1. 12

    Good website. But @notriddle can you please not use news websites as your sources ? Those are not only the worst when it comes to ads, but they are known for blowing things out of proportion, which makes your argument look flimsy.

    1. 11

      I get your point, but it’s a matter of bootstrapping the trustworthiness of my claims.

      CNN might do a lot of unfortunate things, but I can’t think of anyone who’s more likely to be trusted. If they said that Google ran a month-long ad campaign that pretended to sell fishing licenses, then it probably happened. What other site could I possibly link to, and actually expect my target audience (which isn’t actually you, since you already know this stuff) to give me the time of day? Academic papers are probably pretty good, but they use the English language in a way that lots of people find impenetrable. Wikipedia isn’t even worth considering, though in a few cases, I actually discovered the article through Wikipedia. Neither are independent blogs, or people like SwiftOnSecurity that my audience never heard of.

      Who could I link to instead that I would expect a technically illiterate reader to both understand and trust?

      1. 2

        Add some research on the bottom, keep inline news. It is messy, but guess what - the world is messy. And being idiot-proof is imho good.

      2. 5

        Yeah, In my opinion it is nonsensical to cite news sites when there is real research on the topic.

      1. 10

        Reviewing the DJB qmail security guarantee page:

        In May 2005, Georgi Guninski claimed that some potential 64-bit portability problems allowed a ``remote exploit in qmail-smtpd.’’ This claim is denied. Nobody gives gigabytes of memory to each qmail-smtpd process, so there is no problem with qmail’s assumption that allocated array lengths fit comfortably into 32 bits.

        That’s some fine political weaseling right there, Dr. Bernstein. If your defaults are not limiting that process from the get go and you don’t have an upper limit to prevent that, it’s inherently insecure. Shame on you. If you’re going to have a big ego to make such an audacious “guarantee”, eat the damn crow or rescind that silly ego booster of a “security guarantee”. The latter is free to do and probably will save you more face.

        Pretty much no one is monitoring the memory allocations of an smtp process. So it’s absurd to claim this defaults-enabled attack is not practical.

        1. 2

          I’ve run qmail at various companies over the years and it’s always been standard advice from DJB to run daemons with resource limits set. He provides daemontools, which contains softlimit, which makes this easy.

          Packages made for various OSes/dists include this limiting.

          As memory usage is usually limited, errors will occur if these limits are hit - and these will be logged.

          I’m happy to be corrected on what I believe are the facts here.

          1. 2

            The recent update about this security issue is that it is exploitable in practice because that qmail-smtpd is always memory-limited but qmail-local never is (checked on several distros by Qualys).

            1. 2

              I see, thanks. The comment I replied to was talking about qmail-smtpd. I wasn’t aware of the qmail-local issue.

              Looking at the hole that’s been reported, it looks real to me. Indeed I don’t remember seeing packages limit qmail-local.

          2. 1

            Pretty much no one is monitoring the memory allocations of an smtp process.

            Today. Not in 2005 (15 years ago!) when memory was way more costly.

          1. 3

            Jesus Christ this article is complete trash.

            Two thirds of the article is pointless propaganda, only after a good 60% the author actually starts explaining how this zettelkasten system works.

            What’s the point? Why are you even trying to convince me? Are trying to sell me a piece of furniture later?

            Regarding the system itself: I am tempted to say that a good wiki software like confluence would do the same, but the real advantage of the furniture is that it’s likely going to keep working in 20 years. I wouldn’t bet the same in confluence (or MediaWiki or whatever).

            1. 4

              Mediawiki is 18 years old. Confluence is 16. Considering the Lindy effect, there is a good chance they will still work in 20 years.

              1. 4

                Well, I wouldn’t call Confluence “good wiki software” any more than I would call Visual Basic a robust development environment, but I take your point. My database of personal and professional notes for the past 15 years has been a private instance of Dokuwiki and the more I read about Zettelkasten, it just sounds like a curated personal wiki like I have, once you get past all the gushing.

                1. 2

                  Editing in confluence is light years ahead of pretty much everything else.

                  1. 1

                    Does dokuwiki have backlinks and tags?

                    1. 2

                      Backlinks yes, tags no. Maybe with a plug-in.

