1. 3

    This looks great. Is this library being written to be part of some large application?

    1. 8

      I’ve written ZeroMQ and nanomsg once. This is part of my years-long project to make writing such applications tractable. And by that I mean being able to write them without falling into either callback hell or state machine hell.

      1. 2

        On that topic, what is the status of Nanomsg? Is libdill your main focus, or do you grow these projects in parallel? I’ve watched this projects without using them in practice, but I really like the approach of trying to find the right abstractions and patterns for expressive and efficient network programming.

        1. 1

          Banal question; libdill? why not just use go?

      1. 1

        As a developer who moved from Linux to the macOS platform, this made me think about how many non-native apps I use as replacements for the Apple version. The obvious ones I’m thinking of:

        • Alfred instead of Spotlight
        • iTerm2 instead of Terminal
        • Dropbox instead of iCloud
        • Chrome instead of Safari
        • Gmail instead of Mail
        • Google Maps instead of Maps
        • VLC instead of iMovie
        • Spotify instead of iTunes
        • Signal instead of Messages

        &c. This surely isn’t a good trend for Apple to allow to continue.

        1. 13

          That’s not what’s meant by “native” in this case. Alfred, iTerm, Dropbox, Chrome, and VLC are native. Spotify is Electron, and I’m not sure about Signal. I’m guessing it’s probably a native app that does most of its UI in a WebView.

          1. 5

            Signal for Desktops is Electron.

            1. 2

              As it might be useful to describe what is meant by native, it means something on a spectrum between “using the platform-supplied libraries and UI widgets”, i.e. Cocoa and “not a wrapped browser or Electron app”, so it’s not clear whether an application using the Qt framework would be considered “native”. It could be delivered through the App Store and subject to the sandbox restrictions, so fits the bill for a “native” app in the original post, but it would also not be using the native platform features which are presumably seen as Apple’s competitive advantage for the purpose of the same post.

              1. 2

                I’d call QT native. It doesn’t use the native widgets, but then neither do most applications that are available on multiple platforms.

                1. 2

                  It may be native, but it’s not Mac-native in the sense Gruber was talking about. You will find that all three uses of “native” in his article appear as “native Cocoa apps” or “native Mac apps”. He is talking about a quite specific sense of native: apps that integrate seamlessly with all of the MacOS UI conventions (services, system-wide text substitutions, native emoji picker, drag & drop behaviours, proxy icons, and a myriad more). Qt apps do not.

            2. 5

              Why is it not a good trend? You are still using a Mac .. they sold you the hardware. Should they care about what apps you run?

              1. 3

                Apps with good experiences that aren’t available on other platforms keep users around. Third-party iOS apps do a better job of moving iPhones than anything else Apple does, because people who already have a pile of iOS apps they use generally buy new iPhones.

                Electron is just the latest in a long series of cross-platform app toolkits, and it has the same problems that every other one has had: look & feel, perceived inefficiency, and for the OS vendor, doesn’t provide a moat.

                1. 1

                  Counterpoint, their apps have always been limited and really for people who weren’t willing to learn and use more robust tooling. I mean how many professionals use iMovie.

                  1. 1

                    iMovie is a good example. I’m guessing a lot of us prefer VLC.

                2. 1

                  It’s good for the end user but not a good trend for their business model, part of which is to have best-in-class apps. Don’t get me wrong, I like having choice and I think they shouldn’t force you into their own app ecosystem.

              1. 6

                I think the faulty assumption is that the happiness of users and developers is more important to the corporate bottom line than full control over the ecosystem.

                Linux distributions have shown for a decade that providing a system for reliable software distribution while retaining full user control works very well.

                Both Microsoft and Apple kept the first part, but dropped the second part. Allowing users to install software not sanctioned by them is a legacy feature that is removed – slowly to not cause too much uproar from users.

                Compare it to the time when Windows started “phoning home” with XP … today it’s completely accepted that it happens. The same thing will happen with software distributed outside of Microsoft’s/Apple’s sanctioned channels. (It indeed has already happened on their mobile OSes.)

                1. 8

                  As a long-time Linux user and believer in the four freedoms, I find it hard to accept that Linux distributions demonstrate “providing a system for reliable software distribution while retaining full user control works very well”. Linux distros seems to work well for enthusiasts and places with dedicated support staff, but we are still at least a century away from the year of Linux on the desktop. Even many developers (who probably have some overlap with the enthusiast community) have chosen Macs with unreliable software distribution like Homebrew and incomplete user control.

                  1. 2

                    I agree with you that Linux is still far away from the year of Linux on the desktop, but I think it is not related to the way Linux deals with software distribution.

                    There are other, bigger issues with Linux that need to be addressed.

