1. 5

    My wife accepted a job in The Netherlands, so we are moving back to NL after five years in Germany. We are both really looking forward to moving back and to the new apartment. Our 4 year old daughter is also pretty excited about the move (moving closer to grandparents) and starts to practice Dutch more.

    We are have been packing the last few days and will continue throughout the weekend (won’t have much time the last 2.5 weeks at work).

    We are not moving the furniture, turns out that it is cheaper to repurchase all the furniture than to use a moving company.

    1. 3

      🇳🇱 🧀 ❤️

    1. 4

      More Elixir learning / hacking! Anyone else doing this?

      I am thinking about a project that could map well to it. But I am very far away from even putting together a simple application. Learning Elixir, Phoenix and Ecto.

      Also, family time :-)

      1. 1

        I also occasionally spend time learning Elixir! Would love to collaborate on some hack!

      1. 2

        Could one store the IP address of the initial request that causes you to generate a JWT in the token itself? Then you can validate that the current request comes from the same IP. If they’re different, then force them to log in again from their current IP.

        The user would need to re-login if they turn on a VPN or change locations, but that’s a small price to pay if that reduces the possibility for certain types of attacks. I’m definitely not a security expert, but working on a fairly sensitive app where a breach would be bad for a user. The fact that I haven’t seen this suggested next to more complex safeguards makes me think there’s a fundamental flaw in it that I’m just not thinking of.

        1. 5

          IPs aren’t a great factor to base stuff like this one, although that’s a good idea.

          I think what’s better is something like token binding (https://datatracker.ietf.org/wg/tokbind/documents/) which is a way to pin a certain token to a specific TLS session. This way you have some basic guarantees. But in the real world things are sorta messy =p

          1. 2

            Most home users would have to re log in every day. Services that tie my login to an IP address piss me off so much because they are constantly logging me out.

            1. 2

              The fact that I haven’t seen this suggested next to more complex safeguards makes me think there’s a fundamental flaw in it that I’m just not thinking of.

              It’s not a safe presumption that a users requests will always come from the same IP - even from request to request. Their internet access could be load balanced or otherwise change due to factors like roaming.

              1. 1

                Yeah that is also a common technique for cookies. If the remote IP changes you can invalidate the cookie.

              1. 6

                TLDR: The laptop was not tampered with.

                Still a good read though :-)

                1. 16

                  That he knows of.

                  1. 5

                    It’s impossible to prove… :)

                    1. 5

                      For sure haha. One can do better than he did, though.

                      For one, he can block evil maid style attacks very cheaply. I’ve done plenty of tamper-evident schemes for that stuff. You can at least know if they opened the case. From there, one can use analog/RF profiling of the devices to detect chip substitutions. It requires specialist, time-consuming skills or occasional help of a specialist to give you black box method plus steps to follow for device they already profiled.

                      The typical recommendation I gave, though, was to buy a new laptop in-country and clear/sell it before you leave. This avoids risks at border crossings where they can legally search or might sabotage devices. Your actual data is retrievable over a VPN after you put Linux/BSD on that sucker. Alternatively, you use it as a thin client for a real system but latencies could be too much for that.

                      So, there’s a few ideas for folks looking into solving this problem.

                      1. 3

                        This (and the original article) are a techno solutions to a techno problem that doesn’t really exist.

                        If you’re a journo doing this, they will look at your visa and say, you claim to be a journalist, but you have no laptop, we don’t believe you, entry denied.

                        I’m pretty sure even a very open country like NZ will do this to you. (If you claim not to be a journalist and start behaving as one, again, violating your visa conditions (ie working not visiting, out you go).

                        As to spying on what you have on an encrypted drive….. rubber hose code breaking sorts that out pretty quick.

                        I grew up in the Very Bad Old days and tend to have a very dim view of the technical abilities, patience and human kindness of the average spook.

                        1. 2

                          I got the idea from people doing it. They werent journalists, though. The other thing people did which might address that problem is take boring laptops with them. They have either nothing interesting or some misinformation. Nothing secret happens on it during trip. Might even use it for non-critical stuff like youtube just so its different when they scan it on return.

