1. 2

    Self hosting is currently a little complex but I have a plan to make it really easy so you only have to fill out a yml file with your domain name and an api key.

    1. 1

      What are the issues about self-hosting?

      1. 2

        There are a few different config files for different bits like nginx and rails. It’s currently not clear where you have to change things but I will make that a lot easier soon.

    1. 3

      You might want to take a look to https://burp.grke.org/ too which worked really great for me. The only issue as always are:

      • Synchronizing large batch of backups (so i don’t backups 100 machines at 1am and 0 at 5am, so at 1am every backup fight for bandwidth with the backup server…)
      • Having metrics about my backups (fetching the size, time spent, number of files, … so I can monitor it and find if there is huge differences that I should be aware of)
      • cloud native (upload/stream to S3 compatible storage)
      1. 1

        Burp has transport encryption and client side encryption, but iirc not asymmetric encryption

      1. 1

        New students in universities? Good resolutions about learning webapps?

        1. 69

          Fastmail. They are trustworthy, quick to respond to service requests, and rock solid. I can count the number of outages in the past ~10 years on one hand.

          1. 18

            +1 for Fastmail. I’ve been using them for several years now and they’re very reliable, have a really solid web UI, and from what I can tell a solid position on security. They also contribute to moving the state of internet mail forward by improving Cyrus and contributing to RFCs. All in all I’d highly recommend them.

            1. 13

              They also contribute to moving the state of internet mail forward by improving Cyrus and contributing to RFCs.

              That’s another good point: they are by all accounts a solid technical citizen, contributing back and moving the state of the art forward. I like to reward good behaviour when I spend my money, and it’s nice to be able to do that and get top of the line service, to boot.

            2. 14

              I also switched from Gmail to Fastmail.

              The funny thing is that for the amount of press that Gmail received/receives for being “fast”, once you switch to Fastmail, you realize that Gmail is actually very slow. The amount of bloat and feature-creep they’ve introduced is fascinating.

              1. 3

                You’re talking about the web interface or the speed at which the mail is sent?

                1. 1

                  The web interface.

                  1. 2

                    I just use thunderbird (and k9 on mobile). I don’t see why you’d ever use a web interface for email when a standalone client is so much nicer to use.

                    1. 1

                      I’m on a desktop client too (Evolution). Just pointing out the advantage of Fastmail over Gmail. :)

              2. 9

                Love Fastmail. I only wish more tools had first class CalDAV/CardDAV support. When I switched over, I was genuinely surprised how pervasive it’s become to slap on Google account sync and call it a day, even in FOSS. Aside from the built-in macOS/iOS apps, most solutions involve fussing with URLs and 3rd party plugins, if it’s supported at all.

                1. 1

                  Fastmail has a link generator for CalDAV so it’s super easy to get the right URLs. I do agree for 3rd party plugins, it’s annoying to have to install add-ons for standard and open source protocols…

                2. 7

                  It was the best one I found, too, overall. I dont know about trustworthy, though, given they’re in a Five Eyes country expanding police and spy authority every year.

                  Maybe trustworthy from threats other than them, though. I liked them for that.

                  1. 7

                    Yeah, I’m not concerned about state level actors, or more properly, I don’t lose sleep over them because for me and my threat model, there’s simply nothing to be done.

                    1. 4

                      I’m not worried about the state spying on me, I’m worried about the apparatus the state builds to spy on me being misused by service provider employees and random hackers.

                      1. 1

                        If those are your concerns, using PGP is probably recommended.

                      2. 3

                        That will be most folks, too. Which makes it a really niche concern.

                        1. 2

                          Maybe it oughtn’t be niche, but it’s pretty down my list of practical concerns.

                    2. 5

                      I use Fastmail as well, and became a customer by way of pobox.com acquisition.

                      I’ll have to add, this was about the only time I can ever recall that a service I use was acquired by another company and I was actually fine with it, if not a bit pleased.

                      My thinking was along the lines of “well, the upstream has purchased one of the biggest users of their tools, can’t be bad.”

                      I’ve not had any noticeable difference in the level of service provided, technically or socially, except the time difference to Australia is something to keep in mind.

                      I do hope that no one here in the US lost their jobs because of the acquisition, however.

                      1. 3

                        I do hope that no one here in the US lost their jobs because of the acquisition, however.

                        Nope! We’ve hired a bunch more people in both offices, and the previous Pobox management are now C-level execs. We’re pretty sure the acquisition has been a win for just about everyone involved :)

                      2. 5

                        I can also recommend it, especially due to their adherence to web standards. After 10+ years of GMail, the only functioning client had been Thunderbird, which too often too large. Since switching to Fastmail, I’ve been having a far better experience with 3rd party clients, and a better mail experience in general (probably also because I left a lot of spam behind me).

                        1. 4

                          I second that. I was searching for a serious e-mail provider for a catch-all email, calendar and contacts.

                          I had trouble setting up my carddav autodiscovery DNS configuration and they helped me without considering me as a “dumb” client. Serious, clear and direct. The most efficient support I could’ve encountered by far.

                          It’s paid, and I’m paying the second plan (of 5$/month), and I think it’s perfectly fair, considering that, firstly, e-mail infrastructure is costly, and secondly, that their service is just plain awesome.

                          1. 5

                            They’ve recently added the ability to automatically set up iOS devices with all of their services when you create a new OTP. I didn’t know that I needed this, but it’s a wonderful little bonus. It’s stuff like that that keeps me happily sending them money, and will as long as they keep doing such a good job.

                            1. 1

                              I did not know about such a thing, since I’m not an iOS user, but sure sounds nice !

                          2. 4

                            Do you know if they store the emails in plaintext server-side?

