1. 2

    Signal currently requires phone numbers for all its users. It does this not because Signal wants to collect contact information for its users, but rather because Signal is allergic to it: using phone numbers means Signal can piggyback on the contact lists users already have, rather than storing those lists on its servers.

    On one hand, <mind_blown.gif>. On the other hand, acquiring a phone number anonymously is kind of a bottleneck. US-focused tutorials suggest jumping through a set of hoops to get a Google Voice phone number anonymously (and using Google’s services for anonymity seems… idk, kind of risky?). The set of hoops is manageable, but there’s a lot of tricky parts. I haven’t seen an EU-based guide to an anonymous phone number other than “get somebody else to register the number, dunno, pay a homeless person or something ¯\(ツ)/¯”.

    For the contact list piggybacking, email address would work just the same, would allow more anonymous IDs, easily easily replacing IDs or using multiple IDs to compartmentalize, wouldn’t be tied to a particular country, etc.

    I thought for a moment it would be less secure as identity confirmation than SMS, but then SMS is not even considered a good 2FA and reliable confirmation code would require a more involved protocol, and the same protocol could be used over email.

    Is there something I’m missing here?

    1. 5

      Was IE6 frustrating to design for after it lost the lead in standards support while retaining the lead in users?

      Yes, surely.

      Is it wrong to exclude a useragent just because it is frustrating to design for and you are too rushed to write fallback code?

      In my opinion, yes. Because that takes away from the Web’s goal of accessibility for all.

      What if your visitor has no choice but to use IE6?

      We should learn from this story… But what?

      1. 4

        Perhaps IE6 might have been good because it held back the web as a platform for a while; it depends on how bleak your view of the web is.

        1. 6

          What if your visitor has no choice but to use IE6?

          What if a visitor has no choice but to use netcat without a pager? Do you ensure your HTML will fit in a short scrollback buffer?

          1. 1

            What if a visitor has no choice but to use netcat without a pager? Do you ensure your HTML will fit in a short scrollback buffer?

            Uh, I’ll bite. Who is browsing the web in 2019 with netcat?

            Follow-up question: How would you watch a video on youtube using netcat?

            1. 2

              Follow-up question: How would you watch a video on youtube using netcat?

              I’ll bite. What if they just read the comments?

              1. 4

                Then the joke’s on them. Never read the comments!

              2. 1
                Neo's eyes light up as he steps closer to the screens
                that seem alive with a constant flow of data.
                
                                    NEO
                          Is that...?
                
                                    CYPHER
                          The Matrix?  Yeah.
                
                Neo stares at the endlessly shifting river of
                information, bizarre codes and equations flowing across
                the face of the monitor.
                
                                    NEO
                          Do you always look at it encoded?
                
                                    CYPHER
                          Have to.  The image translators
                          sort of work for the construct
                          programs but there's way too much
                          information to decode the Matrix.
                          You get used to it, though.  Your
                          brain does the translating.  I
                          don't even see the code.  All I
                          see is blonde, brunette, and
                          redhead.  You want a drink?
                
                1. 1

                  That was a hyperbolic reaction to ‘what if your visitor has no choice but to use IE6’.

                  IE6 has been dead and buried for years; barely anything on the internet functions for IE6 anymore (for good reasons - eg IE6 doesn’t support any good ciphers for https, and you don’t want to allow downgrade attacks).

                  1. 3

                    This comment is anachronistic. IE6 wasn’t “dead and buried for years” in 2009, when YouTube displayed this banner. The char in the article shows it had about 25% marketshare, which is pretty significant!

                  2. 1

                    Not sure if this would work on YouTube, but you could extract the link to the .mp4 file, download it, and then use a textmode video viewer to watch it.

                    You could also review stuff like the video description.

                  3. 1

                    I would like to accomodate them somehow. I have not thought about this problem much so far.

                    But I have tested and verified basic functionality of my site with Links, Lynx, without JS, IE8 (6 to come), and NN3.

                  4. 2

                    The IE6 problem was, in part, self-inflicted. When they had >95% of the market share they should have just modified the standards in several key areas, like the different box model. IE was the standard, not some stuffy document written by some guys at W3C.