                  2. 5

                    TLDR: The laptop was not tampered with in a way he’s foreseen.

                    To just say the laptop was not tampered with is missing his point completely.

                  1. 4

                    It only supports GET requests and it is hardcoded to forward incoming DNS requests to 127.0.0.1:53. This means you need to have a DNS server running on the machine where you run this service.

                    Hey, for a moment I thought this makes no sense. But of course this is to be run on a server, not all on localhost 🤦‍

                    Neat side project!

                    1. 3

                      I fixed that! Current version does POST too now.

                    1. 4

                      I was surprised to hear they were advertising there in the first place…

                      Would be nice if they would take it one step further and block all things FB by default unless you explicitly browse to facebook.com yourself.

                      1. 2

                        Pretty sure that Tracking Protection already kills Like buttons.

                      1. 10

                        All good reasons, IMO. But it fails to mention any of the well-known problems with C, which would have prevented many vulnerabilities in SQLite. So it reads like they’re just trying to justify their choice, rather than an honest assessment of C. I don’t know what the intention or purpose of this page is, though. And to be fair, I would probably have made the same choice in 2000.

                        1. 40

                          I don’t know what the intention or purpose of this page is

                          Probably to stop people asking why it’s not written in Rust.

                          1. 14

                            Since it mentions Java but not Go or Rust, I suspect it’s an older page.

                            1. 25

                              That’s the beauty of C, it refutes all future languages without having to be recompiled.

                              1. 1

                                It mentions Swift, too.

                                  1. 1

                                    Yeah, looking at the parent page, it appears it showed up sometime in 2017. I was mislead by the mention of Java as an alternative, because I think it’s rather obviously unsuited for this job.

                              2. 4

                                I tried finding a list of vulnerabilities in SQLite and only this page gave current info. Now, I’m unfamiliar with CVE stats so I don’t know if 15 CVE’s in 8 years is more than average for a project with the codebase and use of SQLite.

                                1. 7

                                  […] I don’t know if 15 CVE’s in 8 years is more than average for a project with the codebase and use of SQLite.

                                  I don’t know either! I looked at the same page before writing my comment, and found plenty of things that don’t happen in memory-safe languages. There were fewer entries than I expected, but also some of them have descriptions like “Multiple buffer overflows […],” so the number of severe bugs seems to be higher than the number of CVEs.

                                  1. 7

                                    The 4 in 2009 appear to have been in some web app that used SQLite, not SQLite itself.

                                    1. 4

                                      The security community generally considers CVE counts a bad mechanism to argue about the security of a project, for the following reasons:

                                      Security research (and thus vulnerability discovery) are driven by incentives like popularity, impact and monetary gain. This makes some software more attractive to attack, which increases the amount of bugs discovered, regardless of the security properties of the codebase. It’s also hard to find another project to compare with.

                                      (But if I were to join this game, I’d say 15 in 8 years is not a lot ;))

                                    2. 1

                                      15 vulnerabilities of various levels in the past 10 years.

                                      https://www.cvedetails.com/vendor/9237/Sqlite.html

                                      How does that compare to other products or even similar complicated libraries?

                                    1. 3

                                      This looks great. Is this library being written to be part of some large application?

                                      1. 8

                                        I’ve written ZeroMQ and nanomsg once. This is part of my years-long project to make writing such applications tractable. And by that I mean being able to write them without falling into either callback hell or state machine hell.

                                        1. 2

                                          On that topic, what is the status of Nanomsg? Is libdill your main focus, or do you grow these projects in parallel? I’ve watched this projects without using them in practice, but I really like the approach of trying to find the right abstractions and patterns for expressive and efficient network programming.

                                          1. 1

                                            Banal question; libdill? why not just use go?

                                        1. 1

                                          As a developer who moved from Linux to the macOS platform, this made me think about how many non-native apps I use as replacements for the Apple version. The obvious ones I’m thinking of:

                                          • Alfred instead of Spotlight
                                          • iTerm2 instead of Terminal
                                          • Dropbox instead of iCloud
                                          • Chrome instead of Safari
                                          • Gmail instead of Mail
                                          • Google Maps instead of Maps
                                          • VLC instead of iMovie
                                          • Spotify instead of iTunes
                                          • Signal instead of Messages

                                          &c. This surely isn’t a good trend for Apple to allow to continue.

