with – very preliminarily, just for personal use, and not entirely in the terminal, to add some caveats – is moving some of my browser usage out of the browser. I don’t really like any of the textmode browsers, but when there is some kind of alternative API, you can interface with things in non-browser ways. For example, two websites I use very frequently are Wikipedia and OpenStreetMap, and they both have APIs.

                  For various reasons most of the experimentation with alternative interfaces seems to be on mobile. Wikipedia has an official app (which loads faster and has a nicer UI than the browser version), and there are various OSM apps. I don’t necessarily want to write full-fledged native apps on the desktop, but it’s nice that I have the option to bypass the browser layer if I want to look up a Wikipedia article by name and then display the text somewhere.

                  1. 4

                    I have been doing the same, but on the terminal. There’s dict for dictionary lookups, translate-shell for Google Translate (and a few other translation services), I wrote my own scripts to get DuckDuckGo and Google search results, Wikipedia summaries, and I use rtv pretty often.

                    I still have a browser open most of the time, but just having them be an option is pretty nice - it cuts down on unnecessary searches, I have not needed to write translate.google.com in years, and it makes even very underpowered machines usable.

                    I don’t necessarily want to write full-fledged native apps on the desktop, but it’s nice that I have the option to bypass the browser layer if I want to look up a Wikipedia article by name and then display the text somewhere.

                    You could throw Tcl/Tk at the problem. Put a search bar at the top, add an htmllib widget, and bask in the HTML 2.0, browserless goodness.

                  2. 1

                    are there fully pledged graphical browsers?

                  1. 12

                    This is a very well-written article. I really dislike GitHub and hate working with it. Especially for small changes, it is very cumbersome to open a pull-request and having to deal with all the kitchen-sinking. I much prefer the way to just send a patch to a mailing list, where it can be discussed and merged.

                    1. 9

                      Isn’t code browsing of the pull request on the web much more convenient than applying the latch locally? I’ve used both GitHub and gitlab pull request flows on a lot of commercial products, and it would’ve been a pain to go through the email process.

                      TBH, I can’t remember when was the last time I used email aside from automatic notifications and some of the headhunters (most already prefer linkedin and messengers anyway).

                      1. 20

                        Here’s a video which demonstrates the email-based workflow using aerc. This isn’t quite ready for mass consumption yet, so I’d appreciate if if you didn’t repost it elsewhere:

                        https://yukari.sr.ht/aerc-intro.webm

                        1. 5

                          Wow… I’ve known for years that the git+email workflow was behind a more distributed model for open source development, but all my experience is on github and so making the switch has felt too-difficult. This article and this video together make me feel compelled (inspired?) to give it a go. aerc looks amazing.

                          1. 6

                            Consider giving sourcehut a try, too :)

                            1. 3

                              Thanks for making sourcehut!

                              I took a look a few times but I can’t seem to find any obvious documentation to setup and configure it. I fully acknowledge that I may be blind.

                              1. 5

                                I assume you don’t want to use the hosted version? If you want to install it yourself, instructions are here:

                                https://man.sr.ht/installation.md

                                There are only a small handful of installations in the wild, so you might run into a few bumps. Shoot an email to ~sircmpwn/sr.ht-discuss@lists.sr.ht or join #sr.ht on irc.freenode.net if you run into issues.

                          2. 2

                            Having tried to record a few casts like this, I know how hard it is to do a take with few typos or stumbling on words. Well done.

                            The idea of using a terminal emulator in the client is a cool idea :). I usually use either VS code or sublime text, though this gives me an idea for a terminal ‘editor’ that just forwards to a gui editor, but displays either a message, or mirrors the file contents.

                            1. 2

                              I can’t do this either :) this is edited down from 10 minutes of footage.

                            2. 1

                              I have done the same thing albeit differently in my client[0]! I don’t have any casts handy, but the whole patch apply, test, HEAD reset, branch checkout/creation is handled by the client. I’ve also started patchwork integration.

                              [0] https://meli.delivery/ shameful plug, because I keep posting only about this lately. Guess I’m too absorbed in it.

                              1. 1

                                Ah, it’s this! I filed an issue because there doesn’t appear to be any public source, and I wanted to try it.

                            3. 1

                              I think locally you can script your workflow to make it as easy as you want. However not many people take the time to do this (I haven’t either).

                            4. 2

                              This is a very well-written article. I really dislike GitHub and hate working with it. Especially for small changes, it is very cumbersome to open a pull-request and having to deal with all the kitchen-sinking. I much prefer the way to just send a patch to a mailing list, where it can be discussed and merged.

                              I think a bridge would be nice, where emails sent can become pull requests with no effort or pointless github ‘forks’.

