1. 7

    Neat idea! One question though: How do you handle renewals? In my experience, postgresql (9.x at least) can only re-read the certificate upon a server restart, not upon mere reloads. Therefore, all connections are interrupted when the certificate is changed. With letsencrypt, this will happen more frequently - did you find a way around this?

    1. 5

      If you put nginx in front as a reverse TCP proxy, Postgres won’t need to know about TLS at all and nginx already has fancy reload capability.

      1. 3

        I was thinking about that too - and it made me also wonder whether using OpenResty along with a judicious combination of stream-lua-nginx-module and lua-resty-letsencrypt might let you do the whole thing in nginx, including automatic AOT cert updates as well as fancy reloads, without postgres needing to know anything about it at all (even if some tweaking of resty-letsencrypt might be needed).

        1. 1

          That’s funny I was just talking to someone who was having problems with “reload” not picking up certificates in nginx. Can you confirm nginx doesn’t require a restart?

          1. 1

            Hmm, I wonder if they’re not sending the SIGHUP to the right process. It does work when configured correctly.

        2. 2

          I’ve run into this issue as well with PostgreSQL deployments using an internal CA that did short lived certs.

          Does anyone know if the upstream PostgreSQL devs are aware of the issue?

          1. 19

            This is fixed in PG 10. “This allows SSL to be reconfigured without a server restart, by using pg_ctl reload, SELECT pg_reload_conf(), or sending a SIGHUP signal. However, reloading the SSL configuration does not work if the server’s SSL key requires a passphrase, as there is no way to re-prompt for the passphrase. The original configuration will apply for the life of the postmaster in that case.” from https://www.postgresql.org/docs/current/static/release-10.html

        1. 1

          I suspect this will motivate some legislation to require all digital cameras embed a unique cryptographic signature in their images.

          1. 1

            It’s going to be interesting to see whether governments actually catch up with this, or whether it’s left to industry to respond to “market” demand for “video and photos that we can trust”. Seems like a pretty good case for regulation, in that when these techniques get good enough that we can’t tell whether they’re genuine or not (without getting into an infinite ML-turtle regression), pretty much all legal infrastructure that could ever rely on visual recordings as evidence is going to be up for grabs until there’s a way of proving the evidence is valid.

          1. 2

            This is actually a good thing, because it offers plausible deniability for future Fappening-style leaks.

            1. 2

              Wait until you see what happens next election when another liberal woman is running for the Democrats. It won’t be pretty.

              1. 3

                Wait until you see what happens next election when another liberal woman is running for the Democrats. It won’t be pretty.

                The whole point is that if fakes are undistinguishable from real footage, video no longer matters. If you’re bothered by people masturbating to falsified videos, you have bigger problems than those that can be handled by reasoning.

                1. 3

                  I agree, this cuts both ways. Any person “caught” in an actual documented embarrassing position can plausibly claim the footage was generated by a malicious party.

                  In the end, this will probably create a market for cryptographically secured cameras, like some still cameras used for forensics.

                  But there will be a lot of turmoil before this all shakes out.

                  1. 3

                    this will probably create a market for cryptographically secured cameras, like some still cameras used for forensics

                    I think this is going to have to happen for all video and camera devices and content over time. Otherwise the whole notion of video or photographic “evidence” is going to go out the window, along with all the law and precedent that’s been built up on it for decades, casting us completely adrift in a sea of post-truth.

            1. 4

              I use http://qutebrowser.org on my NixOS machines but it doesn’t run on other platforms. What alternative browsers are there for Mac OS?

              edit: I’m wrong about this! https://lobste.rs/s/biqv7l/update_on_pocket_firefox_integration#c_3c8u5d

              1. 7

                Are you saying you’d stop using Firefox because of default “sponsored content” in New Tab?

                It’s pretty easy to turn that off, just like all the other New Tab content. The article even links detailed instructions.

                Or is it a matter of principle for you? How do you suppose Mozilla should make money?

                1. 5

                  It is not “sponsored content” - that concept does not exist in Firefox. Nobody is paying Mozilla to show specific content on New Tab.

                  1. 3

                    I already didn’t use Firefox, but I also don’t think browsers should have ads or be monetized.