                    Quite a few of these items were just arbitrary without a clear objective “better” way to do things. Funny enough everyone is now recommending that you do * { box-sizing: border-box }, which is IE’s old box model :-/

                    There were some other pain points too, but this was often the biggest that was also really hard to work around.

                    1. 3

                      You have an argument for the box model.

                      A lot of other IE6 behaviors, however, were simply nonsense. Floats and margins could be applied twice, or be applied a second time but only to the first line of the impacted text, or duplicate text, or changing the size of a box when the only CSS property that you change is color.

                      There’s plenty of nonsense in the web specifications, too (the way inline borders work, for example, is just stupid). But let’s be real, here, most of IE6’s spec violations were buggy behavior that nobody would ever want.

                      1. 1

                        To clarify: I wasn’t advocating the the W3C specs should be rewritten to be “bug compatible” with IE. You are correct in pointing out there were also many genuine bugs, but IMHO the webdev community made their lives harder by stubbornly sticking to the W3C standards instead of making a few changes that were a genuine disagreement of opinion, the box model being the most obvious one (and also the most frustration one, it was the #1 problem I had with even pretty trivial websites).

                        Another example might be IE’s attachEvent vs. W3C’s addEventListener, and probably a few more.

                      2. 2

                        To some extent, this is what Chrome is doing now. While not re-writing standards, they are using bleeding-edge, unapproved standards (that often change later), resulting in sites with the “Works only in Chrome”, much like the old “Best viewed in IE6”-stickers.

                        Chrome is at least (fairly) consistent, whereas IE was, as the article also explains, unpredictable in so many ways. But there is a reason HTML5 was published along with a “standards-compliant way of parsing HTML” in code, and it helped everyone in the long-term.

                        1. 1

                          I don’t think the situations are that comparable, as IE6 grew out of the “standards war” with Netscape. The situation in the mid/late 90s was much more chaotic than it is now. If you think IE sucked then try Netscape.

                      3. 2

                        As we have seen from the aftermath of this story, very few people truly have “no choice” but to use IE6. They may be strongly encouraged to use it by various forces, but sufficient forces in the other direction can still trigger mass-migrations.

                        And this “frustrating” and “rushed” seems to be an attempt to frame the developers as lazy. I think this is a misleading frame. Of course we/they can make anything work in anything, given enough time. But time spent creating hacky workarounds for buggy old browsers used by a small minority is time not spent implementing useful features that everyone else can use.

                        1. 1

                          It’s a history. Despite impression from textbooks, not all history comes with a tidy list of lessons learned bullet points.

                          1. -1

                            after it lost the lead in standards support

                            IE6 never lead in standards support, that was the whole problem. Microsoft implemented whatever they felt like from the standards or de facto usage and there was no consistency in what was or was not supported. Some things worked well, some not at all, some were obviously buggy and behaved exactly the opposite way they were supposed to and MS gave zero fucks about any of it. Their only concern was that their web browser shipped with their OS and that’s the sole reason for its popularity. There was no incentive for Microsoft to cater to web developers until Google came along and started pushing Chrome unto the world.

                            Is it wrong to exclude a useragent just because it is frustrating to design for and you are too rushed to write fallback code?

                            Designing a website for IE6 was not the same as today’s mixed Javascript environment where you just load a polyfill or whatever to get the functionality you want. Many very basic CSS and Javascript features were often entirely missing (or worse, and more usually) entirely broken, meaning you literally could not make your site work and look the same in IE as in all other browsers without simply dropping a whole bunch of functionality.

                            Because that takes away from the Web’s goal of accessibility for all.

                            If that’s the angle you want to take, lack of support for accessibility standards was yet another one of IE6 major failings. I agree that sites should be designed to degrade the “experience” gracefully based on the capabilities of the user agent but here in reality, marketing departments want their sites to look a certain way and the half-a-percent of their users with a non-mainstream browser aren’t at the top of the priority list.

                            1. 3

                              There was no incentive for Microsoft to cater to web developers until Google came along and started pushing Chrome unto the world advertised Firefox on the most popular web page in the world.

                              • Google advertised Firefox in April 2006.
                              • Internet Explorer 7 was released in October 2006.
                              • Google Chrome was released in September 2008.
                              1. 3

                                IE6 never lead in standards support, that was the whole problem.