                              1. 2

                                Worse yet, barely anyone remembers that Git is still a “real” distributed version control system and that “request pull” exists - and, yes, you didn’t mean to say “pull request”. The fact that GitHub called their functionality a “pull request” is somewhat annoying as well.

                                Edit: I’m glad the article mentions this in the P.S. section - and I should really read the entire article before I comment.

                              1. 27

                                Maybe I’m old and bitter.. but I have serious concerns about how we as a community can get captured by Microsoft via things like GitHub and their Citus Data purchase. “We” struggled to keep up with free implementations of things like CIFS and now some popular open source resources are under Microsoft’s control.

                                We risk that all the people able and willing to do important work are all tied up on Microsoft products and don’t have the energy or legal freedom to work on open source.

                                1. 24

                                  I think we should be extremely careful. For may people e-mail means Google Mail, search means Google search, social network means Facebook/Instagram/WhatsApp.

                                  It is not inconceivable that GitHub becomes synonymous with development, especially with the strong backing of Microsoft. Network effects are extremely strong and I think we are already at a point where a lot of (newer) developers don’t know how to do code reviews outside GitHub PRs, only consider putting their open source projects on GitHub in the fear of missing out on contributions, and/or put their projects on GitHub since it gives the largest opportunity to get stars which are good for their resume/careers.

                                  This trend of tying more and more things from GitHub into GitHub makes things worse, since additions to GitHub are not a level playing field anymore. GitHub can make all the APIs that they need, 3rd parties have to use whatever APIs GitHub chooses to make available.

                                  We should try to make more and more projects available through sr.ht, GitLab, and other ‘forges’ to ensure that there are healthy and viable alternatives.

                                  1. 8

                                    I hesitate to reply since I don’t have much to say that goes beyond “me too”, but in this case I think the importance of the subject merits a supportive response anyway. I very much agree with these concerns and would like to thank everyone who’s raising them.

                                    1. 2

                                      I would love to ditch GitHub as:

                                      1. its been ugly for 2 years now https://twitter.com/mdo/status/830138373230653440

                                      2. its been bloated for several years

                                      3. its closed source https://github.com/github/pages-gem/issues/160

                                      but the alternatives i know of are even worse. sourcehut doesnt even offer HTTPS push:

                                      Date: Fri, 16 Nov 2018 14:07:39 -0500
                                      From: Drew DeVault <sir@cmpwn.com>
                                      Subject: Re: Welcome to sr.ht!'
                                      
                                      On 2018-11-16  1:04 PM, Steven Penny wrote:
                                      > I would prefer to write over https not ssh, is it possible
                                      
                                      This is deliberately unsupported - SSH is more secure.
                                      

                                      GitLab doesnt offer contributions in last year:

                                      https://gitlab.com/gitlab-org/gitlab-ce/issues/47320

                                      and their commits use… shudder infinite scrolling:

                                      https://gitlab.com/gitlab-org/release/tasks/commits/master

                                      1. 2

                                        sourcehut supports HTTPS cloning but only SSH pushing

                                        1. 1

                                          corrected thanks - I want HTTPS clone and push - seems silly to offer only 1

                                    2. 4

                                      We risk that all the people able and willing to do important work are all tied up on Microsoft products and don’t have the energy or legal freedom to work on open source.

                                      Is this risk related to GitHub Sponsors in any way?

                                      1. 5

                                        GitHub is popular now. If they start abusing their power too much then there is plenty of competition.

                                        Since you mention you’re old, do you remember when SourceForge was great and all the developers would host their projects there?

                                        1. 4

                                          I don’t remember SourceForge relying on network effects that much though. Sure, the source and releases were there, but I don’t think all of the development activity was tied up to it, was it?

                                          1. 7

                                            SourceForge also provided mailing lists and that was probably the primary code review and support channel for many projects.

                                            1. 5

                                              SourceForge also had issue tracker. It was headache to migrate. For example, Python project wrote custom tooling to migrate SourceForge issues.

                                              1. 3

                                                It was also a all-in-one platform and people who learned to contribute to one project could translate that knowledge to the other projects.

                                                At the time there were much less integrations between services and there were at least an order of magnitude less developers, so it doesn’t translate 1:1.

                                                One advantage GitHub has is all the special treatment for tooling but other than that I don’t see the network effect being too strong. Developers are the best equipped to escape. Projects are still independent from each-other and it’s easy to migrate projects to GitLab if necessary. If fact they must have seen a lot of projects leave already after the Microsoft acquisition and I bet they are being extra careful, which is good for us :)

                                            2. 2

                                              Agreed. This should be obvious and I’m surprised people who care about free software are giving GitHub any attention at all.

                                              1. 1

                                                And our battle cry will be “Remember Stacker”.

