1. 1

    I’m trying to do something similar for flask

    https://github.com/kusl/flaskexperiment

    Please take a look and offer suggestions, issues, and pull requests.

    1. 2

      I have some choice words for OP which I won’t share out of respect for the platform.

      OP, tell me what you think about this simple case: https://www.drupal.org/project/drupal/issues/2859381#comment-12417374

      I can’t see non-default state as the moderation state. I need it. What does OP suggest I do?

      1. 3

        I suggest you actually read the article. Or even just the title in its entirety.

      1. 10

        This add-on was installed and set to ‘OFF’ and made no changes in the user experience unless it was explicitly turned on by a user, but it was added. Even when turned on no user data was collected or shared.

        Dear Chief Marketing Officer, you know better than to hide behind passive voice sentences. Did you ask legal to write this? I strongly urge you to resign effective immediately.

        Sincerely, Yours truly

        1. 10

          Painful. But as much as I’d love to see it, it is rare for institutions to fully own their mistakes, no matter how obvious.

          1. 2

            I feel like I’m missing something. Can someone highlight how this is skewing the truth?

          1. 3

            A somewhat related question: is there any problem in revealing whether a number is a signal number?

            1. 8

              Hah, well, I have a personal problem with revealing that, although it’s unrelated to Signal’s primary use-case.

              My problem is that Signal auto-added a number of people who I never intend to talk to again, including a former therapist from years ago. It honestly feels really intrusive.

            1. 11

              I thought it is pretty obvious that we’re trying to suppress wages. However, that’s where my agreement ends. What we need is dramatically higher taxes for income and inheritance above a certain threshold. I’m thinking like 90% tax (progressive) on individual income exceeding 100x 2000x minimum wage per hour (a nice $3M at $15 an hour) and twice that for inheritance (also progressive). We will need broad agreement to make sure no one has “attractive” tax regime. We then fund basic income with this money and do something which we’ve needed to do for a long time: cut costs.

              We need to cut costs in education. We need to cut costs in healthcare. We need to cut costs in real estate. Cutting costs is very important for this plan to succeed. No more nimbyism. We make sure nobody starves or dies from simple diseases but no more tax credits or deductions for anything. There well be some pain but it will be worth it.

              1. 1

                Well, I agree with increasing efficiency.

                1. -5

                  Wow.. I know I shouldn’t bother but you’re just too much..

                  You’re basically suggesting that governments everywhere rob “overly wealthy” people super fucking hard, and prevent them from being able to escape that robbery anywhere, and.. somehow you expect them to keep working hard so that the ass-raping can continue indefinitely so that you can sit at home and.. pursue your lifelong dream of finger-painting abstract art, for the betterment of mankind?

                  Look at your country’s budget numbers and do some basic math on what it would cost to give everyone “free money forever”.

                  Then think about things from a productive person’s perspective. If 100% of the fruits of your labour are forcefully taken away, you’re an outright fucking slave. If 50% are taken away, you’re like a 50% slave.

                  You are not the arbiter of how much money is “enough” for anyone else. You can decide how much money is enough for you, personally, but other people are their own, separate, living, breathing individuals.

                  Wake the fuck up from your socialist stupor.

                  1. 9

                    Could we please not use terms like “ass-raping” so lightly? This is a forum for adults and professionals, and at the very least I’d hope we can all be respectful to each other.

                    1. -5

                      Oh gosh golly gee, someone has a potty mouth!

                    2. 5

                      Then think about things from a productive person’s perspective. If 100% of the fruits of your labour are forcefully taken away, you’re an outright fucking slave. If 50% are taken away, you’re like a 50% slave.

                      You probably need to define what you mean by a productive person. And it’s not “forcefully taken away”, “robbery”, “ass-raping”. You declare your taxes and pay them. Most levels of remuneration rise/fall based on effective tax rates. The rules are well understood. Don’t want to pay so much, tough luck.

                      You are not the arbiter of how much money is “enough” for anyone else. You can decide how much money is enough for you, personally, but other people are their own, separate, living, breathing individuals.

                      What about consensus and rules that are aimed at leveling the playing field in terms of opportunity? If you went out for pizza with 3 friends and 1 of them took 9 slices because he decided that was enough for him, would the rest of you be cool with that?

                      1. -3

                        And it’s not “forcefully taken away”, “robbery”, “ass-raping”.

