-
A while ago, discussing with LibreSignal developers, Moxie wrote:
I understand that federation and defined protocols that third parties can develop clients for are great and important ideas, but unfortunately they no longer have a place in the modern world.
That pretty much sets the tone for the future of Signal, and how it will be distributed. Can we all agree to disagree (or not), and move on? There are alternatives based on federated servers, or completely decentralized. Let’s push for these instead of shaming Signal.
-
whole lot of assertions without really anything to back them up. like calling google play services a rootkit, and claiming it’s easy to run a f-droid repository (i don’t know if it is or isn’t, but at least prove it is without continually saying “fact”).
-
I agree about the “lot of assertions” point, but how would you go a prove it is easy to run your own F-Droid repository? Would a link to F-Droid’s Installing the Server and Repo Tools be enough?
-
-
-
The problem turns out to be some obscure FUSE mounts that the author had lying around in a broken state, which subsequently broke the kernel namespace system. Meanwhile, I have been running systemd on every computer I’ve owned in many years and have never had a problem with it.
Does this not seem a bit melodramatic?
-
From the twitter thread:
Systemd does not of course log any sort of failure message when it gives up on setting up the DynamicUser private namespace; it just goes ahead and silently runs the service in the regular filesystem, even though it knows that is guaranteed to fail.
It sounds like the system had an opportunity to point out an anomaly that would guide the operator in the right direction, but instead decided to power through anyways.
-
-
-
-
We have monitoring and alerting around how much money is coming in, that we compare with historical data and predictions. It’s actually a very reliable canary for when things go wrong, and for when they are right again, on the scale of seconds to a few days. But you are right that things getting a little suckier slowly over a long time would only show up as real growth not being in line with predictions.
-
-
-
I tend to agree that hard failures are nicer in general (especially to make sure things work), but I’ve also been in scenarios where buggy logging code has caused an entire service to go down, which… well that sucked.
There is a justification for partial service functionality in some cases (especially when uptime is important), but like with many things I think that judgement calls in that are usually so wrong that I prefer hard failures in almost all cases.
-
-
Everybody thinks it’s a good idea “some service is surely better than no service” until it happens to them.
So if the server is over capacity, kill it and don’t serve anyone?
Router can’t open and forward a port, so cut all traffic?
I guess that sounds a little too hyperbolic.
But there’s a continuum there. At $work, I’ve got a project that tries to keep going even if something is wrong. Honest, I’m not sure I like how all the errors are handled. But then again, the software is supposed to operate rather autonomously after initial configuration. Remote configuration is a part of the service; if something breaks, it’d be really nice if the remote access and logs and all were still reachable. And you certainly don’t want to give up over a problem that may turn out to be temporary or something that could be routed around… reliability is paramount.
-
And you certainly don’t want to give up over a problem that may turn out to be temporary
I think that’s close to the core of the problem. Temporary problems recur, worsen, etc. I’m not saying it’s always wrong to retry, but I think one should have some idea of why the root problem will disappear before retrying. Computers are pretty deterministic. Transient errors indicate incomplete understanding. But people think a try-catch in a loop is “defensive”. :(
-
-
-
-
So you never had legacy systems (or configurations) to support? I read Chris’ blog regularly, and he works at a university on a heterogeneous network (some Linux, some other Unix systems) that has been running Unix for a long time. I think he started working there before
systemdwas even created. -
Why do you say that the FUSE mounts were broken? As far as we can see they were just set up in a uncommon way https://twitter.com/thatcks/status/1027259924835954689
-
-
Yes, it seems melodramatic, even to my anti-systemd ears. It’s a documentation and error reporting problem, not a technical problem, IMO. Olivier Lacan gave a great talk last year about good errors and bad errors (https://olivierlacan.com/talks/human-errors/). I think it’s high time we start thinking about how to improve error reporting in software everywhere – and maybe one day human-centric error reporting will be as ubiquitous as unit testing is today.
-
In my view (as the original post’s author) there are two problems in view. That systemd doesn’t report useful errors (or even notice errors) when it encounters internal failures is the lesser issue; the greater issue is that it’s guaranteed to fail to restart some services under certain circumstances due to internal implementation decisions. Fixing systemd to log good errors would not cause timesyncd to be restartable, which is the real goal. It would at least make the overall system more debuggable, though, especially if it provided enough detail.