                                          1. 13

                                            That’s not what’s meant by “native” in this case. Alfred, iTerm, Dropbox, Chrome, and VLC are native. Spotify is Electron, and I’m not sure about Signal. I’m guessing it’s probably a native app that does most of its UI in a WebView.

                                            1. 5

                                              Signal for Desktops is Electron.

                                              1. 2

                                                As it might be useful to describe what is meant by native, it means something on a spectrum between “using the platform-supplied libraries and UI widgets”, i.e. Cocoa and “not a wrapped browser or Electron app”, so it’s not clear whether an application using the Qt framework would be considered “native”. It could be delivered through the App Store and subject to the sandbox restrictions, so fits the bill for a “native” app in the original post, but it would also not be using the native platform features which are presumably seen as Apple’s competitive advantage for the purpose of the same post.

                                                1. 2

                                                  I’d call QT native. It doesn’t use the native widgets, but then neither do most applications that are available on multiple platforms.

                                                  1. 2

                                                    It may be native, but it’s not Mac-native in the sense Gruber was talking about. You will find that all three uses of “native” in his article appear as “native Cocoa apps” or “native Mac apps”. He is talking about a quite specific sense of native: apps that integrate seamlessly with all of the MacOS UI conventions (services, system-wide text substitutions, native emoji picker, drag & drop behaviours, proxy icons, and a myriad more). Qt apps do not.

                                              2. 5

                                                Why is it not a good trend? You are still using a Mac .. they sold you the hardware. Should they care about what apps you run?

                                                1. 3

                                                  Apps with good experiences that aren’t available on other platforms keep users around. Third-party iOS apps do a better job of moving iPhones than anything else Apple does, because people who already have a pile of iOS apps they use generally buy new iPhones.

                                                  Electron is just the latest in a long series of cross-platform app toolkits, and it has the same problems that every other one has had: look & feel, perceived inefficiency, and for the OS vendor, doesn’t provide a moat.

                                                  1. 1

                                                    Counterpoint, their apps have always been limited and really for people who weren’t willing to learn and use more robust tooling. I mean how many professionals use iMovie.

                                                    1. 1

                                                      iMovie is a good example. I’m guessing a lot of us prefer VLC.

                                                  2. 1

                                                    It’s good for the end user but not a good trend for their business model, part of which is to have best-in-class apps. Don’t get me wrong, I like having choice and I think they shouldn’t force you into their own app ecosystem.

                                                1. 6

                                                  I think the faulty assumption is that the happiness of users and developers is more important to the corporate bottom line than full control over the ecosystem.

                                                  Linux distributions have shown for a decade that providing a system for reliable software distribution while retaining full user control works very well.

                                                  Both Microsoft and Apple kept the first part, but dropped the second part. Allowing users to install software not sanctioned by them is a legacy feature that is removed – slowly to not cause too much uproar from users.

                                                  Compare it to the time when Windows started “phoning home” with XP … today it’s completely accepted that it happens. The same thing will happen with software distributed outside of Microsoft’s/Apple’s sanctioned channels. (It indeed has already happened on their mobile OSes.)

                                                  1. 8

                                                    As a long-time Linux user and believer in the four freedoms, I find it hard to accept that Linux distributions demonstrate “providing a system for reliable software distribution while retaining full user control works very well”. Linux distros seems to work well for enthusiasts and places with dedicated support staff, but we are still at least a century away from the year of Linux on the desktop. Even many developers (who probably have some overlap with the enthusiast community) have chosen Macs with unreliable software distribution like Homebrew and incomplete user control.

                                                    1. 2

                                                      I agree with you that Linux is still far away from the year of Linux on the desktop, but I think it is not related to the way Linux deals with software distribution.

                                                      There are other, bigger issues with Linux that need to be addressed.

                                                      In the end, the biggest impact on adoption would be some game studios releasing their AAA title as a Linux-exclusive. That’s highly unlikely, but I think it illustrates well that many of the factors of Linux’ success on the desktop hinge on external factors which are outside of the control of users and contributors.