                            1. 2

                              It’s a good question. I don’t know, and would like to. I’ll shoot them a mail.

                              1. 1

                                Their help page on the matter isn’t clear, although it does describe a lot of things that seem pretty good. Now you’ve got me wondering. (Happy Fastmail user here, and I even convinced my wife to move to it from GMail!)

                                edit: It does sound like it’s plain text but you could read it a couple of ways.

                                All your data is stored on encrypted disk volumes, including backups. We believe this level of protection strikes the correct balance between confidentiality and availability.

                                1. 4

                                  Encrypted at rest (encrypted block devices), but cleartext available to the application because we need it for a bunch of things, mostly search, also previews and other bits and pieces. Of course, the applications that hit the on-disk files have their own protections.

                                  1. 1

                                    I’d imagine their disks are encrypted as a whole - but not using per-mailbox encryption based on keys derived from individual user passwords.

                                    However, even if such claims are made you can’t verify that and shouldn’t trust a companies word on it. I’d recommend PGP if that is a concern.

                                    1. 1

                                      using per-mailbox encryption based on keys derived from individual user passwords.

                                      If this is a feature you’re looking for in a hosted solution, Protonmail is probably your best option.

                                      However, even if such claims are made you can’t verify that.

                                      Up to a point you can, Protonmail has released their webmail client as open source. Of course, with today’s JavaScript ecosystem it’ll be very hard to verify that the JavaScript code you are running actually corresponds to that code. Also, you can’t verify they’re not secretly storing a plaintext copy of inbound mails before encryption. But down that path lies madness, or self-hosting.

                                      1. 1

                                        But down that path lies madness, or self-hosting.

                                        And the desperate hope that your correspondent also is sufficiently paranoid.

                                2. 3

                                  +1 for Fastmail. Switched recently after self-hosting (well, the last several years at a friend’s) since the dial-up days and I’m satisfied.

                                  1. 3

                                    Another Fastmail user here. I switched from GMail and my only regret is that I didn’t switch sooner.

                                    I don’t think there are any workflow advantages, but I appreciate that they don’t track me, and I trust them more than Google.

                                    I have the $30 per year subscription.

                                    1. 3

                                      One of other things I want to highlight is reliability/availability. Making sure I dont miss important emails is even more important than privacy to me. Newer, smaller, and privacy-focused sites might not have as much experience in keeping site up or getting all your mail in reliably.

                                      Fastmail has been around for quite a while with positive feedback from everyone Ive seen. So, they might perform better than others in not missing/losing email and being available. Just speculating here based on what their customers say.

                                      1. 3

                                        SMTP actually tolerates outages pretty well… I’ve had my self hosted server down for a couple days, and everyone resent me everything when I fixed it.

                                        1. 1

                                          Haha. Good to know.

                                      2. 1

                                        What service do you use for Calendars and such?

                                        1. 4

                                          I use FastMail for calendars and contacts. I actually don’t use it for e-mail much since my ISP is pretty ok.

                                          For Android I switched from CalDAV-Sync + CardDAV-Sync to DAVdroid. Both work but the latter is easier to configure (by way of having less config options).

                                          I tried self-hosting Radical for a while but for the time I had to put into it I’d rather pay FastMail $30 per year.

                                          1. 1

                                            Fastmail! We have a family email account and shared calendars and reminders and suchlike, and I have a personal account as well.

                                        1. 3

                                          I’ve been trying this for a number of years now. Unfortunately I was a foolish child born in the late 90’s so wresting control of my personal information from the dozens and dozens of services I blindly gave to has been challenging.

                                          1. 3

                                            When I first got online in the late 90s I was “default closed” and never associated my online persona with my IRL identity. At some point in the mid 2000s I made the conscious decision to the “default open”; to use my real name everywhere, not use private accounts etc. I gradually moved some of the public content from other platforms onto my own (hosted) blog, and then moved to a VPS for my blogs and other stuff like private git repos.

                                            In the past few weeks I’ve switched back to “default closed”. Unlike the OP, I’m not worried about how I can keep sharing things publicly - for the most part I’ve decided to stop doing that at all. I’ve taken down my blogs, made my social media accounts private, hugely culled friends and followers, closed a ton of accounts for platforms/services I don’t use.

                                            Large parts of the last 15-odd years of my online life are still available with a bit of effort, but it’s gratifying that now you have to put in a little more work than simply googling my name.

                                            1. 2

                                              Same here… It’s very hard and even with the recent GDPR and right to be forgotten it’s still challenging to do anything, because:

                                              1. Many services are kind of dead, your information is somewhere on the internet and nobody’s taking care of that data anymore.
                                              2. Some do not even reply to your requests and ignore you and betting (with success) that nobody’s going to engage any legal pursuit.
                                              3. Lastly, even when taking care about this, I’m still ages from remembering everything that I subscribed to. When I receive a marketing email, I actively process it, but that’s probably less than 20% of what I registered to…

                                              Although, I do understand that having a way to retrieve every service that you resisted to would be handy but a real security issue…

                                              In the end, I’m not trying as the author to self-host everything, but to be conscious about which data I hand in to which service. To me it feels like many things in life, making trade-offs.

                                              1. 5

                                                So who are the miners? How are they paid? What is the mining/validation method? Who has custody over copies? What happens when there is disagreement among ledgers?

                                                1. 1

                                                  My (very) naive answer would be:

                                                  • The users of the service
                                                  • By using the service
                                                  • no idea
                                                  • Everybody?
                                                  • Majority?
                                              1. 3

                                                I seem to agree what I imagine to be the implied message here, but it seems to disagree with the actual text in a couple places.