The optimistic take on ‘add a focus on error reporting’ is that considering how to report errors would also lead to a greater consideration of what errors can actually happen, how likely they are, and perhaps what can be done about them by the program itself. Thinking about errors makes you actively confront them, in much the same way that writing documentation about your program or system can confront you with its awkward bits and get you to do something about them.
-
-
-
Lord of Light, by Roger Zelazny (1967).
-
-
An interesting aspect of this: their employees’ credentials were compromised by intercepting two-factor authentication that used SMS. Security folks have been complaining about SMS-based 2FA for a while, but it’s still a common configuration on big cloud providers.
-
What’s especially bugging me is platforms like twitter that do provide alternatives to SMS for 2FA, but still require SMS to be enabled even if you want to use safer means. The moment you remove your phone number from twitter, all of 2FA is disabled.
The problem is that if SMS is an option, that’s going to be what an attacker uses. It doesn’t matter that I myself always use a Yubikey.
But the worst are services that also use that 2FA phone number they got for password recovery. Forgot your password? No problem. Just type the code we just sent you via SMS.
This effectively reduces the strength of your overall account security to the ability of your phone company to resist social engineering. Your phone company who has trained their call center agents to handle „customer“ requests as quickly and efficiently as possible.
update: I just noticed that twitter has fixed this and you can now disable SMS while keeping TOTP and U2F enabled.
-
But the worst are services that also use that 2FA phone number they got for password recovery. Forgot your password? No problem. Just type the code we just sent you via SMS.
I get why they do this from a convenience perspective, but it bugs me to call the result 2FA. If you can change the password through the SMS recovery method, password and SMS aren’t two separate authentication factors, it’s just 1FA!
-
Have sites been keeping SMS given the cost of supporting locked out users? Lost phones are a frequent occurrence. I wonder if sites have thought about implementing really slow, but automated recovery processes to avoid this issue. Going through support with Google after losing your phone is painful, but smaller sites don’t have a support staff at all, so they are likely to keep allowing SMS since your mobile phone number is pretty recoverable.
-
In case of many accounts that are now de-facto protected by nothing but a single easily hackable SMS I’d much rather lose access to it than risk somebody else getting access.
If there was a way to tell these services and my phone company that I absolutely never want to recover my account, I would do that in a heartbeat
-
-
This effectively reduces the strength of your overall account security to the ability of your phone company to resist social engineering. Your phone company who has trained their call center agents to handle „customer“ requests as quickly and efficiently as possible.
True. Also, if you have the target’s phone number, you can skip the social engineering, and go directly for SS7 hacks.
-
-
-
Your mobile phone number can relatively easily be stolen (more specifically: ported out to another network by an attacker). This happened to me on T-Mobile, but I believe it is possible on other networks too. In my case my phone number was used to setup Zelle and transfer money out of my bank account.
This article actually provides more detail on the method attackers have used to port your number: https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
-
T-Mobile sent a text message blast to all customers many months ago urging users to setup a security code on their account to prevent this. Did you do it?
Feb 1, 2018: “T-Mobile Alert: We have identified an industry-wide phone number port out scam and encourage you to add account security. Learn more: t-mo.co/secure”
-
-
-
-
-
On a related note, it’s also worth noting that the user control situation is even worse on mobile devices. You pretty much can’t buy phones or tablets with unlocked firmware that you can easily put your own operating system on.
-
Well there is the Librem at least.
-
-
This is correct. Purism routinely exaggerates about what they are able to provide in terms of openness, without any plausible way of actually delivering. It’s quite tiresome.
Not only will Librem 5 have blobs, they’ve now shamelessly announced they intend to use a loophole to procure FSF RYF certification despite this. If this is allowed to stand, it also makes RYF rather meaningless.
-
-
-
Also Fairphone:
We offer the ability to choose between the Google experience and the freedom of open source. Both versions are officially supported by Fairphone and we will provide continuous software updates.
In addition, and because the code is openly available, everybody is free to work on making other operating systems work on the Fairphone 2. The community already offers alternative operating systems like Sailfish OS, Ubuntu Touch and LineageOS.