                                                      1. 2

                                                        All the devs I know that use mac use linux in some virtualisation options instead of homebrew for work. Obviously thats not scientific study by any means.

                                                        1. 8

                                                          I’ll be your counter example. Homebrew is a great system, it’s not unreliable at all. I run everything on my Mac when I can, which is pretty much everything except commercial Linux-only vendor software. It all works just as well, and sometimes better, so why bother with the overhead and inconvenience of a VM? Seriously, why would you do that? It’s nonsense.

                                                          1. 4

                                                            Maybe a VM makes sense if you have very specific wishes. But really, macOS is an excellent UNIX and for most development you won’t notice much difference. Think Go, Java, Python, Ruby work. Millions of developers probably write on macOS and deploy on Linux. I’ve been doing this for a long time and ‘oh this needs a Linux specific exception’ is a rarity.

                                                            1. 4

                                                              you won’t notice much difference.

                                                              Some time ago I was very surprised that hfs is not case sensitive (by default). Due to a bad letter-case in an import my script would fail on linux (production), but worked on mac. Took me about 30 minutes to figure this out :)

                                                              1. 3

                                                                You can make a case sensitive code partition. And now with APFS, partitions are continuously variable size so you won’t have to deal with choosing how much goes to code vs system.

                                                                1. 1

                                                                  A case sensitive HFS+ slice on a disk image file is a good solution too.

                                                                2. 2

                                                                  Have fun checking out a git repo that has Foo and foo in it :)

                                                                  1. 2

                                                                    It was bad when microsoft did it in VB, and it’s bad when apple does it in their filesystem lol.

                                                                3. 2

                                                                  Yeah definitely. And I’ve found that accommodating two platforms where necessary makes my projects more robust and forces me to hard code less stuff. E.g. using pkg-config instead of yolocoding path literals into the build. When we switched Linux distros at work, all the packages that worked on MacOS and Linux worked great, and the Linux only ones all had to be fixed for the new distro. 🙄

                                                                4. 2

                                                                  I did it for awhile because I dislike the Mac UI a lot but needed to run it for some work things. Running in a full screen VM wasn’t that bad. Running native is better, but virtualization is pretty first class at this point. It was actually convenient in a few ways too. I had to give my mac in for repair at one point, so I just copied the VM to a new machine and I was ready to run in minutes.

                                                                  1. 3

                                                                    I use an Apple computer as my home machine, and the native Mac app I use is Terminal. That’s it. All other apps are non-Apple and cross-platform.

                                                                    That said, MacOS does a lot of nice things. For example, if you try to unmount a drive, it will tell you what application is still using it so you can unmount it. Windows (10) still can’t do that, you have to look in the Event viewer(!) to find the error message.

                                                                    1. 3

                                                                      In case it’s unclear, non-Native means webapps, not software that doesn’t come preinstalled on your Mac.

                                                                      1. 3

                                                                        It is actually pretty unclear what non-Native here really means. The original HN post is about sandboxed apps (distributed through the App Store) vs non-sandboxed apps distributed via a developer’s own website.

                                                                        Even Gruber doesn’t mention actual non-Native apps until the very last sentence. He just talks/quotes about sandboxing.

                                                                        1. 3

                                                                          The second sentence of the quoted paragraph says:

                                                                          Cocoa-based Mac apps are rapidly being eaten by web apps and Electron pseudo-desktop apps.

                                                                    2. 1

                                                                      full-screen VM high-five

                                                                    3. 1

                                                                      To have environment closer to production I guess (or maybe ease of installation, dunno never used homebrew). I don’t have to use mac anymore so I run pure distro, but everyone else I know uses virtualisation or containers on their macs.

                                                                      1. 3

                                                                        Homebrew is really really really easy. I actually like it over a lot of Linux package managers because it first class supports building the software with different flags. And it has binaries for the default flag set for fast installs. Installing a package on Linux with alternate build flags sucks hard in anything except portage (Gentoo), and portage is way less usable than brew. It also supports having multiple versions of packages installed, kind of half way to what nix does. And unlike Debian/CentOS it doesn’t have opinions about what should be “in the distro,” it just has up to date packages for everything and lets you pick your own philosophy.

