Threads for ku

  1. 26

    Subdomains as identity leaks information about the requested path via DNS.

    https://example.com/saysbadthingsaboutbadpeopleinpower - DNS request is for example.com, TLS connection prevents request information from leaking

    https://saysbadthingsaboutbadpeopleinpower.example.com - DNS gets the requested user

    I am fortunate to live in a country where the latter is extraordinarily unlikely to be immediately actionable by law enforcement and my action is protected by well-established law.

    Moreover, a path-based identity is better for marketing. Put the company name first so people know “Oh, right, Example, that social media platform,” and not “SomethingIdontreallycarethatmuchabout on Example.”

    1. 15

      Given that this user is also providing each subdomain a certificate, you could enumerate the entire userbase by looking at the CT Logs with a tool like crt.sh

      1. 4

        Given that this user is also providing each subdomain a certificate, you could enumerate the entire userbase by looking at the CT Logs with a tool like crt.sh

        Even if they use wildcard certs?

        1. 3

          Obviously that will not work in such case.

        2. 2

          Oh wow that’s a big one

        3. 5

          I’m definitely not an expert, just a curious observer. But if everyone used DNS over HTTPS, would this no longer be an issue? DoH does have some problems though (centralization, can be blocked, SNI leaks, etc), and I’m not sure how widespread it is.

          1. 4

            Even with DNS over HTTPS you’d still be leaking the domain name to a third party, so it is less private than putting the same info in the path. Obviously for many use cases that is fine.

            1. 2

              DoH to a third-party would help but then there’s a SPOF for resolution.

              1. 1

                Or DoT or DNS over Tor or any other privacy solution.

                Breaking websites is not the solution.

            1. 10

              Sudo Satirical has some great satire pieces as well like this one:

              https://www.sudosatirical.com/articles/man-loses-will-to-live-during-gentoo-install/

              1. 3

                Trying to install gentoo put me in my place. I thought I knew how to use a computer and was interested in computers but I sincerely do not know what an inode is and it is silly that I cannot install gentoo without this knowledge.

                1. 3

                  I started using it in the early days, while I was in high school.

                  It’s not that hard. People sure exaggerate.

                  1. 2

                    True - but it does take quite a while depending on your hardware.

                    1. 1

                      Took my K75 a weekend to get X, a basic wm and a decent web browser (I believe it was mozilla back then) built.

                      I remember that I did it from stage1, just because I could.

                  2. 2

                    Even having had used Gentoo for half a decade, I don’t think I knew what an inode was until I read “The 4.4BSD Operating System”. You can wing it with the handbook, just you might miss what you’re winging …

                1. 3

                  I loved reading this article.

                  I find updating the operating system my 8 GB Apple Watch 3 annoying. There is a deactivate, wipe, install (and hope it updates) process because there just isn’t enough storage space on the device. However, I feel grateful to Apple for the choice to update my watch.

                  I also have an old Dell Optiplex that I use over SSH. I installed Fedora on it so this weekend (likely today), I’ll update it to Fedora 35 using https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/

                  I like playing with Angular and keeping up with what they are up to. There is a simple Github actions project that I can glance at https://github.com/mycanary/mycanary/commits/master

                  I think the idea that if something is painful, do it frequently so it isn’t as painful makes some sense at least. I’ll never remember the correct order of steps to follow when I need to update my apple watch. It is a hand me down and I’ve only updated it twice so far. It won’t be an issue if I buy a newer Apple Watch so I don’t want to spend too much time learning the nuances. With Fedora, it is a learning environment so if something goes wrong, as long as I save my .ssh and .gnupg folder, I can always wipe the machine and reinstall Fedora.

                  That just leaves Angular. Here as long as I stay on the road more traveled, I am OK. The angular team does a fantastic job with updates that unless you need to support older browsers, you should always™ update to the latest version as soon as possible. There are minor bugs once in a while such as https://github.com/angular/angular-cli/issues/20907 but there is always a way forward.

                  In all three cases, updating is a deliberate choice that I get to make. So far, outside of Microsoft, I have yet to come across a $work computer that does not disable automatic updates with policy. I’m sure I don’t need to say this as I’m sure Microsoft has all the metrics about this. Give people an easy way to update but don’t force it on us. I find it interesting that even Microsoft Edge does it better. It does not automatically restart the web browser but rather shows amber and then red icon warning you so you can take the action to restart the browser at your convenience. I don’t think most people would even mind automatic windows if you could say don’t automatically reboot windows, ever.

                  1. 2

                    These days Fedora defaults to btrfs so the process can be even simpler. Take a filesystem snapshot, update, if anything’s wrong, revert the snapshot. Using snapper automates this too.

                    1. 2

                      Angular updates are usually a breeze, https://update.angular.io/ does a nice job guiding you through it. Sometimes some library will not be ready, but these days even that is rare, just update stuff frequently, usually there’s no problems at all.

                    1. 1

                      My kids run a fleet of three X250s; they’re not great compared with earlier X-series. For example, to make them thinner the hard drive / SSD caddies have been abandoned, so you have to remove the entire back to swap a drive.

                      That’s sort-of acceptable for second-hand kids’ devices that are expected to be disposable (have you seen how a three year old treats a laptop?) but represents a significant step backwards from my old X220 and X200.

                      My new plan is just to build something myself to replace my W540 … chuck an Intel SBC (say, a Udoo), battery, etc. in a Pelican case. Something like this:

                      https://diydrones.com/forum/topics/my-diy-ground-control-station

                      1. 1

                        ….how often do you swap disks?

                        1. 2

                          Usually whenever I purchase a replacement laptop for one of the kids, or a new one for myself, when I upgrade my own SSD, or when I want to play with other operating systems (e.g. Plan 9).

                          So, not that often, but often enough that I’d rather return to caddies.

                          1. 2

                            A little off topic but what is the youngest age at which your child is allowed to use a computer? What is the youngest age at which they get their own computer?

                            1. 5

                              We have a few age related family traditions:

                              • at age 3, you get your big boy’s / big girl’s bed (that is, upgrade from a convertible cot), and your first ThinkPad running Linux.

                              • at age 5, you get your own SIM card, phone, and email address, and are allowed to accompany your elder siblings at the playground without adult supervision

                              • at age 7, you get your own torch, choice of multi tool (Leatherman or Victorinox), and get to go ‘adventuring’ (walking alone in the neighbourhood, short train trips).

