1.  

    this is a great article, but I’m very uncomfortable with this line:

    The importance of understanding Unicode extends beyond localization and diversity. Failing to understand Unicode may lead to vulnerabilities in your code.

    when will we stop treating “localization and diversity” as less-important issues?

    1.  

      To me, “extends beyond X” doesn’t mean X is not important. The opener is conveying surprise, and for people unfamiliar, it probably will be surprising that Unicode misunderstandings could result in security vulnerabilities.

    1. 6

      Looking to convert my static site from Hugo to Zola

      1. 5

        What’s next, Verne?

        ;)

        1. 1

          what does that even mean

          1. 2

            Hugo, Zola, and Verne are literary figures

            1. 1

              French literary figures, at that. It shames me that Verne was the only one I could remember off the top of my head, but I see him as a spiritual successor to Hugo at least.

        2. 2

          I’d like to throw in Pelican in to the ring as well! I’ve tried pretty much every status site generator and for many reasons Pelican is still the best.

          1. 1

            I think I will try that, as I already found a problem with Zola

            https://github.com/getzola/zola/issues/925

          2. 1

            Zola looks very neat. I wonder what a conversion from Jekyll->Zola would look like for my site.

            1. 1

              Curious to hear how this goes. From a cursory glance, it looks like Hugo and Zola are fairly similar

              1. 1

                I was considering this as well, but I actually ended up on eleventy, and I’m really happy with it. Specifically, it feels customizable in ways that neither Hugo nor Zola are. Might be worth a look!

                1. 1

                  I dont use any JavaScript software. Personally I feel that JavaScript isnt appropriate for applications outside the browser.

                    1. 2

                      While it is Mac only, I’ve been using Things 3 for a while. It has a decent enough API for me to sync Jira and Things which is really nice.

                      1. 3

                        How do you sync Jira and Things?

                        1. 2

                          I’m using OSA scripting bridge between Things and Javascript to pull all of my assigned issues into projects. This lets me have notes and subtasks on top of our poorly configured Jira projects.

                          1. 1

                            Sounds interesting, do you have any code to share?

                          2. 1

                            I would also very much like to know the answer to this question!

                        1. 4

                          Work:

                          • chewing through a bunch of small bugs in our new editor that are collectively driving our users up a wall
                          • trying to further the use of Immer in our code base

                          Hobby:

                          • trying to land some actual improvements to Factor, since I’ve basically been absent for months
                          • getting a Nebula VPN up so I can hit my home network on my upcoming road trip
                          • finishing a blog post I’ve been working on about CouchDB/PouchDB being a great tool to use for the personal web
                          • figuring out whether one of my DeLorean’s lights is actually burnt out, or the circuit board went bad again (I replaced a bunch of physical bulbs with LEDs, which required a custom circuit board due to the lower voltages; this is my second circuit board already)

                          Personal:

                          • go the entire week while never having my phone out while playing with my son
                          1. 2

                            trying to further the use of Immer in our code base

                            Check this out! https://github.com/tc39/proposal-record-tuple

                            1. 2

                              I’ve complained in other threads about more and more features being added to JS, but this one I can get behind :)

                          1. 1

                            This is the content I’m here for

                            1. 16

                              I’m using zola, and I think it’s brilliant!

                              Ticks the boxes for all your desires. It’s fast, contained in a single binary, has a live updating local server, documentation is good and allows extra custom configuration properties for custom things in themes.

                              My personal website is built using Zola, here’s it’s source.

                              1. 3

                                I think this is the one! Thanks!

                                1. 3

                                  I’ve been testing zola right now, in particular the sam theme, against a lot of website analyzers (accessibility, performance, w3c validators, ecological impact,..) and it’s pretty good, I think I’m gonna start using it, it looks simple and mature while providing all the features I wish (code formatting, RSS, …).

                                  1. 1

                                    Exactly! And it’s easy to modify, and somewhat extensible for additional features you might want.

                                  2. 2

                                    I use Zola as well. I think one of the biggest downsides is how few themes there are. In principle it’s not much work to modify an existing theme, but it’s still one more thing you need to do when setting up your blog.

                                    1. 1

                                      You’re right. I wanted to build a custom theme anyway to personalize things, so that wasn’t much of a problem for me.

                                  1. 37

                                    There are a lot of bad takes in here. It sounds like this person is angry at young programmers, not trying to help them.

                                    1. 4

                                      While I think many of the Falsehoods (some set of people) Still Believe lists convey useful actionable information, this one not so much. It feels way heavier in sarcasm than the more useful lists.

                                      1. 4

                                        I didn’t take this as angry at all. Do you feel personally attacked by the list?

                                        1. 9

                                          Not in the slightest - in fact I empathize with the author in a few places, albeit probably for different reasons. Plainly, this post is condescending and makes harmful generalizations about young programmers.

                                          Edit: “stereotypes” is probably a better word than “generalizations” here

                                          1. 4

                                            I know people who have graduated with CS degrees in their 40s.. so, generalizations.

                                            1. 8

                                              You know that, I know that. Does this author?