                                                                        The only thing that sucks is OpenSSL ever since Apple removed it from MacOS. Brew packages handle it just fine, but the python package system is blatantly garbage and doesn’t handle it well at all. You sometimes have to pip install with CFLAGS set, or with a package specific env var because python is trash and doesn’t standardize any of this.

                                                                        But even on Linux using python sucks ass, so it’s not a huge disadvantage.

                                                                        1. 1

                                                                          Installing a package on Linux with alternate build flags sucks hard in anything except portage

                                                                          You mention nix in the following sentence, but installing packages with different flags is also something nix does well!

                                                                          1. 1

                                                                            Yes true, but I don’t want to use NixOS even a little bit. I’m thinking more vs mainstream distro package managers.

                                                                          2. 1

                                                                            For all its ease, homebrew only works properly if used by a single user who is also an administrator who only ever installs software through homebrew. And then “works properly” means “install software in a global location as the current user”.

                                                                            1. 1

                                                                              by a single user who is also an administrator

                                                                              So like a laptop owner?

                                                                              1. 1

                                                                                A laptop owner who hasn’t heard that it’s good practice to not have admin privileges on their regular account, maybe.

                                                                            2. 1

                                                                              But even on Linux using python sucks ass, so it’s not a huge disadvantage.

                                                                              Can you elaborate more on this? You create a virtualenv and go from there, everything works.

                                                                              1. 2

                                                                                It used to be worse, when mainstream distros would have either 2.4 or 2.6/2.7 and there wasn’t a lot you could do about it. Now if you’re on python 2, pretty much everyone is 2.6/2.7. Because python 2 isn’t being updated. Joy. Ruby has rvm and other tools to install different ruby versions. Java has a tarball distribution that’s easy to run in place. But with python you’re stuck with whatever your distro has pretty much.

                                                                                And virtualenvs suck ass. Bundler, maven / gradle, etc. all install packages globally and let you exec against arbitrary environments directly (bundle exec, mvn exec, gradle run), without messing with activating and deactivating virtualenvs. Node installs all it’s modules locally to a directory by default but at least it automatically picks those up. I know there are janky shell hacks to make virtualenvs automatically activate and deactivate with your current working directory, but come on. Janky shell hacks.

                                                                                That and pip just sucks. Whenever I have python dependency issues, I just blow away my venv and rebuild it from scratch. The virtualenv melting pot of files that pip dumps into one directory just blatantly breaks a lot of the time. They’re basically write once. Meanwhile every gem version has it’s own directory so you can cleanly add, update, and remove gems.

                                                                                Basically the ruby, java, node, etc. all have tooling actually designed to author and deploy real applications. Python never got there for some reason, and still has a ton of second rate trash. The scientific community doesn’t even bother, they use distributions like Anaconda. And Linux distros that depend on python packages handle the dependencies independently in their native package formats. Ruby gets that too, but the native packages are just… gems. And again, since gems are version binned, you can still install different versions of that gem for your own use without breaking anything. Python there is no way to avoid fucking up the system packages without using virtualenvs exclusively.

                                                                                1. 1

                                                                                  But with python you’re stuck with whatever your distro has pretty much.

                                                                                  I’m afraid you are mistaken, not only distros ship with 2.7 and 3.5 at same time (for years now) it is usually trivial to install newer version.

                                                                                  let you exec against arbitrary environments directly (bundle exec, mvn exec, gradle run), without messing with activating and deactivating virtualenvs

                                                                                  You can also execute from virtualenvs directly.

                                                                                  Whenever I have python dependency issues, I just blow away my venv and rebuild it from scratch.

                                                                                  I’m not sure how to comment on that :-)

                                                                                  1. 1

                                                                                    it is usually trivial to install newer version

                                                                                    Not my experience? How?

                                                                                    1. 1

                                                                                      Usually you have packages for all python versions available in some repository.

                                                                      2. 2

                                                                        Have they chosen Macs or have they been issued Macs? If I were setting up my development environment today I’d love to go back to Linux, but my employers keep giving me Macs.