                                IE actually was pretty good in standards from 1997-2001, especially relative to Netscape’s floundering at it of the time. Their CSS implementation was superior, especially as Netscape 4.x just compiled CSS to JavaScript. The problem was Microsoft squandered and abused their lead and monopoly.

                            1. 3

                              I don’t know of another JIT which so directly shells out to an off-the-shelf C compiler.

                              https://common-lisp.net/project/ecl/ comes to mind, it is (or was – I was working with it 10 years ago or so) built entirely around Lisp → C transpilation and .so loading. Because it was transpiling code to C, it was great for writing CL interfaces to C libraries without complicated FFI layers.

                              1. 12

                                Wow, that’s a lot of bloat, and a great demonstration of why I don’t use Gnome (or KDE).

                                I’m much happier with StumpWM, which just does its job and doesn’t try to integrate with everything.

                                1. 12

                                  Unfortunately, if you want Wayland — and I do, as it really has made all my vsync/stuttering/tearing issues go away; Fedora is now as smooth as my mac/windows — your choices are limited. Sway is starting to look good but otherwise there’s not much at the minimal end of the spectrum.

                                  If I have to choose between GNOME and KDE, I pick GNOME for the same reasons the author of this piece does. I was hoping the tips would come down to more than “uninstall tracker, evolution daemons et al. and hope for the best”. I’ve done that before on Fedora and ended up wrangling package dependancies in yum. I really wish GNOME/Fedora would take this sort of article to heart and offer a “minimal GNOME” option which is effectively just gnome-shell.

                                  1. 3

                                    Why is Wayland so poorly implemented? Is it because few distributions have it as default or is it because it’s harder? I see many tilling wm written in 50 different languages and it seems that sway is getting slowly it’s way to a usable wm, but it seems like a slow adoption from my point of view.

                                    1. 4

                                      It is a slow adoption, I’m not particularly sure why. Most (all?) of the tiling wms for X leverage Xlib or XCB, right? Perhaps it’s just needed some time for a similarly mature compositor lib to appear for Wayland (indeed, Sway is replacing their initial use of wlc with wlroots which may end up being that).

                                      As for why Wayland in general isn’t more prevalent, I’d guess compatibility. X is just so well established that replacing it is inherently a lot of work in the “last mile”. Fedora/GNOME/Wayland works great for me with my in-kernel open AMD driver. Maybe it’s not as good for Intel iGPUs? Maybe it’s not so good on Nvidia systems? Maybe it doesn’t work at all on arm SoC things? I have no idea, but I can easily understand distros holding off on making it default.

                                      1. 3

                                        Maybe it’s not so good on Nvidia systems?

                                        Exactly, the proprietary driver does not support GBM, they’ve been pushing their own thing (EGLStreams) that compositors don’t want.

                                        Maybe it’s not as good for Intel iGPUs? Maybe it doesn’t work at all on arm SoC things?

                                        Everything works great with any open drivers, including VC4 for the RPi.

                                        1. 2

                                          Maybe it’s not as good for Intel iGPUs?

                                          Just a data point: I’ve got a new thinkpad recently, installed linux on it, together with gnome3. Only yesterday I’ve discovered it was running on wayland the whole time, with no apparent problems what-so-ever. And that includes working with a dock with two further displays attached, and steam games. Even the touch panel on the screen works without any further config.

                                      2. 1

                                        Unfortunately, if you want Wayland — and I do, as it really has made all my vsync/stuttering/tearing issues go away; Fedora is now as smooth as my mac/windows

                                        And effortless support for multiple displays with different DPIs, plus better isolation of applications. I completely agree, when I switched to Wayland on Fedora 25 or 26, it was the first time I felt in a long time that the Linux desktop is on par again with macOS and Windows (minus some gnome-shell bugs that seem to have been mostly fixed now).

                                        At some point, I might switch to Sway. But with Sway 0.15, X.org applications are still scaled up and blurry on a HiDPI screen (whereas they work fine in GNOME). I’ll give it another go once Sway 1.0 is out.

                                        1. 1

                                          not much at the minimal end of the spectrum

                                          Weston! :)

                                          My fork even has fractional scaling (Mac/GNOME style downscaling) and FreeBSD support.