                                                Choose standard technology … [an analogy alluding to medieval war technology]

                                                The analogy is interesting, considering that wars are often won by inventing and using new and sometimes crazy ways to kill people and destroy things. So not at all by using standard technology.

                                                But then they say things like

                                                All we had to do was write a small amount of highly performant Ruby and Go code to knit the two standard technologies together

                                                The standard programming language by their rules would be Java. Ruby and Go are both a bit fringe in comparison.

                                                1. 2

                                                  Choose standard technology … [an analogy alluding to medieval war technology]

                                                  I think they had fantastic novels in mind when writing that… with older weapons having mistical powers.

                                                  Ruby and Go can be somewhat standard compared to F# or D for example (or even Haskell).

                                                1. 12

                                                  While I agree with the sentiment I think it’s interesting that the site requires 43 scripts and two ad trackers to display this “text”.

                                                  Upon closer reading of the article it appears to change from run less software, to run less software yourself, pay Amazon to run it for you. Which perhaps explains their comfort with the aforementioned 43 scripts.

                                                  1. 7

                                                    Can we just stop commenting about the number of scripts, the size of the images and other non-content related stuff? If you guys want to do that all days long, launch a sister lobster instance about that.

                                                    I think as a community we would all benefit most from exchanging about the content of articles than spamming around about size pages and design choices.

                                                    1. 5

                                                      I wasn’t attempting a me-to moment of js bashing, but rather a critique on the authors pursuit of less. Please see comment below. One would hope they could express an opinion without being labelled as spam.

                                                      As an aside you may have noticed the popularity of articles about text only websites/browsers, reducing cruft, conservative web development etc in this community which suggests it may be something that people care about.

                                                      1. 3

                                                        I do see the irony, but without looking at the size of the page, or images, the article is surprisingly pure. There’s no ad, it’s perfect on mobile, the content is first class citizen,… I really don’t think that the number of scripts or else is even remotely as interesting as the content.

                                                        As an aside you may have noticed the popularity of articles about text only websites/browsers

                                                        Yes, and I think that beside expressing this opinion that can be stated on +50% of the links posted, it’s not gonna help in any way. The rest of the web is not going to change because users complained on a link agregation website.

                                                        Beside, I really feel that we’re all loosing something by commenting more about this than the content (that I found great on this article).

                                                    2. 3

                                                      Number of scripts means nothing. They could have easily compiled it all in to one file and it would be functionally the same thing. The scripts do some neat tricks like loading images in layers when you scroll on to them so you see the foreground slightly before the background.

                                                      The whole point of run less software is to minimise the time spent by their engineers managing software so if Amazon can do it thats better. I guess a better title would be “manage less software”.

                                                      1. 2

                                                        True, the number in itself means nothing but it does suggest lots of extra code, perhaps fewer scrolling images and ‘neat tricks’ would have equalled less time spent on the article?

                                                        I whole heartedly agree we shouldn’t be chasing the latest greatest fad, and there is generally a balance between buying and building that needs to be struck.

                                                        Just a tad ironic that their pursuit of less, and desire for simple required so much code / bling to get across. It sounds a little like they just passed the complexity buck on, which is fine, but it’s different from a pursuit of simple, or praising old trusty tech in favour of new and shiny.

                                                    1. 3

                                                      I find it very sad that we use so much of our planet for direct speculative tasks (what bitcoin and al are mostly ATM)…

                                                      1. 1

                                                        I get that mental illness gives old mate a pass on the racist diatribes, but most of those “features” are really bad ideas.

                                                        1. 7

                                                          As the article put it:

                                                          Don’t write things off just because they have big flaws.

                                                          That said, would you please expand on why most of the features are really bad ideas?

                                                          1. 11

                                                            I may be the only user of my computer, but I still appreciate memory protection.

                                                            1. 5

                                                              More to the point: Practically every, if not every, security feature is also an anti-footbullet feature. Memory protection protects my data from other people on the system and allows security contexts to be enforced, and it protects my data from one of my own programs going wrong and trying to erase everything it can address. Disk file protections protect my data from other users and partially-trusted processes, and ensure my own code can’t erase vital system files in the normal course of operation. That isn’t even getting into how memory protection interacts with protecting peripheral hardware.

                                                              Sufficiently advanced stupidity is indistinguishable from malice.

                                                              1. 15

                                                                But that’s not really the point of TempleOS, is it?

                                                                As Terry once mentioned, TempleOS is a motorbike. If you lean over too far you fall off. Don’t do that. There is no anti-footbullet features because that’s the point.

                                                                Beside that, TOS still has some features lacking in other OS. Severely lacking.

                                                                1. 1

                                                                  Beside that, TOS still has some features lacking in other OS. Severely lacking.

                                                                  Like?

                                                                  1. 12

                                                                    The shell being not purely text but actual hypertext with images is lacking in most other os by default and I would love to have that.

                                                                    1. 6

                                                                      If you’ve never played with Oberon or one of its descendant systems, or with Acme (inspired by Oberon) from Rob Pike, you should give it/them a try.

                                                                      1. 0

                                                                        If you start adding images and complex formatting in to the terminal then you lose the ability to pipe programs and run text processing tools on them.

                                                                        1. 13

                                                                          Only because Unix can’t comprehend with the idea of anything other than bags of bytes that unformatted text happens to be congruent with.

                                                                          1. 4

                                                                            I have never seen program composition of guis. The power of text is how simple it is to manipulate and understand with simple tools. If a tool gives you a list of numbers its very easy to process. If the tool gives you those numbers in a picture of a pie chart then it’s next to impossible to do stuff with that.