                    In the end, the biggest impact on adoption would be some game studios releasing their AAA title as a Linux-exclusive. That’s highly unlikely, but I think it illustrates well that many of the factors of Linux’ success on the desktop hinge on external factors which are outside of the control of users and contributors.

                    1. 2

                      All the devs I know that use mac use linux in some virtualisation options instead of homebrew for work. Obviously thats not scientific study by any means.

                      1. 8

                        I’ll be your counter example. Homebrew is a great system, it’s not unreliable at all. I run everything on my Mac when I can, which is pretty much everything except commercial Linux-only vendor software. It all works just as well, and sometimes better, so why bother with the overhead and inconvenience of a VM? Seriously, why would you do that? It’s nonsense.

                        1. 4

                          Maybe a VM makes sense if you have very specific wishes. But really, macOS is an excellent UNIX and for most development you won’t notice much difference. Think Go, Java, Python, Ruby work. Millions of developers probably write on macOS and deploy on Linux. I’ve been doing this for a long time and ‘oh this needs a Linux specific exception’ is a rarity.

                          1. 4

                            you won’t notice much difference.

                            Some time ago I was very surprised that hfs is not case sensitive (by default). Due to a bad letter-case in an import my script would fail on linux (production), but worked on mac. Took me about 30 minutes to figure this out :)

                            1. 3

                              You can make a case sensitive code partition. And now with APFS, partitions are continuously variable size so you won’t have to deal with choosing how much goes to code vs system.

                              1. 1

                                A case sensitive HFS+ slice on a disk image file is a good solution too.

                              2. 2

                                Have fun checking out a git repo that has Foo and foo in it :)

                                1. 2

                                  It was bad when microsoft did it in VB, and it’s bad when apple does it in their filesystem lol.

                              3. 2

                                Yeah definitely. And I’ve found that accommodating two platforms where necessary makes my projects more robust and forces me to hard code less stuff. E.g. using pkg-config instead of yolocoding path literals into the build. When we switched Linux distros at work, all the packages that worked on MacOS and Linux worked great, and the Linux only ones all had to be fixed for the new distro. 🙄

                              4. 2

                                I did it for awhile because I dislike the Mac UI a lot but needed to run it for some work things. Running in a full screen VM wasn’t that bad. Running native is better, but virtualization is pretty first class at this point. It was actually convenient in a few ways too. I had to give my mac in for repair at one point, so I just copied the VM to a new machine and I was ready to run in minutes.

                                1. 3

                                  I use an Apple computer as my home machine, and the native Mac app I use is Terminal. That’s it. All other apps are non-Apple and cross-platform.

                                  That said, MacOS does a lot of nice things. For example, if you try to unmount a drive, it will tell you what application is still using it so you can unmount it. Windows (10) still can’t do that, you have to look in the Event viewer(!) to find the error message.

                                  1. 3

                                    In case it’s unclear, non-Native means webapps, not software that doesn’t come preinstalled on your Mac.

                                    1. 3

                                      It is actually pretty unclear what non-Native here really means. The original HN post is about sandboxed apps (distributed through the App Store) vs non-sandboxed apps distributed via a developer’s own website.

                                      Even Gruber doesn’t mention actual non-Native apps until the very last sentence. He just talks/quotes about sandboxing.

                                      1. 3

                                        The second sentence of the quoted paragraph says:

                                        Cocoa-based Mac apps are rapidly being eaten by web apps and Electron pseudo-desktop apps.

                                  2. 1

                                    full-screen VM high-five

                                  3. 1

                                    To have environment closer to production I guess (or maybe ease of installation, dunno never used homebrew). I don’t have to use mac anymore so I run pure distro, but everyone else I know uses virtualisation or containers on their macs.

                                    1. 3

                                      Homebrew is really really really easy. I actually like it over a lot of Linux package managers because it first class supports building the software with different flags. And it has binaries for the default flag set for fast installs. Installing a package on Linux with alternate build flags sucks hard in anything except portage (Gentoo), and portage is way less usable than brew. It also supports having multiple versions of packages installed, kind of half way to what nix does. And unlike Debian/CentOS it doesn’t have opinions about what should be “in the distro,” it just has up to date packages for everything and lets you pick your own philosophy.

                                      The only thing that sucks is OpenSSL ever since Apple removed it from MacOS. Brew packages handle it just fine, but the python package system is blatantly garbage and doesn’t handle it well at all. You sometimes have to pip install with CFLAGS set, or with a package specific env var because python is trash and doesn’t standardize any of this.

                                      But even on Linux using python sucks ass, so it’s not a huge disadvantage.