                              We do fun activities like putting scam calls on speakerphone, then playing a game where the kids have to work out what the scammer is attempting to achieve as quickly as possible. Also another game where I attempt to phish them by email, and they get chocolate if they identify the phish.

                              An interesting consequence of this is decoupling literacy from writing, because they can just type the letters. I’m not a professional teacher but it seems to help.

                              Kids are currently 9, 7, and 5 and they’ve only destroyed a few laptops. None maliciously but they’ve been dropped so hard that internal connectors detach (webcam, audio), a hinge has broken, and somehow they ‘jammed’ a trackpad so it wouldn’t tap to click.

                              The best survivors though have been X250s. Like my own laptops for many years (and my home ProLiant that runs our NAS) I buy refurbished mostly ex-corporate machines so they’re reasonably affordable.

                      1. 16

                        “To keep Signal a free global communication service without spam, we must depart from our totally-open posture and develop one piece of the server in private: a system for detecting and disrupting spam campaigns.”

                        I don’t know what to think…

                        1. 12

                          As someone who loves Signal, and has made most family and a few friends switch to it, quite frankly, I think it’s stupid and unnecessary.

                          I have never in my years and years of using Signal, had a spam message.
                          Regardless, won’t spammers just find a way around the block, keep spamming, then Signal will update their anti-spam, ad infinitum?

                          My biggest issue with this is that it can totally be (ab)used to censor specific groups. When they integrate software that’s able to “detect and disrupt spam campaigns”, don’t people think this could, even accidentally, censor some messages that aren’t spam?

                          Surely there’s some benefit in opening their anti-spam process/code to the public, even purely for transparency’s sake. If they’re using a ML algorithm then just release the model files so people can scrutinise how accurate the model is, and/or if it’s prone to censor non-spam messages.

                          1. 9

                            I have never in my years and years of using Signal, had a spam message.

                            Same, but it looks like others haven’t been so lucky: https://community.signalusers.org/t/spam-scam-on-signal/26665

                            Regardless, won’t spammers just find a way around the block, keep spamming, then Signal will update their anti-spam, ad infinitum?

                            Doesn’t this describe basically every anti-spam measure, though?

                            IMO the photo blurring and non-linkifying described in the article sounds like a reasonable place to start. It’s largely unobtrusive and doesn’t seem like it’d require that much iteration vs. server side mechanics.

                            Yeah, those opaque server side mechanics will need updating, but they aren’t unaware of this:

                            As our spam-fighting capabilities expand, so does the complexity and size of our spam-specific software. To prevent spam on Signal, we need to build this spam-battling logic in a separate server component. The interfaces to this code will be public, but the implementation will not be shared.

                            So yeah, it seems like they’re at least somewhat committed to making this work. At the very least these measures should help.

                            My biggest issue with this is that it can totally be (ab)used to censor specific groups. When they integrate software that’s able to “detect and disrupt spam campaigns”, don’t people think this could, even accidentally, censor some messages that aren’t spam?

                            Maybe I’m misreading but it seems like they’re taking recipient-generated “this number spammed me” reports and issuing captchas for the sender. That seems fairly straightforward, and it would be hard for Signal to discriminate against message content with that approach.

                            1. 3

                              Maybe I’m misreading but it seems like they’re taking recipient-generated “this number spammed me” reports and issuing captchas for the sender. That seems fairly straightforward, and it would be hard for Signal to discriminate against message content with that approach.

                              I think you’re probably right. If that is the case, I have more confidence in it than I did when I first wrote that comment.

                            2. 7

                              The root problem with spam on Signal is that they (like the phone system and email) conflate two concepts:

                              • A unique identity.
                              • A capability to contact a person.

                              If you can name someone’s phone number, you can send them messages. This may be restricted to a single ‘may I contact you’ message, but if you can create large numbers of Signal accounts then that’s not really ideal.

                              The correct fix for this would be for Signal to create capabilities that allowed contact creation, with automatic registration for people in your address book. If you get a message from someone in your address book, unless you’ve explicitly blocked them then they should be allowed to contact you. Everyone else, you should have done some explicit process for establishing the contact. The simplest model is a single-use capability. If, for example, I want a company to be able to contact me with Signal but not to be able to pass on that ability, I would generate a one-time token and send it to them (this should be wrapped in some nice mechanism, probably involving them presenting me with a QR code and my scanning it with my phone). They can then use that token to negotiate a key pair that is tied to their identity. They can then send me as many messages as they want, but only from that identity and I can block that identity if I choose to. Any attempt to use the token a second time would fail.

                              For other flows, you could allow time-limited or revokable tokens that can be used multiple times. I could put such a token on my web site and if it starts to get spam I revoke it and replace it with a new one. Anyone who uses a valid token can try to connect to me and I’ll get their ‘allow contact’ message but if you crawl the web and try to bulk harvest them then it won’t work because I’ll roll them over once they’ve found it and so they’d need to poll the location to find a current one, which gives me something I can block on the server. This kind of flow is more useful for journalists that want to provide a mechanism for secure contact with informants than for normal folks, so it doesn’t matter too much if it’s a bit clunky if you need rapid turnover. If you want to put a signal token in an email signature then you can do fairly infrequent turnover because you generally aren’t sending emails to people that you don’t want to contact you (but you could potentially configure your mail client to generate per-email tokens so that you can revoke them individually).

                              Everything that they’re doing at the moment is just a work around for that initial conflation.

                              1. 6

                                I have never in my years and years of using Signal, had a spam message.

                                Me neither, even though I am using Signal heavily. But that experience might depend on your location? Spam calls and text always seem to be a bigger problem in the US than over here in Europe, so maybe that’s the same for Signal spam?

                                1. 3

                                  Location is something I didn’t consider. You have a good point there.

                                  1. 3

                                    I’m based in the US and have never received a single spam Signal message over the years and years I’ve used Signal. I’ve received a freakton of SMS-based spam, though. I don’t use Signal as my default SMS provider, so the spam messages I see don’t even appear inside of Signal.

                                    I wonder if setting Signal to be the default SMS app would cause confusion between SMS-based spam and Signal-based spam messages.

                                  2. 4

                                    » I have never in my years and years of using Signal, had a spam message.

                                    I was almost ready to defend signal but I’ve never had a single spam message on the Signal network itself. I’ve seen some spam recently but that’s spam text messages on Android which this blog post doesn’t seem to cover anyways.