                                              They are good at multi-tasking, as is evident from their ability to take notes in class and check Facebook at the same time..

                                            2. 4

                                              I didn’t take it that way. I took as a slightly exasperated but in-good-fun calling out of common problems.

                                              I think it’s more likely to help than harm.

                                              1. 1

                                                I think you’re probably taking it way too seriously

                                                1. 1

                                                  I would say “inaccurate” rather than “harmful” - lots of accurate generalizations about groups are harmful or perceived as harmful. The problem with a line like “TED talks are Science(TM) and the information presented is accurate.” is that there’s no particularly good reason to believe that graduating CS students are more likely than other demographics to view TED talks as accurate, unbiased sources of information, not that if this were the case people should feel obligated not to say so in order to prevent some kind of harm coming to graduating CS students as a class.

                                            1. 6

                                              I just use Things. I have no plan to move away from Apple jail ecosystem in the foreseeable future so…

                                              1. 3

                                                I also use Things, just on my laptop though (I keep my phone off of email, calendar, etc.).

                                                Past monday the macOS Catalina update rendered my Macbook unbootable (sent to apple repair yesterday). In the meantime I’m running a live Ubuntu bootable thumb drive.

                                                While Things is not available off-Apple, it’s nice they store everything you do in a single SQLite database file. Until I have my Macbook back I’ll be running Things with a SQL editor.

                                                1. 1

                                                  Past monday the macOS Catalina update rendered my Macbook unbootable (sent to apple repair yesterday).

                                                  Same. Booted in safe mode, turned out it was a bad kext. Updated it and chugging along happily-er now.

                                                  1. 1

                                                    Mine doesn’t even respond to the boot time keystrokes in order to boot in safe mode, or verbose, or boot from a thumb drive…

                                                    I tried everything, but there’s nothing I could do without tearing it down.

                                                    May I know your model? Because a friend of mine also had his install broken. Also, is the bad kext related to Little Snitch? Thx.

                                                    1. 1

                                                      MacBook Pro (15-inch, 2017) – the bad kext was a corporate MDM thing (“Carbon Black”). But yikes, yours sounds muuuuch worse. I could access safe mode. Recovery was working but even once booted into recovery the dialogs were lagging for 5+ minutes.

                                                2. 2

                                                  Things

                                                  This comment made me check it out, and damn. I’ve been using Todoist for a couple years and this blows it out of the water. Thanks!

                                                  1. 1

                                                    +1 for Things. I have a soft spot for the idea of a bullet journal but Things is just so good.

                                                    1. 3

                                                      Things is the only software I’ve ever missed after leaving apple.

                                                      1. 1

                                                        I have a mac laptop, but an android phone, so I would be hesitant to use Things.

                                                  1. 6

                                                    Even the title of this article is problematic, by the same notion that @colonelpanic and others have raised. Asking what went wrong with Voat is a tacit admission that Voat could’ve gone right, which to my eyes is tantamount to saying there’s nothing wrong with creating a safe haven explicitly for Nazis, racists, and other vile subcultures. To treat Voat as a case of product management gone wrong is to claim that such a site would be fine if it had been under different management / marketed differently / whatever. Let’s recognize neofascist tactics for what they are: bad faith and manipulation.

                                                    1. 5

                                                      Asking what went wrong with Voat is a tacit admission that Voat could’ve gone right, which to my eyes is tantamount to saying there’s nothing wrong with creating a safe haven explicitly for Nazis, racists, and other vile subcultures.

                                                      I don’t think it was explicitly a safe haven for such people. I remember it as being a Free Speech safe haven, which is not the same thing. Yes, we all know what eventually happens to unmoderated places, but if you’re specifically talking about the intent behind Voat, I think you’ve got the history wrong.

                                                      (And no, I don’t think it could have gone right either. But I don’t think a difference of opinion on this is such a horrible thing.)

                                                      1. 4

                                                        As a wise man once wrote:

                                                        The moral of the story is: if you’re against witch-hunts, and you promise to found your own little utopian community where witch-hunts will never happen, your new society will end up consisting of approximately three principled civil libertarians and seven zillion witches. It will be a terrible place to live even if witch-hunts are genuinely wrong.

                                                    1. 1

                                                      A small group at work is starting a reading group of The Little Typer! I’ll be reading the first couple chapters.

                                                      Also, hopefully, a blog post. Been way too long coming.

                                                      1. 4

                                                        Anyone remember that post Linus made about getting help for his anger issues and focusing hard on being compassionate towards other maintainers? Looks like he’s really taken that to heart. Seems like his old tone is basically gone here - very refreshing.

                                                        1. 4

                                                          TBH, Linus’s release emails always had this sort of tone even before he vowed to get help on his anger issues.

                                                        1. 2

                                                          Anyone remember that post Linus made about getting help for his anger issues and focusing hard on being compassionate towards other maintainers? Looks like he’s really taken that to heart. Seems like his old tone is basically gone here - very refreshing.

                                                          1. 1

                                                            Maybe you meant to post here?

