1. 6

    This could have used a “(2006)” suffix to the end of the title. I was excited, but the last NEWS entry on that page is nearly 12 years old :-(

    1.  

      There’s an ongoing effort to create a browser (frontend) in Lisp: https://github.com/atlas-engineer/next

      1.  

        I would say eww is probably closer to Closure in that it’s implementing a full rendering engine, not just wrapping webkit in yet another UI: https://www.gnu.org/software/emacs/manual/html_mono/eww.html

        1.  

          Oh, absolutely, but I got the feeling that Closure tried to do a more feature complete browser, whereas eww seems closer to a text-based browser with a few bells and whistles.

    1. 4

      I skimmed through the init.el and learnt about the existence of use-package-always-ensure, which allowed me to delete about 40 lines from my own init.el. Thanks!

      1. 4

        The only thing which stops me from diving into Emacs is a reliable terminal emulator. I know ansi-term, but I also know its bugs, like completely ignoring window size change and SIGWINCH forwarding.

        1. 6

          I went “full Emacs” some months ago, when I switched to Eshell as my main shell… I recommend giving it a try! I’ve not opened a regular terminal since, I think.

          Edit: the above was possible because over time Emacs has supplanted my other usages of a terminal:

          • Magit
          • mu & mu4e for email
          • ag-mode as grep replacement
          • dired for file/directory exploration
          • TRAMP for accessing remote files (as we’ve migrated to ephemeral machines without ssh access I don’t really use this any more)
          1. 2

            But you’re probably not working with numerous remote machines, mainly baremetal, with no ability to safely export configuration files / profile to the destination user. I know TRAMP, but it’s not about remote file access, but remote execution/support.

            Also, even if I want to go “full Emacs”, there are still some advanced n/curses application which I don’t or can’t leave at all, often on these “remote machines”.

            Let’s say I just want a proper terminal emulation in Emacs – ansi-term is quite close to that. but it fails in full-screen sessions (basically misinterpreting/dropping ECMA “escape” codes), as well as missing SIGWINCH forwarding I mentioned. Of course I don’t force anyone to write it exclusively for me, but I’m kinda shocked there’s still no proper support for complete VT100/VT5xx capabilities in GNU Emacs, as it’s about 30+ years old.

            1. 1

              but I’m kinda shocked there’s still no proper support for complete VT100/VT5xx capabilities in GNU Emacs, as it’s about 30+ years old.

              I think this is due to the fact that for most commonly-used ncurses programs, it’s both less work and more benefit to just write a pure-elisp frontend and skip the curses UI entirely. Obviously doesn’t work for all obscure curses programs out there, but I think that has a lot to do with why ansi-term hasn’t had these shortcomings fixed.

            2. 1

              It’s important to note that Eshell was not meant as a shell replacement by its authors, but as a way to easily get output from commands to a buffer, so it is very limited in features.

              That said, if it works for you, you do you!

              1. 3

                Do you have a cite for that? I’d believe that was true at one point, but it’s certainly not the case any more; it is a very full-featured shell these days.

                1. 2

                  It used to be here, but it appears to not be there anymore! I rescind my statement.

            3. 5

              That’s a rather unconventional complaint about Emacs; normally it’s the other way around (“why would I want a terminal in my text editor?”) ;)

              You mentioned ansi-term, and others have mentioned Eshell, so I thought I’d mention that I use shell-mode for most commandline stuff. It’s a “dumb” terminal and hence can’t handle things like curses, but that lets it act more like a normal Emacs buffer (e.g. I can navigate and edit the content, without the terminal or running command intercepting my keypresses). It seems to handle window size changes and SIGWINCH perfectly well (i.e. ROWS and COLUMNS get updated).

              You’re right that Emacs is pretty bad at non-dumb terminals, like with ansi-term. I don’t bother with those modes at all and use a separate terminal (st + dtach + dvtm) for things which need that, like curses applications (that’s also much faster!). IMHO the value of Emacs is to have a standard way to navigate/search/edit buffers of text (plus easy scripting). TUIs like curses are more like character-based graphics than actual text, they’re not meant to be user navigable or editable (it will mess us the display and changes might get overwritten). Likewise applications which control user interaction (e.g. capturing key presses) don’t work well with the unified way of doing things (keybindings, etc.) that Emacs imposes.

              Note that there are many ways to do things with Emacs, so if terminals are your main pain point you could try (if you haven’t already) different mixes of components. For example, you could try running Emacs inside a terminal, or inside screen/tmux/dvtm so your terminals are alongside Emacs rather than inside it. You could use emacsclient/emacs –daemon to have multiple instances connected to a single session. You mention TRAMP in another comment; note that it can handle remote shells as well as just files. This is most obvious in eshell, where we can do cd /ssh:user@remote:/home/user and carry on as normal, with TRAMP sending our commands over to the remote machine. If we’re connected to a remote machine with TRAMP (e.g. in eshell, or dired) when we run M-x shell the resulting shell will be running on that machine, and things like tab-completion for filenames will be sent over TRAMP.