-
Fairphone requires proprietary firmware blobs anyway.
-
-
As a Fairphone user: the market is made by buying the damned phones.
I wish there was an official Sailfish distro. I’m a happy user of the community port, but I also tolerate some glitches. Like not being able to calibrate the proximity sensor or run android apps.
But, as stated, they do have a non-Google android for those who want to be closer to the mainstream and a Google android for people who don’t care that much.
-
-
-
You can unlock the bootloader on most Android phones and you can run LineageOS or other AOSP forks, sometimes Ubuntu Touch and Sailfish ports, or postmarketOS.
You typically have to run the vendor android kernel fork if you want to have useful functionality, but some devices (Nexus 5, Nexus 7, Xperia Z2, Xperia Z2 Tablet) can run mainline Linux.
-
-
-
lau
edited
1 month ago
|
link
| on:
The open-plan office is a terrible, horrible, no good, very bad idea
The worse open-plan office I’ve been in is when developers were sharing the room with marketing. There was time it was literally impossible to work or concentrate. On busy day, marketing guys would spend all day talking loud on the phone. On quiet days, they’ll spend most of the time chatting loudly with each others. Even when I had urgent work, I had no choice but to give up and browse the web or go out, since I couldn’t do any work. Talk about productivity.
It’s not even a criticism of the marketing department - they enjoy their job and good for them, but it was absurd to put us all in the same room.
-
-
-
Russ has more background on this from his Gophercon talk: https://blog.golang.org/toward-go2
The TL;DR for generics is that Go 2 is either going to have generics or is going to make a strong case for why it doesn’t.
-
-
-
-
-
When reading Javascript/PHP rants, I’m always reminded of this:
There are only two kinds of programming languages: those people always bitch about and those nobody uses.
-
That quote always comes up in these kinds of things. And it’s a stupid quote. Like most things that try to draw dichotomies, it’s not really true. Not every language people used is equally bitched about. Some people even praise languages more than complain about it. That quote is effectively used to argue for any status quo. Let’s not try to discuss how we could do things better because people will just bitch about it anyways. Or all languages equally suck so let’s use whatever we have here. It really adds nothing to the conversation.
-
I heard this phrase a lot when I was a PHP developer. In my experience it was used as a conversation stopper, which got very frustrating.
For example, after fixing some bug I might recommend that we stick to using
===instead of==because the latter behaves in complicated and potentially confusing ways; get the reply “There are two kinds of programming languages…”. OK, that’s nice, but are we going to use===instead of==or not?Or we might be discussing how to design a certain system or feature. Point out that X tends to be a bad idea due to Y, get the response “There are two kinds of programming languages…” “So…?” “We’re going with X”.
Thankfully I’m no longer a PHP developer.
-
-
Some people even praise languages more than complain about it.
Sure, but I’d assert that those tend overwhelmingly to be niche languages.
A lot of people love languages like APL, Haskell, ML, Idris, Elm, and so forth–fact is, those languages just aren’t very relevant to mainstream software engineering.
The best thing that can be said is that exposure to them helps people using bad languages reconsider how to approach things in their vulgar daily driver. The worst thing to be said is that zealots of those languages try to infect otherwise bearable languages with features from their pet tongue and in so doing make things more complicated for everybody else (FP folks did this to C++, Java folks did this to JS, etc.)
-
-
-
Gimp 2.10 is the release that stops dumping stuff into
$HOME, so even if you don’t really care about the new features, it’s a worthwhile upgrade for this reason alone!-
-
It’s very impolite for programs to spam things into the
$HOMEdirectory without explicit permission. -
-
-
-
-
-
-
With its own chips, Apple would not be forced to wait on new Intel chips before being able to release updated Macs, and the company could integrate new features on a faster schedule.
IIRC, in 2017 Apple upgraded their Macs to Intel’s Kaby Lake well after Dell, or HP, so this comment seem out of touch with reality.
Maybe some people at Apple don’t like Intel’s tick-tock release cycle… Still, I’m curious of seeing their “new” arch. and I hope they will show that Intel is not the end game of CPU design.
-
Should be treated like an airliner crash: Investigation, lessons learned, improvements to make sure it’s not repeated.
