1. 4

    I use a Topre Realforce 87u for work and a Razer Blackwidow for my home PC. I also have a wrist rest I use for work and home with each keyboard.

    Realforce:

    • Super compy. Key strikes are much less punishing that on other keyboards for me.
    • Not as loud as other mechanical keyboards.
    • Has a hardware switch to swap caps lock/control so I don’t need to fiddle with that with OSes.
    • Doesn’t seem suitable for gaming for me.

    Blackwidow:

    • Had to add o-rings to the keys to make it quieter and strikes less harsh and punishing.
    • It was my first mechanical keyboard, and it’s at least 5 years old with heavy usage and no issues.
    • Even with o-rings under the keys, it’s still super loud.
    1. 4

      I LOVE my realforce! I used a lot of different keyboards over the years, but i end up having two Realforce, one R2 and one R1 with weighted keys. It’s my absolute go to.

      1. 3

        I spend an amount of time researching keyboards that I wouldn’t feel comfortable disclosing to anyone outside of this community. The Realforce 87u so far has lived up to its reputation.

        Recently I’ve been trying out a matias Tactile Pro 4, whose switches are a kind of modern alps switch varaint that I missed from my old Apple IIc. The physical response is great but I think I have to ditch it because it sounds like a Gatling gun.

        1. 2

          I loved mine, as well (87u), but recently it has started … not being detected by most USB controllers when I plug it in. It also suffers from being a black/gray model and I can’t see anything on any of the keys without a light.

          But the feel of the keys is glorious and quiet. For now, I just use my Varmilio with Cherry MX Clears. It has a software switch to swap control / caps lock so I don’t have to fiddle with settings as well.

        1. 47

          If you think pulling apt sources is telemetry then it means apt should send less data about you. You have the same problem with any mirror: Those cannot be trusted all that much and may retain any metadata. I know for sure I don’t really trust my ISP’s package mirror when it comes to privacy, it just happens to be very fast and reliable.

          There is always a trust issue when unwanted software and gpg keys are installed secretly, which is the main issue

          Not sure if I understand the issue correctly, but if adding Microsoft’s repo to apt requires installing a GPG key that is trusted for signing arbitrary packages even if installed from other repos then that’s for sure a problem with apt too.


          Overall, can’t help but also roll my eyes on this. User complains that the image isn’t lightweight enough but clearly the stock image of RbPI is not sharing this kind of goal. Might as well complain that it doesn’t come with Alpine.

          BTW this article adds nothing over the reddit thread. Not that I really sympathize with either.

          1. 23

            Unless there is something special about Microsoft’s repository, this is pure prejudice against Microsoft.

            Microsoft has thankfully provided their software in a convenient repository, and the RPi Foundation chose to include it by default – nothing wrong with that.

            Software providers should be judged on merit … oh well, the prejudice is somewhat deserved, but my point is that recent merits should weigh more than old.

            1. 8

              You mean like the way Windows 10 keeps installing random applications (Cortana, Skype, Spotify) without my ever asking for them? Or the constant whack-a-mole required to turn off telemetry in their flagship operating system?

              They remain as hostile to user control as ever, but have learned to be a data vacuum too.

              1. 4

                recent merits should weigh more than old.

                Linking to a wikipedia article on EWMA doesn’t really justify what you said. Many of us are old enough to remember the bullshit, destructive behavior of Microsoft, and are (rightfully so..) highly skeptical at Microsoft’s abrupt change of heart.

                Why do you feel that EWMA applies to human behavior, and and to corporate/business strategy?

                1. 2

                  Exponential decay is simply the nullhypothesis of decay (including perception of the past, I argue), because it makes the least amount of assumptions. Adding constraints, such as human lifetime, is a liability.

                  For starters, if you argue that people have a long memory, and businesses don’t change overnight, you are merely arguing for a long half-life of those exponential weights on which to perceive the past – perfectly within the model!

                2. 4

                  Microsoft has recent merits?

                3. 20

                  Yeah, this really feels overblown. They really think MS would bother linking your apt updates to your IP for advertising purposes? And so it makes it “ironic” that Pi-Hole would use it? Mountains out of molehills.

                  1. 13

                    bother linking your apt updates to your IP for advertising purposes

                    Who knows what they will use it for, but yes, absolutely. All of this data will end up in their lake and be joinable by what ever additional data they have on hand. They also have all of your github activity. I’d personally love to have all the IP addresses of someone running a raspberry pi.