                    1. 2

                      There are no ads in Firefox. Why did you think there are?

                      1. 4

                        There absolutely are—or were until fairly recently—ads in unfilled tiles on the new tab page. Here’s an example support forum thread asking how to get rid of them.

                        1. 4

                          That was two years ago and that feature was completely dropped.

                    2. 2

                      How do you suppose Mozilla should make money?

                      Should Mozilla make money? Should one of the most important applications in modern-day computing be produced by a company that is incentivized to produce a profit?

                      1. 6

                        Mozilla corp is not incentivized to produce a profit, it is quite openly their goal to “just” keep the lights on. But that already needs quite a bit of cash. That’s a huge difference.

                        Mozilla corp is for-profit, as for certain legal reasons, producing software is not 501(c)3 compatible. It’s a very usual setup.

                        Yes, Mozilla should make money. Otherwise, they’d shut down.

                        1. 2

                          Mozilla is a non-profit, so no, they don’t have to make money. But the people who work for Mozilla don’t work for free. You can’t build a product like Firefox purely on volunteers, so Mozilla should at least be able to pay their workforce.

                          They can’t keep up with the rest of the world and provide a quality, free software alternative browser without money.

                          If you think the work Mozilla does is valuable (I do!) and feel like they should stay away from alternative monetization methods (I do!), you should consider donating to Mozilla so that they don’t have to find other ways of funding development.

                      2. 3

                        Does it have to be libre? If not, Vivaldi is an excellent web browser that believes in making easy things easy and customization easy. It’s the spiritual successor to Opera 12, which was the pinnacle of browser experiences.

                        1. 3

                          what do you mean? they even have prebuilt images for all major platforms. On MacOS, you can install it from Homebrew as well (brew cask install qutebrowser).

                          1. 1

                            What do you do about plugins? I miss a few plugins from Chrome when I tried out qutebrowser, primarily my RSS feed monitoring one as well as my usenet one.

                            The other big one I miss is Join, but that’s sort of a separate thing in terms of how “encompassing” it is.

                            1. 1

                              I just installed qutebrowser too. That is just brilliant. Thanks for linking - I remember stories coming about it before but never made the effort to try it out, but now I can see it becoming pretty regular.

                            1. 0

                              Just sent a join request. Thanks.

                              1. 17

                                If only json had allowed trailing commas in lists and maps.

                                1. 9

                                  And /* comments! */

                                  1. 3

                                    And 0x... hex notation…

                                    1. 3

                                      Please no. If you want structured configs, use yaml. JSON is not supposed to contain junk, it’s a wire format.

                                      1. 4

                                        But YAML is an incredibly complex and truth be told, rather surprising format. Every time I get it, I convert it to JSON and go on with my life. The tooling and support for JSON is a lot better, I think YAMLs place is on the sidelines of history.

                                        1. 4

                                          it’s a wire format

                                          If it’s a wire format not designed to be easily read by humans, why use a textual representation instead of binary?

                                          If it’s a wire format designed to be easily read by humans, why not add convenience for said humans?

                                          1. 1

                                            Things don’t have to be black and white, and they don’t even have to be specifically designed to be something. I can’t know what Douglas Crockford was thinking when he proposed JSON, but the fact is that since then it did become popular as a data interchange format. It means it was good enough and better than the alternatives at the time. And is still has its niche despite a wide choice of alternatives along the spectrum.

                                            What I’m saying is that adding comments is not essential a sure-fire way to make it better. It’s a trade-off, with a glaring disadvantage of being backwards incompatible. Which warrants my “please no”.

                                        2. 1

                                          http://hjson.org/ is handy for human-edited config files.

                                          1. 1
                                          2. 5

                                            The solutions exist!

                                            https://github.com/json5/json5

                                            I don’t know why it’s not more popular, especially among go people.

                                            There is also http://json-schema.org/

                                            1. 3

                                              I had to do a bunch of message validation in a node.js app a while ago. Although as Tim Bray says the spec’s pretty impenetrable and the various libraries inconsistent, once I’d got my head round JSON Schema and settled on ajv as a validator, it really helped out. Super easy to dynamically generate per message-type handler functions from the schema.