                                      1. 1

                                        Installing a package on Linux with alternate build flags sucks hard in anything except portage

                                        You mention nix in the following sentence, but installing packages with different flags is also something nix does well!

                                        1. 1

                                          Yes true, but I don’t want to use NixOS even a little bit. I’m thinking more vs mainstream distro package managers.

                                        2. 1

                                          For all its ease, homebrew only works properly if used by a single user who is also an administrator who only ever installs software through homebrew. And then “works properly” means “install software in a global location as the current user”.

                                          1. 1

                                            by a single user who is also an administrator

                                            So like a laptop owner?

                                            1. 1

                                              A laptop owner who hasn’t heard that it’s good practice to not have admin privileges on their regular account, maybe.

                                          2. 1

                                            But even on Linux using python sucks ass, so it’s not a huge disadvantage.

                                            Can you elaborate more on this? You create a virtualenv and go from there, everything works.

                                            1. 2

                                              It used to be worse, when mainstream distros would have either 2.4 or 2.6/2.7 and there wasn’t a lot you could do about it. Now if you’re on python 2, pretty much everyone is 2.6/2.7. Because python 2 isn’t being updated. Joy. Ruby has rvm and other tools to install different ruby versions. Java has a tarball distribution that’s easy to run in place. But with python you’re stuck with whatever your distro has pretty much.

                                              And virtualenvs suck ass. Bundler, maven / gradle, etc. all install packages globally and let you exec against arbitrary environments directly (bundle exec, mvn exec, gradle run), without messing with activating and deactivating virtualenvs. Node installs all it’s modules locally to a directory by default but at least it automatically picks those up. I know there are janky shell hacks to make virtualenvs automatically activate and deactivate with your current working directory, but come on. Janky shell hacks.

                                              That and pip just sucks. Whenever I have python dependency issues, I just blow away my venv and rebuild it from scratch. The virtualenv melting pot of files that pip dumps into one directory just blatantly breaks a lot of the time. They’re basically write once. Meanwhile every gem version has it’s own directory so you can cleanly add, update, and remove gems.

                                              Basically the ruby, java, node, etc. all have tooling actually designed to author and deploy real applications. Python never got there for some reason, and still has a ton of second rate trash. The scientific community doesn’t even bother, they use distributions like Anaconda. And Linux distros that depend on python packages handle the dependencies independently in their native package formats. Ruby gets that too, but the native packages are just… gems. And again, since gems are version binned, you can still install different versions of that gem for your own use without breaking anything. Python there is no way to avoid fucking up the system packages without using virtualenvs exclusively.

                                              1. 1

                                                But with python you’re stuck with whatever your distro has pretty much.

                                                I’m afraid you are mistaken, not only distros ship with 2.7 and 3.5 at same time (for years now) it is usually trivial to install newer version.

                                                let you exec against arbitrary environments directly (bundle exec, mvn exec, gradle run), without messing with activating and deactivating virtualenvs

                                                You can also execute from virtualenvs directly.

                                                Whenever I have python dependency issues, I just blow away my venv and rebuild it from scratch.

                                                I’m not sure how to comment on that :-)

                                                1. 1

                                                  it is usually trivial to install newer version

                                                  Not my experience? How?

                                                  1. 1

                                                    Usually you have packages for all python versions available in some repository.

                                    2. 2

                                      Have they chosen Macs or have they been issued Macs? If I were setting up my development environment today I’d love to go back to Linux, but my employers keep giving me Macs.

                                      1. 3

                                        Ask for a Linux laptop. We provide both.

                                        I personally keep going Mac because I want things like wifi, decent power management, and not having to carefully construct a house of cards special snowflake desktop environment to get a useable workspace.

                                        If I used a desktop computer with statically affixed monitors and an Ethernet connection, I’d consider Linux. But Macs are still the premier Linux laptop.

                                        1. 1

                                          At my work place every employee is given a Linux desktop and they have to do a special request to get a Mac or Windows laptop (Which would be in addition to their Linux desktop).

                                      2. 3

                                        Let’s be clear though, what this author is advocating is much much worse from an individual liberty perspective than what Microsoft does today.

                                        1. 4

                                          Do you remember when we all thought Microsoft were evil for bundling their browser and media player? Those were good times.

                                      1. 3

                                        What are your favorite videos?

                                        1. 4

                                          I use http://qutebrowser.org on my NixOS machines but it doesn’t run on other platforms. What alternative browsers are there for Mac OS?

                                          edit: I’m wrong about this! https://lobste.rs/s/biqv7l/update_on_pocket_firefox_integration#c_3c8u5d

                                          1. 7

                                            Are you saying you’d stop using Firefox because of default “sponsored content” in New Tab?