                      1. 1


                        So perhaps one could have a page called “Tag:Something” that only holds a description of what could have been the tag “#Something”. All pages that are related to “Something” should have a link to “Tag:Something” on their taglist, and the backlinks on page “Tag:Something” will show relevant pages.

                        It’s a bit like Wikepedia’s “Category:Something”, isn’t it.

                  2. 3

                    The space around the concept “Zettelkasten” has all the features of an emerging marketing space. There are already multiple software solutions. Just wait for the custom-made physical slip-boxes, the note cards in different colors, the books, the pay-for videos, and the webinars.

                    1. 7

                      As I wrote here a couple weeks ago:

                      The Zettelkasten thing sure has been hitting the zeitgeist hard these last few months - right around when I started poking at those ideas myself after kind of edging around them for a decade or two. It’s interesting to feel a burgeoning nerd methodology cult wash over and through the system of my own thinking. I was a lot less self-aware the last few times this really happened to me (the first big wiki wave back in the era of thousand-line Perl CGI wiki software comes to mind), and I never got drawn into GTD or Agile on any deeply felt personal level, so it’s almost like a new experience.

                      That said, I think it’s also been quietly bubbling along in the background of the note-taking nerd memespace for many years now. I think I first ran across the word “Zettelkasten” on Taking Note, a blog I’ve probably been following since 2008 or so, but index card approaches that are clear relatives to it in one way or another have been popping up now and then for most of my adult life, I think. It just seems to have reached a critical mass lately. Or, as you say, become an emerging marketing space. Establishing itself as a working methodology-cult ecosystem with an in-group vocabulary, defined rituals, canonical texts & standard arguments, and mystique about True Process. You can see it happening in realtime over at the Zettelkasten Forum, which is run by the authors of The Archive.

                      …and which is an interesting forum to skim now and then. I don’t want to be disparaging, this is just how these sorts of cultural phenomena seem to unfold. I’m trying to stay self-aware about all this while I spend a fair amount of time building up my own system of notes.

                      (I did some ranting about notes about notes / writing about writing and so forth last night, inspired partly by this thread and others like it.)

                      1. 3

                        The memory of your comment inspired mine.

                        There will always be a market for selling tools that magically replace hard work and time with a “process”. I’m not really judging. My work/life doesn’t require anything like Zettelkasten, but I’m sure it would interest my dad, who has been buying old handheld computers just to keep using their database software.

                    2. 4

                      It’s weird too, that it sells the idea, then starts explaining how it works, then it goes back to selling it again for a few more paragraphs! And only after that second set of propaganda it finishes the explanation.

                      1. 3

                        It’s not well written, but all the tools linked in the article are free (and most of them not harvesting your data).

                        1. 2

                          What’s the point? Why are you even trying to convince me?

                          I think that it is targeted towards a particular audience: “The main component of The Writing Cooperative is our publication, which is one of Medium’s largest. […] Everything we publish falls within our mission statement: Helping each other write better.” But yeah, the tempo was a bit choppy and it reminded me of one of those “weird thing” articles. Then with big promises it dumps a board game on the reader without explaining the rules.

                          It seems like there is something promising in Luhmann’s system, but I don’t want to risk getting a hand-me-down cargo culted version of it.

                        1. 4

                          This was the result of three discussions here on lobsters. I’m hoping that collecting some of the resources I had mentioned into a single place with more discussion might be of use.

                          1. 2

                            Thanks, it is! I’ll read High Performance Browser Networking, from a cursory look it seems like it’s a great way to learn the details I’m missing.

                            1. 1

                              yeah it pretty useful. in the same thread, there was a mention of this which also looks comprehensive.

                            1. 3

                              Django is uncool now ? Guess I’m getting old…

                              1. 1

                                I guess the author is mainly referring to doing server side rendering with Django. At least to me there is no reason why the mentioned API cannot be using Django while still adhering to the ‘cool’ SPA pattern.

                              1. 3

                                Only 10 000 connections ? A 2011 box isn’t that old, it should handle way more than that, and at sub-millisecond latencies. This article clearly demonstrates the overhead of having so many threads running. Just don’t do that.