                                              1. 2

                                                One rather serious problem with json5 is its lack of unicode.

                                              2. 3

                                                I think this only show that JSON has chosen tradeoff that make it more geared to be edited by software, but has the advantage of being human editable/readable for debugging. JSON as config is not appropriate. There is so many more appropriate format (toml, yaml or even ini come to mind), why would you pick the one that doesn’t allows comments and nice sugar such as trailing commas or multiline string. I like how kubernetes does use YAML as its configuration files, but seems to work internally with JSON.

                                                1. 8

                                                  IMO YAML is not human-friendly, being whitespace-sensitive. TOML isn’t great for nesting entries.

                                                  Sad that JSON made an effort to be human-friendly but missed that last 5% that everyone wants. Now we have a dozen JSON supersets which add varying levels of complexity on top.

                                                  1. 11

                                                    “anything whitespace sensitive is not human friendly” is a pretty dubious claim

                                                    1. 5

                                                      Solution: XML.

                                                      Not even being ironic here. It has everything you’d want.

                                                      1. 5

                                                        And a metric ton of stuff you do not want! (Not to mention…what humans find XML friendly?)

                                                        This endless cycle of reinvention of S-expressions with slightly different syntax depresses me. (And yeah, I did it too.)

                                                        1. -5

                                                          Triggered.

                                                          1. 13

                                                            Keep this shit off lobsters.

                                                  1. 3

                                                    It seems like his main complaint is that FaceID is inconsistent. In good conditions, it basically always works. In not so good conditions, it maybe sorta kinda works. I can see how that’s a problem - we’re used to consistency. If something is consistently bad, we can get used to it. If it’s bad once in a while, that gets really annoying.

                                                    I use the Pixel 2 with fingerprint sensor on the back. It mostly works great, but it’s a bit inconvenient to unlock the phone when it’s lying on a table or something, because I have to pick it up entirely to hit the sensor. But it’s easy to get used to, because it’s consistent.

                                                    Speaking of, why couldn’t apple just put the fingerprint sensor on the back, like Google has been doing?

                                                    1. 3

                                                      Or maybe leave it on the front where it works just fine.

                                                      1. 2

                                                        Hey @MasonJar, I realized that read like I was attacking or criticizing you for suggesting it. I’m sorry, I didn’t mean that! I meant Apple should leave it alone and not force everyone into using FaceID. I know they’ve left it on the 8 but I can easily see a future where they drop the 8 line and push everything through the X/FaceID route, which I definitely don’t want. Fingerprints are bad enough but the utility is great enough that I suck it up and use it, but scanning my face for something that apparently isn’t even that reliable just seems like a no-no to me. Anyway, maybe I’m being over-anxious but I don’t think I phrased that well and I’m sorry if it came across shitty.

                                                        1. 2

                                                          Hey, no problem, I didn’t read that into it at all. For better or worse, Apple seems to like changing things like this and making people take it. Guess we’ll see whether they stick with this FaceID business.

                                                    1. 4

                                                      Baffling. Plenty of the ICOs seem to fit this pretty well, but surely even with those - and certainly with Bitcoin - people can quite easily just buy/“invest” coins/tokens without ever even telling anyone, let alone trying to “recruit” people, no? So how would anyone policing a coin as a “scheme” decide whether someone intended to recruit others? “They might not have done it yet, but they sure intend to! I can see it in their eyes!” Smh.

                                                      1. 1

                                                        So how would anyone policing a coin as a “scheme” decide whether someone intended to recruit others? “They might not have done it yet, but they sure intend to! I can see it in their eyes!”

                                                        Policing doesn’t have much to do with actually being objective anyway, so I guess it would work the usual way? The Connected exploiting everyone else?

                                                      1. 2

                                                        To me this is pretty much as bullshit as the next “agile” blog post. The problem isn’t “agile”, although that’s become a problem in itself; the problem isn’t waterfall, or prince2, or any of it. The problem is “methodologies”. The minute you fall prey to the notion that there are a fixed set of steps or tools you can apply to any given problem and you’ll solve it: you’re fucked. The original xp/agile crew were some smart people working up some interesting tools and applying them to problems they had, and trying to fix shit. Anything after that was basically cargo cult bullshit. Agilistas are the PUAs of the software world. They embarrass themselves, they embarrass me, and I wish they’d shut up.