                                          1. 1

                                            There’s a Wayland for FreeBSD? I thought Wayland had a lot of Linux specific stuff in it?

                                            1. 3

                                              Sure, there is some, but who said you can’t reimplement that stuff?

                                              • libwayland, the reference implementation of client and server libraries, uses epoll. We have an epoll implementation on top of kqueue.
                                              • Most compositors use libinput to read from input devices, and libinput:
                                                • reads from evdev devices (via libevdev but that’s a really thin lib). We have evdev support in many drivers, including Synaptics (with TrackPoint support).
                                                • uses libudev for device lookup and hotplug. We have a partial libudev implementation on top of devd.
                                              • For GPU acceleration, compositors need a modern DRM/KMS/GBM stack with PRIME and whatnot. We have that.
                                              • Compositors also need some way of managing a virtual terminal (vt), this is the fun part (not).
                                                • direct vt manipulation / setuid wrapper (weston-launch) is pretty trivial to modify to support FreeBSD, that’s how Weston and Sway work right now
                                                • I’m building a generic weston-launch clone: loginw
                                                • ConsoleKit2 should work?? I think we might get KDE Plasma’s kwin_wayland to work on this??
                                                • there were some projects aimed at reimplementing logind for BSD, but they didn’t go anywhere…
                                              1. 1

                                                For GPU acceleration, compositors need a modern DRM/KMS/GBM stack with PRIME and whatnot. We have that.

                                                Do NVidia’s drivers use the same stack, or are they incompatible with the Wayland port? I’d give Wayland a try, but it seems hard to find a starting point… I’m running CURRENT with custom Poudriere-built packages, so patches or non-standard options aren’t a problem, I just can’t find any info on how to start.

                                                1. 2

                                                  No, proprietary nvidia drivers are not compatible. Nvidia still does not want to support GBM, so even on Linux, support is limited (you can only use compositors that implemented EGLStreams, like… sway 0.x I think?) Plus, I’m not sure about the mode setting situation (nvidia started using actual proper KMS on Linux recently I think?? But did they do it on FreeBSD?)

                                                  It should be easy to import Nouveau to drm-next though, someone just has to do it :)

                                                  Also, you can get it to work without hardware acceleration (there is an scfb patch for Weston), but I think software rendering is unacceptable.

                                          2. 1

                                            I tried to give Wayland a try twice, on both my media PC and a new Laptop. It’s still really not there yet. I use i3 on X11 and Sway is really buggy, lacks a lot of backwards compatibility stubs (notification tray icons are a big one) and just doesn’t quite match i3 yet. Weston, the reference window manager, had a lot of similar problems when using it with my media PC.

                                            I want to move on to Wayland, and I might give that other i3 drop-in for Wayland a try in the future, but right now it’s still not there yet.

                                        1. 3

                                          I’m author of that gist (just noticed I have some comments there I need to reply to), still running the setup, now with FreeBSD 12-CURRENT. Tl;dr it generally works, still no wi-fi support. X works fine (running with drm-next-4.7 patches to get external thunderbolt display to work; vanilla kernel works fine with built-in and DVI display, gets confused by Thunderbolt display only). Gave up on pkg because I want to control my build flags, I’m using portmaster now and thinking about setting up poudriere on a bigger server. Feel free to ask if you have any particular questions.

                                          1. 5

                                            Broadcom wifi support for *BSD is limited to older chipsets, I’m afraid.

                                            DragonflyBSD originated but has now removed bwi(4), the driver for powerbook G4 era wifi chips. FreeBSD has kept bwi(4).

                                            FreeBSD developed bwn(4) for newer chips but it does not seem to support the very latest chips either. Perhaps that will change some day. This driver used to “not work (don’t bother porting it to OpenBSD)” last I asked, but Adrian has come up with some fixes for it since.

                                            OpenBSD still has bwi(4) but no equivalent for bwn(4).

                                            Your best bet is probably to use a USB dongle supported by run(4) (Ralink/Mediatek chips). There’s also urtwn(4) but the hardware tends to overheat and the quality of the driver is worse.

                                          1. 6

                                            I thought this was a known HashiCorp thing - we’ve been using it for a while now to manage a complex multi-account AWS infrastructure, and it’s worked really well.