                                            It’s pretty easy to turn that off, just like all the other New Tab content. The article even links detailed instructions.

                                            Or is it a matter of principle for you? How do you suppose Mozilla should make money?

                                            1. 5

                                              It is not “sponsored content” - that concept does not exist in Firefox. Nobody is paying Mozilla to show specific content on New Tab.

                                              1. 3

                                                I already didn’t use Firefox, but I also don’t think browsers should have ads or be monetized.

                                                1. 2

                                                  There are no ads in Firefox. Why did you think there are?

                                                  1. 4

                                                    There absolutely are—or were until fairly recently—ads in unfilled tiles on the new tab page. Here’s an example support forum thread asking how to get rid of them.

                                                    1. 4

                                                      That was two years ago and that feature was completely dropped.

                                                2. 2

                                                  How do you suppose Mozilla should make money?

                                                  Should Mozilla make money? Should one of the most important applications in modern-day computing be produced by a company that is incentivized to produce a profit?

                                                  1. 6

                                                    Mozilla corp is not incentivized to produce a profit, it is quite openly their goal to “just” keep the lights on. But that already needs quite a bit of cash. That’s a huge difference.

                                                    Mozilla corp is for-profit, as for certain legal reasons, producing software is not 501(c)3 compatible. It’s a very usual setup.

                                                    Yes, Mozilla should make money. Otherwise, they’d shut down.

                                                    1. 2

                                                      Mozilla is a non-profit, so no, they don’t have to make money. But the people who work for Mozilla don’t work for free. You can’t build a product like Firefox purely on volunteers, so Mozilla should at least be able to pay their workforce.

                                                      They can’t keep up with the rest of the world and provide a quality, free software alternative browser without money.

                                                      If you think the work Mozilla does is valuable (I do!) and feel like they should stay away from alternative monetization methods (I do!), you should consider donating to Mozilla so that they don’t have to find other ways of funding development.

                                                  2. 3

                                                    Does it have to be libre? If not, Vivaldi is an excellent web browser that believes in making easy things easy and customization easy. It’s the spiritual successor to Opera 12, which was the pinnacle of browser experiences.

                                                    1. 3

                                                      what do you mean? they even have prebuilt images for all major platforms. On MacOS, you can install it from Homebrew as well (brew cask install qutebrowser).

                                                      1. 1

                                                        What do you do about plugins? I miss a few plugins from Chrome when I tried out qutebrowser, primarily my RSS feed monitoring one as well as my usenet one.

                                                        The other big one I miss is Join, but that’s sort of a separate thing in terms of how “encompassing” it is.

                                                        1. 1

                                                          I just installed qutebrowser too. That is just brilliant. Thanks for linking - I remember stories coming about it before but never made the effort to try it out, but now I can see it becoming pretty regular.

                                                        1. 1

                                                          In 2018 there is no excuse to not use HTTPs. Period.

                                                          1. 2

                                                            How about to install the list of certificate authorities to trust and ntpd so you can get the right time (both needed for https)?

                                                          1. 16

                                                            If folks actually read this story Firefox is working pretty hard to make this a non invasive, non privacy compromising feature change, and they’re also opening themselves up for public comment.

                                                            Consider voicing your objections rather than simply jumping ship. Having a viable open source option is important for the web ecosystem IMO.

                                                            1. 15

                                                              If folks actually read this story Firefox is working pretty hard to make this a non invasive, non privacy compromising feature change, and they’re also opening themselves up for public comment.

                                                              i just want a freaking browser engine with the possibility of enhancements via extensions. i don’t want to turn off magick features. i just want a browser which displays websites. the new firefox engine is really great, but i fear that now they slowly fill firefox with crappy features until its slow again.

                                                              1. 3

                                                                What happens on the “New Tab page has zero effect on page load times. If you don’t like what the New Tab page looks like, customize it. Some of your options are:

                                                                • set it to blank
                                                                • install an extension that takes over
                                                                • customize the current experience

                                                                For the last option, click the little gear icon in the top right and you should see this https://imgur.com/a/1p47a where you can turn off any section that you don’t like.

                                                                1. 7

                                                                  yes, i know. i still don’t want these features shipped and active by default. if i want pocket, i could install it as extension. heck, i wouldn’t mind if they said “hey, we have this great extension named pocket, care to try it out?” on their default new page, with a link to install it. but not shipped by default.

                                                                  1. 4

                                                                    What happens on the “New Tab page has zero effect on page load times.

                                                                    I don’t care so much about page load times; sites which care are already fast (e.g. no JS BS), whilst those which don’t will soon bloat up to offset any increase in browser performance.