                        Sure it is.

                        You declare your taxes and pay them.

                        You seem to be overlooking the “.. or else!” part, which is what makes it robbery, and to be more precise: extortion.

                      2. 5

                        The super wealthy aren’t generally that way because they ‘work hard’ or ‘are productive’, they are generally that way because of theft* or inherited wealth. So yes, we should tax their income, their wealth itself, inheritances, and so forth, and make sure that there is nowhere they can escape it. Also, taxation isn’t even vaguely similar to slavery.

                        *: Theft here meaning everything from colonial plunder to corrupt self dealing to rentiership to exploiting workers, and so forth.

                        1. 1

                          what you mean by ‘super wealthy’ or ‘generally’? You should be more specific with some references.

                          The only millionaire I know personally, worked hard, but also efficiently, and was very intelligent in the way he did business. He doesn’t work 1000 times harder than others, but he never exploited anyone or stole anything to my knowledge. More importantly, there was nothing stopping another person from doing what he was doing.

                          1. 2

                            I think 100x minimum wage is generous enough. I’m sorry but I didn’t mean it to sound like taxation as a punishment. I apologize for my poor choice of words. Yes, taxes are involuntary for the individual but it isn’t about taking from Peter to give to Paul.

                            I oppose the current plan for “free college” in New York. I think no government program should have a ceiling for income.

                            I think we need better propaganda around taxation. We should try to make people feel proud for paying taxes. This is why I want to reduce government spending (the administrative overhead). I don’t think it will be easy or straightforward but I believe it is possible.

                            1. -2

                              For your sake, I hope you’re trolling.

                        2. 4

                          The business takes a percent of my surplus labor that is likely much higher than 50% because they have money, higher taxes would help remedy that. You’ve focused on the government taking your money and have blindly ignored the individual taking your money.

                          1. 4

                            somehow you expect them to keep working hard so that the ass-raping can continue indefinitely so that you can sit at home and.

                            Many poor people are working very hard as well. Working 3 or 4 jobs and not making it out of poverty. The idea that people are rich because of hard work doesn’t seem to have much evidence behind it and there is some evidence that many rich people are there because of luck. That isn’t to say they don’t work hard but rather that taxing them doesn’t mean their hard work is being taxed but rather their luck.

                            1. -1

                              People don’t seem to realize that tax is letting someone else spend your money in terribly inefficient ways, or they will lock you up. Also, the threshold for ‘wealthy’ is always higher than the person suggesting it earns.

                          1. 0

                            Got a 404…

                            1. 1

                              That’s odd, it works for me, although there were some other stray 404s that I fixed. Thanks to some quirks of the web server setup, you may need the trailing slash in the URL, but that’s in the link here. If it still doesn’t work, you can use the HTML link here:

                              https://myrlang.org/release-notes/r0p2.html

                              Unfortunately, I can’t edit the URL as submitted.

                            1. 1

                              I thought we decided that jwt is snake oil and we should not use it?

                              1. 1

                                JWT could work in theory, but it’s a near certainty you’ll have implementation bugs or something else will go wrong. I would avoid.

                                1. 1

                                  Can either of you cite or explain why you thing JWTs are a poor choice for securing an API?

                                    1. 1

                                      Thanks for the link. Having briefly googled, I found other security consultants (including Patagonie who is actually on that PR thread) who have blasted JWTs, but only concrete details of implementation bugs. What I don’t understand is why this particular security consultant along with others think that the specification and RFCs are not valid or secure (as otherwise, I can only imagine to have improved implementations over time). I’m no cryptographer by any means, but as someone just in the middle of an auth system redesign (adding APIs to the mix of our more old-fashioned stateful webapps), I’m very concerned as to whether or not there is something to be concerned about.

                                      1. 3

                                        Oh, found another reference. (I happened to have the bug link handy.)

                                        https://news.ycombinator.com/item?id=14292223

                                        The short version is maybe you can do JWT right, but it’s designed to provide as many opportunities for things to go wrong as possible. That rarely works out well in practice.

                              1. 35

                                Focusing heavily on how it makes a robot computer feel, these posts ultimately neglect what will be the deciding factor in Electron’s success or failure: how it feels for most people to run Electron apps day-to-day.

                                This is my favorite line because it doesn’t have any resemblance to reality. I nearly threw my tea at my laptop screen at the idea that people enjoy Electron apps especially the idea that they like those apps more than native applications.