                    This absolutely should have been opt-in.

                    1. 13

                      IP addresses are a lot less useful than people would think; they’re often cycled, and the increased prevalence of carrier-grade NAT makes it pretty much impossible to single out individuals. For consumer addresses it’s very hard to have insight about whether an IP from yesterday refers to the same person as today. You can’t “just join” it.

                      At any rate, using this information in these ways would be illegal. Doesn’t mean they can’t do it, but if the NSA can’t keep their secret data collection a secret, then I don’t think Microsoft can either. Secret cabals are hard to keep a secret, especially for long periods of time.

                      These large corporations are also a lot less monolithic than people seem to assume; I wouldn’t be surprised if the people in charge of Windows have hardly ever (or never!) spoken to the people in charge of GitHub. It’s not like they have regular meetings filled with moustaches twirling, diabolical laughter, and hatching of evil plots.

                      1. 6

                        Both my IP address and my parents’ IP address rarely changes. I have been sshing from the outside for years without dynamic DNS. I don’t know what you mean by “it’s very hard to have insight,” but in practice IP addresses carry a lot of information that can be exploited. There is a tendency to overlook this and emphasize that the mapping is not perfect, as if this offers some degree of privacy protection. At best it offers some slight plausible deniability, but this does not prevent a data collector from having a very good guess of who an IP address corresponds to.

                        This is especially true in cases where the data sent from your IP address is relatively uncommon. How many people in a given household or neighborhood are likely to be running a Raspberry Pi with Raspberry Pi OS? The same issue arises with Signal which falsely claims to protect the identity of the message sender.

                        At any rate, using this information in these ways would be illegal. Doesn’t mean they can’t do it, but if the NSA can’t keep their secret data collection a secret, then I don’t think Microsoft can either. Secret cabals are hard to keep a secret, especially for long periods of time.

                        So… we know that Microsoft is handing user data to the NSA? Hardly reassuring.

                        Besides, the last window into the illegal NSA data collection operation (featuring Microsoft!) was in 2013. You don’t suppose there have been any developments since then? A sparse scattering of past leaks does not mean any current illegal program would’ve been leaked already.

                        It’s not like they have regular meetings filled with moustaches twirling, diabolical laughter, and hatching of evil plots.

                        If you’ve ever been to a coffee shop in Redmond, the moustache twirling is not as far fetched as one might think.

                        1. 7

                          If you’ve ever been to a coffee shop in Redmond, the moustache twirling is not as far fetched as one might think.

                          … What? I have been to several coffee shops in Redmond and have no idea what you’re talking about

                          1. 1

                            ohh yeah i forgot redmond is a clean shaven oasis

                    2. 9

                      IMHO in light of what they’ve done with the (immutable) telemetry, privacy dark patterns, and non-removable apps in Windows 10, which I consider user abuse, Microsoft has lost the right to the benefit of the doubt. I respect people who opt for a more charitable view, maybe I’m just cynical.

                      1. 3

                        The author entirely misses the real concern here with this move: by using microsoft repos, microsoft controls the software you install. You want to apt install some application? Well, you’re going to get that application as it is distributed by microsoft, and (the real kicker) potentially modified by microsoft. Things might be rosey now, but the opportunity here for microsoft is likely too great for them to “ignore” for long.

                    1. 11

                      A dark mode did exist but it was reverted:

                      https://github.com/lobsters/lobsters/pull/823 https://github.com/lobsters/lobsters/commit/65b0b3422d71432db4d3b78f15fd46133a120caf .

                      Firefox support is mentioned but Chrom{e,ium} isn’t any better - in the name of intuitive user experience, no theme selection UI is exposed on the desktop builds, unlike on mobile builds.

                      The irc channel is a good place to talk about this kind of stuff: https://lobste.rs/chat

                      1. 2

                        It’s a pity the link to the chat is not on the top line of the page. I only now find about it :/

                        1. 2

                          On that note, are there any alternate user stylesheets that folks have made that they would like to share? Dark Mode or otherwise.

                          1. 5

                            darkreader works but the colorscheme is kinda meh. I turn it on at night.

                            1. 1

                              You can load the dark-mode CSS I wrote for lobste.rs into the Stylus extension: https://pastebin.com/raw/tQfN73az

                              1. 1

                                What plugin do you use for alt style sheets?