                                    (Sample https://user-images.githubusercontent.com/1676445/139789818-82d6f038-c0b5-4707-a4a3-6140ad6d72d5.png)

                                    1. 4

                                      Personally, I don’t use signal as my SMS app for this reason; I don’t want to ever even have to think about whether a message has come through SMS or the Signal network.

                                      I know Signal has the “Unsecured SMS” message in the text box, but I’d rather keep them separate apps entirely.

                                    2. 3

                                      I get tons of spam on signal.

                                      1. 1

                                        I have never in my years and years of using Signal, had a spam message.

                                        hmm, I don’t use Signal too much (have just three convos in it) yet at some point I was getting spam requests a couple times per month. I don’t use it as an SMS app.

                                      2. 3

                                        Seems like a reasonable step, to me. They’re not changing the protocol, so whatever methods they’re using for spam detection operate without the plaintext or extra metadata (apart from what they get when you explicitly report spam.)

                                        1. 2

                                          I‘ve also never received spam on Signal… I think I received spam on WhatsApp a few times and it was no hassle for me to just click it away. I think it is quite easy to spot it, because its really uncommon to get messages from an unknown number…

                                        1. 22

                                          I know it’s tagged satire but for all the real benefits of this idea it isn’t very mobile friendly. The hard wrapped lines get wrapped again at weird places and the “images” turn into gibberish: https://files.wezm.net/lobsters/IMG_2403.PNG

                                          1. 9

                                            Yes, unfortunately hard-wrapping on (portrait) mobile is the project’s Achilles heel. (See: https://news.ycombinator.com/item?id=28981248)

                                            1. 2

                                              Hey not sure if someone else has recommended this but you can serve your page secretly wrapped as an HTML file and use css unit vw to get the viewport width, setting the font size based on that value when the viewport gets small enough. Kills the txt part though lol

                                              1. 2

                                                Ahh I see you’ve already given it some thought :)

                                                1. 2

                                                  I don’t know what to do about images or “hypermedia” (other than just post a link and don’t try to do ASCII art) but text is a solved problem on mobile. Use your browser’s reader mode (if your current browser doesn’t have it, please consider Mozilla Firefox).

                                                  Previously on HN, https://news.ycombinator.com/item?id=28286493

                                                  There is no need to hand wrap. Let the browser do its job.

                                                  1. 4

                                                    No matter which way I cut it, somebody is going to have to do a little bit of extra work. If I soft wrap, desktop users are going to have to know about reader mode and bother to use it — and unfortunately, reader mode doesn’t offer a monospaced font, so it breaks all plaintext “formatting” and ascii art. If I hard wrap, mobile users are going to have to turn their phones on their sides (or change the fontsize).

                                                    Plaintext has a long history of being hard-wrapped, and I figure that plaintext-appreciators are more likely to be using a half-fossilized ThinkPad or a DOS box than the latest iPhone. So I hard wrapped it.

                                                    One workaround would be to offer a soft-wrapped mobile version at m.blog.txt. (Of course, even on mobile, you can read it in Vim, which gives you total control over text wrapping… :)

                                                    1. 2

                                                      Do any browsers support RFC-3676?

                                            1. 4

                                              There’s a lot of business analysis in this post, but I believe enough of a high-level overview of the current state of applied deep learning to be relevant to this site.

                                              That said, this phrasing is really chilling

                                              We are not going to get rid of the driver profession anytime soon, but I think we have a high chance of getting rid of the cashier profession [and perhaps a number of other but related professions such as warehouse clerk].

                                              What kind of person frames the elimination of an entire class of work (generally accessible to women, minorities and people who have to or want to work part-time) as an good thing? One “gets rid” of pests and nuisances.

                                              1. 9

                                                What kind of person frames the elimination of an entire class of work (generally accessible to women, minorities and people who have to or want to work part-time) as an good thing? One “gets rid” of pests and nuisances.

                                                The history of our civilization has hundreds of examples where entire classes of work were eliminated because of technological advance. Yet, today we have more work classes to choose from than ever. If one class will be deprecated, then a new class will be created, because technological advance is mostly about moving the problem frontier from one place to another, not about eliminating it.

                                                I would worry more if there would be a system that would force us to sustain economically unjustifiable work classes. Because that would seriously limit the growth of our civilization.

                                                1. 3

                                                  I was reacting to the phrasing, not the phenomenon itself.

                                                  1. 4

                                                    That’s good to know. Because the context of your question wasn’t entirely clear:

                                                    What kind of person frames the elimination of an entire class of work […] as an good thing?

                                                    Sometimes there are actually some very good reasons why elimination of some work class is a good idea.

                                                    1. 7

                                                      I’ve never met a cashier who took the job because they wanted to be a cashier.

                                                      Being a cashier is scary. Some troubled person can come in and point a gun to your head. Compliance does not guarantee they won’t shoot. Management pressures you to increase throughput. Customers verbally assault you because you requested to see their ID. The law fines and imprisons you if you are unable to distinguish a really good fake ID and sell alcohol or tobacco to a minor.

                                                      All of this and more for barely above minimum wage.

                                                      1. 2

                                                        OK, a charitable read would be that automation/deep learning/“AI” can free humanity from soul-crushing jobs.

                                                      2. 1

                                                        The passage I quoted could be written similar to this:

                                                        “It’s clear to me that technological advances [cited in the following passage] will lead to less people being employed as cashiers or warehouse workers, but drivers are not going to be affected in the medium term.”

                                                        It’s essentially the same informational content, but it avoids the (hopefully) unintentional classification of entire sectors of employment as literally useless, as opposed to the weaker “not locally economically productive”.

                                                    2. 2

                                                      To me the quote kind of shows a lack of empathy for the people who depend on these low-income jobs to make ends meet, and whose lives will be destabilized as an intermediary side-effect of the elimination.

                                                      1. 2

                                                        I disagree. Why is it good for people to do hard work that they don’t need to? The problem is not eliminating the jobs, it’s that the economic benefit from eliminating the jobs is concentrated in a small subset of the population. Society as a whole doesn’t benefit from some individuals doing jobs that could easily be done by machine simply because we’ve set up an economic system that means that their only other choice is homelessness and starvation and neither do the individuals concerned.

                                                        1. 1

                                                          Absolutely agree, I’m not advocating for low value-add jobs to be kept around just because. I would just prefer that those societal innovations wouldn’t benefit a few people at the cost of the misery of many people. Oh well.