                                1. 38

                                  Lots of discussion about what new users want, but not yet any direct discussion with new users. I think we undervalue things like focus groups when it comes to improving software.

                                  1. 10

                                    It doesn’t help when they are wrong in their assumptions, like :

                                    I’ve always assumed that many people use Sublime Text not due to any serious feature comparison with Emacs, but because they like its “sleek look”.

                                    People don’t use sublime text because of its “sleek look”. It is really ugly compared to VS Code. People use it because it’s fast.

                                    1. 2

                                      “ugly” is a subjective term.

                                      I looked at it years ago and it was “ok”, but I didn’t feel the need to switch, I hated Atom and have used VS Code for a while as my go-to “edit random crap” editor, neither of those mentioned is my main editor, also not emacs.

                                      But I’ve heard some people they liked Sublime because it instantly clicked with them, speed wasn’t really mentioned until later on when compared to IntelliJ IDEA.

                                      1. 2

                                        People don’t use sublime text because of its “sleek look”

                                        Agreed, this comment in the article really bugged me. When I switched from windows to linux a year or so back I really struggled with text editors. I tried vim and emacs and it felt like I needed to complete a university degree in them to be able to even use the basic functionality. I went with sublime because it was simple and it worked. Yes I had some bad habits trained in by microsoft (but notepad++ is decent imo). Yes a year later I am starting to see that using a keyboard rather than a mouse oriented text editor has major benefits, and that for power users these tools are probably amazing. But I am still not there yet, and still don’t feel strongly inclined to take the plunge.

                                        I couldn’t care less about the aesthetics of the software I use (I am not saying no one cares, just that I don’t). But starting from zero with no idea how any of it works, to being able to reliably use emacs for daily tasks is a long hard journey which is easy to forget for those who travelled it too long ago.

                                        My suggestion if they are really serious about popularity is to make a game. Look at zachtronics games like ExaPunks TIS-100 for the kind of thing I mean. They don’t need to be flashy or pretty. Just set up the user to solve various simple puzzles using the emacs interface and commands, starting with trivial and childish simplicity, and adding new concepts one at a time to gradually increase the complexity of the puzzles. In fact you could even contact Zach Barth and see if he is interested in helping. The vim tutorial is already a lot of the way there, but I was unable to find something similar for emacs and gave up before it even had a chance. As a user making the transition away from windows, and a professional programmer, I am probably exactly the target audience that emacs should be aiming for if they want to gain popularity.

                                        1. 1

                                          Yes a year later I am starting to see that using a keyboard rather than a mouse oriented text editor has major benefits,

                                          FWIW I believe that there have been some experiments (with experienced users, not neophytes) suggesting that keyboard-only editors aren’t actually faster than using a mouse pointer to move the cursor? Offhand I believe the papers on this showed a modest advantage to using a mouse.

                                          Personally I’m going to continue using vim keybindings because it’s just a subjective comfort thing (I like not having to take my hands away from home row) but it’s enough to make me very reticent to advocate that anybody else spend a huge amount of effort learning the same.

                                          1. 2

                                            FWIW I believe that there have been some experiments (with experienced users, not neophytes) suggesting that keyboard-only editors aren’t actually faster than using a mouse pointer to move the cursor? Offhand I believe the papers on this showed a modest advantage to using a mouse.

                                            I believe this is often cited by Acme fans, since Acme is… more mouse driven than usual.

                                            1. 1

                                              If it’s the same study I’ve read about, they did not have anyone included who had actually bothered to learn the keyboard shortcuts ahead of time, so I don’t really think it’s very relevant here; that was more about how to manage an average employee.

                                              1. 1

                                                Pass. Could be, but it’s been a while and goodness only knows. I think what I read used experienced programmers.

                                                At any rate: a vague impression that there might be fairly hard evidence for ¬A is enough to make me not run around advocating A to people.

                                          2. 1

                                            This. I like how fast it is, I like the regex search and replace using Python syntax, I like the plugins I’ve added to make several adjacent activities in web development easier.

                                            I don’t use debuggers for the most part - usually the stack trace is enough for me.

