1. 1

    While these are welcome and substantial improvements, I find myself continually baffled by the trend of putting messenger functionality in everything. App fatigue is real and I feel like we’re just perpetuating it.

    1. 1

      You’re not wrong, but the value here isn’t an attempt to add “me-too” features to Nextcloud, from my understanding. The goal with Nextcloud Talk is to be able to have that messenger functionality in an entirely self-hosted place without relying on third parties. And Nextcloud is starting to develop a network effect significant enough that tying the messenger to Nextcloud is also valuable, instead of embedding XMPP/IRC/Matrix. (Though there is work being done to bridge Nextcloud and XMPP that I’m looking forward to.)

    1. 3

      These aren’t really programming-related, but they were one of my favorite toys as a kid: http://www.polydron.co.uk/

      My friends and I played with them all the time in my math teacher’s classroom. Unintentionally learned lots about geometry along the way.

      1. 1

        Do people think Intel has learned anything? Are they going to stop including ME on newer chips?

        1. 4

          Intel thinks ME is useful. May as well ask if red hat has learned their lesson after a systemd vulnerability.

        1. 22

          I wish articles from such a toxic people were less publicized. Especially here on Lobsters (should we block some domains from submission?). Here is another one from the same guy as if you needed more hints: http://www.yegor256.com/2014/10/29/how-much-do-you-cost.html

          1. 16

            From that article

            You’ve chosen the country that you live in.

            How many people genuinely have chosen the country they live in?

            1. 9

              I honestly can never tell if Yegor is satire or not. We should definitely have some kind of system where if a high enough ratio of users flag articles repeatedly from a domain, the domain gets restricted.

              1. 1

                Or a “flag this domain” knob; but I +1 the general notion.

              2. 1

                Wow. tldr Bob Barton (Burroughs), Alan Kay’s team, Steve Wozniak, and many others would’ve been worthless hires because they didn’t do enough Github and StackOverflow or their times’ equivalents. They were merely doing great design in software and hardware they were paid to do. Unacceptable to top-tier organizations such as Teamed.io. The irony gets greater when Doug Engelbart might get filtered on anything involving tech, the word “team,” and the Internet.

                Someone in the comments pointed out many people just develop good software for whoever pays them without stuff on this list. The OP’s character is more obvious in the two links he used to respond to that:

                http://www.yegor256.com/2015/10/06/how-to-be-good-office-slave.html

                https://github.com/yegor256/blog/commit/e8e0e5da7d665061d4c9b5afd7bbcf346355aa18

                Might want to avoid Teamed.io…

              1. 5

                I might be the only person in this thread who likes the new keyboard. I use a 2017 15” Macbook Pro with Touchbar for work and find the keyboard easier to type on than my 2015 13” Macbook Pro. I like the reduced travel distance and what I perceive as a louder click when typing.

                The thing that changed my life, however, is setting CAPS LOCK to be ESC. I’ve done it across all of my computers now and would not have done so without Apple giving me a nudge when removing the physical ESC key on the Touchbar Macs. I don’t miss CAPS LOCK at all and the travel distance to ESC is so much more pleasing.

                I do have problems with my hand sometimes brushing the touchpad if I’ve not positioned my wrists correctly. That’s a little aggravating but I’m largely over it now in the ~4 months I’ve been using this machine. Turns out I never really used the media keys much except for volume and pause/play so I don’t mind the touchbar and the extra info it can provide in many modern apps I use (e.g. Chrome, Outlook).

                To each their own?

                1. 4

                  I can totally see switching caps lock to be esc on the touch bar model. However, people who use the CTRL key a lot, like people running Windows or Linux or spend their day inside the terminal in macOS, might find it useful to swap CTRL and Caps Lock. Vim users might then want to start using CTRL+C instead of Esc to enter normal mode.

                  Especially people on MacBooks or Lenovos where the Fn and CTRL keys are all wrong should consider swapping the buttons if they ever use CTRL for anything.

                  1. 6

                    Set caps lock to BOTH Ctrl and Esc!

                    X11: xcape (like this)
                    Windows: AutoHotkey (like this)
                    macOS: karabiner-elements

                    1. 1

                      Is there a High Sierra work around?

                      1. 3

                        I haven’t tried it (I’m still on Sierra) so can’t confirm, but the Karabiner Elements repo suggests it works on High Sierra. Karabiner Elements still has far fewer features than Karabiner though.

