1. 18

    A quick question: is Chrome better than the rest?

    I use Firefox desktop and Duck / Safari mobile as primary browsers, and I’m completely satisfied by the experience. Am I missing out something here with Chrome?

    Lots of articles about ditching Chrome / time to move to Firefox … but people seem to hesitate. That tells me something holds them to Chrome, and I can’t image what that things is.

    1. 10

      A quick question: is Chrome better than the rest?

      They don’t support vertical tabs at all.

      Performance is about the same (slightly better but I’ve never noticed except maybe on Google properties).

      Uses more RAM.

      No, not better at all in my book.

      1. 4

        They don’t support vertical tabs at all.

        I’m not sure what you mean by “they”. I’ve been using Tree Style Tab on Firefox for as long as I can remember.

        1. 7

          “They” is Chrome, not Firefox.

          1. 1

            … and it’s absolute garbage without hacking userChrome.css.

        2. 6

          Out of principle (re: reducing the monopoly), I am trying to switch to Firefox. (I’ve done so on one of my daily drivers, but not both.) To answer your question, though, there is at least one feature where Chrome is unequivocally better than Firefox: the UX for multiple profiles/personas.

          In Chrome/ium, the entry point for profiles is a single icon/click in the main toolbar. Switching profiles is another single click. So, with two clicks, it will either create a new window “running as” that profile, or it will switch to an existing window of that profile. The window acts as a container, so any new tabs (and even “New Window”s) will be for that profile. Everything about the experience makes sense, and is just about the simplest, most straight forward UX design that one could conceive.

          Contrast the above with Firefox’s profile UX. Profiles available in main toolbar? Nope. Open hamburger menu – profiles in there? Nope. How about in the Preferences UI? Nope. So where the heck is it? Well, there are CLI switches available (try not to laugh). -P/--profile to use a certain profile, or --ProfileManager to bring up a GUI widget on startup to pick a profile. Okay, so of course normal users will not use CLI switches. So what do they do? Well, there’s an about:profiles page available. So you have to type that (there’s autocomplete at least, to save you a few keystrokes), and then you click on a button on that page to open a new window launch a new Firefox instance for that profile. And then there is no visual indication in Firefox as to which profile you’re currently using, unless you’ve themed each profile, etc. In Chrome, you assign avatars to profiles, and the current profile’s avatar is displayed in the main bar.

          There’s this feature of Firefox called containers, or container tabs, or multi-account containers. Or something. They.. sort of do the job, in a clunky way. Tabs get a different underline colour based on the container, and different containers have different cookie sets, etc. However, this falls short in a couple ways. In Firefox, preference settings are shared among containers, whereas in Chrome, each profile has independent settings. Also, new tabs don’t (always?) take on the container of the previous/parent tab, so you have to manually set the container of a tab, sometimes.

          Anyway, enough said. The UX for multiple personas is astronomically better in Chrome. It’s not even close.

          1.  

            Late but:

            Containers is what you look for.

            It is right in the address bar.

            It can even automatically change for sites that obviously belong to one container.

            1.  

              I tried containers in Firefox. They go maybe 70% of the way towards what I need. It’s a nice try, but not good enough [for me].

              Anyway, nowadays, I use multiple local Linux users to sandbox things with Firefox. They main security concern there is sharing the X display.

          2. 9

            Inertia, ignorance and indolence come to mind.

            1. 6

              That’s the thing I keep coming back to when I see articles like this. It’s not like anything has changed.

              If you’ve gone for like a decade using a browser created by a monopolistic advertising company and after all those years you never saw the problem with it, does anyone really think reading some Wired article is going to finally be the thing that makes you come to your senses?

            2. 4

              Performance can be an issue, as discussed previously.

              Also I think a lot of front-end devs prefer the developer tools from what I’ve heard (although for me, the Firefox ones work fine and have for years, but I’m not a FE dev and I don’t know if there are any concrete benefits here or if it’s just a matter of preference).

              1. 3

                The Firefox dev tools are actually quite nice…except that they become an enormous memory hog and performance black hole if you dump a bunch of JSON into the log. I’ve had the devtools crash Firefox because of a day’s worth of redux debug logs. Never had that issue with chrome

              2. 4

                Chrome (and also safari) has a visibly lower latency in rendering the page. It doesn’t really matter at all if you think about it, but makes the feel of the browser quite different.

                1. 4

                  Bugs. Bugs in firefox. Lots of them. Especially annoying while developing.

                  1. 2

                    IME Chrome can sometimes perform faster than FF. I’ve really only noticed it when looking at sites with heavy CSS/JS-based animations. also the FF dev tools seem to get bogged down more often than Chrome’s. also, for a while FF performance on Mac OS was much worse than Chrome’s (I forget the details but this was a known issue that may (?) be fixed by now).