                                          3. 3

                                            It’s interesting to think how such a thing would look like: I think most people would agree that just asking random people “on the street” would be the wrong approach. But if you limit it to a category such as “programmers” you’d have too much bias (“I want what I have”). Focusing on “Interested in Emacs” would probably be a mix of answers of those who are enthusiastically and those who are cautiously curious.

                                            I have the feeling that at best one could figure out what confuses people at first, but is there anything surprising to be found out there? People are surprised by what is different, probably? What do people want? Things to work, usually. Any other results would be quite surprising, if you ask me.

                                          1. 8

                                            Archive to avoid the cookie consent wall and phone design : http://archive.fo/cqrNx

                                            1. 5

                                              I’m wondering what anti-abuse mechanisms are being employed. I’ve had to filter out several disposable email domains in the past (as per business directives). What’s to make this service any different from the rest? Granted, making a disposable gmail address is rather easy, but a counter argument would cite that gmail is more often used by legitimate people for legitimate purposes unlike other simple disposable email address solutions.

                                              1. 5

                                                As far as I know, this is only for receiving emails, which makes anti-abuse a lot easier.

                                                1. 4

                                                  Here, you should think of “abuse” as in “making a ton of accounts with one e-mail address”.

                                                  Most services ban specific services similar to this one. Some even whitelist domains such as gmail.com, so you can’t even use your own domain.

                                                  1. 4

                                                    The proposal appears to be a rate limit on new addresses over time

                                              1. 13

                                                What I find really interesting about this update is the public index. Before there was no way to explore sourcehut. It’s a feature I really enjoyed about github, until they completely crippled it.

                                                1. 6

                                                  yeah, it even has a “Featured” column. It is a really clean design.

                                                  1. 3

                                                    Ooh, that’s nice! I love it. Add filtering and sorting, and this thing will have GitHub beat by a mile.

                                                    1. 5

                                                      Indeed; advanced search and the network effect complement each other as GitHub’s two killer features. I wrote about how effective these can be in a comment on Orange Website:

                                                      This is excellent. The great thing about Sourcehut is that if you have extra git remotes, you can keep working like nothing ever happened if the site goes down. Issues and patches are decentralized over email.

                                                      The Project Hub looks like an excellent way to tie together all the separate Sourcehut services to better compete with other “complete” VCS-based collaboration suites like GitHub and GitLab. In the future, it would be really cool to expose an API to allow adding “custom” services that aren’t part of Sourcehut.

                                                      It’s good to see Sourcehut focusing on project discovery, since this is the area where GitHub excels at the most. When I search for a small CLI/TUI utility, I often run these filters:

                                                      • filter out weblangs, frontend-oriented languages, and languages with heavy runtimes (JS, TypeScript, CoffeeScript, Vue, CSS, HTML, Dart, Purescript, Livescript, Elm, Swift, JVM languages, .NET languages, Vala, QML, etc.). I have several shortcuts for many combinations of languages so I don’t have to type them out every time.

                                                      • filter repos below a certain size (a repo above 10mb is probably full of bloat).

                                                      • If applicable, filter out repos whose last commit was before a certain date.

                                                      • If applicable, filter by topic

                                                      • If it concerns a recent technology, I can filter repositories created after a certain date.

                                                      • If I want to try a smaller project that isn’t cursed with mainstream success, I filter repositories below a certain number of stars.

                                                      For instance, if I feel like my MPD setup is missing something, I might search:

                                                      mpd stars:<150 pushed:>2019-01-01 size:<8000 -language:purescript -language:livescript -language:vue -language:javascript -language:typescript -language:coffeescript -language:elm -language:dart -language:java -language:scala -language:kotlin -language:clojure -language:groovy -language:php -language:objective-c -language:objective-c++ -language:swift -language:css -language:HTML -language:haxe -language:csharp -language:fsharp -language:"jupyter notebook" -language:powershell -language:cuda -language:assembly -language:tex -language:batchfile -language:erlang -language:elixir -language:emacs -language:vim -language:plpgsq -language:julia -language:xslt -language:systemverilog -language:verilog -language:hcl -language:tsql -language:jsonnnet -language:gdscript -language:r -language:smarty -language:freemarker -language:nix -language:saltstack -language:"visual basic" -language:"visual basic .net" -language:plsql -language:"rich text format" -language:dockerfile -language:vala -language:QML -language:actionscript -language:matlab -language:alloy -language:cobol -language:graphql -language:m4 -language:qmake -language:fish -language:opencl -language:json -language:rmarkdown -language:xml -language:markdown -language:applescript -language:puppet

                                                      The result shows quite a few nice utilities. If I want to go even more minimal, I could filter out Ruby and even Python projects.