                        1. 2

                          There wasn’t, the last time I checked.

                          1. 2

                            A shame. I’m still on 10.11 and I won’t upgrade because my workflow depends on karabiner.

                      2. 3

                        Just a warning for potential users of this setup: ^C and Esc aren’t exactly the same in vim. A major difference is entering text [count] amount of times (like 3i or 4A): hitting ^C to enter normal mode will only insert the new text once.

                        1. 2

                          That’s true. My .vimrc has the following lines to make ^C act as Esc in normal and insert mode:

                          nmap <C-c> <ESC>
                          imap <C-c> <ESC>
                          
                          1. 3

                            You could use C-[ instead. It’ll work everywhere without any mappings and is equivalent to ESC.

                      3. 1

                        Yeah, I concur. I like the new keyboard, even coming from a cherry MX green keeb on my desktop.

                        1. 5

                          New to me! :)

                        1. 1

                          https://www.reddit.com/r/IAmA/comments/5n58sm/i_am_julian_assange_founder_of_wikileaks_ask_me/dc8pgqr/

                          It’s possible that Assange is no longer in control. It’s possible that someone is trying to control the narrative.

                          1. 35

                            Well, this is the first article I’ve read in a long time that actually caused me to say “fuck you” out loud at the computer, so it’s got that going for it.

                            There is so much wrong about this that I don’t even know where to start. Some of the best devs I’ve known are 9-5 devs. Lots of the best devs I know have no or minimal contributions to open-source projects. Contributing to StackOverflow these days is a lot harder than it used to be, so SO rep disproportionately means you’ve just been on the site awhile. (I barely use SO anymore, but I am pretty easily making 100 points or so a month, just because I was on the site early and answered some of the easy-but-popular questions. Someone just starting would have a much tougher time.) Plenty of people are legitimately experienced in multiple databases. Most people in our industry eschew certifications. Honestly, I end up disagreeing with close to 100% of his points.

                            But beyond that, the author has such a condescending, caustic attitude that it’s genuinely revolting. He’s not just making a point; he’s constantly calling people who disagree with him “lazy,” “afraid,” “absolutely useless,” and more, and espouses such binary thinking on all of these topics that I have to conclude persuasive discussions with him are borderline impossible.

                            So not only do I disagree with almost all of this article’s objective points, but I also think Teamed.io sounds like an godawful place to work, and think Yegor is an asshole. Otherwise, great article.

                            1. 6

                              Completely agree. I don’t know how this frontpaged, utter garbage.

                              1. 2

                                I don’t know how this frontpaged, utter garbage.

                                It has a score of 2 right now (only 3 other stories have under 3 points), but it’s currently #1 on the front page.

                                What’s going on here? Is there some sort of lobster equivalent of http://explainshell.com/ that could be used to debug the ranking algorithm?

                                Is it because there are so many comments? Oh hell, am I making it worse just by saying this?

                                1. 10

                                  The ranking is called “hotness” and is calculated as the sum of the score of the story, any dupes merged into it, and (if the hotness mods on the tags don’t sum to a negative) half the score of the non-submitter comments.

                                  With this story, it’s because there are many well-scored comments. Your comment (which has no upvotes as I’m writing this) is equivalent to half an upvote.

                              2. 2

                                Hear, hear.

                                My sympathies to those unfortunate enough to work for this clown.

                              1. 1

                                So much of this would be solved by using keybase…

                                1. 2

                                  The bar to entry is still pretty high - even with keybase (sure users can have keybase generate the priv keys, but there is risk involved in that). Also keybase seems to want to move away from pgp because “no one wants to unlock their key every time”.

                                  1. 3

                                    Also keybase seems to want to move away from pgp because “no one wants to unlock their key every time”.

                                    Huh? GPG has supported agents for years.

                                    1. 2

                                      Sure, GPG does.. but I am talking about keybase. Here is the “stance” they are taking now. - your options are to keep using gpg the way you have (not n00b friendly) or - let keybase keep a copy of your private key which increases attack surface.

                                      Also their new chat app doesn’t use PGP (first entry in the FAQ).

                                1. 4

                                  I see all these fancy password managers and I think… why not simply use an encrypted text file with your passwords on it? Less code, fewer vulnerability vectors.

                                  1. 16

                                    Actually, there are potentially more vulnerability vectors.