                    1. 3

                      I wonder if several years in the future, we’re going to see a bug change there like with the arrival of (now) macOS in the early 2000s. What I’m hinting at is the fact that the problem here are not browsers, but js/whatnot heavy websites, that browsers them try to accommodate, just like Windows was going out of their way to keep backwards compatibility and hide application idiocies. Then came Apple with their “we don’t care about backwards compatibility, this is what you can use”.

                      1. 1

                        I’m skeptical. Long-term, I think browsers will take over native applications as the default app distribution + runtime environment, as browser vendors add more and more native/low-level APIs to the web platform. Then again, I’m not the first person to predict this so who knows.

                        Maybe some day plain HTML/CSS will become a second-class citizen (or people will get used to using other programs to browse the ‘old web’).

                        1. 2

                          Or you’ll have to download a “web-browser” app in your web browser to view actual HTML content, which to be frank, is already happening, given the number of blogging sites that break completely if Javascript is disabled.

                  1. 2

                    It’s interesting how we (mis)understand color. This post has 27 upvotes and 1 comments. The subject is popular but no / just one understands it.

                    Posts like this pop up every month or quarter. I’m reading them, bookmarking them, and planning to revisit ‘my own theory’ (https://github.com/metamn/color) based on them.

                    However none of them gives an Aha! moment, as, for example, Continuous Typography (https://maxkoehler.com/posts/continuous-typography/) does for typography.

                    So far, the search for the holy grail of colors is on.

                    1. 1

                      Too many MCs not enough mics.

                      The programming language market exploded like the electronic music market in the ’00s, or the typography / fonts market last decade.

                      Every week a new language pops up. Soon every respectable shop / individual will have its own programming language.

                      And that’s good. Taylor made programming languages for every problem, every taste.

                      The question is, with this inflation, will programming become an irrelevant market activity? Because DJ-ing, MC-ing did. Around 1% of musicians make their living from music. The rest are hobbyist, even if exploring unimaginable niches in highly professional ways.

                      1. 2

                        Your point is valid, but Lobster isn’t brand new. I don’t know its exact age, but it was first noted here seven years ago (see “Stories with similar links” at the bottom of this page.)

                        The question is, with this inflation, will programming become an irrelevant market activity?

                        I think it makes more sense here to say “language design”, not “programming”, since we’re talking about production, not consumption, of languages.

                        Has language design/implementation ever been a relevant market activity? The only language I can think of that became a big business to its creators is Java. (Companies like Microsoft and Borland did make businesses out of BASIC and Pascal, but didn’t invent them.) Languages have usually been labors of love, or infrastructure for a platform.

                        1. 3

                          Yup its from 2010.. though you wouldn’t recognize the Lobster from back then as being the same one as today :) Some history here (scroll to the end): http://aardappel.github.io/lobster/philosophy.html

                          And yes, language design & implementation today is going to make you even less rich and famous than it used to.. but that doesn’t stop me :P

                          1. 1

                            From the examples, Lobster reminds me a lot of Dylan, but with a Pythonesque syntax.

                      1. 4

                        Since 2017 the interest for Clojure dropped significantly, almost to zero, to a 2008 level (the language was created in 2007): https://trends.google.com/trends/explore?date=all&q=%2Fm%2F03yb8hb

                        This sounds scary. No one would invest in such a curve.

                        More, the founders / the company behind Clojure were bought up last year by a bank. We all know what this means in other areas.

                        And so on.

                        I’ve started learning Clojure a month ago. And these are my back-thoughts on it.

                        1. 9

                          The trends chart for Apache Spark shows interest in that technology near a 5-year low and trending downward. Interest in SQL, Java, JavaScript have been on downward trajectories for 15+ years, and are currently at an interest level metric very near to Clojure.

                          Would it be fair to call it scary to invest in those technologies?

                          1. 8

                            Since 2017 the interest for Clojure dropped significantly, almost to zero, to a 2008 level (the language was created in 2007): https://trends.google.com/trends/explore?date=all&q=%2Fm%2F03yb8hb

                            This sounds scary. No one would invest in such a curve.

                            If you think that’s scary, wait ’til you see the same graph for Java!

                            https://trends.google.com/trends/explore?date=all&q=%2Fm%2F07sbkfb

                            Or C#!

                            https://trends.google.com/trends/explore?date=all&q=%2Fm%2F07657k

                            Or JavaScript!

                            https://trends.google.com/trends/explore?date=all&q=%2Fm%2F02p97

                            Or C!

                            https://trends.google.com/trends/explore?date=all&q=%2Fm%2F01t6b

                            Or C++!

                            https://trends.google.com/trends/explore?date=all&q=%2Fm%2F0jgqg

                            I used to think Google Trends correlated with language popularity, but these are pretty strong counterexamples.

                            1. 5

                              Right, G Trends shows even React is in a serious downward spiral.

                              Point taken, thanks for everybody clarifying this.