                                                      It would be great to have a FOSS implementation of an advanced project search utility that isn’t limited to (or even part of) any particular hosting provider. Maybe ActivityPub could help facilitate connecting and indexing project metadata from different hosting providers.

                                                  1. 19

                                                    To keep reading this story, create a free account.

                                                    No thank you…

                                                    1. 4

                                                      Works for me, but I don’t think I’ve seen one of those Medium popups since I installed NoScript.

                                                      1. 3

                                                        I think it shows after a certain amount of viewed articles; counted/tracked a cookie. With Cookie AutoDelete it never shows. You can also manually delete the cookie, of course.

                                                      2. 3

                                                        On Firefox, you can press F9 to enter reader mode. Very useful for annoying blogs.

                                                        EDIT: Wow, medium actually blocked that… Here’s a working link, then. http://archive.fo/itqV4

                                                      1. 0

                                                        Off-topic, but this is a cool blog theme for a developer blog.

                                                        The post itself is quite good, too!

                                                        1. 7

                                                          It doesn’t work without javascript. For a developer blog, that’s pretty bad.

                                                          1. 3

                                                            It looks cool but is hard to use for me on mobile. Scrolling to the bottom, I wanted to click home and see other articles but the nav bar kept popping up and I couldn’t figure out how to close it. I could just fiddle with the address bar, but seems like the design should let people read. Weird that the three options are previous/subscribe/next. It seems like people would only click subscribe once but would likely click home many times.

                                                            1. 2

                                                              It doesn’t even load here… I only see this spinning thingy.

                                                              1. 2

                                                                The visual design and layout is good. The implementation of the overall experience could be much better. Most (possibly, all) of the JavaScript is unnecessary. This detracts from the experience. That said, there are good choices:

                                                                • Making the post content the focus of the page. The domain name carries the name of the author. Almost all sites frame the content within a brand of some kind.
                                                                • Homepage acts as the about page. This is a different choice from many sites which focus only on it listing the latest blog posts. I check out the about page on almost any blog post I read, so not having to click from home to about got my attention.
                                                              1. 2

                                                                Until now, you would have to chose from one of the following 3 options for merging dictionaries

                                                                And now we have 4. Great.

                                                                1. 13

                                                                  The PEP that specified the feature is worth reading, and points out that of the existing options, only update() is really front-and-center discoverable, and for the case of creating a third dict that’s the union of two existing ones, update() doesn’t permit it to be done in a single expression. It also has a long section responding to arguments about “there should be only one obvious way” and effectively saying that if the operator is implemented, that becomes the one obvious way to do it.

                                                                  The alternatives like unpacking syntax also have the disadvantage of not playing well with mapping types other than dict, or even with subclasses of dict – you always get an instance of plain dict back even if none of the inputs were plain dict. For example, if you have d1 and d2 and both are instances of collections.defaultdict, doing d3 = {**d1, **d2} results in d3 being a plain dict, not a defaultdict.

                                                                  The PEP also cited examples of existing Python libraries doing cumbersome things to get this behavior, and examples of Stack Overflow posts looking for a feature that does this concisely.

                                                                  1. 5

                                                                    Well, two of them aren’t really complete: dict(d1, **d2) doen’t work for non-string keys in d2, and d1.update(d2) can’t be used in an expression. {**d1, **d2} does work, but to me it’s not the reason to not support d1 | d2 because this operator just makes sense and should always have just worked. https://www.python.org/dev/peps/pep-0584/#motivation

                                                                  1. 1

                                                                    The iPhone booting postmarketOS shouldn’t be anything shocking. You can run anything from linux to windows 95 ever since the first jailbreaks.