                                                                            1. 7

                                                                              Program composition of GUIs is certainly possible – the Alto had it. It’s uncommon in UNIX-derived systems and in proprietary end-user-oriented systems.

                                                                              One can make the argument that the kind of pipelining of complex structured objects familiar from notebook interfaces & powershell is as well-suited to GUI composability as message-passing is (although I prefer message-passing for this purpose since explicit nominal typing associated with this kind of OO slows down iterative exploration).

                                                                              A pie chart isn’t an image, after all – a pie chart is a list of numbers with some metadata that indicates how to render those numbers. The only real reason UNIX doesn’t have good support for rich data piping is that it’s hard to add support to standard tools decades later without breaking existing code (one of the reasons why plan9 is not fully UNIX compatible – it exposes structures that can’t be easily handled by existing tools, like union filesystems with multiple files of the same name, and then requires basically out-of-band disambiguation). Attempts to add extra information to text streams in UNIX tools exist, though (often as extra control sequences).

                                                                              1. 3

                                                                                Have a look at PowerShell.

                                                                                1. 3

                                                                                  I have never seen program composition of guis. The power of text is how simple it is to manipulate and understand with simple tools. If a tool gives you a list of numbers its very easy to process. If the tool gives you those numbers in a picture of a pie chart then it’s next to impossible to do stuff with that.

                                                                                  Then, respectfully, you need to get out more :) Calvin pointed out one excellent example, but there are others.

                                                                                  Smalltalk / Squeak springs to mind.

                                                                                  1. 2

                                                                                    Certainly the data of the pie chart has to be structured with such metadata that you can pipe it to a tool which extracts the numbers. Maybe even manipulates them and returns a new pie chart.

                                                                                2. 3

                                                                                  You don’t loose that ability considering such data would likely still have to be passed around in a pipe. All that changes is that your shell is now capable of understanding hypertext instead of normal text.

                                                                                  1. 1

                                                                                    I could easily imagine a command shell based on S-expressions rather than text which enabled one to pipe typed data (to include images) easily from program to program.

                                                                              2. 1

                                                                                But why do I want that? It takes me 30 seconds to change permissions on /dev/mem such that I too can ride a motorbike without a helmet.

                                                                                1. 2

                                                                                  That is completely beside the point. A better question is how long would it take you to implement an operating system from scratch, by yourself, for yourself. When you look at it that way, of course he left some things out. Maybe those things just weren’t as interesting to him.

                                                                                  1. 1

                                                                                    You could do that, but in TOS that’s the default. Defaults matter a lot.

                                                                                    1. 2

                                                                                      /dev/mem more or less world accessible was also the default for a particular smartphone vendor I did a security audit for.

                                                                                      Defaults do matter a lot…

                                                                                2. 8

                                                                                  If there are no other users, and it takes only a second or two to reload the OS, what’s the harm?

                                                                                  1. 6

                                                                                    Its fine for a toy OS but I dont want to be working on real tasks where a bug in one program could wipe out everything I’m working on or corrupt it silently.

                                                                                    1. 11

                                                                                      I don’t think TempleOS has been advertised as anything other than a toy OS. All this discussion of “but identity mapped ring 0!” seems pretty silly in context. It’s not designed to meet POSIX guidelines, it’s designed to turn your x86_64 into a Commodore.

                                                                              3. 2

                                                                                Don’t write things off just because they have big flaws.

                                                                                That’s pretty much the one and only reason where you would want to write things off.

                                                                                1. 14

                                                                                  There’s a difference between writing something off based on it having no redeeming qualities and writing something off because it’s a mixed bag. TempleOS is a mixed bag – it is flawed in a generally-interesting way. (This is preferable to yet another UNIX, which is flawed in the same boring ways as every other UNIX.)

                                                                              4. 2

                                                                                This is probably not what you meant to imply, but nobody else said it, so just to be clear: Mental illness and racism aren’t correlated.

                                                                                1. 2

                                                                                  Whatever is broken inside somebody to make them think the CIA is conspiring against them, I find it hard to believe that same fault couldn’t easily make somebody think redheads are conspiring against them.

                                                                                  1. 2

                                                                                    You’re oversimplifying. There are many schizophrenic people in the U.S., and most of them are not racist. Compulsions, even schizophrenic ones, don’t come from the ether, and they’re not correlated with any particular mental illness. Also, terry’s compulsions went far beyond paranoia.

                                                                              1. 3

                                                                                It would be interesting to read about how the site is deployed and some performance stats. Is any of that published anywhere?

                                                                                1. 4

                                                                                  The site is deployed via ansible playbook. Can you describe what you mean by performance stats? In June 2018 pushcx published activity stats and in August 2018 I gave a presentation where I further articulated that activity. Is that what you are looking for or did you have something else in mind?

                                                                                  1. 3

                                                                                    I would be interested in seeing you/mem stats from before and after the 5.2 migration. Pure curiosity!

                                                                                    1. 2

                                                                                      Alas, I don’t have any quantitative data to share here. I’ve been able to solve memory pressure by sampling and making plausible guesses from there. I can say that the memory the Ruby work queue uses is load dependent: over the day the memory size of that process set grows and shrinks based on how busy the site is.

                                                                                      That doesn’t really answer your question though. If we were going to collect memory timeseries data, would you recommend any particular tool? collectd?

                                                                                      1. 2

                                                                                        I would recommend Prometheus. It’s easy to get running, suitable for collecting data and graphing, as well as full monitoring / alerting.

                                                                                        1. 4

                                                                                          We already discussed about monitoring on the ansible repository. Lobsters is generously hosted by @alynpost’s company and adding Prometheus to it would add a good way to visualize metrics, but would also take cpu/memory that would have been available for Rails and MariaDB.