                            2. 5

                              More, the founders / the company behind Clojure were bought up last year by a bank. We all know what this means in other areas.

                              I don’t. What’s the concern about being owned by a bank?

                              1. 3

                                More, the founders / the company behind Clojure were bought up last year by a bank. We all know what this means in other areas.

                                This also happened to Elixir and it seems to be doing fine?

                                1. 3

                                  Google trends isn’t really a useful metric. What’s more interesting is that there are more and more companies using Clojure commercially. For example, we had Clojure/north conference in Toronto where lots of people presented from companies that are entirely built on Clojure stack. There are lots of new companies popping up doing innovative stuff with Clojure every year. Roam Research being a good example.

                                  The communities on Slack, Reddit, and Clojureverse are very active, and constantly growing.

                                  There are now projects like Clojurists Together for funding open source ecosystem and ensuring that it’s sustainable. Incidentally, one of the first things that happened from Cognitect being bought by Nubank was that they started funding open source developers on Github.

                                  Clojure is a mature language, with a large ecosystem around it, and a very active community. It’s not a hype driven language, but it’s very much sustainable and has been for many years now.

                                  1. 1

                                    Definitely, I choose Clojure/Script as an alternative to JavaScript web dev due to all the above.

                                    However I still don’t feel safe, because of the language popularity. For example on the 2020 Stack Overflow Dev Survey (https://insights.stackoverflow.com/survey/2020#technology) Clojure didn’t hit the list. A presence there would be reassuring.

                                    I see Clojure a one way path: take a deep breath, go down into the rabbit hole (yes, Clojure learning is not simple at all, Clojure is unlike others) and never look back.

                                    1. 2

                                      This seems like a pretty limited perspective… Learn more languages and you’ll see that Clojure is easier to learn (and better to use) than most if not all.

                                      If the syntax, style, or ideas seem foreign, than all the better! You can write (C, Lisp, Cobol) in any language, and learning the pros and cons of each style is never time wasted.

                                      1. 1

                                        Clojure is the 9th language I’m learning.

                                        So far I find it so strange like Assembly. And functional programming such a shift when I transitioned from procedural programming (C) to object-oriented programming (C++).

                                        These makes one cautious.

                                        For example, with React was no question to learn it, to invest in. It was the solution for the problem I was waiting for ages.

                                        On Clojure I can’t see really that clear path. Functional programming, for example, is solved elsewhere more thoroughly and in a simpler way (https://github.com/MostlyAdequate/mostly-adequate-guide).

                                        That’s why language popularity would be a good indicator whether to adopt it, or not.

                                        However, on HN, the comments on this same article are more alarming: https://news.ycombinator.com/item?id=27054839

                                        It seems to explain why the language popularity is dropping. Clojure starts as a nice promise, then problems rise, people flock away.

                                        1. 12

                                          Been writing Clojure professionally for a little over nine years, both on teams of hundreds and as a solo engineer. I can’t speak to popularity, but Clojure has been (and remains!) an exceedingly nice language choice for long-running services and desktop applications. It combines a well-designed standard library, reasonable performance, an emphasis on immutability and concurrency-safety without being dogmatic about evaluation semantics, just the right amount of syntax, excellent JVM interop, and access to a huge swath of Clojure and other JVM libraries. It’s a generally mature, stable language which solves data-oriented problems well. The major drawbacks, in my view, are a lack of static typing (though I’ve used spec, schema, and core.typed to some avail here), unnecessarily unhelpful error messages, slow (~5 to ~20s) startup times, and that working with JVM primitives efficiently is more difficult than one might like. And, of course the usual JVM drawbacks: garbage collection, for instance.

                                          None of this is really new per se. I wouldn’t worry too much about popularity metrics or library churn rate–one of the nice things about Clojure is that it’s fairly stable, and libraries from a decade ago tend to work basically unchanged. After Scala, that was a breath of fresh air for me. What I’d ask, were I in your position, is whether the language’s ergonomics, libraries, and speed are suitable for the kind of work you’re trying to do.

                                      2. 2

                                        My team’s been using Clojure for around a decade now, and things have only been getting better all around in that time. I think the most important part is that there are a lot of companies using it nowadays as their core platform. There is a lot of commercial interest in keeping the language and its ecosystem alive and active. I don’t think Clojure will ever get big like Java or Python, but I really don’t see it going away either at this point.

                                        It’s also worth noting that Clojure can be sustainable with a smaller community because it piggy backs on JVM and Js runtimes. We have access to entire ecosystems from these platforms, and can seamlessly leverage all the work from the broader community.

                                    2. 2

                                      I’m not so sure about Google trends as real data point… but there seems to be less buzz, but people are still using it.. and I don’t think there ever was a real hype.