                                1. 1

                                  You can use greasemonkey to inject the css content at certain nodes or on page load, I am not aware of one someone has created for dark mode in lobste.rs. If someone has created the css I would be happy to make a greasemonkey script for it.

                                  1. 1

                                    I use Stylus myself

                                2. 2

                                  Why was it reverted? What needs to happen for it to come back?

                                  1. 8

                                    Firefox support is half-baked. There’s no user or devtool UI to toggle between states, inspecting an element always shows the style for ::selection instead of the element, and it lists the name of a color variable with no way to see the value of the variable or where it is set. Punting until it’s debuggable.

                                    1. 8

                                      There is now a feature flagged button for toggling this in Firefox devtools, and it’s on track for being enabled by default. https://stackoverflow.com/a/60481298

                                      1. 8

                                        Thanks for quoting this. I just wanted to post to confirm this is the latest state on it. Someone volunteered to do it, the tooling isn’t quite ready, but it’s a popular request and I look forward to merging it when it’s maintainable.

                                        Though I don’t look forward to another round of the bikeshedding that immediately popped up in the few hours this was live, and would appreciate it if folks with strong opinions on the exact colors of dark mode express them on the PR before merge. And obviously, the easiest way to see your opinion reflected on the site is to create the PR and help get it over the line. :)

                                      2. 2

                                        IIRC there was a lot of bike shedding on the colors and also there’s browser support stuff too.

                                        To be honest I think part of this is that in the grand scheme of things there are more time sensitive/higher payoff work that can go into lobsters for the amount of effort dark mode was becoming.

                                        1. 3

                                          I threw the dark mode together in a few hours, wasn’t a big deal to be honest.

                                    1. 10

                                      Until March this year I was using an x200, partly because I’m a nerd and wanted to use libreboot and partly because it just kept working and working.

                                      Most old laptops are fine for day to day use if you stick an SSD in there and maybe upgrade the RAM, get a not-too-bloated linux distro.

                                      Now I have a T495, it’s fine. I miss the keyboard off the old one and it feels far less well built. I also miss the 4:3 screen.

                                      The biggest thing that keeps the x200 in the cupboard now is the screen brightness. It’s a small detail, but it’s so so dim compared to anything you get on later models. In the light it’s hard to use, and I have a bright living room. I even replaced the panel which improved things, but not enough.

                                      When I compare the two, the x200 at 100% brightness is about the same as the T495 at 10%.

                                      1. 2

                                        I don’t think the x200 has a 4:3 screen. The last 4:3 was the x61s.

                                        1. 1

                                          A lot of those laptops have a screen brightness setting buried in the BIOS, just in case you haven’t already seen it.

                                        1. 3

                                          I guess I’m cynical, but I see an end game where once tracking Apple users has been made impossible by these types of changes, Apple then sells the identities to Google, et al and for a mint. Obviously the dragnet spying apparatus exposed by Snowden was cared about by almost no one (James Clapper walks free), Google/Microsoft regularly abuse the privacy of theirs users (or useds, as RMS would say) and they don’t seem to mind. All Apple would have to do is cloak the change in some data anonymization buzzwords. Alternatively they just have a monopoly on tracking for their own ad network. I don’t trust any of these megacorporations for one second.

                                          1. 3

                                            It might be that you’re justifiably (and, to me, agreeably) cynical, but Apple is a hardware company, primarily, which lately has layered on services unrelated to advertising. So, there’s hope that they’d not “sell out” to creepy ads.

                                          1. 8

                                            I’ve heard various reports that this project is going to collaborate with Rocky Linux, from the original CentOS creator. This announcement doesn’t mention that but I hope that’s still happening.

                                            1. 4

                                              Speaking of which, I’m so incredibly frustrated with the removal of Firefox’s RSS viewer. There is literally no replacement extension that works properly, strongly refuting the idea that moving functionality from core to extensions improves quality. I have an installation of Pale Moon that I use for the sole purpose of previewing RSS feeds.

                                              1. 2

                                                Feed Preview works for me pretty well. It more or less mimics the previous built-in functionality (and it knows my feed reader of choice, NewsBlur).

                                                1. 1

                                                  Well, it doesn’t render my feed at all, which is perfectly valid RSS…

                                                  On the other hand, my server apparently serves the feed as text/html, which I hadn’t thought of, might not be the best of practices and might even be what is causing the problem.