-
-
-
-
At least one human in jail.
It’s very likely that there will be a scapegoat or two.
But I think this is probably good for the industry.
I’m no historian, but I imagine that this is a little bit like when the first airplanes were invented. At first there were no rules. You just made and airplane and flew around.
Until some bystander got hurt or killed. In those days, we were not such a litigious society, so most people probably said tough luck.
But eventually we had passenger travel, and the government decided we needed rules and the FAA (or whatever came before it) was created. They make the rules.
At first, air travel was not so safe. But after every accident we improved.
And when there were accidents, there were liability lawsuits. If gross negligence could be proven, then maybe even some airline company executives went to jail???
Even now, when there is human error and an airliner crashes, I don’t think anyone goes to jail?
We are still in the early days.
-
-
It has a net-positive social effect.
- Giustice.
- the U.S.A. would prove to their citizens that they hold the monopoly of the legitimate use of physical force: otherwise, if you accept that a company can kill, killers will all become entrepreneurs
- all the future boards of directors of any robotics company will take human safety very seriously and will continue to take it seriously every time a board of director go in jail
- the whole DataScience/AI industry will learn to sell just what they can explain (aka debug) and prove correct (which is much more than you think, actually!)
- the whole software industry will begin to take software quality as a serious topic
- ISIS won’t have a very good reason to infiltrate AI software companies in the U.S.A. …
I think I could go on for a while…
-
-
Are you stating that in the U.S.A. a private militia has the right to kill people without questions from courts?
I really did not knew that!
Because, you know, some people says you should not require explanations from an AI!
And if a private militia can kill people with that same freedom… I can suddenly understand U.S.A. problems with guns!
-
It’s the 2nd Amendment: final check against government corruption when all three branches fail to do their job. Given how divided the media keeps US, it will basically turn into a shooting gallery with each side taking on their media-designated enemies.
The only neutral scenario I could think of where it may apply is people taking out politicians that took bribes to pass laws that harmed consituents. And were immune to prosecution. People on both sides tend to look down on whoever takes bribes for laws. As in, it enforces integrity of essential system with everything else handled within the system.
Id still be afraid to see any use of 2nd Amendment play out, though. Will be a lot of collateral murder.
-
@nickpsecurity I read your reply three times, looked at wikipedia and still I do not understand what you mean.
The monopoly of legittimate use of violence is given to states by their people.
No State is obliged to respond in courts about each single life it takes to preserve law.
That’s because the state itself represent the Giustice (on behalf of its people, in a democracy).The state does not need to explain why it kill: the explainations are due for the people that reppresent the state (police, judges and so on..) to ensure they do not abuse the power the state give them.
Does the 2nd Amendment give the U.S.A. citizens the same right of the state?
That would explain @oz comment, but still it sound extremely strange.For example, why killers do not always appeal to it when in court?
-
Quick request: If you reply to someone, they get an email saying that your replied. If you use @ in front of name, they get another email saying they were “mentioned” in same thread. I suggest leaving out the @ when it’s the person you were replying to so they just get one email. I also leave it off if it’s another party if they’re already reading the thread.
Regarding 2nd Amendment, the wording of the Amendment was ambiguous leading to two interpretations:
-
It’s an individual’s right to bear arms to use in self-defense against all enemies. That might include people attacking them, corrupt politicians, or foreign invaders. Some of these organize into unofficial militias that are basically groups that share this belief in a specific locale. There’s over 200 of them.
-
It’s about a state-level, military organization governed by the laws of that state and controlled by its governor. That’s basically the Army and Air National Guard. These often also have police powers in a state, too.
There’s no consensus on the subject. No 1 is used to justify gun ownership. Presidents also used to shoot people on the streets in less-civil times. No 2 is implemented across the states, too. I’m in No 1 territory just because I doubt U.S. military personnel make a good check against U.S. military personnel: probably see each other like cousins in a big family. There are some court opinions from long ago suggesting No 1 is OK when three branches fail to do their job. Anyone trying it will be imprisoned for murder, though, after being villified by whatever side voted for that person. Generally, most just move to a state that runs things the way they like tolerating the government’s abuses.