                                      I had noticed that my personal interest had diminished a bit and when most of the people from the irc channel migrated to Slack I didn’t join them. Stuff still seems to get regular updates and as just a casual user no Clojure release really excited or disturbed me - that could be because I’d neber used it to its full potential (likely) or that they were just iterating in small steps and not being revolutionary (also likely). I don’t think I’ve had to do meaningful changes over the years to the codebases I started between 2011 and 2013 and they run on the lastest Clojure version…

                                    1. 1

                                      I’ve started to use it this spring, everywhere, from menus to collapsibles (accordions).

                                      So far so good in terms of functionality. In terms of styling it’s like the ‘select’ box: the default styles needs to be tweaked to look good on all browsers.

                                      Together with snap-scroll, disclosures replace two custom components in my library (carousel, accordion / collapsible) with a native approach.

                                      Feeling grateful.

                                      1. 5

                                        I deeply agree.

                                        After 16 years of web design and development I’m thinking to quit. As a last resort / ESCAPE I’m now learning Clojurescript.

                                        I’ve started first with PHP (Wordpress, Laravel, Yii), then with Ruby (Rails, Sinatra), now with Javascript (vanilla, jQuery, Gulp, Foundation, Gatsby, Next, React, Lodash, Immer, Typescript). I also do / did static sites with Jekyll, or my own framework.

                                        Among all Javascript is far the worst experience. In all areas like the language, the types, the state, the hooks, blogging engine, toolbelt, hosting, packaging, publishing, documenting, the community.

                                        The situation is so bad that it eats my nerves. Instead of creating I’m patching and fixing bugs all day. I read Vercel got $$$ investment yet their service / code is broken at an unseen level. Please head over Github and check the issues, how they close it without solving it, how many duplicated issues rise up, and how frustrated everyone is. Never saw anything like this in my career. And I’ve migrated from Gatsby, where I’ve met the ugliest source code in production ever.

                                        Ok, I’m stopping now, it’s getting too much.

                                        That’s why the web is what it is today. It’s Javascript driven, and Javascript is totally flawed.

                                        1. 4

                                          I haven’t tried ClojureScript, but your story is a common one in the Elm community. It goes something like “I was so sick of frontend development I was desperate to get away from it, and then I tried Elm, and now I’ve gone 180 degrees and love programming again.”

                                          Elm functions can’t even directly call JS functions (there’s a way to do interop, but it’s not with direct function calls), so you don’t get a “blend” of the two languages. The entire https://package.elm-lang.org ecosystem is all Elm code; it’s not possible to publish JS code to it.

                                          I can’t guarantee you’ll love it, but I can say it’s worth a weekend to try out! https://elm-lang.org/

                                          1. 1

                                            Thanks for the tip! Good to see there are alternatives. For now I’m hooked by the Lisp syntax so much I’ll start pursuing this way.

                                            What’s sure, from now on, I’ll invest time regularly checking up new languages vs sticking to a single one.

                                          2. 3

                                            As a last resort / ESCAPE I’m now learning Clojurescript.

                                            I switched to Clojurescript 3 years ago and I am never going back. Frontend development can be fun, reliable and productive. You just need to take Javascript and its ecosystem out of the equation.

                                            I’m genuinely happy that you found one of the right solutions to this problem before giving up altogether. I almost gave up as well.

                                            1. 1

                                              I was watching a few dozen of talks to warm up. So far, joy and relaxation everywhere. I’ve touched the docs, downloaded example apps, and it’s a different level, another tone. I can see myself in this community / environment on the long run.

                                              As disappointed I was a couple of days ago as happy I am now. Finally it seems I can get back to design aided by code, not made impossible by code.

                                          1. 12

                                            I’d like to think that this site deserves better then 280 character hot takes without nuance.

                                            1. 1

                                              That’s why I’ve added immediately the comment. To start a conversation.

                                              1. 5

                                                Have you considered turning your comment into a blog post and submitting it here? The tweet isn’t enough for a good discussion.

                                                1. 1

                                                  Thanks! I see now. Rules are rules. Next time ….

                                            1. 3

                                              Great article! Long time looking for something like this. Up until now I’ve been relying on http://lamb.cc/typograph/ now I’ll probably switch to this approach.

                                              Btw, the source code of the example is available on Github! https://github.com/awesomephant/continuous-typography

                                              1. 28

                                                I don’t. I found it’s a waste of time. I’ve learned that I’m very bad at judging what I’ll find interesting a few months from now. Soon the log becomes too big to find anything in it. It has to be searchable because soon you’ll only look for how to do things that you know you can do, but most often the Internet is already searchable enough for that.

                                                For work I did start with paper notes for short-term stuff, and contributing to the documentation server because you can’t just google the quirks of our product.

                                                1. 1

                                                  That was true, in my case, years ago when search worked. It was better to look for the latest on the web than search my own knowledge base for slightly outdated results.

