1. 2

    I don’t love fully split keyboards. I end up searching for but never finding the perfect position of the individual halves on my desk. I don’t think it’s hard to find a good position, but because I can move them around and angle them differently I always try to find a “better” position. That’s why I personally like split-but-physically-joined keyboards like the Kinesis Advantage more.

    1. 1

      This is surprising. The linked What causes Ruby memory bloat? has some numbers: 230 MB allocated vs only 7 MB being used (not freed) by Ruby. I wonder if there is some system-wide way to make libc release free memory sooner. It could have a big impact on available memory (at the expense of performance).

      EDIT: mallopt apparently has M_TRIM_THRESHOLD that controls this. It specifies the minimum amount of space that can be released. But I suspect the man page is out of date because it claims the default is 128 KiB (much less than 230 MB - 7 MB in the Ruby case above) and neither Ruby or CPython call this. It also makes references to sbrk() and I thought these days memory allocators use mmap() instead.

      1. 2

        I think I’ve heard something about glibc’s malloc still using sbrk for some cases? Modern allocators of course only use mmap, new platforms often just don’t have sbrk at all (e.g. FreeBSD/aarch64&riscv64)

        1. 1

          Ah, that’s probably true given GNU’s focus on being compatible with many systems.

        2. 2

          This kind of thing is often misleading. In snmalloc, we use MADV_FREE on *NIX platforms that support it. This allows the kernel to reclaim pages but the kernel won’t unless physical memory is constrained. On Windows, we register for a low-memory notification and only decommit memory when there is physical memory pressure.

          There is no performance problem from using a load of memory, as long as that memory exists and nothing else wants to use it. There is a problem if using memory prevents allocation, causes swapping, or evicts hot things from the buffer cache. The goal for a memory allocator should be to avoid the latter. There’s nothing wrong with using 10GiB of memory on a system with 128GiB total and 32GiB free. There’s a big problem with using 1GiB on a system with 4GiB that’s starting to swap.

        1. 1

          Notable details from the doc:

          Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

          Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

          These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

          In addition, over the the next year we will introduce several changes to our security checks:

          • A new encrypted protocol for Developer ID certificate revocation checks
          • Strong protections against server failure
          • A new preference for users to opt out of these security protections
          1. 2

            We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices

            It’s nice to hear them state that explicitly, I wonder if people believe it when it comes from Apple.

            1. 1

              I might have misunderstood but I thought people where mostly worried about data collection and MITM attacks given that the ocsp.apple.com requests are made in clear. I don’t believe Apple’s doc actually address those concerns.

              1. 3

                The responses are signed, even in the current version, so a MITM can’t fake them. They can DoS the user, though.

                1. 4

                  They might be signed, so they can’t be MITM, but the issue is that all that tracking data is being sent in cleartext.

                2. 1

                  A new encrypted protocol for Developer ID certificate revocation checks

                  Doesn’t this address it? Or is this about something else?

                  1. 2

                    Ah, you are right, it does address it… but as a future feature. That means the current implementation is indeed open to the winds.

            1. 12

              This seems more about enabling untrusted code to run than improving performance.

              1. 1

                Hope the pain and discomfort in your hands is gone for good! Is it not tricky to navigate in Vim now without your programmable keyboard? I imagine muscle memory would mess you up a lot.

                1. 2

                  Hope the pain and discomfort in your hands is gone for good!

                  It sure has, thanks!

                  Is it not tricky to navigate in Vim now without your programmable keyboard? I imagine muscle memory would mess you up a lot.

                  Possibly, but I have yet to experience this. Since I’m at home right now, I always have my keyboard with me, but you’re right, I won’t always. I suppose I could just use the arrow-key cluster (if it exists).

                1. 2

                  Dark mode was briefly merged and deployed but it was reverted because of bad dev support in Firefox. I don’t think the issues in the commit message have improved since then.

                  1. 2

                    Well, now that Mozilla fired their Firefox DevTools people, I’m sure it’ll be fixed in no time…

                  1. 3

                    Thanks for introducing me to Hammerspoon. I’m used to Ratpoison and after 1 hour of crude hacking I now have the features I miss most from it on macOS.