                                                                        1. 3

                                                                          Ask for a Linux laptop. We provide both.

                                                                          I personally keep going Mac because I want things like wifi, decent power management, and not having to carefully construct a house of cards special snowflake desktop environment to get a useable workspace.

                                                                          If I used a desktop computer with statically affixed monitors and an Ethernet connection, I’d consider Linux. But Macs are still the premier Linux laptop.

                                                                          1. 1

                                                                            At my work place every employee is given a Linux desktop and they have to do a special request to get a Mac or Windows laptop (Which would be in addition to their Linux desktop).

                                                                        2. 3

                                                                          Let’s be clear though, what this author is advocating is much much worse from an individual liberty perspective than what Microsoft does today.

                                                                          1. 4

                                                                            Do you remember when we all thought Microsoft were evil for bundling their browser and media player? Those were good times.

                                                                        1. 3

                                                                          What are your favorite videos?

                                                                          1. [Comment removed by author]

                                                                            1. 7

                                                                              Are you saying you’d stop using Firefox because of default “sponsored content” in New Tab?

                                                                              It’s pretty easy to turn that off, just like all the other New Tab content. The article even links detailed instructions.

                                                                              Or is it a matter of principle for you? How do you suppose Mozilla should make money?

                                                                              1. 5

                                                                                It is not “sponsored content” - that concept does not exist in Firefox. Nobody is paying Mozilla to show specific content on New Tab.

                                                                                1. [Comment removed by author]

                                                                                  1. 2

                                                                                    There are no ads in Firefox. Why did you think there are?

                                                                                    1. 4

                                                                                      There absolutely are—or were until fairly recently—ads in unfilled tiles on the new tab page. Here’s an example support forum thread asking how to get rid of them.

                                                                                      1. 4

                                                                                        That was two years ago and that feature was completely dropped.

                                                                                  2. 2

                                                                                    How do you suppose Mozilla should make money?

                                                                                    Should Mozilla make money? Should one of the most important applications in modern-day computing be produced by a company that is incentivized to produce a profit?

                                                                                    1. 6

                                                                                      Mozilla corp is not incentivized to produce a profit, it is quite openly their goal to “just” keep the lights on. But that already needs quite a bit of cash. That’s a huge difference.

                                                                                      Mozilla corp is for-profit, as for certain legal reasons, producing software is not 501(c)3 compatible. It’s a very usual setup.

                                                                                      Yes, Mozilla should make money. Otherwise, they’d shut down.

                                                                                      1. 2

                                                                                        Mozilla is a non-profit, so no, they don’t have to make money. But the people who work for Mozilla don’t work for free. You can’t build a product like Firefox purely on volunteers, so Mozilla should at least be able to pay their workforce.

                                                                                        They can’t keep up with the rest of the world and provide a quality, free software alternative browser without money.

                                                                                        If you think the work Mozilla does is valuable (I do!) and feel like they should stay away from alternative monetization methods (I do!), you should consider donating to Mozilla so that they don’t have to find other ways of funding development.

                                                                                    2. 3

                                                                                      Does it have to be libre? If not, Vivaldi is an excellent web browser that believes in making easy things easy and customization easy. It’s the spiritual successor to Opera 12, which was the pinnacle of browser experiences.

                                                                                      1. 3

                                                                                        what do you mean? they even have prebuilt images for all major platforms. On MacOS, you can install it from Homebrew as well (brew cask install qutebrowser).

                                                                                        1. 1

                                                                                          What do you do about plugins? I miss a few plugins from Chrome when I tried out qutebrowser, primarily my RSS feed monitoring one as well as my usenet one.

                                                                                          The other big one I miss is Join, but that’s sort of a separate thing in terms of how “encompassing” it is.

                                                                                          1. 1

                                                                                            I just installed qutebrowser too. That is just brilliant. Thanks for linking - I remember stories coming about it before but never made the effort to try it out, but now I can see it becoming pretty regular.

                                                                                          1. 1

                                                                                            In 2018 there is no excuse to not use HTTPs. Period.

                                                                                            1. 2

                                                                                              How about to install the list of certificate authorities to trust and ntpd so you can get the right time (both needed for https)?