                                                  But today, in the last couple of years, I go first to my own search engine. Then to the web to check if I can find an update on a topic. If not (I run out of energies, got frustrated, etc) then what’s in my knowledge base is good enough.

                                                  1. 1

                                                    hey, I’m curious to know do you have an instance of your own search engine

                                                    1. 1

                                                      sorry :) that comment was related to https://lobste.rs/s/z8rowj/how_do_you_keep_track_things_you_learn#c_iqmrkj that is my “own search engine”

                                                1. 9

                                                  I’m using email. When I find something interesting I’m emailing it to myself. Then I add tags. Then remarks, comments, updates - all as replies.

                                                  Unlike apps which pop up and go this method is quite resilient and effective.

                                                  1. 3

                                                    I’ve been doing this as well, using Firefox‘s experimental Email Tabs to send whole articles. It’s been working out really nicely.

                                                    1. 2

                                                      Dang, too bad it doesn’t support other email providers.

                                                      1. 1

                                                        I do this also.

                                                      2. 2

                                                        That sounds pretty effective, I’m just curious to know what email provider do you use

                                                        1. 1

                                                          Gmail. But tagging and searching is available perhaps in any client / provider

                                                        2. 2

                                                          This gives you tree structure for free, but it seems difficult to cross reference. How do you link to other emails?

                                                          1. 1

                                                            I don’t :) I mean I don’t link, but I could. Every email has an id. In Gmail I would use the link from “View original message”, I guess.

                                                            Some cross-referencing is offered by the overlapping tags. For example, I have an entry tagged with typography, resource, another with layout, resource … then resource becomes sort of a meta tag proven to be very useful.

                                                        1. 2

                                                          Just a strange feeling: not even the simplest things like time and current weather (grade) we can obtain from our advanced technologies. So what good they serve?

                                                          1. 9

                                                            It’s not a lie though, you are obtaining the time. It’s just rounded to the nearest second instead of rounded down, which is a pretty intuitive thing.

                                                            1. 3

                                                              I hadn’t noticed until it was pointed out and it’s great. It always feels ‘wrong’ when you start a timer at (to use the example) 5s and the first thing you see is 4.something. I can imagine there were arguments about implementing this though.

                                                              1. 5

                                                                There could be an argument in favour of rounding up too. Starts with a full second 5, then the very moment you see 0, it’s over. Very intuitive.

                                                                1. 9

                                                                  Yeah, I’m pretty sure this is how most people speak a countdown out loud. “Five…four…three…two…one…” and then “zero” or “time” or “go” means it’s over. You wouldn’t say “zero” if there was still any time left.

                                                                  1. 1

                                                                    this makes the most sense to me, if they aren’t showing milliseconds, it ‘ending’ on zero seems far more reasonable, e.g. https://i.imgur.com/Y1AlKks.gif

                                                                  2. 2

                                                                    I’ve always used this rounding up approach. The article touches on it but dismisses it as not useful when using it for hours and minutes. Of course, in a rounding up approach, you only want to ever round up the smallest unit you are displaying and continue to round down the others.

                                                                    There is some philosophical argument about showing the rounded up time, however. If the timer shows 1s you might be inclined to believe there is at least a whole second left. With the rounding down approach, this holds true. For the rounding to nearest and rounding up approaches, however, the timer shows something different. Showing a value of 3s in those cases only indicates that you have no more than 3s left before the countdown expires.

                                                                    My intuitive understanding of what a timer means is more inline with the presentation given by rounding down, but it is definitely strange to think that hitting 0 is not the end. I suppose that’s why I prefer the rounding up approach in the end even if I find it mildly misleading.

                                                              2. 4

                                                                I can get the current time and weather from my technology fine. What are you talking about?

                                                              1. 4

                                                                I have the same strategy since ~2010. I spend ~200 EUR / laptop / 5 years.

                                                                For my work - web design and development - the cheapest machine on the market is good enough. On that I run Linux to provide me a shell, a browser and a code editor. And occasionally Gimp / Inkscape to edit images and graphics.

                                                                1. 2

                                                                  Learning cables.gl. The hard way :)

                                                                  1. 1

                                                                    Seems interesting. What’s it for?

                                                                    1. 1

                                                                      I’m creating an artist portfolio site and I need interactive design elements.

                                                                      It’s pretty cool to create programs visually but learning the language is very difficult, compared to a classic language.

                                                                  1. 16

                                                                    Suggestion: I think this would be a much stronger article if you include examples. Don’t just tell me why immutability is better, show me why immutability is better!

                                                                    1. 3

                                                                      In this article there are some basic examples which helped me transitioning to functional (and reactive) programming: https://blog.danlew.net/2017/07/27/an-introduction-to-functional-reactive-programming/

                                                                      1. 3

                                                                        That is indeed a good suggestion! I wanted it to be really short (and maybe a bit.. religious?), but I can definitely agree that some examples would make it stronger. Thanks for the feedback!