                    1. 2

                      I’ve been running a Mozilla DXR instance for our internal code. Does anyone have experience with both? What are the advantages of sourcegraph over DXR?

                      1. 1

                        I’ve also been running a Mozilla DXR instance. I’ve been very happy with it. Disclaimer: I have been a contributor to DXR in the past.

                        I only have minimal experience with Sourcegraph. Sourcegraph does fairly well in my opinion. The only annoying thing that I notice missing is “Find declarations”. You can search for references and it looks like any declarations are in that list but there is no easy way to find the declaration(s) separately.

                        The main problem with DXR is that it has no future. Development has been abandoned. Any development effort had migrated to SearchFox. DXR was explicitly designed to be able to index arbitrary code but it appears that SearchFox may be designed only to index Firefox. I’ve never tried to use it so I don’t know how easy it would be to get your own custom code indexed by a SearchFox instance. With the recent layoffs at Mozilla I doubt even SearchFox is going to be getting much work done on it. DXR only works with ElasticSearch 1.7.x and not newer versions which is becoming increasingly difficult to deal with.

                        Sourcegraph has two different ways to index your C++ code: lsif-cpp and lsif-clang, with the latter being the newer, recommended option. The lsif-cpp indexer is based on the DXR clang plugin. Compare https://github.com/sourcegraph/lsif-cpp/blob/master/clang/dxr-index.cpp with https://github.com/mozilla/dxr/blob/master/dxr/plugins/clang/dxr-index.cpp.

                        Sourcegraph has support for a lot more languages than DXR so if you’re using something other than Python, Javascript, Rust or C++ it will probably provide a better experience.

                        If you want to see what using Sourcegraph is like, they have a version at https://sourcegraph.com/search that indexes a bunch of public repos from GitHub. They have the DXR GitHub repo indexed so we can search within that.

                        For example, here are all the places where the string ->get appears in C++ files

                        And here are all the references to the function getFileInfo (look in the bottom frame)

                        1. 1

                          Thanks for the explanation! I had a closer look and it seems pretty good. If I ever have to setup a code searching tool again it will probably be sourcegraph. Our current setup still runs on Ubuntu 16.04 which will lose support in 2021. I remember trying to get DXR running on Ubuntu 20.04 but it was too much of a pain due to dependencies on old software (like the old Elasticsearch). The only potential issue with sourcegraph is that multi-branch indexing is still experimental and we will need that. At the moment I think Mozilla’s future is too uncertain to invest much time in searchfox.

                      1. 11

                        Like the author I think having your own mail server isn’t worth it in most cases. But I do think it’s useful to have your own domain for email (and using an email service that supports custom domains). This way you’re never locked in to a particular email service because you can easily point your MX record to another one.

                        1. 8

                          Using your own domain has its risks too. If you miss a renewal payment, perhaps due to an errant email filter or an unusually long illness, you might lose control of it. Not only is it a major hassle—the new owner gains access to every account that can be reset by email without 2FA (i.e., most of them).

                          That doesn’t necessarily mean using your own domain is a bad idea, but after many years doing that I’ve been slowly transferring some eggs out of that basket.

                          1. 3

                            I have crucial things (such as domains, but also water, electricity, …, phone service) set up with automatic direct withdrawal on a bank account that won’t run dry anytime soon. Not worth the hassle to check every invoice on those before the fact, especially since, given that they maintain crucial things, I took some care to choose providers I think I can trust with that as much as I can trust with them providing a reasonable service.

                            1. 2

                              That’s a good point. I have a yearly reminder in my calendar and have auto-renewal enabled, for me that’s good enough. I wonder how mail providers handle this actually. If someone stops paying for their account and it gets deleted, can someone else register using that same email?

                              1. 2

                                Most registrars will give you a reminder (or several) a few weeks before your domain expires. Assuming you keep up on that inbox (you should), it’s not too difficult. Many will park the domain for a time period after it expires too to prevent scalpers. Obviously if you’re super out of commission for a month, you probably have other things to worry about than your email.