                                                                                          For the monitoring, it was then said by Alan that the Nagios setup used at Prgmr could be used, so adding monitoring without the downsides!

                                                                                          1. 1

                                                                                            Building on @jstoja’s reply: we definitely have external monitoring for lobste.rs (the username and password is ‘guest’). That Nagios instance is hooked up to prgmr.com’s pager rotation so we get paged if the site goes down.

                                                                                  1. 3

                                                                                    Congratulations and thank you very much for this awesome contribution!

                                                                                    1. 1

                                                                                      Why using CloudWatch for monitoring alerts but not for log aggregation too? ELK seems like a big thing to setup and maintain. I’d add that most of these things can be deployed and maintained with Terraform and a bunch of Ansible scripts (that should only care about your application).

                                                                                      1. 2

                                                                                        I really feel that there is still a lot of questions and practices that still need evolving around the release management and deployment world in general. I didn’t find anybody yet telling me that they feel their deployment workflow is super solid, simple enough for new-commers to plug to, and easy to manage. I think that there’s still a long road into this area that needs to be done.

                                                                                        1. 2

                                                                                          Really really cool. I also like the linked 4K picture suitable for use as background image. Awesome stuff.

                                                                                          1. 2

                                                                                            It made me think of some cosmic background, really cool indeed!

                                                                                          1. 1

                                                                                            I’m not sure I’m sold on this. I get why people building infrastructure software like redis might want this. Yes, it helps them keep the “Foo as a Service” market as a captive income stream without competition from AWS, et al. At the same time it seems like for any service of much worth, it’s going to get cloned by the big providers anyway, and then you have a proliferation of similar but incompatible closed-source versions. I’m not convinced that is necessarily good for the community at large.

                                                                                            1. 2

                                                                                              I think it’s just a protection to avoid a Redis as a service launched with plain redis and few bits here and there to make the offering work. Big players can obviously clone it and have theirs, but at least most small to middle size players are eliminated. (From what I understand).

                                                                                              1. 3

                                                                                                You can still start Redis as a Service companies. I was shocked at first because I thought this concerned Redis and their aim was to kill all of the Redis as a Service providers which already exist. But it turns out Redis Core is unaffected by this, only some modules are.

                                                                                                I don’t really know what they intend to achieve with this, except having people avoid using their modules…

                                                                                                1. 2

                                                                                                  Which doesn’t seem worthwhile, as the big players are the ones most likely to be able to market and monetise a service based on core Redis plus their own proprietary add-ons. It’s pretty difficult to compete with AWS on any front at this stage, given their massive resources and the “nobody ever gets fired for buying X” safety of big brands.

                                                                                                  Boxing out only the small players doesn’t really feel like it’s going to preserve a whole bunch of market or mindshare for the Redis company.

                                                                                                  1. 1

                                                                                                    I’m not into business very much, so I cannot evaluate if this operation is worth it or not, I would just assume that they were going for the long tail, which can be a sufficient number of clients to have decent revenue and continue to work on the Redis company.

                                                                                                    1. 1

                                                                                                      In reality I don’t have the feeling that a “long tail” actually exists for a lot of these types of services. I base this on the Firebase/Parse era when there were loads of “backend as a service” companies around that have all withered away (my understanding at least). With only google/Firebase remaining. I personally was surprised by this.

                                                                                              1. 3

                                                                                                I don’t understand why this matters. Both Windows and Mac versions can still be downloaded from the docker website without logging in:

                                                                                                I found those by googling “docker for $OS”. The Mac page was the top result and the windows was the third.

                                                                                                1. 16

                                                                                                  I searched docker for windows and it took me to this page. Which asks for a login to download. I think the big deal is how dishonest the reply from the docker team is.

                                                                                                  “we’ve made this change to make sure we can improve the Docker for Mac and Windows experience for users moving forward.”

                                                                                                  This is such obvious marketing BS and it’s insulting that they think the average developer doesn’t know this is so they can send more marketing emails and not to “Improve experiences”.

                                                                                                  1. 1

                                                                                                    In their defense, it takes money to improve the experience, and marketing yields money. So indirectly, marketing allows them to improve the experience. I entirely agree that they should just come out and say that, however.

                                                                                                    1. 1

                                                                                                      I love this reasoning! I wonder where else they could improve.

                                                                                                      I think funneling more docker users into Enterprise plans would be big $$$, maybe they could cap the number of images downloaded from the store for free, and then sell licences for more downloads.

                                                                                                  2. 7

                                                                                                    It’s required from >= 18.03

                                                                                                  1. 2

                                                                                                    Wikimedia Foundation, the non-profit organization behind Wikipedia (Alexa top 5) as well as all sister projects such as Wiktionary, Wikiquote,.. is hiring Site Reliability Engineers, Application Security Engineers and more. All positions in San Francisco or remote.

                                                                                                    1. 1

                                                                                                      Just saw that you’re pretty new there, how is it going?

                                                                                                    1. 2

                                                                                                      We (Amazon Web Service Elastic Filesystem) are!

                                                                                                      https://www.amazon.jobs/en/jobs/703035/software-development-engineer-ii

                                                                                                      Don’t believe the hype. Working for Amazon has been a literal life changer for me. Nothing is ever perfect, and this place is no exception, but there’s plenty of awesome around here and we work at a scale that few can match. The job is full of challenges and it’s a VERY different day to day experience from any company I’ve ever worked, but I love it.

                                                                                                      Most of our work is Java or C/C++ and a bunch of Python on the infrastructure side.