                                                                        1. 3

                                                                          On the “Reasoning” front, consider this framing: The more parameters a function takes, the harder it is to reason about. And every mutable object that is in scope and reachable from that function’s code is, in effect, a parameter it takes. (And that’s before you even get to the concurrency issues.)

                                                                          (ETA: I suppose that’s still “tell”, but it’s vivid in a certain way.)

                                                                          1. 2

                                                                            You’re doing great work - and yes I’d love to see real examples too please. I’m already an FP acolyte, but others would surely benefit.

                                                                        1. 2

                                                                          Thanks a lot! I always knew the 100% accessibility score in Lighthouse is just a nice complement from Google

                                                                          1. 1

                                                                            Wow I’ve just realized Lobste.rs are everything else than the web …. not a single GatsbyJS mention which is perhaps now the most popular due to React

                                                                            1. 11

                                                                              Shame that Huawei is government spyware; this seems really pretty and a good option for people.

                                                                              1. 12

                                                                                A hardware teardown would be interesting. Note that many people (even security aware ones) are still using laptops from another Chinese vendor Lenovo. I would not know what would make Huawei such a different case … though that argument can be taken two ways. Should we trust Huawei more, or Lenovo less?

                                                                                1. 7

                                                                                  Should we trust Huawei more, or Lenovo less?

                                                                                  I’ve long since lost count of the number of times Lenovo’s been caught distributing spyware or firmware backdoors (I think I tuned out after the third instance).

                                                                                  You shouldn’t trust them less only because you shouldn’t trust them at all.

                                                                                  1. 2

                                                                                    Lenovo’s known spyware has all been at the OS level, right? Nothing that would survive a fresh reinstall?

                                                                                    1. 8

                                                                                      I believe there was a BIOS level one where chkdsk.exe was replaced from a copy in ROM. Dependent on Windows but still scary as hell.

                                                                                      Edit: https://www.theregister.co.uk/2015/08/12/lenovo_firmware_nasty/

                                                                                      1. 3

                                                                                        I believe at least one was in the BIOS vendor region that Windows automatically reinstalls (naively expecting the mechanism to be used to provide critical hardware drivers and not, yknow, spyware), and thus persisted across “clean” reinstalls.

                                                                                        Linux doesn’t voluntarily install unknown shit from ROM, but it gives me zero faith in Lenovo’s EFI to not be backdoored

                                                                                        1. 1

                                                                                          I think this mechanism was intended for “anti-theft” software. Windows gets drivers from Windows Update, all critical drivers are built-in anyway.

                                                                                    2. 9

                                                                                      I don’t think that any mass product thing is not spyware. World changed, everything is spying on you: hardware, software, sites or whatever else that has internet access. There is no way to escape this shit. You can just try some handmade notebooks like MNT Reform or Purism Librem 5 smartphone, use trusted Linux, TOR over VPN and of course refuse to use services from big companies like Google. But you still won’t get 100% guarantee that they didn’t track you by some suspicious fingerprint.

                                                                                    3. 15

                                                                                      Can we just write away everything Huawei makes as spyware? Should people assume that Intel processors and the Windows OS are all full of US-gov backdoors? I know there’s a bit more evidence against Huawei, but a blanket dismissal may not be the good approach.

                                                                                      1. 8

                                                                                        what is the evidence against huawei?

                                                                                        1. 1

                                                                                          In all honesty, I hadn’t done all that much research before writing this comment. I suppose the ambient FUD about Huawei got to me.

                                                                                          The most I can find is here. There was an accusation of a hacking attempt in India. I don’t know of anything else that’s close to a smoking gun.

                                                                                          1. 1

                                                                                            i don’t blame you; it’s the impression that U.S. sources give.

                                                                                          2. 1

                                                                                            This video about supply chain security mentions some interesting supply chain attacks that could happen anywhere. Bunnie:studios also gives an interesting overview of the open source casualty of the trade war as companies are coerced to stop doing business with Huawei.

                                                                                            Yet here in the UK we have the Huawei Cyber Security Evaluation Centre (HCSEC) which is reported on annually (2015, 2016, 2019), so I’m not convinced Huawei is any worse than any other manufacturer…

                                                                                          3. 9

                                                                                            Intel gets most of its direction outside the government. Huawei is basically controlled by China. If the NSA made computers, I wouldn’t trust them either. Thankfully that’s the closest our system gets to complete authoritarian control.

                                                                                            1. 5

                                                                                              They don’t have to make computers, they have TAO which has a history of supply chain attacks

                                                                                              1. 8

                                                                                                where do you get the perception that huawei is controlled by the chinese government, but intel is not controlled by the u.s. government?

                                                                                                1. 3

                                                                                                  I don’t think that “controlled” is the right word for intel, but rather incentivised to cooperate when they want backdoors or stuff like that.