                                                      2. 2

                                                        This is a cold response. I think the next question in gp’s train of thought would be “how can we help the people affected by AI?” rather than shrug and make generalized statements about how it isn’t a historically unique situation. Real people’s livelihoods will be affected.

                                                    1. 10

                                                      Why use powershell on Linux? Don’t get me wrong, I like a lot of the ideas behind PS, and on windows systems I imagine it is invaluable, as it exposes all of the Windows APIs that were previously behind GUIs, but on Linux we have bash, and if you need more complicated stuff, you can use Python, with it’s excellent subprocess module, or ruby, or another language that you’re familiar with. Then you don’t have to deal with PS’s insanely wordy syntax.

                                                      1. 6

                                                        I think the article adequately explains why to use pwsh over bash, especially if you’ve written much bash. On the other hand, I think the article also seems less compelling at first glance if you have written a lot of bash, as I have, and as I’m sure you have. Experienced bash users are necessarily experienced in dealing with piping text between programs in lieu of a richer data model.

                                                        I personally find shell scripts invaluable, and prefer them for system-level tasks over Python or Ruby. And I disagree about Python’s subprocess module—I think it’s clunky and verbose. Sure, pwsh has long command names, but for shell-like tasks it’s still more concise and clear than equivalent Python. And for interactive use, pwsh has many built in aliases similar to common UNIX commands.

                                                        That all said, I’m hardly an experienced pwsh user compared to my bash, Python, or Ruby. But every experience I’ve had with pwsh has been pleasant and resulted in readable code. There’s only one reason I haven’t switched: pure momentum. I’m so used to bashisms that I have little reason to invest time in anything else. But if I could go back and choose where to invest my time—and if pwsh were available on Linux much earlier—I would choose pwsh.

                                                        1. 4

                                                          pwsh has long command names

                                                          I think long command names are better than shorter command names. There is absolutely no reason that in $current_year we should use, document in, and most importantly teach (whether schools or documentation or books or blogs) what look like incantations to summon the prince of darkness.

                                                          There was a time when cd was better than Set-Location. That has not been the case for decades. I’d argue if we are writing something that will be run more than once, you MUST write it in as verbose language as possible.

                                                          1. 3

                                                            There was a time when cd was better than Set-Location. That has not been the case for decades.

                                                            There is an important case for shorter names: interactive use. sls is a lot easier to type than Select-String!

                                                            1. 2

                                                              I hate the fact that PowerShell is verb-noun, but with tab completion typing a short name that you’re very familiar with is a bit faster than typing a long well-namespaced name (e.g. String-Select) but it’s a lot faster to type a long well-namespaced name that you aren’t familiar with than it is to type the short one.

                                                              For example, there’s a standard UNIX tool with a two- or three-letter name for printing a specific column of a stream and I never remember what it’s called, so I either spend a few minutes in man pages or just use awk and type more. Typing something like Column-Select would be 4-5 characters with tab completion and would save me a lot of time.

                                                              I mostly use PowerShell for Azure admin things and I do that sufficiently rarely that the commands are never in muscle memory for me. Tab-completion works pretty well for helping me find things (though with noun-verb it would be much better).

                                                              1. 2

                                                                For example, there’s a standard UNIX tool with a two- or three-letter name for printing a specific column of a stream and I never remember what it’s called

                                                                cut? I suppose I understand what you mean - but it does have mnemonic name - it allows you to cut out fields and columns?

                                                              2. 1

                                                                When writing things that I’ll need to write again, like api endpoints, or shell scripts, I favor shorter names. When writing functions I’ll be reading more times than I’ll be writing, I favor longer names. Coupling this guidance with a soft goal of lines under 80 characters, and I get what seems like a nice result to me.

                                                              3. 1

                                                                Powershell also has a bevy of shorter name aliases, designed for interactive use.

                                                              4. 3

                                                                Agree about shellscripts, but

                                                                And I disagree about Python’s subprocess module—I think it’s clunky and verbose.

                                                                Have you tried subprocess.check_call and subprocess.check_output? I ask because I used Popen for a long time and only last year thought to check for simple synchronous versions that are what I need a good 90% of the time.

                                                                I do agree that Popen can’t really compete with the ease of bash piping, though; for large volumes of data, you need to use a subprocess.PIPE to process it (which you get for free with bash) and i’m not familiar with any idioms that make that painless.

                                                                1. 3

                                                                  I kind of agree with the first response. subprocess is clunky, and frankly weird at times, but it’s really flexible, and for me, when I’m trying to structure data into arrays or dicts, I find bash even clunkier. Structured data is usually where I go from using bash to an actual programming language like python or ruby.

                                                                  1. 2

                                                                    For me it’s just a matter of readability; something like grep foo file.txt | cut -d : -f 2 | tr -s ' ' is a lot more work in subprocess (or native Python).

                                                                    This is like the old McIlroy vs. Knuth story, where Knuth had written a long Pascal program and McIlroy did the same with a fairly simple shell pipeline.

                                                                    I think there was some library that tries to abstract a lot of the syntax around this, which might be a nice middle ground, and of course using Python brings many other advantages too.

                                                                    1. 2

                                                                      Right, and IMO it’s not entirely a subprocess issue; python generally solves different problems, and Popen doesn’t get in my way when I need something more complex than a short bash script. But It’s pretty hard to beat |, 2>&1, >>foo, &, etc. for concision, and sometimes I just wish it were as mindlessly easy to do pipes in python as it is to strictly evaluate a generator ([*foo]) or unpack a nested iterable (x, (y, *z) = bar). I’d probably set the threshold lower for when to use python vs. bash if that were the case.

                                                                      arp242 mentions below that libraries exist for this sort of thing, and I’ve used plumbum for this in one project, but then you have to worry about portability, version management, bloat, etc, which is again a hindrance.

                                                                  2. 2

                                                                    … And I disagree about Python’s subprocess module—I think it’s clunky and verbose.

                                                                    I find it to be clunky as well, fortunately Python has Xonsh shell, which is pretty amazing ;-)

                                                                1. 3

                                                                  I think this one will be much harder to get into, because everyone and their mother uses Google Analytics.

                                                                  1. 1

                                                                    What is the best way to keep track of what device and browser versions our visitors use if we do not want to use third party analytics?

                                                                    Really only need device and browser versions so I can make informed decisions on things like whether I can use formdata.entries. Would be nice to have error logs as well. the backend web api server already has logging but would be nice to have error logs from the front end.