                                                                    My main complaints with Pocket/Hello/Looking Glass/pdf.js/etc. are code bloat, install size, added complexity, attack surface, etc.

                                                                    1. 1

                                                                      You can’t do that on mobile.

                                                                1. 1

                                                                  Firefox for iOS.

                                                                  1. 1

                                                                    Can anyone comment on the stability of this board? It has a pretty good price. Is anyone running BSD or Linux on it?

                                                                    1. 3

                                                                      I am still working on rendering performance in my Apple ][ emulator. I need to get things fast enough so that it will run at a decent speed on a Raspberry Pi Zero.

                                                                      This is a side project. Mostly evening and weekend hacking.

                                                                      https://github.com/st3fan/ewm

                                                                      1. 3

                                                                        Bitwise operations in Lua are a bit of a pain unfortunately. I will probably introduce a more convenient API to access 16 bit values.

                                                                        Maybe you could just update to Lua 5.3, which has bitwise operators.

                                                                        I am curious why you went with 5.2 in the first place. Maybe in prevision for LuaJIT?

                                                                        1. 3

                                                                          For what it’s worth, LuaJIT includes the Lua BitOp module. BitOp is also available as a standard C module for Lua 5.1/5.2, so you can get a consistent API and semantics across both implementations. I have only used it very briefly, but it seems to be working rather well.

                                                                          1. 4

                                                                            It is the same kind of API as bit32, unfortunately. The advantage of operators is that instead of this:

                                                                            v = bit32.bor(cpu.memory[0xfffc], bit32.lshift(cpu.memory[0xfffd], 8))
                                                                            

                                                                            you write this:

                                                                            v = cpu.memory[0xfffc] | cpu.memory[0xfffd] << 8
                                                                            
                                                                            1. 2

                                                                              I’m on 5.2 (and soon even 5.1) indeed so that i can give LuaJIT a try. If that does not work out or if the speed improvements are not worth it then I will probably just move to 5.3.

                                                                        1. 5

                                                                          Please stop writing “please stop X” blog posts.

                                                                          1. 2

                                                                            I’m worried this is yet another attack vector against 1P, and provides easier key export for attackers that gain access to your command line.

                                                                            1. 1

                                                                              What is the other attack vector?

                                                                            1. 16

                                                                              “In particular, that employees who had given their careers to the company were told of their termination via a pre-recorded call — “robo-RIF’d” in the words of one employee — is both despicable and cowardly.”

                                                                              Wow that sure is some corporate bullshit. I have never heard of this practice. Is this common?

                                                                              1. 8

                                                                                Oracle is the most corporate of corporate environments.

                                                                                I worked for an eCommerce company that was acquired by Oracle quite a number of years ago at this point, and one of my former co-workers posted her story to our alumni mailing list.

                                                                                To start with, they came around and removed all the knives and other sharps from the kitchen.

                                                                                After a while, she’d finally had enough, and when she told her boss she was going to leave, she was told to run the self termination application and see herself out.

                                                                                All I could think of was the suicide booths from Futorama :)

                                                                              1. 4

                                                                                Although the final modification is not my code, it is still a great pleasure that I contribute my own effort to help make OpenBSD better!

                                                                                Why was it not your code?

                                                                                I don’t know the full story since Marc.info is down but if this contributor was not mentored to finish the patch then that is a bad experience in my opinion.

                                                                                There is nothing worse than making an effort to submit a patch and then have someone “just do it the right way” for whatever reason.

                                                                                1. 8

                                                                                  The committed diff has trivial style changes (using ? : instead of if-else). The contributer was mentioned in the log message, which also stated the committed change was derived from the patch which was submitted. It probably didn’t help that the patch was sent with whitespace mangled so it couldn’t be applied automatically. Given these circumstances I would say it was handled just fine.

                                                                                  If the change had been more involved I would tend to agree that letting the submitter work out remaining problems is the right thing to do. But I don’t think mentoring should be mandatory and expected in every case.

                                                                                  You’re saying there was nothing worse but I think there is: I submitted this patch which got committed without any attribution. But I sent it privately to the developer so there is no public record that it happened this way.

                                                                                  1. 2

                                                                                    You’re saying there was nothing worse but I think there is: I submitted this patch which got committed without any attribution. But I sent it privately to the developer so there is no public record that it happened this way.

                                                                                    So there was this one (admittedly very minor) patch I sent to OpenBSD quite a while ago. It got committed much later, without attribution. And I am just glad it’s in :-) I sent it to improve the state of things, and not to get my name in the cvs log. These days I’m actually thinking of doing more and more anonymously, or at least under a pseudonym that isn’t easily connected to me.