                                Slack is widely thought of as an application people have to deal with. Atom is an okay application, but when push comes to shove, they have to use native code to get decent performance. Basic things like resizing a window will make Slack drop frames. The writer must have a really low bar for what counts as an enjoyable application. I receive some great emails, but that doesn’t make my email client any better.

                                I can speak for myself when I say Electron runs like a dream. On a typical day, I’ll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. I’ll also have a bunch of other non-Electron apps opened or running, like Adobe Photoshop, three Terminal windows with 3–4 tabs each, Sequel Pro, Google Chrome with on average 4–5 tabs, Apple Mail, iMessage, Little Snitch, Dropbox, and iTunes/Apple Music.

                                I also really enjoy this one because the long list of apps is made to sound like there’s a bunch of usage going on, but maybe this writer doesn’t realize how little consumption goes on in the background with these standard macOS apps when they’re “open” (Messages, really?). Photoshop also uses very little RAM if you don’t actually have anything open. This is also supposed to be bragging about using all of these applications on a computer with 16GB of RAM. That is quadruple the amount of RAM that most people use on a typical laptop.

                                1. 11

                                  To those who run the slack desktop app, my question is… Why? Why not just use it in a web browser where it belongs? If people need you, they’ll find a way to contact you.

                                  1. 11

                                    The brilliance about Slack’s business is that it’s both a business application and an instant messaging platform. Both of those together create an evil combination where the people who need to use it are those who need to use it all day long.

                                    For any number of reasons, people generally like to be able to open/close browser tabs & windows without worry that some important business application wherein people expect a response from you within minutes (if not seconds) will be lost. This is especially true if you’re a web developer who will need to close all windows or restart the browser on a regular basis.

                                    Slack has just become too important in the lives of many (thus all the consternation about how terrible the app is) and using it as a separate application makes things a lot cleaner and simpler.

                                    1. 5

                                      Pinned tabs?

                                      Also does Slack support web push? If it does, you should be able to just close it and get notifications.

                                      1. 1

                                        Luckily, it doesn’t (I get enough notifications while I’m working, no need to spam me even more when I decide to focus and close the browser tab)

                                    2. 8

                                      I couldn’t find a way in the browser to be able to stay logged in to multiple slacks at once, so I have to run the desktop app.

                                      1. 6

                                        When you run things in a browser you lose really basic command-tab functionality in OSX

                                        You also have browser chrome to deal with , as well as all the browser UI cruft (don’t need to see that URL all the time)

                                        I think voice chat doesn’t work in Slack on the web either?

                                        I think some of this is solvable , but I haven’t ever found much reason to not just use the slack app that works

                                        1. 5

                                          You also have browser chrome to deal with , as well as all the browser UI cruft (don’t need to see that URL all the time)

                                          Not necessarily. With Chrome you can create chromeless “applications” from any URL. This is what I do with Spotify, Outlook 365, and HipChat. Spotify in particular is much faster that way than “native.”

                                          1. 2

                                            oh is this possible? How do you do this?

                                            1. 4

                                              On Windows it’s Menu > More Tools > Add to Desktop. Then make sure that you check “Open as Window.” Voila! Your web page is now a standalone application!

                                              1. 3

                                                Just had a look at Chrome on Mac OS and couldn’t find anything like this.

                                                I’ve been using Fluid to turn web apps into standalone apps, works quite well (aside from the resource usage of course).

                                                1. 2

                                                  Yeah. A little searching shows that option is only available on Windows and Linux, not Mac OS.

                                        2. 6

                                          Why not just use it in a web browser where it belongs?

                                          Judgy judgy! :)

                                          I don’t particularly like running “applications” inside web browsers because my browser is a dynamic place. I open tabs, close tabs, move things around etc all the time and frequently need to restart. In short, for my use case, browsers make AWFUL persistent application platforms.

                                          1. 4

                                            I used to use Slack in the web browser. I’m on Linux and wanted to try to use Slack’s voice call features, and the browser version wouldn’t let me select my speaker/mic device, so I couldn’t use it.

                                            Then I heard there was a Slack desktop app, so I thought, hey maybe that will work. So I tried that. But I had the same problem.