                                                                    1. 10

                                                                      … there’s this thing called an access log. It’s been around for decades, it adds zero extra data for the client to download, and it isn’t affected by browser preferences/plugins to block trackers or javascript or third party resources.

                                                                      It’s almost like fucking magic.

                                                                      1. 1

                                                                        What are the good tools for log analysis? Webalizer isn’t one, not anymore.

                                                                        1. 1

                                                                          GoAccess works pretty well. It somewhat depends on what information you want, and how.

                                                                  1. 29

                                                                    One my friend noted that many people think that the UNIX principle is “do one thing”, while its original wording is “do one thing, and do it well”. So many “lightweight” projects indeed don’t do anything especially well, and then it doesn’t matter whether they do one thing or many. Size by itself is not an advantage.

                                                                    1. 19

                                                                      I’ve always found that ‘one’ thing is a bit ambiguous. You can argue that ‘converting file formats’ is a single thing just as well as ‘converting png to bmp files’ is one thing. People probably expect something in the middle, e.g. ‘converting images’. In practice, many programs will also allow you to resize, clip, rotate, etc.

                                                                      So maybe ‘clearly define your scope’ is a better alternative to ‘do one thing’. Not as catchy, of course.

                                                                      1. 5

                                                                        Good point. In my mind, VLC does one thing. But of course it does a lot. I mean it can even show videos on a chrome cast. It exists on pretty much all major platforms and now to contradict myself I’m not sure if it does one thing… I’m just confused.

                                                                        Does OBS do one thing? I’d say so but it has a lot of uses: like you can even use it as a virtual camera…

                                                                        1. 5

                                                                          Almost no GUI does “one thing” because very few platforms come close to cracking the nut that is GUI composability.

                                                                          1. 3

                                                                            Which do you think come close?

                                                                            1. 2

                                                                              Sometimes the web comes close. Depending on how you use it, smalltalk can. Maybe by “close” I should say “closer than anyone else”. We need to do better.

                                                                              1. 2

                                                                                I think many browsers come close. Netscape. IE. Opera 3-12 wanted to do many things, but you could disable all but the browser components. Today, it’s browsers like Dillo, NetSurf, and Links. My favorite browser today is great too, but it might as well be textmode…

                                                                                SimpleScreenRecorder is amazing, and does no more and no less than it promises, unless you count partial screen recording as a different thing.

                                                                                Audacity is great.

                                                                                ScreenKey.

                                                                                1. 3

                                                                                  I’m sorry; I should have been more clear. I meant which platforms come close to cracking GUI composability.

                                                                                  1. 3

                                                                                    Looking only at GUI composability and nothing else, I’ve yet to see anything come close to how good Visual Basic is, and I’m talking about VB3 - VB6, not newer stuff. VBA falls under this umbrella as well, though Office integration complicates things a bit.

                                                                                    As far as what’s available, relevant, and floss today, you’re looking at it, it’s HTML, JS, and CSS. If you try my website, it works in 25 years worth of browsers. I’ve tested it on Windows 95 and up, and I’m confident it would work in Windows 3.1. It works (in compat mode) in IE2 on NT4. It also works in textmode browsers and with various accessibility useragents such as screenreaders. It’s zoomable, resizable, and modifiable.

                                                                                    It’s written by one borderline-idiot but very determined programmer, working part time, over the course of a couple of years. A roomfull of Googlers could rewrite it in 36 hours, probably. Why don’t they? I don’t know, but I would be embarrassed to have anything to do with most of today’s mainstream Web properties. If I could put today’s Gmail or Reddit on my resume, I’d probably leave it off out of shame and pad the time with something else…

                                                                                    But neverthless, the Web itself remains, and so does the freedom to write compatible code.

                                                                                    This wonderful, miraculous platform has remained stable enough over this time for me to be able to plan ahead and not be caught off-guard by something like “we’re deprecating version 2.0, please use new version 3.0 syntax” or “your platform is now obsolete, please switch to the new HTML.NET”. The W3C gang tries, and they fail, because HTML is stronger and bigger than them. The Web is stronger and bigger than all of them combined.

                                                                                    Many have tried to contain it, to own it, to be the main one calling the shots, and HTML laughs in all their collective faces. All thanks to its basic concept of “be strict with yourself, and accepting with others.”

                                                                                    Mosaic was the first browser for which “best viewed with” buttons were used. They failed to own the Web. Then came Netscape, “Mosaic killa”, and they managed to kill Mosaic, but they failed to tame HTML, because HTML will not be owned. Netscape was destroyed by Microsoft-IE, who also wanted to tame and own HTML, and they also failed, because HTML is not ownable.

                                                                                    Then Firefox came and fucked up IE, and things were good for a while, Mozilla was a decent steward. Then Google came and took ownership of Mozilla, and together with Chrome they also tried to tame HTML. They will fail just like the others. HTML cannot be tamed or owned. The Web was built for freedom.

                                                                                    If you want composable, future-proof GUI, open up your notepad.exe and write this:

                                                                                    <html>
                                                                                    <head>
                                                                                    <title>Hello, World!</title>
                                                                                    </head>
                                                                                    <body>
                                                                                    <h1>Hello, World!</h1>
                                                                                    <p>
                                                                                    This is demonstration of proper composable, 
                                                                                    future-proof, accessible GUI.
                                                                                    </p>
                                                                                    <form action="/">
                                                                                    <input type=text size=80 name=comment>
                                                                                    <br>
                                                                                    <input type=submit value=Go>
                                                                                    </form>
                                                                                    </body>
                                                                                    </html>
                                                                                    

                                                                                    This GUI will work as expected and render in 25+ years worth of platform. And it could have been composed by a 10-year-old.

                                                                            2. 2

                                                                              I’ve generally thought of the “Do one thing” more as “Answer one question, and answer it as completely as possible.”

                                                                              So if the question is “How do I convert an image to another format.” then an image converting tool should try to completely answer that question. VLC falls into that model much more easily than the ‘do-one-thing’ version. Same thing with Vim or Emacs or VSCode – all different, but fairly complete answers to the question of “How do I efficiently edit text?”

                                                                              That model helps with the ‘clearly define your scope’ mentioned by @rustybolt fairly effectively, though it is subject to some of the same problems as ‘do one thing’ (“What question should I try to answer?” is a very natural way to break this rubric), but overall it seems to avoid at least some of the problems of the D1TW axiom.