              1. 2

                This is probably the most comprehensive answer I’ll find in the web to this date, thank you :)

                But, in shell-mode (M-x shell) $COLUMNS and $LINES aren’t updated at all. However, they do in M-x eshell. Pretty weird considering that first one knows a bit about ANSI/ECMA, while eshell does not.

                TRAMP is a very nice tool even if I didn’t knew about remote execution, but now seems to be even better, thanks again :)

                But still, sometimes I have the need to spawn these curses applications so I’m constantly looking for the alternative options - running external terminal emulator seems to be trade-off, but it’s still “out of the block” in Emacs world. And, when diving into Emacs, I took the “use Emacs for (almost) everything” approach as I think it should be taken this way.

                There’s a thing about XEmbed, but I can’t find any reliable docummentation, seems to be experimental feature yet.

                That EXWM might be great with xterm being fed by ELisp-structured data parsed into X resources, but it’ll require some additional code :)

              2. 5

                One option is to use Emacs as a window manager via EXWM—then you can have an xterm as a buffer!

                1. 1

                  I could web-search for it, but I’d rather ask a person: is that one based on xwidget?

                  1. 4

                    It’s actually just a window manager written in Emacs Lisp using a pure Emacs Lisp implementation of the X11 protocol!

                    1. 1

                      Ah, like StumpWM, except elisp instead of common lisp.

                    2. 1

                      No, it is a completely unrelated project

                  2. 1

                    What specifically do you need terminal emulation for? In my experiance curses applications (like WICD) worked well enough, maybe being slightly slugish.

                  1. 6

                    No projects this weekend. Spending Friday afternoon working on the train, travelling from The North to London for a friend’s pre-wedding party tonight and wedding tomorrow. Train back on Sunday. The wedding is in the late afternoon, and I’ll probably spend the morning trawling Forbidden Planet / Denmark Street. If you’re a Lobsters person in London and want to say hi in person, feel free to send me a private message!

                    1. 7

                      OK, I’m intrigued. Is there a beginners “Homebrew to Nix” guide anywhere that you can recommend? I regularly have breakages with home-brew, particularly with ruby and python tools. I regularly have to re-create my virtualenvs because the underlying python binary went away. This is vexing.

                      1. 2

                        I’m afraid there’s not a great answer. Things like the apt cheatsheet on the wiki and nix by example might be a good starting point. And then there’s the nix pills, which are great but pretty technical, but other than those and what’s documented in the manual/wiki it does require a bit of figuring things out on your own.

                        The community is pretty active and there are a lot of helpful people on IRC/discourse that will answer questions and try to help if you run into problems. If you decide to give it a try.

                        1. 1

                          That “underlying Python binary went away problem” with Homebrew gets me all the time too.

                          I’ve similarly been curious about Nix for a long time, and am hoping to give it a try soon. I’ll probably test it on my server before my laptop though.

                        1. 7

                          I’m glad to see browsers getting serious about removing trackers from the web but I fear this is starting a cat and mouse game with trackers. uMatrix works so well because trackers are on obvious domains like google-analytics. I think if browsers start blocking these 3rd party trackers than websites will move everything 1st party and use webpack to bundle one mega js file that includes the essential stuff and the trackers. They can also proxy all requests and cookies through their own server and then send it off to trackers. None of that is hard but it’s not done because it isn’t needed yet.

                          Trackers also have the upper hand in that they can rapidly change without fear of breaking other websites.

                          1. 9

                            Another reason it isn’t done, from what I understand, is that advertisers don’t trust content providers. They want a third-party to verify that the impressions (or the tracking data) they’re getting are reasonably genuine. I don’t think you’re wrong, but I do think there’s a little more standing in the way of that particular “nuclear option” than laziness.

                            1. 2

                              In that case there might be a rise of ad networks that bundle their trackers with jquery or some other JS library that is impossible to block without breaking the websites. There is just an insane amount of money in tracking that I don’t think it will be easily shut down.

                            2. 3

                              At some point, we’ll have to move away from simple block listing based on domains, yup. It’s an arms race, though. I agree. :-/

                              1. 2

                                I also worry about the arms race. My hope is this plays out similarly to how the spam wars went over a decade ago— The Good Guys band together and use technology to reduce the baddies to a buzzing noise rather than drowning out a decent mode of communication.

                                1. 12

                                  The spam wars did have collateral damage though: it’s a lot harder to host a mail server than it used to be.

                                  1. 8

                                    We “won” the mail spam war by dodging it. Email recentralized dramatically.