                                                                                            1. 16

                                                                                              If folks actually read this story Firefox is working pretty hard to make this a non invasive, non privacy compromising feature change, and they’re also opening themselves up for public comment.

                                                                                              Consider voicing your objections rather than simply jumping ship. Having a viable open source option is important for the web ecosystem IMO.

                                                                                              1. 15

                                                                                                If folks actually read this story Firefox is working pretty hard to make this a non invasive, non privacy compromising feature change, and they’re also opening themselves up for public comment.

                                                                                                i just want a freaking browser engine with the possibility of enhancements via extensions. i don’t want to turn off magick features. i just want a browser which displays websites. the new firefox engine is really great, but i fear that now they slowly fill firefox with crappy features until its slow again.

                                                                                                1. 3

                                                                                                  What happens on the “New Tab page has zero effect on page load times. If you don’t like what the New Tab page looks like, customize it. Some of your options are:

                                                                                                  • set it to blank
                                                                                                  • install an extension that takes over
                                                                                                  • customize the current experience

                                                                                                  For the last option, click the little gear icon in the top right and you should see this https://imgur.com/a/1p47a where you can turn off any section that you don’t like.

                                                                                                  1. 7

                                                                                                    yes, i know. i still don’t want these features shipped and active by default. if i want pocket, i could install it as extension. heck, i wouldn’t mind if they said “hey, we have this great extension named pocket, care to try it out?” on their default new page, with a link to install it. but not shipped by default.

                                                                                                    1. 4

                                                                                                      What happens on the “New Tab page has zero effect on page load times.

                                                                                                      I don’t care so much about page load times; sites which care are already fast (e.g. no JS BS), whilst those which don’t will soon bloat up to offset any increase in browser performance.

                                                                                                      My main complaints with Pocket/Hello/Looking Glass/pdf.js/etc. are code bloat, install size, added complexity, attack surface, etc.

                                                                                                      1. 1

                                                                                                        You can’t do that on mobile.

                                                                                                  1. 1

                                                                                                    Firefox for iOS.

                                                                                                    1. 1

                                                                                                      Can anyone comment on the stability of this board? It has a pretty good price. Is anyone running BSD or Linux on it?

                                                                                                      1. 3

                                                                                                        I am still working on rendering performance in my Apple ][ emulator. I need to get things fast enough so that it will run at a decent speed on a Raspberry Pi Zero.

                                                                                                        This is a side project. Mostly evening and weekend hacking.

                                                                                                        https://github.com/st3fan/ewm

                                                                                                        1. 3

                                                                                                          Bitwise operations in Lua are a bit of a pain unfortunately. I will probably introduce a more convenient API to access 16 bit values.

                                                                                                          Maybe you could just update to Lua 5.3, which has bitwise operators.

                                                                                                          I am curious why you went with 5.2 in the first place. Maybe in prevision for LuaJIT?

                                                                                                          1. 3

                                                                                                            For what it’s worth, LuaJIT includes the Lua BitOp module. BitOp is also available as a standard C module for Lua 5.1/5.2, so you can get a consistent API and semantics across both implementations. I have only used it very briefly, but it seems to be working rather well.

                                                                                                            1. 4

                                                                                                              It is the same kind of API as bit32, unfortunately. The advantage of operators is that instead of this:

                                                                                                              v = bit32.bor(cpu.memory[0xfffc], bit32.lshift(cpu.memory[0xfffd], 8))
                                                                                                              

                                                                                                              you write this:

                                                                                                              v = cpu.memory[0xfffc] | cpu.memory[0xfffd] << 8
                                                                                                              
                                                                                                              1. 2

                                                                                                                I’m on 5.2 (and soon even 5.1) indeed so that i can give LuaJIT a try. If that does not work out or if the speed improvements are not worth it then I will probably just move to 5.3.

                                                                                                          1. 5

                                                                                                            Please stop writing “please stop X” blog posts.

                                                                                                            1. 2

                                                                                                              I’m worried this is yet another attack vector against 1P, and provides easier key export for attackers that gain access to your command line.

                                                                                                              1. 1

                                                                                                                What is the other attack vector?