The militias are doing nothing waiting for The Big Moment when the federal government does something so bad it justifies them going to war. We’ve had smaller moments over and over and over: Feds like so-called “fait accompli” strategy where they do a little bit of evil at a time building up power slowly with each move independently justified with media narrowly focusing on it in isolation. Like the boiling frog metaphor, the citizens tolerate more corruption that way with them not seeing bigger picture or slowly forgetting why certain things happened to begin with. The Big Moment won’t come because it already did over time. A worse situation will down the road. I found it illuminating to compare the abuses listed in Declaration of Independence that justified war on British rule against the abuses of current U.S. government. There’s too many similarities.
The militias haven’t done anything about anything, though. Mostly just drink, socialize, and sport shoot in the woods that I can tell. The folks that have shot politicians have usually been crazy or evil doing it for their own reasons. They’re really random. They definitely don’t help justify any legitimate use of 2nd Amendment when that happens: every shooting has people try to roll back No 1 on the list. Who knows what will happen in future but that’s the relevant background on the subject.
-
Thanks nickpsecurity.
Sorry for the duplicated mails… my fault, but maybe Lobste.rs misses a DISTINCT clausole.Your post gave me an interesting and deep historical perspective over a U.S.A. issue that I cannot really understand as an European.
This deeply improve my understanding, thanks!
Anyone trying it will be imprisoned for murder, though…
This is the point, I think: a State cannot allow anybody to kill without responding in court for murder. That’s just because otherwise it would loose the key of its own power: legitimacy over its use of violence.
This does not means that each person responding on court of a murder is guilty and will go to jail. Just that he has to prove that the death was not reconducible to his own actions.
So, in this case, Uber must prove that they had no way to prevent the death.
Eg they cannot test the car in roads closed to the public traffic, they had never observed another driver distracted at the driving seat before, that the car was correctly manutened, that the LIDAR system was tested to work at that speed and lighting conditions, that the various AI component had no bug and so on…
-
Yeah, they should have to explain that stuff if they were to get tried for it. The case for many companies is they just get investigated and sued with their lawyers holding it off. Sometimes they loose a lot of money on it. Their next move is to do the minimum necessary to avoid a similar loss. This might achieve real, risk reduction. Or it will be a dodge with another disaster down the road.
Most of the time these are mechanical processes we understand really well. Self-driving cars aren’t. So, I have no idea what will happen just because a robust version of the concept hasn’t been demonstrated even by academics. They might even be able to use that as a defense: “we did all we could. Not even cutting-edge R&D was doing much better on correctness.” Of course, the LIDAR results vs the Grand Challenge I read about long ago makes me think there were some truly reckless acquisition and testing practices. Hopefully, lots of LIDAR experts can chip in testimony saying it’s total garbage to set some kind of baseline for what’s acceptable.
Seeing and responding to a big-ass object right in front of it should probably be in the baseline. ;)
-
-
-
-
-
-
-
-
-
-
-
-
I don’t understand, isn’t Telegram meant to be end to end encrypted? Why would having keys that telegram keeps allow snooping? If Telegram has a way to read user messages then it is NOT secure.
-
-
I like keybase a lot, but I have mixed feelings about all this. Mainly, I doubt that we’re stopping climate change by switching to Stellar. 🙄
-
Proof-of-work incentivizes people to go full throttle on electricity consumption, especially in regimes where electricity is free/subsidized. And of course fossil fuels are still the cheapest and most accessible source of electricity in most of the world.
It’s not a huge leap in logic. It’s simple: proof-of-stake = less electricity usage = less electricity generation = hurting environment less.
Disclaimer: I don’t own any proof-of-stake cryptocurrency (yet?).
-
-
Thank you for the correction; that was a naive assumption for me to make.
For posterity: the Stellar Consensus Protocol implements a variation of Byzantine agreement, aka the classic systems problem of Byzantine fault tolerance, where nodes in a system try to establish quorum in making decisions.
However, they differentiate themselves from classic Byzantine agreement, where the nodes are already known. A downside of the competing Ripple cryptocurrency, according to Stellar authors, is that it requires an initial set of trusted nodes provided by a central authority. In contrast, SCP does not require an initial set of trusted nodes or a trusted authority; they call this “Federated Byzantine agreement.”