                                                                                    To each their own, I guess. I could think of much worse. Like being told to go away, by the project leader, while trying to help another user on the lists. Thankfully I haven’t received such treatment. Then again, I don’t really try to help others on public lists. :-)

                                                                                  2. 4

                                                                                    There is nothing worse than making an effort to submit a patch and then have someone “just do it the right way” for whatever reason.

                                                                                    Maybe it depends on the goal? I guess if the goal is to train an employee to the house rules, sure, mentor them till the end. If it’s someone who’s coming back to contribute, or trying to contribute a large amount of code, sure, invest the time.

                                                                                    But for some random person filing what might be a one-off patch, it might just be counterproductive to start by nitpicking about style and detail. And mangled whitespace. It might just scare them off? I don’t suppose most people would feel offended if someone tweaks their diff a little, commits it, and then thanks the sender. I wouldn’t be offended.

                                                                                    If they come back and start sending more diffs, maybe there’s time to nitpick?

                                                                                    marc.info works for me right now. Here’s the committed version: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dmesg/dmesg.c.diff?r1=1.27&r2=1.28

                                                                                    1. 4

                                                                                      There was no thank you. No “hey that is a great fix, ready for something bigger?”. Just silence and a fixed up commit.

                                                                                      Most contributions start small. Most contributors start with a small patch to get their feet wet.

                                                                                      Now I don’t know the OpenBSD project, but like all open source projects it probably heavily depends on contributors. So why not make people feel inclusive and foster their work. Help them grow into productive contributors.

                                                                                      That is not happening here.

                                                                                      1. 5

                                                                                        | Based on a diff from xiao_nan (at) dsi (dot) a-star (dot) edu (dot) sg - thanks.

                                                                                        https://marc.info/?l=openbsd-cvs&m=150373760724279&w=2

                                                                                        1. 3

                                                                                          I see your point.

                                                                                          I’ll note that I’ve (nearly?) always been thanked in private by the committer when I’ve sent a patch to OpenBSD. I’ve always felt inclusive in my communications with the OpenBSD committers. I assumed the OP was also thanked, and that they also felt inclusive and good about it:

                                                                                          Although the final modification is not my code, it is still a great pleasure that I contribute my own effort to help make OpenBSD better!

                                                                                          I’ll also note that I’ve received more silence and fewer thank yous from Mozilla. My first (trivial) patch went in silence. Maybe I got some automated message congratulating me for the r+. Not that I mind. (Sorry, I know this topic isn’t about Mozilla, but since I brought it up already.. anyway I don’t mean to bash)

                                                                                          1. 2

                                                                                            No worries. Mozilla is far from perfect when it comes to contributor engagement. I’m sorry that was your experience. Shoot me a bug number if you need help to get things moving.

                                                                                    1. 2

                                                                                      I’m generally sympathetic to Mahmoud Al-Qudsi’s position here but there appears to be several alternatives that I think are very reasonable.

                                                                                      1. D-link and others register a domain name that resolves to 192.168.1.1 or equivalent. For the general user this is probably a big user experience win anyway.
                                                                                      2. Corporate networks install their own trusted root certificates.
                                                                                      1. 4

                                                                                        D-link and others register a domain name that resolves to 192.168.1.1 or equivalent. For the general user this is probably a big user experience win anyway.

                                                                                        If they register a single domain name, doesn’t it means the device on your local network has the private key for the corresponding certificate, which means it is compromised?

                                                                                        1. [Comment removed by author]

                                                                                          1. 1

                                                                                            They could generate a new cert for every device they sell, each for their “gateway” hostname, so that there isn’t one global key for all Linksys routers. You’re still always going to have to have a private key on the router, though.

                                                                                            1. 1

                                                                                              Yes but don’t worry … those router admin pages are generally not behind SSL :-)

                                                                                              1. 1

                                                                                                If I read it right it is for a name that includes a device fingerprint as well as the IP address, so they can’t be reused.

                                                                                              2. 1

                                                                                                From a generic vendor POV, none of that is very reasonable.

                                                                                                1. Some places have no guaranteed Internet access. On some of them it is even prohibited (e.g. industrial applications) and considered a vulnerability.

                                                                                                2. The typical procurement/delivery/service subcontracting structure in large industrial projects (think oil rigs, power plants, mines, tunnels) makes maintaining your own DNS/CA ineffective and impractical. It requires getting everyone, from e.g. government subcontractors drafting requirements for the bidding round through foreign contractors hired 4 levels down in the bigcorp management hierarchy to actual device vendors to understand, implement and maintain this infrastructure. Typically it’s thousands of configurable devices sourced from dozens of vendors, with vastly different configuration/provisioning implementations - and most of them don’t have elaborate setup options like say Cisco IOS systems do. How do you provision your cert to an arbitrary vendor’s PLC or industrial endpoint switch? What if you have two thousands of them? The setup would take longer than configuring them in the first place, and further maintenance (these certs should expire, don’t they?) is a nightmare. So inevitably, solutions for these projects converge to lowest common denominator, which is more often than not is simple airgapped L3/L2 network split into a bunch of subnets and no trust chain whatsoever.

