1. 1

    How does it compare to pihole?

    1. 2

      Pi-hole combines lists from multiple sources, and has some pretty stats and a UI to configure it. So overall it’s a much more complete product.

    1. 3

      You can also use my list in unbound format:

      1. 3

        I find it ironic that this article complaining about overcomplication of web sites, uses 146 requests to render, to 6 different hosts, which when saved to disk results in 1.56 MB of data.

        1. 3

          I don’t know why “NO” was capitalised there. I mean, that’s not exactly welcoming in itself.

          Also:

          Apparently, even after a maintainer’s NO, there can be space for further conversation and clarification

          “Apparently”? I’m really not getting a welcoming vibe.

          1. 9

            I’ve seen a few posts about Slack’s backend engineering. I’m normally interested in stuff like this, but honestly, their frontend client is so slow - so frustratingly slow - that I never read them. I wish they’d get it sorted out, I mean it’s truly abysmal.

            1. 3

              This is an excellent post, great engineering work. I’m bookmarking it to send to people who do sloppy roll-outs. I highly recommend you read it even if you don’t like the client.

              1. 1

                I’ve never really experienced it being that slow. When do you find it slow?

                1. 3

                  All the time. This is on fairly crappy hardware, mind, but still, compared to almost all other applications on my system it’s incredibly sluggish.

                  1. 2

                    I use their desktop app on a pretty fast MBP. Switching between teams is painful, and I have a lot of issues with views being displayed and then updated a few seconds later, which is disorienting.

                    1. 1

                      I tap a push notification from slack on mobile, and it takes >30 seconds to show me the message (on an iPhone 6s, one of the most used devices).

                      1. 1

                        Slack tends to run slow in larger teams. Normally, I’d chalk it up to slower hardware, but I recently started using it on a newer Dell work laptop, and it is very easy for it to get slowed down if you’re doing anything with the rest of the machine.

                        I think the slack desktop front-end really could use a round of performance improvements so that it runs well on hardware that wasn’t literally released this year, or otherwise highly priced.

                        @nhooyr: What is the relative size of the teams you’ve been using it on? How many gifs do they use, how many channels are you usually in?

                    1. 2

                      Does someone know what Amazon Linux is based upon?

                      1. 3

                        Wikipedia says the previous version is based on RHEL, and with the introduction of systemd with AL2, I’d guess they’d stuck with that.

                      1. 11

                        The Reddit thread linked in the GitHub issue is interesting:

                        There are several scary things about this:

                        • Unknown Mozilla developers can distribute addons to users without their permission
                        • Mozilla developers can distribute addons to users without their knowledge
                        • Mozilla developers themselves don’t realise the consequences of doing this
                        • Experiments are not explicitly enabled by users
                        • Opening the addons window reverts configuration changes which disable experiments
                        • The only way to properly disable this requires fairly arcane knowledge Firefox preferences (lockpref(), which I’d never heard of until today)

                        This all gives me a huge lack of confidence in the privacy and security of Firefox.

                        1. 2

                          Absolutely fascinating. Thanks for posting this.

                          1. 2

                            Thanks for conducting the benchmarking Mark! We are excited to be the fastest GPU database again.

                            1. 4

                              Someone get this man a hat.

                            1. 2

                              This tweet has a great summary:

                              I got an extended validation certificate for “Stripe, Inc” but in another state. Can you tell the difference?

                              1. 1

                                Requires malformed file on SPI flash (needs physical access or bug in BIOS)

                                Unfortunately. Still, incredible work.

                                1. 2

                                  Fascinating article. Thanks for posting this. It’s inspired me to do the same.

                                  1. 1

                                    This is a bit more of a product release page than anything else, so maybe release.

                                    Unfortunately, it’s really light on technical details. So, maybe not a great fit. :(

                                    1. 2

                                      Yeah, release is good, thanks. I posted it because I thought people might be interested in signing up for the preview. I’m curious to hear more.

                                      1. 5

                                        Edit: For the record, this is what I’m talking about: https://www.wired.com/story/uber-settles-with-ftc-again-this-time-over-2014-privacy-breach/

                                        After all, it gives the FTC oversight over the company’s privacy and security practices for 20 years.