                                            I’ve run into some limitations, e.g. not being able to interpolate values loaded in files, though I understand the ‘why not’. Or missing features like multi-AZ elasticache redis.

                                            It also feels a bit dangerous since you could do something REALLY bad like wipe out your RDS instances. We always run a plan (in our CI, even), but I do worry that somebody may miss a +/- where they expect a ~ (destroy/create vs modify) in the plan. We adjusted our IAM permissions to prevent deletes from most accounts to help mitigate that risk.

                                            It’s really nice to be able to manage our infrastructure as code - we keep in a git repository and have a workflow around it that way.

                                            1. 2

                                              Ever since this was imported as a port to OpenBSD I have been meaning to set some time aside to compare it against Ansible but I haven’t gotten around to it yet.

                                              Do you happen to have experience with tools like Ansible and how do they compare to terraform?

                                              1. 3

                                                These are different use cases: Ansible is used to configure an installed OS; Terraform gets you from cloud API to an installed OS that Ansible (or Chef, or Puppet, or CFEngine, or a bunch of shell scripts) can manage: AWS instance, storage volumes, security groups, networking setup, DNS, and so on (I use AWS cloud as an example, because this is what I work with; Terraform supports multiple cloud providers, and to some extent non-cloud infrastructure too).

                                                I’m not sure what open source tool could I compare Terraform to; within the AWS ecosystem, the closest thing is CloudFormation.

                                                Edit: here’s a good overview of how Terraform is useful (half year old now, so some of the details might be out of date): https://charity.wtf/2016/02/23/two-weeks-with-terraform/

                                                1. 1

                                                  Oh, Ansible has lots of modules for AWS, Google, Azure and friends but there is no built-in abstraction so I need plays for each provider I want to use.

                                                2. 2

                                                  Nope, I’m fairly new to devopsing, sorry. Terraform is the only tool of this nature I’ve used.

                                              1. 5

                                                In Alan Jude’s talk about advanced tricks with ZFS that I cannot remember the exact name for right now, he uses ZFS in order to treat his SVN checkout of the FreeBSD source more like git.

                                                1. 1

                                                  This sounds interesting, I’d really appreciate if somebody found a link to this talk (I’m trying to find it as well, will post if I succeed)

                                                  Edit: maybe it’s this (slide 19)? http://allanjude.com/talks/vBSDCon2015_-_Interesting_ZFS.pdf

                                                  1. 4

                                                    It’s this talk:

                                                    https://www.youtube.com/watch?v=qXOZmDoy2Co

                                                    And the section I’m thinking of starts here:

                                                    https://youtu.be/qXOZmDoy2Co?t=1276

                                                1. 1

                                                  That defer thing is really weird, and quite counterintuitive. Any rationale? Some sort of symmetry with go?

                                                  1. 4

                                                    I would have thought of it as plenty intuitive, to be honest, but maybe that’s just my background speaking. As with most function calls, arguments are evaluated before the call happens; in this case, the call gets deferred, but it still seems to make sense that args are evaluated immediately in order to defer the call. (I’d expect defer x(1 + 1) to evaluate 1 + 1 = 2 immediately, for instance.)

                                                    1. 1

                                                      Well, it looks a lot like a simpler syntax version of “finally” which doesn’t evaluate anything until it runs. I suppose it depends on which construct you map it too. If I map it to RAII, then it makes a lot more sense. But my “feels” tell me it’s like finally.

                                                      1. 2

                                                        The “finally” part is the deferred function’s body. One of the idioms with defer is to use argument to capture values rather than closing over names if you need to use defer on e.g. the for variable:

                                                        for _, thing := range stuff {
                                                          defer func(theThing Thing) {
                                                            theThing.FinishIt()
                                                          }(thing)
                                                          thing.ProcessIt()
                                                        }
                                                        

                                                        Whatever are the arguments for deferred function, they exist when you invoke defer, and they may not be reachable anymore (and might have been already GCed) by the time deferred function runs. And if you need to evaluate the arguments by the time deferred function runs, you can just wrap it in another function and close over the values you need (should work, unless you’ll be using a loop variable - you’ll probably get the last value only, because it will be evaluated after the loop has finished):

                                                        defer func() {
                                                          closeMyNetworkConnection(networkConn, determineHowConnShouldBeClosed())
                                                        }()