                                                                                              1. 1

                                                                                                I am more productive in a full screen terminal on an 11” MacBook Air than on my dual monitor setup in the home office. (34” + 27”)

                                                                                                This is very personal and also greatly depends on the type of work.

                                                                                                1. 14

                                                                                                  Making and submitting diffs to OpenBSD is lovely. There’s so little process. It’s pretty much fire and forget, as long as the diff is good enough to be committed straight away. Maybe you need to come around and tweak it a little, or bump it if the tree was locked or all the devs were busy when you first submitted.

                                                                                                  Last few days, I’ve been tinkering with Firefox, just a little. Oh boy the process feels involved by comparison. Of course you need a bugzilla account; every patch needs to be associated with a bug. Of course you need to know their bug & patch submission rules. And you need to know who’s going to review your diff, because you need to flag that person to get the diff reviewed. You need to figure out the clunky UI. And ideally all changes are supposed to be tested on the try server, which you probably can’t access as a newcomer. Only after you’re done with all of that do you get to flag the bug for check-in. Then you wait for somebody to come and commit. The whole process looks a little daunting when you start reading the docs that cover it.

                                                                                                  It’s by no means bad. I guess that’s just what happens, and more or less needs to happen, when projects grow big. But every step along the way I’m reminded of how nice it is to just send a message at tech@.

                                                                                                  There was another project I was going to send patches to. First thing first, they wanted me to sign a copyright assignment. I never sent those patches. That was a GNU project…

                                                                                                  1. 10

                                                                                                    Don’t be discouraged by the process. Firefox is a product that is used by a couple hundred million people. There is a big focus on quality and performance and correctness.

                                                                                                    Do it a couple of times. It gets easier.

                                                                                                    1. 5

                                                                                                      Don’t be discouraged by the process.

                                                                                                      Don’t worry. I won’t. It’s not hard – there’s just some friction. The barrier to entry is much higher than with e.g. OpenBSD. And the UX is clumsier, at least for small changes.

                                                                                                      Firefox is a product that is used by a couple hundred million people. There is a big focus on quality and performance and correctness.

                                                                                                      Mozilla’s tests might be more comprehensive than OpenBSD’s array of regress tests, but apart from that, I don’t believe the process imposes a meaningful difference in terms of quality or correctness. It’s just a different way to communicate. Ultimately both projects have people who are responsible with reviewing and committing changes. Mozilla’s process sure does a good job of leaving a trail to follow when some commit needs to be reviewed in depth years after it’s landed.

                                                                                                      1. 0

                                                                                                        Firefox is a product that is used by a couple hundred million people. There is a big focus on quality and performance and correctness.

                                                                                                        Then why is it so low quality (e.g. doesn’t look like a native application on macOS), low performance (so. slow.) and incorrect (e.g. doesn’t do color management on maxOS)?

                                                                                                        1. 8

                                                                                                          None of your complaints are related to quality or correctness.

                                                                                                          Personally I agree with performance, the UI often doesn’t feel that snappy and having a bunch of extensions running javascript hooks on your xml/xul browser doesn’t help.

                                                                                                          But I give them a break since they are basically the best shot we have at maintaining an open web.

                                                                                                          1. 4

                                                                                                            Have you tried current nightly builds of Firefox? Performance is amazing with all the latest features enabled. (multi process, async pan and zoom, parallel CSS engine from Servo)

                                                                                                            1. 2

                                                                                                              None of your complaints are related to quality

                                                                                                              We must disagree here. Lack of native look and feel is definitely lack of quality in my book.

                                                                                                              or correctness

                                                                                                              Here I must insist. Firefox produces metrologically incorrect colors. Producing correct colors is definitely a question of correctness.

                                                                                                            2. 1

                                                                                                              What does it mean for a browser to do color management.

                                                                                                              I’m with you in the other stuff, hoping things start coming together in 57.

                                                                                                              1. 3

                                                                                                                Actually systems provide device colorspace independent graphics APIs, so in an ideal and simple world browsers would not have to do almost anything and everything would work correctly. The only thing browsers would have to do is inform the graphics API of the input color space (from embedded ICC, otherwise defaulting to sRGB). MacOS works like this, I assume other systems work the same.