As for proof-of-stake, Stellar’s authors say that that approach has problems with “nothing at stake” attacks. Proof-of-stake works by putting up collateral in exchange for having a say in the network. Bad actors could theoretically behave well initially, up until the point where they cash out, and then maliciously rewrite history starting from when the network thought they still had a stake.
Stellar’s blog post from 2015 has a high-level Q&A about the consensus protocol.
Another blog post describes the protocol in a bit more detail, going into the federated voting approach that happens between nodes.
Finally there’s the detailed whitepaper.
-
-
-
-
It was quite predictable. Their incentives as a VC-backed, for-profit company aiming for massive IPO are to lock-in as many people as possible. Interoperability works against profitable lock-in. This is why rich, software companies either fight, subvert, or cripple it where possible. So, Slack eventually would ditch that. I doubt they put a lot of effort into maintaining its quality either if it was a marketing gimmick. I don’t use Slack, though, so I can’t say.
-
-
Honestly, Slack to me has become a lot more than just chat, and I can see how they can’t coerce their methodology for chat anymore into IRC. Threads are used very extensively by my team, and I can see how that’s hard to fit into IRC. Rich content messages from apps, images, and posts are basically impossible to fit into IRC. I agree that all those things don’t fit into some people’s ideas of an ideal workflow, but they’ve become crucial for a lot of people on Slack, and kind of break in IRC.
-
I think that the features you mention could be mapped to IRC, with some loss of course, but IRC users are (maybe?) used to a simpler experience.
IIRC, less choice is often touted as a good design practice. But Slack is removing the simple thing in favour of the bells and whistles. It’s not a surprise, but it’s sad.
-
hard to fit into IRC
Could you be more specific? This is a Slack-IRC gateway using the recent IRCv3 drafts for threads, reactions and rich content messages: https://twitter.com/irccloud/status/971416931373854721
As far as I can see, IRC can handle all these just fine.
-
It’s in the ‘wrong’ place in my stack, but the wee-slack plugin mentioned by @oz claims to have thread support. As a WeeChat plugin has access to windows and buffers I can imagine that being a smoother experience that a plugin in the otherwise ‘correct’ place: the bouncer.
Messages from apps are or could be notices in IRC, and images appear as links that I can click through to see using a web browser. It is certainly true that the more a tool tries to structure a conversation the more difficult it becomes to map that to the IRC protocol. That said, I’m absolutely open to retaining the ability to chat from an IRC client by fixing problems anywhere and everywhere they need to be fixed. There is no fundamental reason a thread feature can’t work outside of the official client.
-
It’s in the ‘wrong’ place in my stack, but the wee-slack plugin mentioned by @oz claims to have thread support. As a WeeChat plugin has access to windows and buffers I can imagine that being a smoother experience that a plugin in the otherwise ‘correct’ place: the bouncer.
Yeah I can see where you’re coming from. I love wee-slack, and would use it if it had Enterprise Grid support. I just think that Slack is making more and more design decisions that make it hard to shoe-horn back into IRC.
-
I just think that Slack is making more and more design decisions that make it hard to shoe-horn back into IRC.
If not IRC, then an open, extended version of it or new protocol with a reference client. Worst case is that important stuff like messages stay in the open system whereas extra bells and whistles end up in proprietary system. Less transition cost later if people want to ditch Slack for something better. An open, reference implementation people are using in a lot of environments would also give them more testing of their protocols. They definitely have the money for it at their revenue levels.
They’re locking it up instead since it’s more profitable in the long run for the founders and investors. The good news is they might have at least inspired some revamps of IRC or chat that will be done better for us without their problems. I think I’ve already seen some like that but we gotta wait to see who gets a sound, business model going.
-
-
-
-
-
I’ve used the Jabber gateway to connect to HipChat and the IRC gateway to connect to Slack. Hands down the Slack gateway was the superior experience. You could, to be sure, tell you were not connecting to a real IRC server. The experience was remarkably good anyway. by comparison, my messages in to HipChat would sometimes take hours (actual multiple hours) to be received–completely crippling my ability to participate.
-
-
Sad to see these go.
I’ve been using wee-slack for a few weeks now, and it looks like I will have to get used to it.