                                                                                                      Feel free to list me (cpatti at amazon dot com) as a referral if you apply, and let me know so I can connect the dots internally :)

                                                                                                      1. 2

                                                                                                        Hey @feoh! I’ve several times tried to apply for an SRE where I live but NEVER got any answer back. My profile is probably still a bit too young (4years exp), but I’m looking for great environment and teams to learn from. Would you have any idea about the profile matching this kind of job @ Amazon?

                                                                                                        1. 2

                                                                                                          It depends very much on the job level of the job in question.

                                                                                                          Also I don’t exactly know what “SRE” maps to in Amazon-ese :) My job title is “System Development Engineer” and that’s a good guess, but I’m not sure.

                                                                                                          If it’s a SysDE role, things we look for generally are:

                                                                                                          • Solid coding ability: You need to be able to implement simple algorithms and solve common systems problems in code. In practice this means you should know an actual programming language, not just bash, and be able to demonstrate that with a simple collaborative coding task.

                                                                                                          • System design at scale

                                                                                                          • A functional understanding of networking

                                                                                                          And then there are the less technical areas like our Leadership Principles. Definitely do some thinking on those and how each might apply to various situations in your career.

                                                                                                          As to finding a way in - network! Amazon has a sizable presence on LinkedIn. Reach out and politely ask quesitons of people, and don’t be afraid to be persistent. People are busy and may not get to you right away. Just be respectful of the fact that you’re asking for a leg up and you’ll be surprised at the response you might get.

                                                                                                          Good luck!

                                                                                                          [Note - I’m not speaking for my employer, just giving you my impressions of what we tend to look for in this one particular area.]

                                                                                                          1. 2

                                                                                                            Thank you so much for this comprehensive answer! That’s super helpful and I’ll definitely give a try!

                                                                                                        2. 1

                                                                                                          Every once in a while I get poked at by an Amazon recruiter on LinkedIn. Usually, I say it sounds awesome but I’m not willing to relocate, and I never hear back. :P

                                                                                                          1. 4

                                                                                                            I hear you. It was like that here for a long time too, and then around 5-6 years ago our director pitched a Boston office to the Seattle management chain and it worked. Now we’re booming.

                                                                                                            It’s kind of frustrating how cavalier some recruiters are about locating. My answer usually shuts them up “My wife is a VP at a bank, makes more than me, and has held the same job for 15 years. There is NO way we’re gonna give that up.”

                                                                                                            1. 2

                                                                                                              Recruiters seem to believe, and in the aggregate they’re correct if only because it’s a self-fulfilling prophecy, that anyone who would answer their unsolicited emails can’t afford to be picky.

                                                                                                              1. 2

                                                                                                                I’ve wondered about that. Like, as in, what is their ACTUAL success rate? I get the impression that tech recruiting is one of those fields like real-estate. There WAS mad money to be made for a while so a lot of people got into it. But these days, with the web and with much better networking all around.

                                                                                                                1. 2

                                                                                                                  It’s hard to tell. I expect that some of the larger “hiring” websites have some data on it for their own purposes, but for the rest of us, I don’t see any way to find out.

                                                                                                        1. 28

                                                                                                          That is a very reductionist view of what people use the web for. And I am saying this as someone who’s personal site pretty much matches everything prescribed except comments (which I still have).

                                                                                                          Btw, Medium, given as a positive example, is not in any way minimal and certainly not by metrics given in this article.

                                                                                                          1. 19

                                                                                                            Btw, Medium, given as a positive example, is not in any way minimal and certainly not by metrics given in this article.

                                                                                                            Chickenshit minimalism: https://medium.com/@mceglowski/chickenshit-minimalism-846fc1412524

                                                                                                            1. 13

                                                                                                              I wouldn’t say medium even gives the illusion of simplicity (For example, on the page you linked, try counting the visual elements that aren’t blog post). Medium seems to take a rather contrary approach to blogs, including all the random cruft you never even imagined existed, while leaving out the simple essentials like RSS feeds. I honestly have no idea how the author of the article came to suggest medium as an example of minimalism.

                                                                                                              1. 8

                                                                                                                Medium started with an illusion of simplicity and gradually got more and more complex.

                                                                                                                1. 3

                                                                                                                  I agree with your overall point, but Medium does provide RSS feeds. They are linked in the <head> and always have the same URL structure. Any medium.com/@user has an RSS feed at medium.com/feed/@user. For Medium blogs hosted at custom URLs, the feed is available at /feed.

                                                                                                                  I’m not affiliated with Medium. I have a lot of experience bugging webmasters of minimal websites to add feeds: https://github.com/issues?q=is:issue+author:tfausak+feed.

                                                                                                              2. 3

                                                                                                                That is a very reductionist view of what people use the web for.

                                                                                                                I wonder what Youtube, Google docs, Slack, and stuff would be in a minimal web.

                                                                                                                1. 19

                                                                                                                  Useful.

                                                                                                                  algernon hides

                                                                                                                  1. 5

                                                                                                                    YouTube, while not as good as it could be, is pretty minimalist if you disable all the advertising.

                                                                                                                    I find google apps to be amazingly minimal, especially compared to Microsoft Office and LibreOffice.

                                                                                                                    Minimalist Slack has been around for decades, it’s called IRC.

                                                                                                                    1. 2

                                                                                                                      It is still super slow then! At some point I was able to disable JS, install the Firefox “html5-video-everywhere” extension and watch videos that way. That was awesome fast and minimal. Tried it again a few days ago, but didn’t seem to work anymore.

                                                                                                                      Edit: now I just “youtube-dl -f43 ” directly without going to YouTube and start watching immediately with VLC.

                                                                                                                      1. 2

                                                                                                                        The youtube interface might look minimalist, but under the hood, it is everything but. Besides, I shouldn’t have to go to great lengths to disable all the useless stuff on it. It shouldn’t be the consumer’s job to strip away all the crap.