                                            I never switched back to the browser version because there’s really nothing that has made me want to switch. It’s using about 700MB of RAM right now, and that feels pretty par for the course to me. My gmail tab is using just as much. As a bonus, the Slack desktop app uses my notification daemon that I have running (dunst), which lets me very easily dismiss or recall notifications without touching the mouse.

                                          2. 5

                                            Photoshop AND Sequel Pro opened at the same time?! This just reads as someone enumerating the apps installed on his laptop…

                                            1. 3

                                              This is my favorite line because it doesn’t have any resemblance to reality. I nearly threw my tea at my laptop screen at the idea that people enjoy Electron apps especially the idea that they like those apps more than native applications.

                                              Clearly native applications are better in some respects (they may be faster, more conformant to local UI norms, etc.)

                                              However the key question is - Is having a cross platform electron app to solve a particular task better than not having that niche served at all?

                                              1. 4

                                                I was responding to the idea that the writer threw out there that Electron may use a lot of resources, but it’s in service of making a better UX & UI for users. He didn’t actually elaborate on that probably because there is no way to defend that position.

                                                It’s a lot more easily defensible to talk about the business side of web apps rather than anything technical. In the particular case of Slack, that company has plenty enough money to completely rewrite their web app as a set of native apps, but why would they when everyone is already locked in?

                                                I also like that he used some strange math to say that his basic note-taking application would cost $500 when, last time I checked, not even the most complicated native applications run by the smallest teams that would need the most money actually charge that much money for their apps.

                                                1. 1

                                                  not even the most complicated native applications run by the smallest teams that would need the most money actually charge that much money for their apps

                                                  I wish! Have you seen what Autodesk charges? And they’re subscriptions

                                                2. 3

                                                  To which the obvious response is: does any electron app serve a unique purpose?

                                                  1. 2

                                                    The same question could be asked of any given native technology. This is almost but not quite a troll :)

                                              1. 1

                                                This is clever, nicely self-contained, and an excellent use for spot instances.

                                                That said, I clicked through because of the “Huge” in the title, and was a bit disappointed that we were still talking about the “few hundred GB” range of database size.

                                                1. 1

                                                  Sorry if this is off-topic but I immediately thought of libre fm. It is not “huge” by any stretch of imagination but since we are talking about backups

                                                  Next, I made a complete disk backup of all of the PostgreSQL files, and went to look at our backups on rsync.net. And they were broken — because of our disk space issues, we’d been failing to make a backup file, and our backup scripts had been backing up a 0 byte file. Not good.

                                                  https://librefm.wordpress.com/2016/06/30/libre-fm-june-2016-downtime-what-happened/

                                                1. 2

                                                  I am surprised there are no major websites down today. This seems pretty trivial to abuse, and has a good chance of working with other certificate authorities.

                                                  1. 4

                                                    Symantec should just retire from certificate business at this point. With a little coordination between the major browser vendors: Apple, Google Microsoft, and Mozilla, this would be trivially easy.

                                                    It is the right thing to do.

                                                    1. 1

                                                      While we’re at it, kill them all except the EV CAs and Let’s Encrypt (DV).

                                                      1. 2

                                                        I’m interested to know why Let’s Encrypt gets the exception? Its validation process isn’t any better than all the other major CAs as far as I’m aware? DV validation is essentially the most minimal validation that any CA does…

                                                        1. 3

                                                          Just because it is well known, has CT, the EFF is involved and it is free.

                                                          I could totally see an additional DV CA operated from the EU that follows the same idea as LE and same backing. Some redundancy, distribution and different jurisdiction seems like a good idea.

                                                  1. [Comment removed by author]

                                                    1. [Comment removed by author]

                                                      1. 6

                                                        I think is OK to err on the side of not inviting. I like to think I’m like most people. I rarely submit. I’m mostly here to read.

                                                        I guess the question is what are we trying to optimize for? I suspectour answers will fall in place once we answer that question.

                                                        1. 5

                                                          “I guess the question is what are we trying to optimize for? “

                                                          This is what I use when describing the site:

                                                          https://lobste.rs/s/oackyq/lobsters_community_standards/comments/sybvqw#c_sybvqw

                                                          It got a lot of smart people interested who would’ve done good discussions. They didn’t join when I actually sent the invitation and I didn’t bother them about why. My guess has always been front page was full of fluff/noise during that time that contradicted what’s in the link above. It stabilized and we got back to normal. So, the Is and Isn’t parts of that comment still seem like a good standard to use describing it to select others.