                                              1. 2

                                                Needless to say, SSH is no longer exposed to the general internet. We are rolling out a VPN as the main access to dev network

                                                I see this often with SSH, RDP and it baffles me. It’s as if people think VPN services cannot have security bugs, be bruteforced or otherwise abused. I have dismantled several VPN solutions that were ‘protecting’ much safer services.

                                                Bastion hosts, however, are a fine way of reducing the attack surface, and users can have one key for the bastion hosts and another key for the internal services they need. The ProxyJump feature is too overlooked.

                                                1. 6

                                                  I’m not sure I understand the idea here.

                                                  We are supposed to generate unencrypted keypairs and leave the private keys floating around on our systems in the hopes of catching SSH key abuse?

                                                  1. 5

                                                    It’s neat that you can do this sort of thing with nginx rules. That said, I’m a big fan of PostgREST for solving the problem of quickly building a REST API from a database schema.

                                                    1. 2

                                                      PostREST looks to be in Haskell. What are your experiences with running it in production?

                                                      1. 1

                                                        I’ve never used it in production for a customer-facing project. I have used it very happily with a personal project where I had a bunch of data in a postgres database and just wanted to make it easy for a web frontend to query it. It was easy to configure and worked perfectly sitting behind nginx. The package was included in my distro’s package manager so I didn’t have any Haskell build issues.

                                                    1. 3

                                                      IMO, Vim help is the most underestimated feature of Vim

                                                      I have been using vi/vim since .. 1999(?) and it took me a looong time to get beyond beginner. The fact that we still have to learn vim tips by sharing configs and articles speaks to how poorly the documentation is presented. My primary sources for going beyond beginner were vimcasts and more recently greg hurrell’s screencasts.

                                                      It’s fine that help is built in for powerusers, but in a typical terminal window, :help gets half the width or height. Good luck reading new material like that while trying it out. I have never been able to find an up-to-date vim documentation in HTML format. I just now discovered that neovim has documentation available in browsable HTML format.

                                                      Also, I cannot find Vim changelogs anywhere. I learned about packs and async by accident. I still don’t know how to use async. Looking at neovim.org, I see the latest news is from 2017, so I assume nothing worthwhile has happened since then.

                                                      1. 5

                                                        Looking at neovim.org, I see the latest news is from 2017, so I assume nothing worthwhile has happened since then.

                                                        Plenty has happened. Newsletter is coming soon.

                                                        There’s also a releases page that makes it pretty clear that several major releases have occurred, not to mention the pulse page.

                                                        1. 4

                                                          Thanks.

                                                          You will probably want to include releases with changelogs under the news headline. For example, on OpenBSD.org, it only takes one click from the front page to get a list of changes in the most recent release.

                                                        2. 4

                                                          I agree that Vim documentation is hard for newcomers. But for me it was invaluable.

                                                          Also, I’ve used https://vimhelp.org/ as up-to-date online doc. Currently it’s built for Vim 8.1.

                                                          1. 2

                                                            Also, I cannot find Vim changelogs anywhere. I learned about packs and async by accident.

                                                            The Vim changelogs are within its help system, linked from within the Versions section in the top-level help. The most recent file describing changes is at :help version8.txt – it describes packages, async I/O, and more in its New Features section. (Note that Vim’s async implementation works differently from NeoVim’s.)

                                                          1. 9

                                                            Beer, board games & metal music with friends. And maybe the lawn.

                                                            1. 1

                                                              \m/

                                                            1. 1

                                                              Of course this does not consider the additional attack surface created by the components opensc and pcscd.

                                                              While YubiKeys are great, the additional exposure in browsers and SSH currently seems too dangerous and too fragile for most people to use. I hope pledge() and such can help this get integrated better in OpenBSD/OpenSSH.

                                                              1. 7

                                                                Either I am reading this completely wrong or there suggested solution here makes things worse than what it tries to displace. The ncurses abstraction at least opens up for providing a non-terminal encumbered backend even if the API is rigid, limited and ugly. Having clients themselves dip into the dark abyss of escape sequences is much more damaging.

                                                                1. 5

                                                                  Either I am also wrong, or you are correct.

                                                                  One of the things that curses gives you is optimal redraw. I used to use a gopher client over a 1200 baud connection – when I would page down, the gopher client would only update the parts of the screen that had changed from the previous page. This is all due to the magic of curses:

                                                                  In order to update the screen optimally, it is necessary for the routines to know what the screen currently looks like and what the programmer wants it to look like next. For this purpose, a data type (structure) named WINDOW is defined… Note, therefore, that changing something on a window does not change the terminal. Actual updates to the terminal screen are made only by calling refresh() or wrefresh(). This allows the programmer to maintain several different ideas of what a portion of the terminal screen should look like. Also, changes can be made to windows in any order, without regard to motion efficiency. Then, at will, the programmer can effectively say “make it look like this”, and the package will execute the changes in an optimal way.