                                                                                                                But browsers don’t do that, why would they keep it simple. In the name of performance, or whatever other reason, they prefer to render to bitmaps that are put on the screen uninterpreted further by the graphics pipeline. The only way to do this correctly is if you actually keep track of the display color space and do all graphics primitives accordingly.

                                                                                                                Browsers are very confused about this, to varying degrees, and the degree of confusion depends on the target operating system. The only browser that does it 100% metrologically correct is Safari.

                                                                                                                In reality all of this is a very simple problem even if you decide to implement it yourself rather than rely on the operating system. CSS colors and untagged images are defined to be described in sRGB by various web standards, tagged images contain obviously their own ICC profile. The only thing you have to do is use this information to operate in some abstract color space and render to the target display color space. Coincidentally these are all very simple linear operations that can be implemented in a GPU shader with virtually no performance impact.

                                                                                                                http://cameratico.com/tools/web-browser-color-management-test/

                                                                                                                1. 2

                                                                                                                  What does it mean for a browser to do color management.

                                                                                                                  There’s more than one mapping of 0-255 RGB values to real world colors. Default JPG would be sRGB, but the monitor may not be, and you need to remap the colors or things will look weird.

                                                                                                            3. 2

                                                                                                              Interestingly, FreeBSD uses a Bugzilla, but there’s no complicated process, it’s also fire and forget for simple patches.

                                                                                                              First thing first, they wanted me to sign a copyright assignment.

                                                                                                              oh yeah. Google is also guilty of this. They want you to sign a CLA… yeah simply by filling out a web form… but that form ASKS YOU FOR YOUR ACTUAL PHYSICAL HOME ADDRESS. What the hell?!

                                                                                                            1. 5

                                                                                                              good to know that the impulse to shit on everything is still alive and well on the internet

                                                                                                              1. 2

                                                                                                                Yes. This. Wasn’t this site created as a high quality alternative to hacker news and reddit? The tone in this thread shows zero difference. We can do better than that.

                                                                                                              1. 5

                                                                                                                A lot of these are cool, I guess, but others…

                                                                                                                • Day One has recently switched to a subscription model that limits you to one journal if you don’t subscribe—and they implemented that as a feature cut for existing users, at least on iOS. (This ignores the fact that, nice as its UI is, it’s basically an offline personal blog…)
                                                                                                                • Xccello is literally a wrapper around a web browser that’s stuck on Trello. The story with Spotify is similar. Why not just point people directly at something like Fluid?
                                                                                                                • iStat Menus technically does more than just Activity Monitor with its Dock icon set to update, but I’d love to know why I care. What value are you getting out of it that I’m not?

                                                                                                                Likewise, there’s a lot of heavy repeating going on.

                                                                                                                • I doubt real people use both Keyboard Maestro and Typinator and Karabiner and SnippetsLab and Popclip. Yes, they all do subtly different things, but I’m extremely dubious any one person uses all of them.
                                                                                                                • Ditto for e.g. MacDown and Ulysses and Marked, or Fantastical and Next Meeting and MonthlyCal. I understand in some cases using overlapping but meaningfully different tools (Mellel, Pages, and ConTeXt are three I use, for example, and most designers I know use both Photoshop and a lighter-weight editor), but the sheer amount of heavy redundancy here makes me wonder if he even understands how to use all the apps he’s recommending.

                                                                                                                For me, these issues conspire to make the list borderline worthless. It ultimately stops feeling like a curated list of one person’s macOS setup, and instead just feels like a poorly organized, barely curated list of “neat” macOS stuff. There’s nothing intrinsically wrong with that, but I wouldn’t value it highly either; I know from being bored in meetings I can assemble a similar list in about twenty minutes.

                                                                                                                1. 2

                                                                                                                  I’ve noticed a recent proliferation of so-called awesome lists. Like awesome-python, awesome-react, etc… They seem to just be a list of tools or libraries written in a particular language. Sometimes they seem to be curated to a particular purpose, but otherwise they read like a collaborative brain-dump into Github. The awesome-python one is a good example of this - completely unopinionated, and often reading like it’s just authors plugging their libraries. On Hacker News there’s a guy who’s guaranteed to show up plugging his awesome-react list anytime React or Redux is mentioned…

                                                                                                                  1. 4

                                                                                                                    Much of the modern-day tech-web seems to be something of a soup of self-promotion.

                                                                                                                    1. 2

                                                                                                                      I think people do the awesome lists because it is an extremely easy way to get a lot of GitHub stars and exposure.

                                                                                                                      1. 1

                                                                                                                        Why the negativity?

                                                                                                                        I find those lists pretty useful. I’ve found numerous great libraries and tools through them. Things that otherwise would have gone unnoticed. There is simply so much out there. Curated lists are great.