                                    IMHO it’s also a loss.

                                  2. 1

                                    If you’re on a slow connection and disable tracking mostly because it makes your browsing faster, then this doesn’t sound terrible. Ghostery just found 24 trackers on cnn.com (some of which presumably loads other trackers, because if I pause blocking it finds 34). Bundling these into one “mega js” include should actually improve things for people who don’t use any blockers.

                                    Regarding proxying requests, I think that would make site owners stop and think a bit more about whether they really need 30+ trackers on their site. I think a lot of these are included because the barrier to entry is so low, so raising it can only be good.

                                  1. 1

                                    It returns 404 now.

                                    1. 1

                                      Um, yeah, the author deleted the post. So what do I do now? Delete my post here? Hope that the post might come back?

                                      1. 1

                                        Yeah, even the cached version doesn’t work!

                                    1. 2

                                      This was a great talk!

                                      1. 1

                                        Page not found :-(

                                        1. 2

                                          Looks like the site structure changed, here’s the new link.

                                        1. 1

                                          6/20 but it was almost pure guesswork. The only two I had any confidence in was the IAM and CloudWatch icons shapes, and to a lesser degree S3’s icon colour.

                                          1. 1

                                            I particularly like the section about tech debt being a tool. It’s not intrinsically bad. Without taking on debt I would not be able to buy a house. Taking on debt is a tool I use to afford to buy a house now, rather than in 25 years time.

                                            1. 3

                                              Is there a comprehensive and/or up-to-date set of recommendations for simple, static HTTP servers anywhere?

                                              After years of trying to lock down Apache, PHP, CMSs, etc. and keep up to date on vulnerabilities and patches, I opted to switch to a static site and a simple HTTP server to reduce my attack surface and the possibility of misconfiguration.

                                              thttpd seems to be the classic option, but I’m a little wary of it due to past security issues apparent lack of maintainance (would be fine if it were “done”, but security issues make that less credible). I’m currently using darkhttpd after seeing it recommended on http://suckless.org/rocks

                                              Edit: I upvoted the third-party hosting suggestions (S3, CloudFlare, etc.) since that’s clearly the most practical; for personal stuff I still prefer self-hosted FOSS though :)

                                              1. 4

                                                If all you need is static http you don’t have to host it yourself. I host my blog in Amazon S3 (because I wanted to add SSL and GitHub didn’t support that last year) and for the last 13 months it’s costs me about $0.91 / month, and about two thirds of that is Route 53 :-)

                                                AWS gives you free SSL certificates, which was one of the main drivers for me to go with that approach.

                                                1. 3

                                                  I use S3 / CloudFront for static HTTP content. It’s idiot proof (important for idiots like me!), highly reliable, and I spend less every year on it than I spend on a cup of coffee.

                                                  The only real security risk I worried about was that someone could DDoS the site and run up my bill, but I deployed a CloudWatch alarm tied to a Lambda to monitor this. It’s never fired. I think at my worst month I used 3% of my outbound budget :)

                                                  1. 1

                                                    I’ve always wondered why AWS doesn’t provide a spending limit feature… it can’t be due to a technical reason, right? I know their service is supposed to be more complex, but even the cheapest VPS provider gives you this option, often enabled by default. I can only conclude they decided they don’t want that kind of customer.

                                                    1. 1

                                                      I also worried about the risk of “DDoS causing unexpexted cost” when I was looking for a place to host my private DNS zones. To me it appeared that the free Cloudflare plan (https://www.cloudflare.com/plans/) was the best fit (basically free unmetered service).

                                                      Would using that same free plan be a safer choice than Cloudfront from a cost perspective?

                                                    2. 3

                                                      You’d be hard pressed to go wrong with httpd from the OpenBSD project. It’s quite stable, it’s been in OpenBSD base for a while now. It’s lack of features definitely keeps it in the simple category. :)

                                                      There is also NGINX stable branch. it’s not as simple as OpenBSD’s option, but is stable, maintained and is well hardened by being very popular.

                                                      1. 3

                                                        In hurricane architecture, they used Nginx (dynamic caching) -> Varnish (static caching) -> HAProxy (crypto) -> optional Cloudfare for acceleration/DDOS. Looked like a nice default for something that needed a balance of flexibility, security, and performance. Depending on one’s needs, Nginx might get swapped for a simpler server but it gets lots of security review.

                                                        I’ll also note for OP both this list of web servers.

                                                      2. 1

                                                        Check out this.

                                                        1. 1

                                                          Yeah, I also like this similar list, but neither provide value judgements about e.g. whether it’s sane to leave such things exposed to the Internet unattended for many years (except for OS security updates).