                                                                          2. 9

                                                                            I would add “and play well with others” to that Nix maxim. That’s generally not a problem in the Nix world from what I’ve seen but it’s important to keep in mind: focusing on doing just one thing often means the users has to depend on several pieces of software to accomplish and they need to work well together.

                                                                            1. 18

                                                                              Max 3 collaborators on free private repos.

                                                                              1. 29

                                                                                You have to use GitHub.

                                                                                1. 4

                                                                                  I think it is OK as long as you don’t use their “value add” features like issues and just use it as a git remote.

                                                                                  Edit: Unlimited free repositories are limited to three collaborators.

                                                                                  GitHub Free gives you unlimited private repositories with up to three collaborators per repository at no cost—and continued access to unlimited public repositories with unlimited collaborators.

                                                                              1. 2

                                                                                I guess I should be thankful that my circuit breaker just cuts off electricity when there is too much load so it is like a forced reboot at least once a month.

                                                                                The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

                                                                                I would like to learn more about this. I am pretty sure Verizon has a backdoor to my WiFi router FiOS-G1100. Does anyone else have this router? What do you see when you go to http://myfiosgateway.com/#/monitoring ? I see

                                                                                UI Version: v1.0.294 Firmware Version 02.00.01.08 Model Name: FiOS-G1100 Hardware Version: 1.03

                                                                                1. 2

                                                                                  Access to your router is likely not publicly routed. I can’t access that web page (connection failed).

                                                                                  1. 1

                                                                                    Ah, I should have mentioned you need to be at home behind your FiOS F1100 router, log in and click on system monitoring on the top right corner.

                                                                                    Here’s the router/modem in question: https://www.verizon.com/home/accessories/fios-quantum-gateway/

                                                                                  2. 1

                                                                                    Why do you think Verizon has a backdoor?

                                                                                    1. 2

                                                                                      They along with other ISP’s took tens to hundreds of millions to backdoor their networks for NSA. That was in leaks. You should assume they might backdoor anything else.

                                                                                      1. 1

                                                                                        Got a link to the specific leaks?

                                                                                        1. 1

                                                                                          Forbes article.

                                                                                      2. 2

                                                                                        Once man’s backdoor is another man’s mass provisioning service.

                                                                                        1. 1

                                                                                          Maybe I used an incorrect technical word. I meant to say I think they can remotely access and configure the modem / router.

                                                                                          1. 1

                                                                                            ISP’s backdooring home routers isn’t unknown, where here I use ‘backdooring’ to mean “ISP can log in and make changes even though most home users don’t know they can do this”. Some use it to push out router firmware updates (for their preferred models).

                                                                                        1. 1

                                                                                          I’m trying to do something similar for flask

                                                                                          https://github.com/kusl/flaskexperiment

                                                                                          Please take a look and offer suggestions, issues, and pull requests.

                                                                                          1. 2

                                                                                            I have some choice words for OP which I won’t share out of respect for the platform.

                                                                                            OP, tell me what you think about this simple case: https://www.drupal.org/project/drupal/issues/2859381#comment-12417374

                                                                                            I can’t see non-default state as the moderation state. I need it. What does OP suggest I do?

                                                                                            1. 3

                                                                                              I suggest you actually read the article. Or even just the title in its entirety.

                                                                                            1. 10

                                                                                              This add-on was installed and set to ‘OFF’ and made no changes in the user experience unless it was explicitly turned on by a user, but it was added. Even when turned on no user data was collected or shared.

                                                                                              Dear Chief Marketing Officer, you know better than to hide behind passive voice sentences. Did you ask legal to write this? I strongly urge you to resign effective immediately.

                                                                                              Sincerely, Yours truly

                                                                                              1. 10

                                                                                                Painful. But as much as I’d love to see it, it is rare for institutions to fully own their mistakes, no matter how obvious.

                                                                                                1. 2

                                                                                                  I feel like I’m missing something. Can someone highlight how this is skewing the truth?

                                                                                                1. 3

                                                                                                  A somewhat related question: is there any problem in revealing whether a number is a signal number?

                                                                                                  1. 8

                                                                                                    Hah, well, I have a personal problem with revealing that, although it’s unrelated to Signal’s primary use-case.

                                                                                                    My problem is that Signal auto-added a number of people who I never intend to talk to again, including a former therapist from years ago. It honestly feels really intrusive.

                                                                                                  1. 12

                                                                                                    I thought it is pretty obvious that we’re trying to suppress wages. However, that’s where my agreement ends. What we need is dramatically higher taxes for income and inheritance above a certain threshold. I’m thinking like 90% tax (progressive) on individual income exceeding 100x 2000x minimum wage per hour (a nice $3M at $15 an hour) and twice that for inheritance (also progressive). We will need broad agreement to make sure no one has “attractive” tax regime. We then fund basic income with this money and do something which we’ve needed to do for a long time: cut costs.

                                                                                                    We need to cut costs in education. We need to cut costs in healthcare. We need to cut costs in real estate. Cutting costs is very important for this plan to succeed. No more nimbyism. We make sure nobody starves or dies from simple diseases but no more tax credits or deductions for anything. There well be some pain but it will be worth it.

                                                                                                    1. 1

                                                                                                      Well, I agree with increasing efficiency.

                                                                                                      1. -5

                                                                                                        Wow.. I know I shouldn’t bother but you’re just too much..

                                                                                                        You’re basically suggesting that governments everywhere rob “overly wealthy” people super fucking hard, and prevent them from being able to escape that robbery anywhere, and.. somehow you expect them to keep working hard so that the ass-raping can continue indefinitely so that you can sit at home and.. pursue your lifelong dream of finger-painting abstract art, for the betterment of mankind?

                                                                                                        Look at your country’s budget numbers and do some basic math on what it would cost to give everyone “free money forever”.

                                                                                                        Then think about things from a productive person’s perspective. If 100% of the fruits of your labour are forcefully taken away, you’re an outright fucking slave. If 50% are taken away, you’re like a 50% slave.

                                                                                                        You are not the arbiter of how much money is “enough” for anyone else. You can decide how much money is enough for you, personally, but other people are their own, separate, living, breathing individuals.

                                                                                                        Wake the fuck up from your socialist stupor.

                                                                                                        1. 9

                                                                                                          Could we please not use terms like “ass-raping” so lightly? This is a forum for adults and professionals, and at the very least I’d hope we can all be respectful to each other.