-
I never had access to the IRC gateway (admins at work refused to turn it on) so this has been a life-saver since I started my job. It works much better than I was expecting.
-
-
Like other folks have said, I’ve also been dreading this. There’s not a lot of chat rooms that are worth the RAM and UI of Slack. Thanks very much for this link. I’ve been considering a move from irssi to weechat for a few years (my twitter client is unmaintained and I don’t enjoy the Perl), maybe this will be the final push to get me to shave this yak.
-
I moved from irssi to weechat under duress myself. After an OS upgrade bold ceased working for me and was not able to fix it! I find weechat better designed: I’ve used it as an example of convergent evolution in tooling, by comparing irssi and weechat to screen and tmux: both irssi and screen feel haphazard whereas weechat and tmux have a more layered, bottom-up design.
All in all I’m happy to have moved to weechat. I must admit however I still keep an irssi running for the things I haven’t managed to port yet. It’s one of the rougher migrations I’ve had.
-
-
-
I personally prefer Flow over TypeScript, but the general idea of adding types to JavaScript is something I’m all for. One of my favourite things about both of these tools is being able to, for example, change the shape of my Redux store and then follow the errors Flow/TypeScript generates to find every part of the codebase which that change affects.
-
How are you finding flow+redux?
I spent >30 unsuccessful hours trying to get
connectto return a useful component with the rightProps(and learned all the secret/experimental features doing so).I’d like to try TS on my next project; flow has burned me by being silently unsound.
-
Yeah react-redux’s
connect()HOC is the one place where I’ve never had much luck with Flow. The main issue seems to be an underlying issue in the Redux library definitions, though there’s a PR to fix those which I haven’t tried myself https://github.com/flowtype/flow-typed/pull/1731Edit: Just threw those new definitions into a medium size project and they work great. Even helped me pick up one or two subtle bugs.
-
Glad it worked for you.
That said, the thought of using two-day-old code from an open pull request is reminding me why I’m trying to avoid the front-end space right now.
-
-
-
-
-
oz
5 months ago
|
link
| on:
A potential way to have spaces in filenames and not break the Unix command line
Non breakable spaces were (are?) often used in HTML to avoid text reflows around punctuation (good typography actually), and too many other hacks to avoid line breaks.
Not sure I’d welcome these in a terminal. 🤔
-
-
-
-
No, and no. Surely you are being aggressive here? I don’t see a case where I would actually believe that someone would want to confuse themselves.
What I do believe is that - hey!- someone who knows how to use a terminal and can even code a bit has spaces in their filenames. Maybe, since they already know how to use a computer, they would realize “Oh, this is definitely an issue I could potentially run into later! I wonder what the best way to solve it is?” and decided that the best way was to write more code to maintain.
Surely that is easier than maybe considering not having spaces in filenames in the extremely rare cases where they may actually matter in a program that makes bad assumptions or a shell if you don’t know how to use intermediately well.
[ Below removed comment follows]
I should also add that the issue exemplified in the article is actually a non-issue. That is, the syntax of how things work is different after the tab character when defining a target:
This is a common mistake, but also can be shown in this example - which works: https://gist.github.com/monokrome/24e1c739b93a72ba5ef35b961b945e6c
It just means that someone forgot to quote filenames in the areas of the Makefile which define the target. This is not only a common mistake, but another great reason not to use spaces in filenames!
I guess now that we’ve come full circle and for some reason think having a space is a good idea, we could again say - “well, a null character solves that too!”. The new problem we’ve created is now unidentified AND potentially nebulous, because adding another character to think about is going to cause issues somewhere.
One example issue that I can think of and believe would be very common if something adopted this idea is that the benefit of the words you’ve accidentally introduced a much bigger issue when someone working on your code doesn’t realize that’s a non-breaking space character and rewrites the line to be a space.
What is the value that the space is even adding? Is it considered aesthetically pleasing? I don’t think so, and maybe I’m biased by that, but it’s hard for me to accept that the benefits don’t outweigh the cons here.
-
-
-
-
Can we not post scuttlebutt on twitter from a thread in the dedicated SomethingAwful technology shitposting forum?
how many comments of yours do you think are policing what people post here? 10%, 20%? Before you respond with something along the lines of “eternal september” or “hacker news” just know I’ve lurked at HN for almost as long as its been around and I had a computer in the late 80s.