                                                  Still:

                                                  1. The Feed Preview extension correctly detects my feed’s presence, giving me a nice button in the address bar to click on. As a user, I am surprised when I click on it and it doesn’t give me a preview. When it’s my own feed, I can do something about it, but that’s not usually the case. Most probably, I’ll just think the extension is buggy.
                                                  2. Whether the fault is the server’s or the extension’s, Firefox’s old viewer rendered it fine, so regardless of “best practice”, it’s a regress in terms of functionality. I’m sure more than one RSS feed is served as text/html.

                                                  But whatever. Maybe this specific problem is my fault. Thanks for the extension tip. The biggest problem, I feel, is that Mozilla can’t guarantee that there is any good RSS viewer for Firefox. It’s a clear regress to let such a useful feature be in the more or less trustworthy hands of the “extension community” – imagine if Firefox stopped supporting something like opening images in a separate tab. I’d argue feed support is similar to that.

                                                  1. 1

                                                    Mozilla removed it on the basis of their metrics showing few using it. I know as a frequent reader of RSS feeds, I didn’t use Firefox’s built in RSS support, only the previewer. I had missed that, but the extension does the job. (Really, I didn’t use it before, I just copied and pasted site URLs into TT-RSS and it would scrape the meta links for me.)

                                                2. 1

                                                  This works on the command line, and there’s a macport for it: https://github.com/newsboat/newsboat shrug I like it

                                                1. 3

                                                  Tangentially related, reading this headline I felt some nostalgia thinking about how smart I felt as a kid cutting notches into my 5.25 floppies with scissors so I could write to them with my Apple II, like I was beating the system somehow.

                                                  1. 3

                                                    Any time I see Homebrew now I think of the author flunking Google’s interview. Poor guy.

                                                    1. 3

                                                      Same. Actually, the discussion that happened around this was what made me generally swear off CS-trivia style interviews/interviewing.

                                                      Tweet: https://twitter.com/mxcl/status/608682016205344768

                                                      Follow-up: https://www.quora.com/Whats-the-logic-behind-Google-rejecting-Max-Howell-the-author-of-Homebrew-for-not-being-able-to-invert-a-binary-tree/answer/Max-Howell

                                                      1. 2

                                                        Wait, what? Link?

                                                      1. 11

                                                        The real question is why browsers don’t build this in as a default feature. Slide it into the developer tools, we can ALREADY change css in there we just can’t save it for next time.

                                                        1. 7

                                                          You can do this in Firefox by creating chrome/userContent.css in your profile. http://kb.mozillazine.org/UserContent.css

                                                          1. 5

                                                            Safari supports this too (and has for at least a decade). Just pick the style sheet you want in Preferences… → Advanced.

                                                            1. 3

                                                              I always found that not to be user friendly though. Step 1: google where that file is stored. Step 2: Hunt for it. Then, all the features Stylish has like importing/exporting for different sites, toggle the custom styles with a couple clicks, etc, is missing.

                                                              1. 1

                                                                Thank you for posting this! I was a longtime Stylish/Stylus user but now I’m just going to use the built-in thing.

                                                                Two stumbling blocks I ran into when I was trying to get this set up:

                                                                1. I had to visit about:config and set layout.css.moz-document.content.enabled to true.
                                                                2. Apparently userContent.css cannot be a symlink. (This is weird, since the userChrome.css file in the same directory is allowed to be a symlink.)
                                                                1. 1

                                                                  That is only useful if you want the same styles on every single website.

                                                                  1. 2

                                                                    The same stylesheet is used on every website, yes, but you can use a (currently Mozilla-specific) selector to apply certain styles to certain sites:

                                                                    @-moz-document url-prefix(https://johndoe.example/blog) {
                                                                        div.post {
                                                                            max-width: 800px;
                                                                        }
                                                                    }
                                                                    
                                                                    @-moz-document domain(washingtonpost.com) {
                                                                        p.interstitial-link {
                                                                            display: none;
                                                                        }
                                                                    }
                                                                    

                                                                    There’s more documentation of @document/@-moz-document on MDN.

                                                                  2. 1

                                                                    I always found that not to be user friendly though. Step 1: google where that file is stored. Step 2: Hunt for it. Step 3: Write the code, and do 5-6 save code/restart-the-browser cycles to figure out why it’s not working.

                                                                    Then, all the features Stylish has like importing/exporting for different sites, toggle the custom styles with a couple clicks, etc, is missing.