                                                                                                  1. 2

                                                                                                    conversely, is there evidence that huawei is “controlled” rather than “incentivized”?

                                                                                                    1. 5

                                                                                                      I wish I had a go-to explainer for this but I suggest you google around regarding how close Chinese companies work with the Party. I find it intriguing that people think our own conceptions of private property and how corporations work can be transplanted to a Chinese context with little to no caution. Read about their economic reforms under Deng Xiaoping to decrease the inferential gap a bit

                                                                                                      1. 1

                                                                                                        but you do have to be careful and look at quantitative measures because you can expect american sources to give a skewed impression

                                                                                                        1. 1

                                                                                                          What quantitative measures? I’m certainly not suggesting they read about the actual economics behind the reform (aside from a surface layer of motivating factors), but the social implications of what it even means to be a huge Chinese corporation.

                                                                                                          1. 1

                                                                                                            the technique i would use to guard against bias would be to see if any claim about china could also be made about the U.S. from an inverted perspective. for example, chinese companies share user data with their government, and U.S. companies share data with their government.

                                                                                                            this comparison could be refined by looking at how much data about the public is collected and shared, but obviously that data is not available. i admit that no available quantitative measures come to mind, so i suppose the upshot is that it’s hard to draw conclusions because so little is known.

                                                                                                            1. 1

                                                                                                              For the record, I do think that caution in the other direction is needed: I get annoyed when Americans decide to have their 10547th Reddit thread bashing the Chinese social credit system as if their own vast network of private aggregators wasn’t just as capable. However there are clear qualitative differences in how these two countries operate. China is actually, for real way more oppressive, and it’s not like the SCS shouldn’t be bashed.

                                                                                                              1. 1

                                                                                                                depends on the criteria you use. you could just as well say the U.S. is more oppressive because our incarceration rate is over 5 times that of china. or if you include the world population in those who you care about being oppressed.

                                                                                            2. 6

                                                                                              Considering how much computer hardware is manufactured in China, maybe it’s naive to think only finished end-user products have “government spyware” embedded in them.

                                                                                              1. 5

                                                                                                is there evidence or is this an a priori assumption that also applies to american companies?

                                                                                                1. 1

                                                                                                  There is adequate evidence as I understand it.

                                                                                                  American companies exist outside The Party. Chinese “companies” have less freedom.

                                                                                                  We are spoiled in America by what’s closest to freedom the world has ever seen. We have free speech, for example, and I don’t know of other countries that don’t criminalize various speech for whatever reasons. We can’t imagine what government control looks like.

                                                                                                  1. 3

                                                                                                    We are spoiled in America by what’s closest to freedom the world has ever seen.

                                                                                                    The freedom to enter crippling debt over medical care. The freedom from equality of opportunity. The freedom from justice if you are poor or brown. The freedom to vote for one of two capital-approved candidates in most elections. The freedom to have your vote count more in some states than others.

                                                                                                    I’ll take my chances elsewhere.

                                                                                                    1. 2

                                                                                                      The freedom to enter crippling debt over medical care. The freedom from equality of opportunity. The freedom from justice if you are poor or brown. The freedom to vote for one of two capital-approved candidates in most elections. The freedom to have your vote count more in some states than others.

                                                                                                      These things are Not Good. Compared with the Chinese government’s neo-Gulag though, there is no question at all that the US is indescribably more free.

                                                                                                      1. 2

                                                                                                        The quoted statement is not “The USA has more freedom than China”

                                                                                                    2. 1

                                                                                                      There is adequate evidence as I understand it.

                                                                                                      can you say what the evidence is? or you just have a general understanding that there is some evidence somewhere?

                                                                                                  2. 2

                                                                                                    I guess we should completely forget that spyware thing and accept that all governments do that. Think Snowden.

                                                                                                    On the other hand we should understand China follows a completely different paradigm than western societies. Confucianism, where the whole society is integrated from family to business and government. Yes, it’s autocracy vs. democracy as we know.

                                                                                                    1. 6

                                                                                                      Hot take: ALL existing societies are oligarchies. Literally all of them. Representative “democracy” is not actually that democratic.

                                                                                                      1. 9

                                                                                                        There’s also always moisture in the air. Literally always. “Rain” is not actually that wet.

                                                                                                        1. 5

                                                                                                          Maybe, but at least representative democracy holds up free speech in many places. E.g. I can openly and loudle criticize the government or companies in a Western European country without repercussions. Try the same in China.

                                                                                                          1. 4

                                                                                                            So, they’re all the same. Your views might be controversial over there to authorities. Even your alias given they’re a surveillance state. Since all countries are the same, how did yours treat you in the re-education center? And what steps are you taking to see news media and send your files through your country’s national firewall controlling what you see and hear?

                                                                                                            1. 3

                                                                                                              I did not say they’re all the same in all aspects. I said they’re all controlled by the rich and powerful, by the owner class.