                                                        1. 1

                                                          I’d love to see a cloud graph db based on Neo4J/Cypher. Gremlin is way too enterprise-Java-y for me, and SPARQL/RDF too … XML-y? I really enjoy modelling graph relationships in Cypher, it seems really natural to me. There are hosted Neo4J (graphene et al) but expensive. Guess Neptune won’t be cheap either though, ~$250/mo for a ‘memory-optimized’ db.r4.large.

                                                          1. 1

                                                            Personally I’d like it to stay. I think it’s fun, and even occasionally useful as others have noted. Having a user preference to show or hide it would of course be fine, if you or someone else felt strongly enough to add it.

                                                            1. 2

                                                              As of now, tmux is my daily fullscreen working environment, and Vim usually takes up one of the tmux panes. This lets me use Vim while keeping a few other shells open – usually a server and one or two other utility panes.

                                                              I don’t get it. Why not use a tabbed terminal emulator like xfce4-terminal instead?

                                                              I’ve tried using tabs but never found them useful. All tabs do is create an additional way of hiding information and they require you to memorize another keybinding or command to get at them. If you’re using tmux, it’s simply easier to open Vim in another pane.

                                                              It makes much more sense to use Vim tabs instead of running separate Vim instances in tmux tabs. Simplifying Vim tab movement with custom key bindings is trivial: https://github.com/stefantalpalaru/dotfiles/blob/3493395f9ba70b4e99e8a085d430bd2a1402ae31/homedir/.vimrc#L28

                                                              1. 5

                                                                I’ve been using vim + tmux exclusively (except for when i jump into java stuff) for about 5 years.

                                                                The big selling point for this setup for me personally:

                                                                There is no difference in my workflow when switching operating systems. It allow me to jump from windows, linux, mac, raspberry pi with the exact same light weight development environment.

                                                                1. 1

                                                                  I use tabs primarily and don’t work directly with buffers to much but I do get his point.

                                                                2. 3

                                                                  I don’t get it. Why not use a tabbed terminal emulator like xfce4-terminal instead?

                                                                  I’m probably missing something here but I use tmux+vim in a similar way, and at least on macOS it’s really way better for me, because I can copy/paste with yank buffer inside vim sessions, with tmux scroll buffer across them and into pbcopy and friends when necessary, and all that before I even need to get near to highlighting with the mouse to use the macOS pasteboard via cmd keys.

                                                                  1. 3

                                                                    I don’t get it. Why not use a tabbed terminal emulator like xfce4-terminal instead?

                                                                    tmux lets you save your panes (tmux-resurrect plugin), has lots of keyboard shortcuts for things like temporarily “zooming” into one pane, switching layouts, rotating panes or moving them around, breaking off panes or joining them back together, grouping panes into sessions, and lets you copy/paste in the scrollback with only the keyboard (without inserting linebreaks in continued/wrapped lines!). And so much more. Even if you only use a couple of those features, that’s a couple features that most terminal emulators don’t have (and don’t need, since, well, tmux has them).

                                                                  1. 5

                                                                    A decent read, and I learned more about DNS. That fact that I actually prefer email for communication with my friends helps me appreciate the content, although most of them don’t use it much. (Hrm, maybe that says more about me than my friends…)

                                                                    But given how complicated it is to setup what is mentioned in the article, I don’t hold out a lot of hope that this will become the norm.

                                                                    1. 5

                                                                      No, it’s not you. Email has fallen out of favor because it has not advanced beyond Gmail. I think spam is mostly to blame. You should have at least one whole domain to invent new addresses from. This would allow “you” (and really I mean with software assistance) to manage burner addresses and addresses for specific purposes.

                                                                      1. 4

                                                                        That’s exactly what I’ve been doing extremely happily for the last ~15 years. A completely separate domain with a few category-styled mail aliases to one mailbox which all accept + suffixes on the local part, which I fill in with the domain name of the service I’m giving the address to. Great indeed to manage burners and specific purposes, but also lets you watch who sells or otherwise lets slip your email address, vs. who doesn’t.