                                                                  1. 4

                                                                    I installed Magisk on my new Android (Gemini PDA) so I could install a self-signed trusted CA certificate and, using a VPN app called Postern, MITM all the HTTP(S) traffic with a Mac HTTP(S) proxy app called Charles, and finally, block hosts using an Android app called AdAway which provides a nice UI to manage /etc/hosts.

                                                                    It’s really disturbing the amount of tracking that’s baked into an Android installation with a few basic apps installed, and the effort required to stop it. I was thinking of doing a write-up on it but maybe no one would care.

                                                                    1. 2

                                                                      I would care! show me how!

                                                                    1. 2

                                                                      Bring back LeechFTP!

                                                                      1. 4

                                                                        WS_FTP!

                                                                        1. 1

                                                                          LLNL XFTP!

                                                                      1. 10

                                                                        Ive been in conversations online in various places about getting Firefox revenue off ad revenue. One of my ideas was enterprise features licensed at a nice price. Like wigh Open Core, makknv the enterprise features paid has almost no effect on individuals that make up their majority of users.

                                                                        “a little something extra for everyone who deploys Firefox in an enterprise environment. …”

                                                                        Then, they start adding that stuff in for free. So much for that idea.

                                                                        1. 9

                                                                          They could start with a Windows Server GPO that was easy to install and configure. There’s no bigger Firefox advocate than me, yet I’m forced to use Chrome on my network because it was so easy to configure high-security policies for it, whereas I gave up trying to do the same for Firefox.

                                                                          1. 4

                                                                            Bookmarking that idea in case I ever get a chance to talk to their managemeng about this stuff. :)

                                                                            1. 9

                                                                              Thanks Nick! I’m no manager but I can take it from here (on Monday, because I’m off for the rest of the week):-))

                                                                              @jrc: Are you willing to expand on that hardship? AFAIU our project managers have worked with some enterprises to hear about their needs. This is in part because the enterprise mailing list we have doesn’t contain enough vocal enterprises willing to talk about their pain points in the open.

                                                                              Did you try the GPO features we just released with Firefox 60? What were you trying to do that didn’t work? Is there anything else you were missing?

                                                                              For everyone else reading this, please answer those questions as well and I’m happy to forward the whole thread.

                                                                              1. 2

                                                                                I’m not jrc, and this isn’t specifically related but my biggest problem with Firefox largely boils down to the fact that it’s not portable. It’s one of the few things where I get a new computer, plug in my drive, and it isn’t already working. I just did it again today, and while I use sync, losing my open tabs (on the session I’m using), cookies, extension data, and everything else that goes along with my previous session isn’t great.

                                                                                1. 4

                                                                                  Sorry to pile onto that, but on a slightly related note: It’s embarrassing that Firefox is still dumping folders into $HOME instead of following the applicable standard.

                                                                                  1. 1

                                                                                    Update! Please read through the policy templates repo and file issues there.

                                                                                    1. 1

                                                                                      No fix for this and I don’t think that’s the appropriate place for it. :-/

                                                                                2. 1

                                                                                  Update! Please read through the policy templates repo and file issues there.

                                                                                  1. 1

                                                                                    Hi! Sorry I didn’t see your reply or I would have commented back sooner. To answer your question, it’s been a couple years since I tried it. However, I’m about to upgrade to Windows Server 2016, so I will give it another go with Firefox and document the experience.

                                                                                    I can say off the top of my head, on my particular network, I’m looking to:

                                                                                    Browse websites and do nothing else. Easily lock out the ability to print, change any configuration settings at all, including visibility of toolbars, Firefox sync, managing search engines, anything like that.

                                                                                    I’d also like to be able to easily (1) install and (2) configure settings for add-ons, to manage mass deployment of updates to those add-ons, etc.

                                                                                    1. 1

                                                                                      Thanks for the feedback. Great to hear you’ll give it a try. I suppose that not exactly 100% of your requirements will be satisfied, but I’d love to see a blog post about your endeavors (unless it’s shattering criticism ;))

                                                                            1. 20

                                                                              I find the “new Microsoft” bittersweet. I’m happy about the embrace of open-source, but these improvements are more than offset by their new lows in user abuse and disrespect.

                                                                              Windows 10 is loaded with native spyware, comes with ads in the Start Menu and file browser, the privacy settings that are available (which do not shut off all the spyware) use UI dark patterns to cajole users into leaving it on. Am I the only one who remembers that they were going to have the Xbox Kinect camera always-on in peoples’ living rooms until there was a giant public outcry?