                                    1. On a number of platforms (Windows, OS X, Android, and Linux), any application can subscribe to the clipboard. So if you’re copying your login credentials, anything on your system that might be compromised can grab it.
                                    2. Along the same lines, the vectors for leaking an unencrypted text file are actually quite high. While all of the password managers I know of are vulnerable to various forms of scanning (except 1Password on Windows when operated on the secure desktop), the text file is likely to be unencrypted in full in scroll back history or something similar for quite some time. There are ways to avoid this, but they’re tricky and error-prone; you can look at the history of PGP secure notes for some background here on all the ways to mess things up.
                                    3. An encrypted text file can also be difficult to merge. While you may be able to automate the process to a degree, you are again put into a position where you have to run your decrypted password file through multiple tools, which again increases your attack surface. E.g., most naïve ways of doing this would at least temporarily store both versions of your file unencrypted on disk to feed to a merge tool.
                                    4. An encrypted text file also cannot store anything other than logins and passwords, which makes storing other forms of secure data hard. E.g., in 1Password, I track what login pages of sites I haven’t been to look like, and explicitly track the full login page URLs, so that I can catch myself if I somehow fall for the first part of a phishing attempt. You can obviously do that without a password manager, but you’re now reaching for something like a LibreOffice document, which expands your attack surface and increases complexity.
                                    5. Finally, most modern password managers provide several things beyond mere storage, including cryptographically secure password generation, service exploitation monitoring (e.g., WatchTower for 1Password), which lets you know when a site you use has had its passwords compromised, and more. It’s not that you cannot do these things yourself, but it requires a lot of effort (monitoring HaveIBeenPwned, hoping you know to use arc4random or an equivalent with proper distribution across your alphabet, etc.). Collectively, these can dramatically decrease your attack surface, by allowing you to respond more effectively and proactively to site compromises.

                                    If storing all your passwords in an encrypted text file works for you, that’s fine; more power to you. But I don’t think it’s accurate anymore to claim that going that route is more secure than alternatives.

                                    1. 7

                                      For the same reason you don’t manually decrypt and paste in your ssh private key every time you log in to a host—convenience.

                                      A password manager can also do some checks that humans may miss or flub, like stopping the pasting of your Gmail password into a convincing phishing site.

                                      1. 4

                                        You would like pass(1)

                                        1. 1

                                          That’s a bit presumptuous – I’m not pizzaiolo, but while I do personally employ (essentially) the encrypted-text-file method, I think “pass” is actually pretty grossly misdesigned.

                                          1. 1

                                            I have some issues with pass too: namely, it leaks metadata like names, creation time, and change history, and it encrypts without authenticating. Is there anything else I should know about?

                                            1. 2

                                              There are little things like its somewhat oddball dependency list (tree? what?), but the metadata-in-the-clear aspect is definitely the major one for me (the gross misdesign I referred to).

                                        2. 2

                                          That would be hard to use on a mobile phone I think.

                                          1. 0

                                            I think it is not that hard to write a GUI application able to decrypt GPG encoded files, or read stdout by making subsequent calls to pass.

                                            1. 4

                                              This is getting pretty seriously far away from the implied simplicity of “simply use an encrypted text file”.

                                          2. 1

                                            Depending on your use case, this might be the solution. I have written my own at http://pestilenz.org/~ckeen/blog/posts/pee.html

                                          1. 2

                                            Love this. Super nice.

                                            1. 4

                                              Very interesting! Currently on bspwm, will try it this weekend. Where did the name come from?

                                              1. 3

                                                “Gabelstapler” is the german word for forklift, which I used because forklift is already a crate and because being modular is one of the design goals. Less confusion that way.

                                              1. 5

                                                I’ve used it a few times. I think the main issue that prevents me from using it more is that when I go to reach for it, I’m usually trying to send private key material to another developer, and then remember that GPG transferred stuff doesn’t have forward secrecy. If keybase.io had a way to transfer information to another user with forward secrecy, that’d be so sweet.

                                                1. 1

                                                  post-it and fire, still undisputed champ of secret distribution

                                                  1. 1

                                                    Well, KBFS doesn’t have forward secrecy, but the saltpack standard does - see the ephemeral keypair generation in the header section. So you can’t have FS inside the keybase filesystem, but for individual files encrypted with the keybase CLI you can.