                                                                                                              Of course the US is more invested in the appearance of freedom. Western governments are smart enough to allow criticism that doesn’t have much impact. They use subtler, stealthier tactics (e.g. inserting feds into organizations and entrapping members) to disrupt activism, but they still do it.

                                                                                                              1. 2

                                                                                                                Now, I agree with all that. :)

                                                                                                      1. 2

                                                                                                        Wow I do that daily with my Twitter account :)

                                                                                                        1. 6

                                                                                                          I am building what I am calling “Reverse Job Board”.

                                                                                                          I want to turn recruiting on its head. Software developers are (for better or worse, my opinions on that another time perhaps) in massive demand. Everyone is hiring developers, and can’t do it fast enough. Yet we still “apply” to jobs, and we have to jump through hoops. My job board application will have the companies applying to software developers instead. And the developers will get to remain anonymous until they decide not.

                                                                                                          I don’t know that a small piece of software is the answer, but it’s an idea that I want to explore.

                                                                                                          1. 2

                                                                                                            Hired sounds similar to what you’re describing. It doesn’t have the anonymity aspect, though, and I think that’s an interesting thing to explore.

                                                                                                            1. 2

                                                                                                              The idea for anonymity came when I helped organise a job fair. Local companies were very well represented: everyone is hiring! But high quality candidates weren’t well represented because they were already employed (although not necessarily happily) at a company that would be trying to hire at the event.

                                                                                                              1. 1

                                                                                                                Oh, I see. I should clarify that Hired lets you hide your presence on the platform from your current employer (and from any other employers of your choosing). All other companies can just see your name, etc. normally.

                                                                                                                1. 1

                                                                                                                  Leaking information, doesn’t it?

                                                                                                            2. 2

                                                                                                              https://www.honeypot.io/ is just that.

                                                                                                              Still think there’s space for innovations there.

                                                                                                              1. 1

                                                                                                                Thanks! This looks close to what I want to do. I’m actually building this as a white-label solution and already have a couple customers on deck, so I’ll build my own anyhow. :D

                                                                                                                1. 1

                                                                                                                  I wish you all the best!

                                                                                                              2. 2

                                                                                                                One of the things I didn’t mention.

                                                                                                                My plan is to let companies search and see something like “we have n profiles that match your criteria. Pay $x to email them your information.” Where x is a multiple of n.

                                                                                                                The intention is for the candidates to get most of $x.

                                                                                                                Companies will pay a hundred dollars for a qualified local lead (more, but not via a random website.). Would you take a recruiter spam for $90? I would.

                                                                                                                1. 2

                                                                                                                  Cool idea.

                                                                                                                  What’s to stop me from opening an account and collecting recruiter funds, but never actually genuinely considering a job offer?

                                                                                                                  1. 2

                                                                                                                    What’s to stop me from opening an account and collecting recruiter funds, but never actually genuinely considering a job offer?

                                                                                                                    Absolutely nothing. And it’s not even a thing I’m considering a problem. I will verify identity. I have some mechanisms that I can use for verifying “interest”, and some other mechanisms for verifying experience, and few (but some) for competence as well. But other than that, the employers are paying a token amount to get someone’s attention.

                                                                                                                    In the market I’m in now (southern Sweden), when a company engages a recruiting firm that will basically just spam everyone they can find, they often pay the equivalent of about $250 USD for each spam that the recruiter sends. And they aren’t getting good results with this system; so I’ll try to provide something different.

                                                                                                                    (I could write an entire book about how fucked up the current hiring/recruiting/etc situation is in southern Sweden, but this is an industry wide problem before you consider how “speical” southern Sweden is.)

                                                                                                                    What I’m hoping is that I can provide a slightly better service (putting candidates and employers directly in touch with each other easily) for a fraction of the price. And most importantly I want the candidates to be paid for having been sold to.

                                                                                                                    I already have two white-label customers on deck, too. (Amusingly, one is a recruiting rig.)

                                                                                                                2. 1

                                                                                                                  I don’t think they are hiring developers … they are hiring cultural fits who can develop.

                                                                                                                  Recently I’ve started to look for a job after years of freelancing. All I have is my portfolio, blogs and github projects specific to the role. Everybody likes them, they are enthusiastic until they receive on request my linkedin account (created a few days ago thus full empty) and my CV which has no employment history. Then total silence.

                                                                                                                  I’m wondering the first thing they look is to be somebody employable. A good employee by nature who then can code, or learn how the company does coding.

                                                                                                                  This puts me in a very strange situation … 99% of my chances are gone. I’m employable only by a tech person who has a really urgent need and can bypass hiring / hr … just checks my code has a short chat with me then all done. No CV, no Linkedin, no additional tests … which are today’s standard recruiting assets

                                                                                                                1. 4

                                                                                                                  Looking to get the perfect React job :)