                                                                              I wish things were different but I don’t trust Microsoft whatsoever.

                                                                              1. 5

                                                                                Yeah, it’s all a bit rough.

                                                                                If I have to choose between the Win10 adware and the Win98/XP “crush all things not MSFT” mindset, I go for the adware (I mean I use Facebook)… but it feels so messy for such little gain. If it were just Cortana, sure, but everyone wants to be a marketplace + ad network nowadays.

                                                                                But I feel like Microsoft is doing a lot of stuff that is well intentioned to making computing better. Some stuff like Edge is reacting to competition. But stuff like WSL is a great replacement to stuff like Cygwin (which has existed for years, WSL was not a necessity). Typescript and other Microsoft Research stuff is all very good. There’s a bit more earnest participation in standards because they want to be on the terrain

                                                                                And even at the OS level, all the stuff that goes into driver signing/verification, advances in antivirus, etc. Given recent MacOS issues, I would trust new code by Microsoft over new code by Apple for correctness. There’s still legacy issues, ofc

                                                                              1. 2

                                                                                I haven’t had a smartphone for a few years. I use Google Hangouts/Voice. My email, text, missed calls, and voicemail is all in one place which I like very much. I’m on my laptop nearly all the time so having a Gmail tab open to receive calls isn’t a big deal.

                                                                                What I cherish is that when my laptop is closed or I’m out walking around, I am with myself. I don’t want to be “jacked in” to this real-time communication network every second I’m awake for the rest of my life. Computer usage and digital communication (including voice) is something I am happy to compartmentalize.

                                                                                I have an extremely basic Nokia GSM dumb phone with a $4/month T-Mobile plan for situations where I must have mobile or emergency communications, which comes up about once every 4-5 months. At this rate I’ll need to charge it less than once a year.

                                                                                I am interested in getting a Neo900, if I could ever afford one and it actually shipped. Having a sandboxed baseband makes me more comfortable with having a phone. Also the Dragonbox Pyra+4G, since I can put Debian and an SIP client on it I would feel more in control of the “phone”. Having a baseband with DMA coupled with these largely closed-source walled-garden smartphone OSes that are popular now is not attractive to me at all.

                                                                                1. 12

                                                                                  Without JavaScript I get a blank page.

                                                                                  1. 3

                                                                                    Yes… I’m also not a fan of simple webpages that need JavaScript for everything. But it was faster for me to implement it this way. Eventually this will be improved.

                                                                                    1. 4

                                                                                      It’s.. just a list?

                                                                                      1. 3

                                                                                        Just guessing based on 1990’s era sites since I don’t do web dev. Tiled series of images, descriptions, and links that CSS could probably handle. Clicking one generates a page with a list of stuff on one side and something for exploration on the right similar to frames I used ages ago. There’s delays for the text on the left appearing. Unless the sources change fast, this could be done statically where each source is periodically scraped, results turned into standard HTML/CSS file for each, and main tiles link to that. It would likely load and render faster, esp from caches, with server-side utilization being lower.

                                                                                        Again, it’s just me guessing based on stuff I did in DHTML days combined what this page looks like it’s trying to achieve. Some web dev people I read say they use JS frameworks for things like making it look right across all devices/OS’s. I don’t know how far vanilla CSS or CSS frameworks take you these days.

                                                                                        1. 6

                                                                                          Yes @nickpsecurity, what you say makes perfect sense.

                                                                                          I implemented it this way simply because I didn’t want to have to maintain the jobs necessary to keep the website updated. I also wanted to be able to pick any GitHub link and replace “github.com” with “list.community” and get the page rendered with TOC, search and star/fork counters (which are the features I added).

                                                                                          So for me, the advantage of having this hosted for free on GitHub Pages, not having to maintain a server, and being able to render any GitHub readme, is worth the delay of having to do everything on the client. But I’m sure many people disagree and would prefer a different implementation.

                                                                                          Thanks for your thoughtful response.

                                                                                          1. 2

                                                                                            Those advantages make sense in your position. You’re also not going to see me gripe much since it’s volunteer work on your part. ;)

                                                                                      2. 2

                                                                                        How did you implement this?

                                                                                        1. 4

                                                                                          I used create-react-app, which is a tool that bootstraps the code necessary to use React for static websites. It’s simple but comes with some limitations that they highlight here. For the styling, I used TailwindCSS which is what’s called an utility-first CSS framework. It provides simple CSS classes that you can build upon.