                                                                                                          1. -5

                                                                                                            Oh gosh golly gee, someone has a potty mouth!

                                                                                                          2. 5

                                                                                                            Then think about things from a productive person’s perspective. If 100% of the fruits of your labour are forcefully taken away, you’re an outright fucking slave. If 50% are taken away, you’re like a 50% slave.

                                                                                                            You probably need to define what you mean by a productive person. And it’s not “forcefully taken away”, “robbery”, “ass-raping”. You declare your taxes and pay them. Most levels of remuneration rise/fall based on effective tax rates. The rules are well understood. Don’t want to pay so much, tough luck.

                                                                                                            You are not the arbiter of how much money is “enough” for anyone else. You can decide how much money is enough for you, personally, but other people are their own, separate, living, breathing individuals.

                                                                                                            What about consensus and rules that are aimed at leveling the playing field in terms of opportunity? If you went out for pizza with 3 friends and 1 of them took 9 slices because he decided that was enough for him, would the rest of you be cool with that?

                                                                                                            1. -3

                                                                                                              And it’s not “forcefully taken away”, “robbery”, “ass-raping”.

                                                                                                              Sure it is.

                                                                                                              You declare your taxes and pay them.

                                                                                                              You seem to be overlooking the “.. or else!” part, which is what makes it robbery, and to be more precise: extortion.

                                                                                                            2. 5

                                                                                                              The super wealthy aren’t generally that way because they ‘work hard’ or ‘are productive’, they are generally that way because of theft* or inherited wealth. So yes, we should tax their income, their wealth itself, inheritances, and so forth, and make sure that there is nowhere they can escape it. Also, taxation isn’t even vaguely similar to slavery.

                                                                                                              *: Theft here meaning everything from colonial plunder to corrupt self dealing to rentiership to exploiting workers, and so forth.

                                                                                                              1. 1

                                                                                                                what you mean by ‘super wealthy’ or ‘generally’? You should be more specific with some references.

                                                                                                                The only millionaire I know personally, worked hard, but also efficiently, and was very intelligent in the way he did business. He doesn’t work 1000 times harder than others, but he never exploited anyone or stole anything to my knowledge. More importantly, there was nothing stopping another person from doing what he was doing.

                                                                                                                1. 2

                                                                                                                  I think 100x minimum wage is generous enough. I’m sorry but I didn’t mean it to sound like taxation as a punishment. I apologize for my poor choice of words. Yes, taxes are involuntary for the individual but it isn’t about taking from Peter to give to Paul.

                                                                                                                  I oppose the current plan for “free college” in New York. I think no government program should have a ceiling for income.

                                                                                                                  I think we need better propaganda around taxation. We should try to make people feel proud for paying taxes. This is why I want to reduce government spending (the administrative overhead). I don’t think it will be easy or straightforward but I believe it is possible.

                                                                                                                  1. -2

                                                                                                                    For your sake, I hope you’re trolling.

                                                                                                              2. 4

                                                                                                                The business takes a percent of my surplus labor that is likely much higher than 50% because they have money, higher taxes would help remedy that. You’ve focused on the government taking your money and have blindly ignored the individual taking your money.

                                                                                                                1. 4

                                                                                                                  somehow you expect them to keep working hard so that the ass-raping can continue indefinitely so that you can sit at home and.

                                                                                                                  Many poor people are working very hard as well. Working 3 or 4 jobs and not making it out of poverty. The idea that people are rich because of hard work doesn’t seem to have much evidence behind it and there is some evidence that many rich people are there because of luck. That isn’t to say they don’t work hard but rather that taxing them doesn’t mean their hard work is being taxed but rather their luck.

                                                                                                                  1. -1

                                                                                                                    People don’t seem to realize that tax is letting someone else spend your money in terribly inefficient ways, or they will lock you up. Also, the threshold for ‘wealthy’ is always higher than the person suggesting it earns.

                                                                                                                1. 0

                                                                                                                  Got a 404…

                                                                                                                  1. 1

                                                                                                                    That’s odd, it works for me, although there were some other stray 404s that I fixed. Thanks to some quirks of the web server setup, you may need the trailing slash in the URL, but that’s in the link here. If it still doesn’t work, you can use the HTML link here:

                                                                                                                    https://myrlang.org/release-notes/r0p2.html

                                                                                                                    Unfortunately, I can’t edit the URL as submitted.

                                                                                                                  1. 1

                                                                                                                    I thought we decided that jwt is snake oil and we should not use it?

                                                                                                                    1. 1

                                                                                                                      JWT could work in theory, but it’s a near certainty you’ll have implementation bugs or something else will go wrong. I would avoid.

                                                                                                                      1. 1

                                                                                                                        Can either of you cite or explain why you thing JWTs are a poor choice for securing an API?

                                                                                                                          1. 1

                                                                                                                            Thanks for the link. Having briefly googled, I found other security consultants (including Patagonie who is actually on that PR thread) who have blasted JWTs, but only concrete details of implementation bugs. What I don’t understand is why this particular security consultant along with others think that the specification and RFCs are not valid or secure (as otherwise, I can only imagine to have improved implementations over time). I’m no cryptographer by any means, but as someone just in the middle of an auth system redesign (adding APIs to the mix of our more old-fashioned stateful webapps), I’m very concerned as to whether or not there is something to be concerned about.

                                                                                                                            1. 3

                                                                                                                              Oh, found another reference. (I happened to have the bug link handy.)

                                                                                                                              https://news.ycombinator.com/item?id=14292223

                                                                                                                              The short version is maybe you can do JWT right, but it’s designed to provide as many opportunities for things to go wrong as possible. That rarely works out well in practice.

                                                                                                                    1. 35

                                                                                                                      Focusing heavily on how it makes a robot computer feel, these posts ultimately neglect what will be the deciding factor in Electron’s success or failure: how it feels for most people to run Electron apps day-to-day.

                                                                                                                      This is my favorite line because it doesn’t have any resemblance to reality. I nearly threw my tea at my laptop screen at the idea that people enjoy Electron apps especially the idea that they like those apps more than native applications.

                                                                                                                      Slack is widely thought of as an application people have to deal with. Atom is an okay application, but when push comes to shove, they have to use native code to get decent performance. Basic things like resizing a window will make Slack drop frames. The writer must have a really low bar for what counts as an enjoyable application. I receive some great emails, but that doesn’t make my email client any better.