                                                      1. 5

                                                        I love this. I am in the lucky position that my company is almost fully remote. (There is a head office but only 2-3 people work from there, and that doesn’t include senior managers.) One disadvantage I can see that isn’t mentioned is that remote employees often have to be contractors / self-employed, which means more accounting overhead for employees than being an employee. Being paid in a currency other than the local one where you live also has problems, for example it makes it harder to get a mortgage here in the UK.

                                                        1. 5

                                                          I love this! The line at the top was gibberish at first, and the explanation didn’t make much sense until I realised the whole line was interpreted right to left. Also, Mobile Safari’s reader mode was not helpful as it hid the buttons you can use to step through results in the examples!

                                                          Once I got over those issues the post became quite accessible and I marvel at the expressiveness of the language and ingenuity of the program. I’ll probably understand it for another few minutes until it fades away…

                                                          I think the point about touch screens was well made. With custom language-dependent keyboards literally at your fingertips, and game of life only a few handfuls of keystrokes away, maybe there’s hope for those of us that struggles with RSI? I could probably type out useful programs on a suitable (custom) keyboard in a few minutes with my toes with that kind of expressiveness…

                                                          1. 1

                                                            I mostly use iCloud, but I also use https://bitbucket.org/alfaromurillo/org-passwords.el for passwords that are not “consumed” through a browser.

                                                            1. 3

                                                              I had no idea dired had an editable mode! That’s a game-changer for me.

                                                              1. 3

                                                                Had a similar game-changer moment last week when I learned there are modes to make the grep results buffer editable:

                                                                https://github.com/mhayashi1120/Emacs-wgrep

                                                                (And similar modes exist for things like helm-ag, etc)

                                                                1. 2

                                                                  Yeah, I’ve been using those for a while. Never fails to impress colleagues :-)

                                                              1. 12

                                                                More posts like this please. Good focus, short but good analysis / reasoning for why Postgres doesn’t get it right by default, and practical advice on what to do about it. Bravo!

                                                                1. 4

                                                                  I’m not sure I follow what you’re talking about–the only way to see a user score is to click through to their profile or look on the users page.

                                                                  Do you mean something else?

                                                                  1. 2

                                                                    Your own score is in the top right beside your username.

                                                                    1. 5

                                                                      Indeed. I would have no problem if it were removed from there. Who really needs that feature?

                                                                      1. 3

                                                                        It could have motivational value for someone. On my end, I mostly just try to help people with stuff they might not know about. I avoid most topics and comment styles that get popularity votes. That means my score is significant indicator of impact. A large number in the first year meant high impact. Or that I spent way too much time on these sites versus other activities that could be more beneficial. We’ll just pretend that option isn’t a factor for now. :)

                                                                        So, that’s at least what I thought as I observed it over time. However, anyone contributing a lot probably doesn’t need to see the score on front page, though, since we’re the type of people to do that anyway. If we’re curious, it’s always in profile a few clicks away. Conclusion: it doesn’t need to be visible even for those of us that use it to assess impact over time. Plus, anyone consistently doing stuff here others appreciate will usually get individual comments or private messages saying so. Eventually.

                                                                        1. 2

                                                                          Need? No. But I sometimes use it to estimate the response to one of my comments in “the waiting period”. I think it’s usually a distraction though :-)

                                                                    1. 7

                                                                      I also agree with major version belonging in the name. For version 4 and 5 of SBJson I renamed all classes, enums, and identifiers so that you can install version 3.x.x, 4.x.x and 5.x.x in the same app without conflicts. I did this because I wanted to ease the upgrade path for people. If they use SBJson in different parts of their app (which is likely, in big apps) this allows them to upgrade parts of their app at a time, rather than be forced to upgrade all uses in one go. More importantly though: it also allows people to upgrade their own usage in their app, even as dependencies they rely on have not yet upgraded their usage of the library.

                                                                      1. 5

                                                                        The Apache Commons Java libraries practise your method and I think it’s fantastic for precisely the reasons you mention. Guava does not and that last sentence of yours is a huge ticket in Hadoop.

                                                                        1. 2

                                                                          That sounds more like a workaround to avoid the issues of runtimes not being able to handle versions and the lack of reasonable migration tooling.

                                                                          1. 2

                                                                            I disagree somewhat. Renaming was simple to do, and is simple to understand & deal with for users and machines alike. There’s no special case migration tooling or runtime support required at all. One could argue that requiring a runtime that is able to handle versions of libraries and requiring migration tooling is a workaround for poor versioning on behalf of library authors. However, I’ll admit renaming has its problems too. It would make back porting fixes across major versions much more annoying, but luckily my project is mature and small enough that it has not been a problem.

                                                                        1. 9

                                                                          The only difference in readability is that the Java version has a lot more parentheses.

                                                                          It’s not often I’ve seen the “Ye gads, the parenthesis are everywhere” card used in favour of Lisp :-)