                                                                  (https://docs.freebsd.org/44doc/psd/19.curses/paper.pdf)

                                                                  1. 3

                                                                    The ncurses abstraction at least opens up for providing a non-terminal encumbered backend

                                                                    Well… all these years of both ncurses and GUI toolkits existing, and looks like no one has done this.

                                                                    1. 4

                                                                      I prototyped it about a year ago as part of https://github.com/letoram/arcan/wiki/tui, learned a few things in the process, will eventually go back to it when there aren’t higher priorities on the list.

                                                                    2. 3

                                                                      this would allow us to write formatting commands like fmt(underline with bright with no italic), which translates into > \x1b[4;1;23m at compile time.

                                                                      This seems better than ncurses in almost every way.

                                                                      1. 2

                                                                        ncurses isn’t just a way to say ‘make this underlined and bright but not italic’. It’s so much more than that.

                                                                    1. 5

                                                                      There is no formula, but never start with a low bid and try not to think like an IT-person. This isn’t about two apps and a database backend. This is about creating value for them through increased sales. That is worth a lot of money.

                                                                      Figure out what kind of money you need to make a sustainable living, including pensions and extras for savings/runway if anything goes bad. Now figure out the cost of maintaining the backend, plus staff to handle the service level they want. Now you know your minimum and you never go near it in negotiations.

                                                                      They contacted you because they know you can do the work, I assume. If so, first talk to them about their budget and what kind of extra sales this will be generating. Make it a conversation, because the two of you are in this as a partnership to make money.

                                                                      As far as I know, Apple is already going to take 30% of income generated through the iOS app. Your cut should be similar. I guess that does not apply for sale of goods. Still, that’s your ballpark figure.

                                                                      Get written commitment and partial payment up front with defined milestones for additional payments.

                                                                      1. 2

                                                                        yes, this totally makes sense. I always lacked at business skills and that’s why I get confused about handling non technical matters. Is there any good book or blog post to open up my mind regarding subjects like this?

                                                                      1. 5

                                                                        I would approach someone like Iridium and see if they want the PR for this.

                                                                        In particular, their https://www.iridium.com/products/iridium-go/ comes to mind.

                                                                        1. 3

                                                                          Given that you mostly are below 50 KB and that you specifically mentioned Ebola, I assume that a large portion of the work is done in Africa.

                                                                          In this case it seems like you are exactly the kind of customer the satellite company Thuraya is targeting. See http://www.thuraya.com/pricing-plans for tariff plans. They bundle satellite and roaming charges and there is also a coverage map of the network on that site.

                                                                          Their coverage is not suitable for maritime use or use in the America’s, but it works in most of the rest of the world.

                                                                          1. 2

                                                                            Called them, waiting for more information, they work through resellers I guess, and the resellers provide and SDK. Basically the units cost around £600 (~$800USD) not including the data plan and you have to use their iridium go app on the phone which has apps in it that are set up to work on the connection, so you can’t use a native app. As well the data is metered in something called go! minutes. Waiting for more information from them.

                                                                            1. 1

                                                                              Maybe try talking to Viasat?

                                                                              They might appreciate the PR/tax write off.

                                                                              1. 2

                                                                                Holy these guys look hardcore, military grade systems. Doing some more digging into this one to see what kind of offerings they have. Thank you.

                                                                                1. 0

                                                                                  Strictly speaking, they’re just a small satellite-based ISP. ;)

                                                                          1. 4

                                                                            You might consider stealing ideas from weworkremotely.com – including search, categories, RSS feeds, selfservice.

                                                                            1. 1

                                                                              Thanks for the reminder. Love their service.

                                                                            1. 1

                                                                              But without that context clearly stated, “unsophisticated” people read it as ssl/tls everywhere? I’m really baffled by this state of affairs. What are your thoughts?

                                                                              Anytime you send plain text data over your internal network, you are making a business decision about that data (“it can be modified or read without any cost to your business”).

                                                                              The cost of TLS or IPsec is not zero, but it’s very close to it. The cost of attackers intercepting or manipulating plain text data is almost certainly much greater than zero. Reading customer data from internal databases or injecting evil malware into network traffic seems like an unacceptable risk to me.

                                                                              1. 1

                                                                                I have been waiting for this for so long that I had begun to move my user and orgs off GitHub. Some of my domains had this feature a month or two ago, but not all.

                                                                                With the new IPs I also see that latency has dropped from ~130ms to ~15ms which is noticeable even on pretty simple sites.

                                                                                Now we just need HSTS support.