                                                                                                                      I can speak for myself when I say Electron runs like a dream. On a typical day, I’ll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. I’ll also have a bunch of other non-Electron apps opened or running, like Adobe Photoshop, three Terminal windows with 3–4 tabs each, Sequel Pro, Google Chrome with on average 4–5 tabs, Apple Mail, iMessage, Little Snitch, Dropbox, and iTunes/Apple Music.

                                                                                                                      I also really enjoy this one because the long list of apps is made to sound like there’s a bunch of usage going on, but maybe this writer doesn’t realize how little consumption goes on in the background with these standard macOS apps when they’re “open” (Messages, really?). Photoshop also uses very little RAM if you don’t actually have anything open. This is also supposed to be bragging about using all of these applications on a computer with 16GB of RAM. That is quadruple the amount of RAM that most people use on a typical laptop.

                                                                                                                      1. 11

                                                                                                                        To those who run the slack desktop app, my question is… Why? Why not just use it in a web browser where it belongs? If people need you, they’ll find a way to contact you.

                                                                                                                        1. 11

                                                                                                                          The brilliance about Slack’s business is that it’s both a business application and an instant messaging platform. Both of those together create an evil combination where the people who need to use it are those who need to use it all day long.

                                                                                                                          For any number of reasons, people generally like to be able to open/close browser tabs & windows without worry that some important business application wherein people expect a response from you within minutes (if not seconds) will be lost. This is especially true if you’re a web developer who will need to close all windows or restart the browser on a regular basis.

                                                                                                                          Slack has just become too important in the lives of many (thus all the consternation about how terrible the app is) and using it as a separate application makes things a lot cleaner and simpler.

                                                                                                                          1. 5

                                                                                                                            Pinned tabs?

                                                                                                                            Also does Slack support web push? If it does, you should be able to just close it and get notifications.

                                                                                                                            1. 1

                                                                                                                              Luckily, it doesn’t (I get enough notifications while I’m working, no need to spam me even more when I decide to focus and close the browser tab)

                                                                                                                          2. 8

                                                                                                                            I couldn’t find a way in the browser to be able to stay logged in to multiple slacks at once, so I have to run the desktop app.

                                                                                                                            1. 6

                                                                                                                              When you run things in a browser you lose really basic command-tab functionality in OSX

                                                                                                                              You also have browser chrome to deal with , as well as all the browser UI cruft (don’t need to see that URL all the time)

                                                                                                                              I think voice chat doesn’t work in Slack on the web either?

                                                                                                                              I think some of this is solvable , but I haven’t ever found much reason to not just use the slack app that works

                                                                                                                              1. 5

                                                                                                                                You also have browser chrome to deal with , as well as all the browser UI cruft (don’t need to see that URL all the time)

                                                                                                                                Not necessarily. With Chrome you can create chromeless “applications” from any URL. This is what I do with Spotify, Outlook 365, and HipChat. Spotify in particular is much faster that way than “native.”

                                                                                                                                1. 2

                                                                                                                                  oh is this possible? How do you do this?

                                                                                                                                  1. 4

                                                                                                                                    On Windows it’s Menu > More Tools > Add to Desktop. Then make sure that you check “Open as Window.” Voila! Your web page is now a standalone application!

                                                                                                                                    1. 3

                                                                                                                                      Just had a look at Chrome on Mac OS and couldn’t find anything like this.

                                                                                                                                      I’ve been using Fluid to turn web apps into standalone apps, works quite well (aside from the resource usage of course).

                                                                                                                                      1. 2

                                                                                                                                        Yeah. A little searching shows that option is only available on Windows and Linux, not Mac OS.

                                                                                                                              2. 6

                                                                                                                                Why not just use it in a web browser where it belongs?

                                                                                                                                Judgy judgy! :)

                                                                                                                                I don’t particularly like running “applications” inside web browsers because my browser is a dynamic place. I open tabs, close tabs, move things around etc all the time and frequently need to restart. In short, for my use case, browsers make AWFUL persistent application platforms.

                                                                                                                                1. 4

                                                                                                                                  I used to use Slack in the web browser. I’m on Linux and wanted to try to use Slack’s voice call features, and the browser version wouldn’t let me select my speaker/mic device, so I couldn’t use it.

                                                                                                                                  Then I heard there was a Slack desktop app, so I thought, hey maybe that will work. So I tried that. But I had the same problem.

                                                                                                                                  I never switched back to the browser version because there’s really nothing that has made me want to switch. It’s using about 700MB of RAM right now, and that feels pretty par for the course to me. My gmail tab is using just as much. As a bonus, the Slack desktop app uses my notification daemon that I have running (dunst), which lets me very easily dismiss or recall notifications without touching the mouse.

                                                                                                                                2. 5

                                                                                                                                  Photoshop AND Sequel Pro opened at the same time?! This just reads as someone enumerating the apps installed on his laptop…

                                                                                                                                  1. 3

                                                                                                                                    This is my favorite line because it doesn’t have any resemblance to reality. I nearly threw my tea at my laptop screen at the idea that people enjoy Electron apps especially the idea that they like those apps more than native applications.

                                                                                                                                    Clearly native applications are better in some respects (they may be faster, more conformant to local UI norms, etc.)

                                                                                                                                    However the key question is - Is having a cross platform electron app to solve a particular task better than not having that niche served at all?

                                                                                                                                    1. 4

                                                                                                                                      I was responding to the idea that the writer threw out there that Electron may use a lot of resources, but it’s in service of making a better UX & UI for users. He didn’t actually elaborate on that probably because there is no way to defend that position.

                                                                                                                                      It’s a lot more easily defensible to talk about the business side of web apps rather than anything technical. In the particular case of Slack, that company has plenty enough money to completely rewrite their web app as a set of native apps, but why would they when everyone is already locked in?

                                                                                                                                      I also like that he used some strange math to say that his basic note-taking application would cost $500 when, last time I checked, not even the most complicated native applications run by the smallest teams that would need the most money actually charge that much money for their apps.

                                                                                                                                      1. 1

                                                                                                                                        not even the most complicated native applications run by the smallest teams that would need the most money actually charge that much money for their apps

                                                                                                                                        I wish! Have you seen what Autodesk charges? And they’re subscriptions

                                                                                                                                      2. 3

                                                                                                                                        To which the obvious response is: does any electron app serve a unique purpose?

                                                                                                                                        1. 2

                                                                                                                                          The same question could be asked of any given native technology. This is almost but not quite a troll :)