                                                                                                                      2. 2

                                                                                                                        That seems to be of extreme bad faith though.

                                                                                                                        1. 11

                                                                                                                          In a minimal web, locally-running applications in browser sandboxes would be locally-running applications in non-browser sandboxes. There’s no particular reason any of these applications is in a browser at all, other than myopia.

                                                                                                                          1. 2

                                                                                                                            Distribution is dead-easy for websites. In theory, you have have non-browser-sandboxed apps with such easy distribution, but then what’s the point.

                                                                                                                            1. 3

                                                                                                                              Non-web-based locally-running client applications are also usually made downloadable via HTTP these days.

                                                                                                                              The point is that when an application is made with the appropriate tools for the job it’s doing, there’s less of a cognitive load on developers and less of a resource load on users. When you use a UI toolkit instead of creating a self-modifying rich text document, you have a lighter-weight, more reliable, more maintainable application.

                                                                                                                              1. 3

                                                                                                                                The power of “here’s a URL, you now have an app running without going through installation or whatnot” cannot be understated. I can give someone a copy of pseudo-Excel to edit a document we’re working together on, all through the magic of Google Sheet’s share links. Instantly

                                                                                                                                Granted, this is less of an advantage if you’re using something all the time, but without the web it would be harder to allow for multiple tools to co-exist in the same space. And am I supposed to have people download the Doodle application just to figure out when our group of 15 can go bowling?

                                                                                                                                1. 4

                                                                                                                                  They are, in fact, downloading an application and running it locally.

                                                                                                                                  That application can still be javascript; I just don’t see the point in making it perform DOM manipulation.

                                                                                                                                  1. 3

                                                                                                                                    As one who knows JavaScript pretty well, I don’t see the point of writing it in JavaScript, however.

                                                                                                                                    1. 1

                                                                                                                                      A lot of newer devs have a (probably unfounded) fear of picking up a new language, and a lot of those devs have only been trained in a handful (including JS). Even if moving away from JS isn’t actually a big deal, JS (as distinct from the browser ecosystem, to which it isn’t really totally tied) is not fundamentally that much worse than any other scripting language – you can do whatever you do in JS in python or lua or perl or ruby and it’ll come out looking almost the same unless you go out of your way to use particular facilities.

                                                                                                                                      The thing that makes JS code look weird is all the markup manipulation, which looks strange in any language.

                                                                                                                                      1. 3

                                                                                                                                        JS (as distinct from the browser ecosystem, to which it isn’t really totally tied) is not fundamentally that much worse than any other scripting language

                                                                                                                                        (a == b) !== (a === b)

                                                                                                                                        but only some times…

                                                                                                                                        1. 3

                                                                                                                                          Javascript has gotchas, just like any other organic scripting languages. It’s less consistent than python and lua but probably has fewer of these than perl or php.

                                                                                                                                          (And, just take a look at c++ if you want a faceful of gotchas & inconsistencies!)

                                                                                                                                          Not to say that, from a language design perspective, we shouldn’t prize consistency. Just to say that javascript is well within the normal range of goofiness for popular languages, and probably above average if you weigh by popularity and include C, C++, FORTRAN, and COBOL (all of which see a lot of underreported development).

                                                                                                                                  2. 1

                                                                                                                                    Web applications are expected to load progressively. And that because they are sandboxed, they are allowed to start instantly without asking you for permissions.

                                                                                                                                    The same could be true of sandboxed desktop applications that you could stream from a website straight into some sort of sandboxed local VM that isn’t the web. Click a link, and the application immediately starts running on your desktop.

                                                                                                                                  3. 1

                                                                                                                                    I can’t argue with using the right tool for the job. People use Electron because there isn’t a flexible, good-looking, easy-to-use cross-platform UI kit. Damn the 500 mb of RAM usage for a chat app.

                                                                                                                                    1. 4

                                                                                                                                      There are several good-looking flexible easy to use cross-platform UI kits. GTK, WX, and QT come to mind.

                                                                                                                                      If you remove the ‘good-looking’ constraint, then you also get TK, which is substantially easier to use for certain problem sets, substantially smaller, and substantially more cross-platform (in that it will run on fringe or legacy platforms that are no longer or were never supported by GTK or QT).

                                                                                                                                      All of these have well-maintained bindings to all popular scripting languages.

                                                                                                                                      1. 1

                                                                                                                                        QT apps can look reasonably good. I think webapps can look better, but I haven’t done extensive QT customization.

                                                                                                                                        The bigger issue is 1) hiring - easier to get JS devs than QT devs 2) there’s little financial incentive to reduce memory usage. Using other people’s RAM is “free” for a company, so they do it. If their customers are in US/EU/Japan, they can expect reasonably new machines so they don’t see it as an issue. They aren’t chasing the market in Nigeria, however large in population.

                                                                                                                                        1. 5

                                                                                                                                          Webapps are sort of the equivalent of doing something in QT but using nothing but the canvas widget (except a little more awkward because you also don’t have pixel positioning). Whatever can be done in a webapp can be done in a UI toolkit, but the most extreme experimental stuff involves not using actual widgets (just like doing it as a webapp would).

                                                                                                                                          Using QT doesn’t prevent you from writing in javascript. Just use NPM QT bindings. It means not using the DOM, but that’s a net win: it is faster to learn how to do something with a UI toolkit than to figure out how to do it through DOM manipulation, unless the thing that you’re doing is (at a fundamental level) literally displaying HTML.