                                                                    1. 3

                                                                      I think some of these managed Kubernetes systems like GKE (google’s kubernetes product) may be simpler since they make a lot of decisions for you

                                                                      I used GKE with Kubernetes to deploy an app earlier this year that had dependencies on Google Cloud Platform services (PubSub, Datastore) and had setup to do each time a node went up or down (adding/removing new/terminated nodes from all existing nodes’ hash rings). Not only did k8s deal pretty darn well with the pod scaling, but GKE even auto-scaled the underlying VM instance groups for me.

                                                                      There was an initial bunch of stuff to get my head round, partly because of the weird disconnect between “this bit’s GKE” and “this bit’s k8s” (due I think to the k8s team trying to design a genuinely cloud-portable stratum). And not only it was without question spectacularly easier to manage scaling out horizontally with GKE & k8s than it would have been otherwise, it also (a) wasn’t cheap, when you chop it down to “how much for what?” and (b) regularly threw me down a k8s documentation rabbit-hole, which (like this article says) often would have been really hard to handle had I not already had a decent understanding of the networking issues and the Linux implementation of how to get round them. Of course the hard fact is that this stuff isn’t simple, so the complexity has to be dealt with somewhere, and sometimes it’s going to leak through the abstractions, and so the impression the marketing materials give about exactly how easy using the tools will be can seem … over-egged at times.

                                                                      Ultimately, though, I consider what this enabled me to do, and I think back to the days when I had to get ISPs to provision actual computers and I had to set up the networking and the rest myself, and seriously, this SDN magic is THE NUTS. Yes it’s got a way to go before it’s turnkey and yes the hype overreaches the reality somewhat, but even now I’ll take this over doing it by hand any day. Maybe if I ran my own company and the billing account hit my credit card I’d think otherwise ;-)

                                                                      1. 9

                                                                        Non-fiction: I’m still working through Naomi Klein’s “No Is Not Enough”, and am trying to decide on the best historical book to read about the Opium Wars (advice welcome!).

                                                                        Fiction: just started Annie Proulx’s “Barkskins”, really rich and dense in the first couple of sections so far. Just finished James Ellroy’s “The Cold Six Thousand”, the second part of his America Trilogy, it’s superb stuff, such a furious pace and yet still so much to find between the lines.

                                                                        Tech: planning to pick back up on working through the Elm tutorials, got distracted by work a few weeks ago. Pah, work. ;-)

                                                                        1. 4

                                                                          I think The Cold Six Thousand is the best of Ellroy’s books, although I am also very fond of LA Confidential and The Big Nowhere. I very much enjoy the black-hearted misanthropy.

                                                                          1. 1

                                                                            Agree, it’s pretty amazing. Don’t know if I’d say it’s completely misanthropic as there’s a real sense of sympathy for the main characters’ journeys to where they get to - certainly Janice, Barb, Arden (hmm maybe there’s a theme there!) but also Ward and even Wayne Junior - and the extraordinary circumstances that find them there. But of course he absolutely shines a surgical light on the brutal, cold, dark hearts of many - which I very much enjoy too, even if it leaves me pretty stunned. The ending. Whoa, the ending. PRIMAL JUSTICE.

                                                                            1. 2

                                                                              I feel that the time is right for a Prestige TV adaptation of the Underworld USA books.

                                                                          2. 3

                                                                            Small world - I just started The Cold Six Thousand the other day. I picked it up (and a bunch of others) based on a list by author Adrian McKinty called Dirty Cops. I’m finding it a little hard to read because another book in that list (well, in this case I read the first book in David Peace’s Red Riding series) is written in the same breathtaking way and it’s pretty exhausting to read!

                                                                            BTW, if you haven’t read any McKinty, you really must. His Sean Duffy series, starring a Catholic detective in the Protestant Belfast police force during The Troubles, is amazing.

                                                                            1. 1

                                                                              Thanks, I’ll check him out! I really like good crime novels but find few are really well written so a good tip like this is always very welcome.