It is kind of a garbage source. friendlysock is doing people a favor by pointing that out, and I wish I’d read his comment before I read the thread.
If you have any evidence that any of these claims are untrue (a rebuttal from Musk, Tesla, etc.), please share it with us.
Legal systems generally (not the French) go with innocent until proven guilty for a reason. CEOs would not have a lot of time in the day if they had to personally prove every accusation made against them or their company.
Funny, he seems to have time to respond to random twitter accounts all day.
Obviously means regular boring old CEOs, not the visionary ones aimed at Mars…
Taking your jab at French jurisprudence seriously, what do you mean by that? Is this some recent court case?
Because France basically invented the modern Continental legal framework (well, Napoleon overhauled the ancient Roman system) which is used all over Europe (and beyond!) today.
Sure, it is a well known fact that France is the European Guantanamo. 😏
I don’t think Tesla as a corporate entity or Musk as a private individual / CEO will dignify this source with any sort of acknowledgement. That’s a PR no-no.
However, if a personal actually trained in ferreting out the truth and presenting it in a verifiable manner (these people are usually employed as journalists) were to pull on this thread, who knows where it might lead?
The standards of evidence in most places, including science, are that you present evidence for your claims since (a) you should already have it and (b) it saves readers time. Bullshit spreads fast as both media and Facebook’s experiment show. Retractions and thorough investigations often don’t make it to same audience. So, strong evidence for source’s identity or claims should be there by default. It’s why you often see me citing people as I make controversial claims to give people something to check them with.
There’s nothing surprising about the employee’s claims. It’s like asking for evidence that Google spies on users. They admit to it, and so does Tesla. So there’s your evidence, and I think it’s sad that you’re taking these trolls here seriously.
Thanks for the link. Key point:
“Every Tesla has GPS tracking that can be remotely accessed by the owner, as well as by Tesla itself. That means that people will always know where a Tesla is. This feature can be turned off, by entering the car and turning off the remote access feature. I am not sure why you would want to do this, but you can. Unfortunately, there are ways for a thief to turn off the remote access feature, and this will blind you to the specific information about the car. It will not stop Tesla from being able to track the car. They will retain that type of access no matter what, and have the authority to use it in the instances of vehicle theft.”
re taking trolls seriously. We’re calling you out about posting more unsubstantiated claims via Twitter. If your goal is getting info out, then you will always achieve it by including links like you gave me in the first place. Most people aren’t going to endlessly dig to verify stuff people say on Twitter. They shouldn’t since the BS ratio is through the roof. Also, that guy didn’t just make obvious claims like they could probably track/access the vehicle: he made many about their infrastructure and management that weren’t as obvious or verifiable. He also made them on a forum celebrated for trolling. So, yeah, links are even more helpful here.
But the point isn’t to even say that everything written here is true. The point is to share a very interesting data point that likely constitutes primary source material, and force a reaction from Tesla to stop their dangerous practices (or offer them a chance to set the record straight if any of this is untrue, which we’ve established is unlikely).
“Dangerous” compared to what? Force how?
Low-effort regurgitation of screencaps is not some big act of rebellion, it is just a way of lowering quality and adding noise.
If we wanted to read fiction we could go enjoy the sister Lobster site devoted to that activity.
Being a troll is “a way of lowering quality and adding noise”.
Which is why several people are asking you to stop it.
Is there any evidence your tweets or Lobsters submissions have changed security or ethical practices of a major company?
If not, then that’s either not what you’re doing here or you should be bringing that content to Tesla’s or investors’ attention via mediums they look at. It’s just noise on Lobsters.
I agree with you in general, but this specific “article” is just garbage. (As far as I’m concerned, Twitter in general should be blacklisted from lobste.rs. Anything there is either content-free or so inconvenient to read as to be inaccessible.)
I agree. I did at least learn from your link that Arnnon Geshuri, Vice President of HR at Tesla, was a senior one at Google that some reports said was involved in the price fixing and abusive retention of labor here. That’s a great hire if your an honest visionary taking care of employees who enable your world-changing vision. ;)