                                        So much for that, then.

                                        1. 6

                                          If you read the whole thread from start, it gives you an entirely new perspective: 1, 2, 3, 4 and the Linus’ reply - 5

                                          1. 2

                                            Later, he explains why he reacted so strongly in his earlier reply, and apologises:

                                            https://lkml.org/lkml/2017/11/21/315

                                          1. 20

                                            Elsewhere, he also explains why he reacted so strongly in his earlier reply, and apologises:

                                            https://lkml.org/lkml/2017/11/21/315

                                              1. 4

                                                Maybe they meant “already posted”? https://lobste.rs/s/ewyawz/massive_us_military_social_media_spying

                                                There’s not a whole lot of technical content here. “Leaked” is maybe too strong a term, too: no doubt heads are rolling as we speak, but I haven’t seen any evidence that somebody made those S3 buckets public on purpose.

                                                As for the political content, not much news either for those who have been paying attention. But certainly, some lobsters are uncomfortable with bad news of this sort, and will downvote you without explanation. I say shrug it off and keep posting whatever you think is relevant. It’s your site too!

                                                1. 1

                                                  Hey, yeah. That makes sense. I wasn’t too bothered - just curious. Cheers for the reply!

                                              1. 2

                                                Offtopic, but: .horse? Really?

                                                1. 2

                                                  The author got that question on HN and answered as follows:

                                                  The first page I wrote when I was making the site was this one (https://ircdocs.horse/specs/) – and the initial drafts were a fair bit screechier than what’s there now. I wanted people to know that everything on ircdocs is pretty much just my thoughts (as opposed to the more consensus-based approach of IRCv3), and figured the horse TLD would make people take it less seriously.

                                                  Didn’t exactly work out, now that a fair number of devs are using it as a legit protocol reference. Still, gives the site some decent character and makes it memorable :P

                                                  1. 1

                                                    What of it?

                                                    1. 1

                                                      It’s just… weird! In a good way, but… yeah.

                                                  1. 1

                                                    So that’s it, I hope I’ve helped explain why we should use passwords with … combinations of several numbers, symbols and characters

                                                    Unfortunately not. And it’s not recommended.

                                                    https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

                                                    1. 1

                                                      That’s not really a fair criticism since what Troy’s article says is that making people pick passwords with, for example symbols, does not necessarily improve security, e.g. “P@assw0rd” is not much better than “Password”.

                                                      However that doesn’t change the fact that if more symbols are used than just letters the search space that an attacker has to go through is larger.

                                                      The post is from the point of view of what hoops an attacker has to go through to get to a password, and about what developers should do to make that as hard as possible.

                                                      Troy’s post is from the perspective of the user who has to pick a password and how restrictions such as having to use numbers and symbols or not being able to copy and paste do not lead to users picking better passwords.

                                                      1. 2

                                                        Adding characters is far more effective at increasing the state space than expanding the alphabet. For example, assume you have a 10-character alphanumeric password; that’s 62^10 = 59.5 bits of state. If you add some special characters to your alphabet (let’s say eight of them), you’re up to 70^10 = 61.3 bits. If you add a single alphanumeric character, for 11, you now have 62^11 = 65.5 bits.

                                                        Alphabet is, for most intents and purposes, a complete waste of time. Passwords need to be longer and not in known dictionaries. Any other requirement is between useless and actively counterproductive.

                                                        1. 1

                                                          Any other requirement is between useless and actively counterproductive

                                                          It was never suggested that using symbols should be a requirement. The only suggestion in the post regarding this matter is that a password manager should be used.

                                                          Also, there were no suggestions about password lengths other than longer passwords are better than shorter ones, and the more character types the better. All of that is all true irrespectively of the discussion about making symbols in passwords be mandatory.

                                                          I agree that that type of requirement is counter productive, but I don’t see how the post has anything to do with that.

                                                    1. 2

                                                      This really doesn’t have any technical content. It’s Schneier giving an opinion about a news story in-progress.

                                                      1. 1

                                                        I will try and link to a better source, next time.