                                                                              1. 2

                                                                                Well, I could go on and on about mystery & crime novels, but I’ll just throw a few out there -

                                                                                • Philip Kerr’s Bernie Gunther series - start with the “Berlin Trio” and go from there. The trio (ie, first 3) is tremendous and while some of the later ones vary in quality, the newest one, Prussian Blue, is also fantastic

                                                                                • For new ones, I’ve really enjoyed the first 2 books in Owen Laukkanen’s Stevens & Windermere. There’s some interesting writing and the tension of the interplay between the two is unique

                                                                                • And if you like to mix sci-fi with your mystery, you could do worse than Ben H Winters’ The Last Policeman, about the end of the world and a novice detective trying to solve a murder.

                                                                                1. 2

                                                                                  Whoa, that’s great, thanks! The Winters one in particular looks up my street.

                                                                                  Sounds like you’re pretty well informed on this, but in case you haven’t come across them, I’ve enjoyed Fred Vargas novels, specially the early Adamsberg series (Chalk Circle Man) and The Three Evangelists. Very detailed research and some really nice character touches. Gets a bit formulaic later on. Also Pierre Lemaitre, he’s a Prix Goncourt winner so he knows his stuff - the Camille series is very good, pretty gruesome in places but if you’re down with Ellroy this won’t be a problem ;-)

                                                                          1. 4

                                                                            Thanks for everything you’ve done @jcs. Even though I’m not a high-profile lobster, I still get a lot of pleasure and a great deal of valuable info from this site.

                                                                            Thanks very much to the IRC crew for stepping up - so quickly that I didn’t even have a chance to offer to chip in for costs! (Which I’d still be happy to do if it’s needed.)

                                                                            I’m particularly glad to see the list of specific crustaceans involved in the plan, a very solid bunch, and @pushcx seems like the perfect choice at the wheel to keep us In The Manner To Which We Have Become Accustomed.

                                                                            Ace.

                                                                            1. 9

                                                                              I think this started sliding off the rails when suggesting that it’s a bad thing for someone to switch jobs and still be familiar with the tools in use. Even if you use plain git, it’ll be uniform. Maybe every time you install git the command line arguments can be randomized? Maybe even an improvement…

                                                                              1. 5

                                                                                I thought they already were ;-)

                                                                              1. 2

                                                                                I frequently use and always love alpine, even on OSX via homebrew. It’s not as bare-metal as mutt or nmh, but it’s fast, easily configured, mailbox and attachment handling are good, find-by-select-filter inside mailboxes is really quick and responsive (with a decent IMAP server), and overall I just find it easy, distraction-free and very efficient.

                                                                                  1. 1

                                                                                    Oh, new podcast! Thanks. :)

                                                                                  1. 4

                                                                                    Just another random Internet person here, but I’ve managed and worked with young, super-bright but sometimes erratic people, and what sticks out a mile from your post (to me, anyway) is this: you don’t have tech problems. You have focus, attention and productivity problems. If you have something like ADD (according to your post - I Am Not A Doctor!) or related issues, and it’s that which is causing the problems, then you should focus first and foremost on getting that stuff manageable. Not doing so is just setting you back compared to peers; they have all the company/tech stuff to deal with too, but you have to deal with this as well, and it sounds like it’s dragging you down.

                                                                                    I’m no doctor, and I’m wary as shit of pharmaceutical fixes anyway (especially in the US where everything is viewed by the pharmacos as a syndrome or other drug-sink) - but I know people who’ve found ADD treatment genuinely transformative. Maybe you don’t need medication; maybe you need counselling, therapeutic practice, who knows what’s right for you - but regardless of whether that treatment is medical, psychiatric, psychological, meditative, whatever, who gives a shit. Just focus on finding the thing that helps you get grounded and stay grounded. Find it, stick to it. You’re obviously not dumb, you’re determined enough to have got these jobs without college qualifications, so I guess you’re smart enough to know that stuff like this isn’t ever going to just go away; I’m sure it must feel like a mountain to climb even to start addressing this, but you have to accept what is, and work with it to get yourself on a level playing field. Everything else will flow, or not, when you find your right levels; from there you can at least make more informed and more objective decisions about whether the tech world is for you or not. You’re in a good spot in that you’re young and smart enough to seek advice and help. Use that to find the specific advice about your specific issues and the help you need to find the way to get yourself on a stable footing. You can absolutely do that. I wish you really well on your journey.