                                                    1. 3

                                                      It’s also the only Git client that can deal with KA’s repository sanely, even when jumping between widely-separated commits, which has been incredibly helpful in a few cases where I’m trying to track down where a merge went bad.

                                                      1. 2

                                                        What/who is ka? Edit: never mind, Khan academy.

                                                      1. 13

                                                        I’m typing this on a nexus 4 and while I agree Google’s commitment leaves more to be desired, I’d like to point users towards community efforts (specifically lineage in my case). This isn’t my primary phone anymore but it is still alive and kicking as a WiFi only Internet device.

                                                        Edit: link https://download.lineageos.org/

                                                        1. 9

                                                          Update: Moved this “in thread”.

                                                          Yeah, and Nexus phones are still the best you can get on Android!

                                                          As for running LineageOS, I do wonder about the security, a couple of things:

                                                          • Are the releases properly signed and are there signature checks when performing updates?
                                                          • Can the boot loader be locked again (as supported by Copperhead OS)?;
                                                          • My Samsung Galaxy S3 uses a (long) EOLed Linux kernel, are there any security updates back ported?;
                                                          • There is never an update for the BLOBs (baseband, firmware), is this safe?

                                                          I mean, I am hardly in a position to complain as this thing is so old…and made by Samsung… and probably this S3, even with a lot of potential security holes, is probably more secure than the latest Samsung flagship with all its crap and spyware…

                                                          1. 3

                                                            I’m not affiliated with LineageOS, but these answers are based on what I understand:

                                                            • Releases are not pgp-signed, but for each release they currently provide a md5sum (yeah.. not ideal) that you can either manually check, or if you use the “LineageOS Updater” in the Settings app, it will automatically verify the md5sum.
                                                            • Locking the boot loader on a custom ROM is generally discouraged, due to the complications it can cause with the ROM and with the custom recovery (e.g. TWRP). On Nexus devices it’s usually less risky, but on anything else people always recommend against it.
                                                            • Kernel update backports depend to a large extent on your device maintainer for LineageOS and how active they are. For instance, here’s the main hammerhead (Nexus 5) kernel and this I think is the kernel used for Galaxy S3 devices.
                                                            • This also depends on your device maintainer, but I think there are actually updates to the blobs from time to time.
                                                            1. 3

                                                              Qualcomm never produced the binary blob updates. It simply goes vulnerable until someone creates an open source version by reverse engineering.

                                                            2. 1

                                                              Does anyone know a short summary of exactly what the goals of the LineageOS project are?

                                                              Based purely on the name I’m guessing a long-term Android variant for a given device?

                                                              The about page is rather irritatingly terse, and the rest of the site isn’t much more informative.

                                                              https://www.lineageos.org/about/

                                                              1. 5

                                                                It’s the fork/continuation of the still-better-known CyanogenMod. CyanogenMod’s main initial claim to fame was that it distributed a de-Googlized, power-user-oriented version of Android: all open-source base software, nothing that does tracking by default, unlocked root access, as many underlying OS/hardware/firmware features as possible exposed as user-modifiable settings, etc. It’s also become popular among people who have phones EoL’d by the official Android releases, though.

                                                                1. 1

                                                                  Thank you very much.

                                                                  Maybe there is hope for my Nexus 5X from October 2018. :-D

                                                            1. 1

                                                              FANT anyone? Edit enfp

                                                              1. 27

                                                                In every project, there is a software architect who makes final decisions.

                                                                Oh, honey, no.

                                                                1. 11

                                                                  Oh, honey, no.

                                                                  Completely unrelated, but I really wish that people would stop using this kind of phrase. It’s simultaneously the most condescending and the most vapid thing that I hear. It sounds like you’re speaking to a stupid child, and it seems like it never comes with a good argument.

                                                                  1. 2

                                                                    Well, it sounds like I’ve hit precisely the rhetorical target I was aiming for. Best of luck finding a good argument.

                                                                    1. 4

                                                                      You were trying to sound pointlessly condescending, with nothing worthwhile to say? If you want, I guess that’s your right.

                                                                  2. 1

                                                                    Maybe the idea is that given enough time, there are tribal warlords even in “flat” organizations? Sometimes they aren’t easily visible but if you look closely, you’ll find them (or create them?)