                                                                                                                                          I don’t think memory use is really going to be the main factor in convincing corporations to leave Electron. It’s not something that’s limited to the third world: most people in the first world (even folks who are in the top half of income) don’t have computers that can run Electron apps very well – but for a lot of folks, there’s the sense that computers just run slow & there’s nothing that can be done about it.

                                                                                                                                          Instead, I think the main thing that’ll drive corporations toward more sustainable solutions is maintenance costs. It’s one thing to hire cheap web developers & have them build something, but over time keeping a hairball running is simply more difficult than keeping something that’s more modular running – particularly as the behavior of browsers with respect to the corner cases that web apps depend upon to continue acting like apps is prone to sudden (and difficult to model) change. Building on the back of HTML rendering means a red queen’s race against 3 major browsers, all of whom are changing their behaviors ahead of standards bodies; on the other hand, building on a UI library means you can specify a particular version as a dependency & also expect reasonable backwards-compatibility and gradual deprecation.

                                                                                                                                          (But, I don’t actually have a lot of confidence that corporations will be convinced to do the thing that, in the long run, will save them money. They need to be seen to have saved money in the much shorter term, & saying that you need to rearchitect something so that it costs less in maintenance over the course of the next six years isn’t very convincing to non-technical folks – or to technical folks who haven’t had the experience of trying to change the behavior of a hairball written and designed by somebody who left the company years ago.)

                                                                                                                                        2. 1

                                                                                                                                          I understand that these tools are maintained in a certain sense. But from an outsider’s perspective, they are absolutely not appealing compared to what you see in their competitors.

                                                                                                                                          I want to be extremely nice, because I think that the work done on these teams and projects is very laudable. But compare the wxPython docs with the Bootstrap documentation. I also spent a lot of time trying to figure out how to use Tk, and almost all resources …. felt outdated and incompatible with whatever toolset I had available.

                                                                                                                                          I think Qt is really good at this stuff, though you do have to marry its toolset for a lot of it (perhaps this has gotten better).

                                                                                                                                          The elephant in the room is that no native UI toolset (save maybe Apple’s stack?) is nowhere near as good as the diversity of options and breadth of tooling available in DOM-based solutions. Chrome dev tools is amazing, and even simple stuff like CSS animations gives a lot of options that would be a pain in most UI toolkits. Out of the box it has so much functionality, even if you’re working purely vanilla/“no library”. Though on this points things might have changed, jQuery basically is the optimal low-level UI library and I haven’t encountered native stuff that gives me the same sort of productivity.

                                                                                                                                          1. 3

                                                                                                                                            I dunno. How much of that is just familiarity? I find the bootstrap documentation so incomprehensible that I roll my own DOM manipulations rather than using it.

                                                                                                                                            TK is easy to use, but the documentation is tcl-centric and pretty unclear. QT is a bad example because it’s quite heavy-weight and slow (and you generally have to use QT’s versions of built-in types and do all sorts of similar stuff). I’m not trying to claim that existing cross-platform UI toolkits are great: I actually have a lot of complaints with all of them; it’s just that, in terms of ease of use, peformance, and consistency of behavior, they’re all far ahead of web tech.

                                                                                                                                            When it comes down to it, web tech means simulating a UI toolkit inside a complicated document rendering system inside a UI toolkit, with no pass-throughs, and even web tech toolkits intended for making UIs are really about manipulating markup and not actually oriented around placing widgets or orienting shapes in 2d space. Because determining how a piece of markup will look when rendered is complex and subject to a lot of variables not under the programmer’s control, any markup-manipulation-oriented system will make creating UIs intractably awkward and fragile – and while Google & others have thrown a great deal of code and effort at this problem (by exhaustively checking for corner cases, performing polyfills, and so on) and hidden most of that code from developers (who would have had to do all of that themselves ten years ago), it’s a battle that can’t be won.

                                                                                                                                            1. 5

                                                                                                                                              It annoys me greatly because it feels like nobody really cares about the conceptual damage incurred by simulating a UI toolkit inside a doument renderer inside a UI toolkit, instead preferring to chant “open web!” And then this broken conceptual basis propagates to other mediums (VR) simply because it’s familiar. I’d also argue the web as a medium is primarily intended for commerce and consumption, rather than creation.

                                                                                                                                              It feels like people care less about the intrinsic quality of what they’re doing and more about following whatever fad is around, especially if it involves tools pushed by megacorporations.

                                                                                                                                              1. 2

                                                                                                                                                Everything (down to the transistor level) is layers of crap hiding other layers of different crap, but web tech is up there with autotools in terms of having abstraction layers that are full of important holes that developers must be mindful of – to the point that, in my mind, rolling your own thing is almost always less work than learning and using the ‘correct’ tool.

                                                                                                                                                If consumer-grade CPUs were still doubling their clock speeds and cache sizes every 18 months at a stable price point and these toolkits properly hid the markup then it’d be a matter of whether or not you consider waste to be wrong on principle or if you’re balancing it with other domains, but neither of those things are true & so choosing web tech means you lose across the board in the short term and lose big across the board in the long term.

                                                                                                                            2. 1

                                                                                                                              Youtube would be a website where you click on a video and it plays. But it wouldn’t have ads and comments and thumbs up and share buttons and view counts and subscription buttons and notification buttons and autoplay and add-to-playlist.

                                                                                                                              Google docs would be a desktop program.

                                                                                                                              Slack would be IRC.

                                                                                                                              1. 1

                                                                                                                                What you’re describing is the video HTML5 tag, not a video sharing platform. Minimalism is good, I do agree, but don’t mix it with no features at all.

                                                                                                                                Google docs would be a desktop program.

                                                                                                                                This is another debate around why using the web for these kind of tasks, not the fact that it’s minimalist or not.