                                                                                          All the content comes from GitHub. The lists are curated by people and each one lives in its own repository. The descriptions and logos come from GitHub Explore which is also open source. The categories come from the “official” metalist.

                                                                                          The client uses the GitHub API directly. I started by getting readmes in markdown and processing them with remark. There’s lot of plugins for it, including to generate TOCs and render using React components. There were some limitations that prevented the output to look 100% equal to GitHub so I ended up fetching already rendered HTML from GitHub instead (the GitHub API provides that option) and using htmr to convert to React components. That way I can for example pass a custom React component for rendering links, so I can easily show the number of stars and forks, convert relative links to absolute, etc.. It’s not the most performant solution for sure, but the code becomes simpler.

                                                                                          That’s basically it, the source is available on GitHub: https://github.com/listcommunity/support

                                                                                    1. 6

                                                                                      I wonder if an attacker could escalate privileges and/or achieve ring0 write access by combining Row Hammer with Meltdown and/or Spectre.

                                                                                      1. 2

                                                                                        It occurs to me that, in a real and practical sense, one of the biggest exploit mitigations we have at our disposal is the inaccessibility of hardware and kernel architecture knowledge due to complexity. The real reason the systems I’m in charge of aren’t compromised right now (to my knowledge) is because it’s complicated and I’m not on the radar of the few people who can do it.

                                                                                      1. 22

                                                                                        To be honest, most of my goodwill towards Tim Berners-Lee (which there was a lot of, by the way) went away when he started shilling for web DRM. Requiring w3c compliant browsers to ship closed source BLOBs in order to correctly display w3c compliant web pages is against the very core of the open web; not to mention how the w3c wouldn’t even protect security researchers who want to see if there are security issues with said BLOBs. I know Berners-Lee probably isn’t responsible for every one of those decisions, but he publicly (and probably internally in the w3c) argued for DRM.

                                                                                        For further reading, here’s a great (albeit long) article from the EFF: https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next

                                                                                        1. 8

                                                                                          Computers, the Internet, and the web represent some of the greatest innovations in the history of mankind and the fruition of what could have only been a fantasy for billions of our ancestors for thousands of years. To see it so quickly, in the course of a few decades, and thoroughly corrupted by the interests of corporate profits is profoundly sad. I am severely disappointed to have dedicated my life to the pursuit of mastering these technologies which increasingly exist primarily to exploit users. DRM is a thread in a tragic tapestry.

                                                                                          1. 3

                                                                                            At this point my usual plea is, judge what’s spoken, not by whom it’s spoken. TBL’s authority is one thing, and the merit of what he has to say about that “Solid” thing is quite another. The idea feels very sane to me, although I don’t see a clear path of shoving it past the influence of all the silo-oriented companies like Facebook and Google.

                                                                                            1. 2

                                                                                              “At this point my usual plea is, judge what’s spoken, not by whom it’s spoken.”

                                                                                              This sentiment was drummed into me as a child and ordinarily I would strive to do this to a point, but the topic of putting locks on the open web by way of DRM is to me related to the apparently opposed mission of “solid”.

                                                                                              Arguing for decoupling data from applications provided by corporate giants in the interests of user control seems absurd when he just played a major part in removing transparency and control from a user’s web experience.

                                                                                              I’m not quite sure what to make of this.

                                                                                              1. 2

                                                                                                Did you consider the possibility that DRM could also work in reverse? The Digital Rights Management of individuals. I think that is the underlying motivation for allowing DRM: to protect assets and information. Users can not freely copy media to which they have no right of ownership, and conversely, companies can not freely copy user data to which they should have no right of ownership.

                                                                                          1. 4

                                                                                            I’m not aware of any other company that goes to these lengths to make their service so reliable.

                                                                                            I’d be really interested in seeing the lengths that Google goes to.

                                                                                            1. 4

                                                                                              There’s some insight into that in this talk https://www.youtube.com/watch?v=H4vMcD7zKM0

                                                                                            1. 2

                                                                                              I fear that for some I’m beating a dead horse here, but after the Windows telemetry “feature” and putting ads in the OS I have lost what respect Microsoft gained from embracing open source. Unless there was a drastic change in Microsoft’s (dis)respect for its users I would never even consider using their OS on principal, I don’t care what the features are.