                                                            1. 1

                                                              /headdesk

                                                              thank you

                                                          1. 9

                                                            The only thing I can think of now whenever the 2-to-3 debacle comes up is this: https://eev.ee/blog/2016/11/23/a-rebuttal-for-python-3/

                                                            1. 14

                                                              Trying to catch up on sleep. I’ve been neglecting myself lately.

                                                              1. 2

                                                                Never a bad idea. Do you use a sleep tracker? If not, I highly recommend them.

                                                                1. 2

                                                                  I’m a little wary of things like that, but I’d be really grateful for a recommendation.

                                                                  1. 1

                                                                    I love my FitBit Ionic. Previously I had the Microsoft Band I and II, and before that a Pebble (which I wasn’t crazy about, because it wasn’t a fitness tracker). I also tried the Apple Watch, but returned it because it wasn’t as focused on health as the FitBit (I don’t care too much to have a computer on my wrist that connects me to social media).

                                                                    The Versa 2 looks good. I also do expect the future Apple Watches to get better for health, once battery life improves and they can be used for sleep tracking.

                                                                    But I’ve gotten many actionable insights from the 5 years of sleep data. It’s been particularly helpful this year, after our daughter was born, as managing sleep has become quite a challenge. I can’t live without it. :)

                                                                    1. 2

                                                                      Has the privacy story for fitbit devices improved at all?

                                                                      I’d gotten one for free a while back and was somewhat dubious initially, but with a bit of work it was usable with your own software. But it died relatively quickly, and all the newer models looked like they just spit out encrypted blobs that you couldn’t do anything with other than send them to the fitbit service.

                                                                      1. 1

                                                                        It’s a good question. I don’t know. I’ve been meaning to do more with my FitBit (I used to do a lot with my MS Bands) but haven’t gotten around to it yet.

                                                              1. 10

                                                                Probably getting ready for Hurricane Dorian

                                                                1. 8

                                                                  Yikes, be safe.

                                                                1. 6

                                                                  The number of times I’d wished I had this feature on Travis.

                                                                  Instead you just end up blindly pushing changes to the branch in the hope that it works :P

                                                                  1. 4
                                                                    1. 3

                                                                      Only on Travis-ci.com (the paid version), and not Travis-ci.org (the free version).

                                                                      1. 4

                                                                        sr.ht is also a paid service, right?

                                                                        1. 4

                                                                          It’s up to you whether to pay or run the exact same free software on your own infra.

                                                                          1. 2

                                                                            Is it easy to run on your own? That’s kind of cool. I may pay them anyway but still run it myself.

                                                                            1. 9

                                                                              https://man.sr.ht/installation.md

                                                                              Reach out to the mailing list if you run into trouble :)

                                                                              1. 1

                                                                                Wow, cool! Thanks :)

                                                                            2. 1

                                                                              You can also run travis-ci.org on your own infra (I currently do this) but there isn’t a lot of info about it.

                                                                          2. 3

                                                                            The trick is that for public repos, you have to email support: https://docs.travis-ci.com/user/running-build-in-debug-mode/#enabling-debug-mode

                                                                            1. 1

                                                                              Weird… I guess that they’re trying to prevent wasted containers by adding manual process in the middle?

                                                                              1. 2

                                                                                It’s a security risk, especially for public repos.

                                                                                1. 2

                                                                                  Eeeek, that’s rough. builds.sr.ht’s SSH access uses the SSH keys we already have on your account for git authentication et al.

                                                                                  1. 1

                                                                                    You get that from Github, too. But I also think it doesn’t help, because GH projects are liberal with adding people to orgs/repos and while they cam be grouped, there’s no way to assign structures roles. GH as an identity provider is mediocre at best.

                                                                                  2. 1

                                                                                    Like, in terms of things which they may do in the shells, DDoSing by creating too many, etc? They use your SSH key from GitHub to prevent others from SSHing in, right?

                                                                                    1. 4

                                                                                      They use your SSH key from GitHub to prevent others from SSHing in, right?

                                                                                      Not AFAIR. It gives a temporary login/password in the build log (which is public). And anyone who logs in can see the unencrypted secrets (e.g. API keys used for pushing to GitHub).

                                                                                      1. 1

                                                                                        oooooooh… yipes. Super dangerous. CircleCI uses SSH keys to improve on this.

                                                                              2. 1

                                                                                Aren’t they doing some funky reorganization to eliminate the split? I haven’t looked closely so I might be wrong.

                                                                              3. 2

                                                                                I guess I’ve just been too cheap to pay then ;)

                                                                              4. 1

                                                                                This feature is on Travis, but their new configuration API is so excruciatingly painful and lacking of reasonable documentation that it fails to help when it’s really needed.

                                                                                1. 1

                                                                                  With Gitlab you can debug CI stages on your machine by starting a local Gitlab Runner.

                                                                                1. 3

                                                                                  Oof, you have to log in to a Microsoft account to download it from the store? Yikes. I just built a gaming PC and the constant pressure from Windows to use a M$FT account for everything is… unpleasant.

                                                                                  1. 2

                                                                                    I made some progress getting an archive, but I am busy right now so I havent finished it

                                                                                    https://github.com/microsoft/terminal/issues/1386#issuecomment-504675365