                                                                    1. 2

                                                                      a) not true, Windows 95 was never running on a jailbroken device natively - only as a user-land application with iOS/iPhoneOS as a host system

                                                                      b) With that attitude anything anyone could ever accomplish is not worth noticing or “shocking” because it is accomplishable.

                                                                      1. 0

                                                                        Well first Linux is misleading, I ran Linux on my iPhone 3G more than a decade ago with open iBoot.

                                                                    1. 1

                                                                      Almost none of the buttons work ?

                                                                      1. 1

                                                                        It’s actually under construction, the only working section is the filter

                                                                      1. 2

                                                                        Just checked, and it looks like https://wttr.in uses another API. I highly recommend it.

                                                                        1. 35

                                                                          TL;DR :

                                                                          • You get pocket money
                                                                          • The editor is better than twitter’s tweet box
                                                                          • Hey compared to facebook it isn’t that bad (medium is “lighter” than lobste.rs according to that person)
                                                                          • If you choose to export and not use medium the CSS is nice (then just do that ?)
                                                                          1. 46

                                                                            Please, don’t just link to twitter. It takes at least several (~5 or more on a good day) tries for me to render. Twitter usually will not have a deep discussion, and even if it does, half the conversation is hidden and takes more tried to properly display. I don’t know if it’s just my mistake, or if it’s because I don’t have an account, but if you really want to talk about a conversation on twitter, write a summary, some context, some explanation, some thoughts and put in on some blog or whatever normal site (there are plenty of these, many easy to use).

                                                                            1. 9

                                                                              Check out nitter.net, it’s a static and hassle-free twitter frontend. You can get redirected automatically using a browser extension like Invidition. Conversations are broken on twitter, but that’s just the way the website works.

                                                                              1. 7

                                                                                but that’s just the way the website works.

                                                                                optimized to generate maximum social discord ;)

                                                                              2. 7

                                                                                non logged in twitter is broken for me too, especially on mobile

                                                                              1. 10

                                                                                Jonathan Blow’s “Preventing the collapse of civilization” talk is a must watch.

                                                                                Twitter newly rebuilt UI takes 7× longer to load first tweet

                                                                                There’s no way all those websites that invested tons in A/B testing not intentionally make things load so slow. I’m guessing it’s because the wait makes it more addictive or something like it. It’s either that or incompetence, and I don’t know which is worse.

                                                                                1. 21

                                                                                  It becomes clearer when you have 20 departments, each with their own tracking pixel. Death by 1000 cuts.

                                                                                  1. 12

                                                                                    I’ve some personal experience on what happens there: You just forget that not everyone is using a:

                                                                                    • Pretty expensive and modern phone
                                                                                    • With tons of GHz and RAM
                                                                                    • With 5G connectivity or high speed WiFi
                                                                                    • Connecting thru LAN network or geographically near your datacenter

                                                                                    And those are the kind of details you just forget, and nobody actually cares because time-to-interactive isn’t as measured as click-thru ratios.

                                                                                    The best I could do when was working on mobile app development, was using the crappiest possible Android or iPhone around for testing. Good enough to have a fast workflow of stop application, install open, test, and repeat. Bad enough so collapsing the memory or CPU wasn’t difficult.

                                                                                  1. 3

                                                                                    You forgot a detail that makes this very user-averse. The required signup step.

                                                                                    Users already have an account for app X, which this tool is collecting feedback for. Why not reuse that account for authentication ? Canny has intercom integration, which means 0-step setup for both the user and the developers. You should at least provide oauth2 support, if you want this to be used anywhere.

                                                                                    1. 1

                                                                                      You’re definitely right, hopefully I’ll be able to implement it soon. Thanks for your feedback!

                                                                                      1. 1

                                                                                        Or even better allow for non-auth contributions. Basically just anonymous with a field for name/handle that can be set to anything. This is usual for users who don’t want to register or can’t register but still find a bug or something.

                                                                                        Filter out spam with a captcha or something.

                                                                                        Registration is a big mental load for me. Especially for one offs like if I’m visiting someone’s site or shopping. I will rarely register and if I can’t remember my existing registration I can’t be bothered to look it up.

                                                                                        1. 1

                                                                                          This was already in my todo list, thanks anyway for pointing it out!