1. 6

    Unclear what problem you’re solving. Firefox shouldn’t write anywhere else than the profile directory (see @jefftk’s comment). If you don’t want it to access your user configs in ~/. config. you can redirect $HOME though. But maybe you also want to chroot then?

    If you want to separate all sorts of history and site data and settings and extensions and password storage etc, use different profiles. If you want separate cookie jars (e.g. online identifies) to work in parallel, use the Multi Account Containers Extension.

    1. 8

      The problem this solves is that some websites are now detecting private mode browsing, and using it as an opportunity to be a dick.

      1. 6

        Ugh, that’s bad. Can you give an example of those?

        1. 10

          Nytimes does private mode detection as part of their paywall.

        2. 4

          How do they detect it, and how are they being a dick? I’ve honestly never noticed anything weird in private browsing mode, but I don’t use it all that often either.

      1. 16

        If you want a good experience, the laptop needs to be sold to you as a “Linux laptop”, with the explicit promise that it has an OS with drivers that have been tested and pre-installed. Surprisingly few laptop makers are doing this (yet?).

        Linux works a lot better on my ThinkPad x270 than it ever did on the Dell XPS 13 “Developer Edition” (~5 years ago), which was sold with Ubuntu. Lenovo may not support Linux, but a lot of Linux developers use ThinkPads, so they tend to be well supported.

        The Dell XPS on the other hand was just a crappified Ubuntu install with proprietary drivers and applications to make it work. I’m not even sure why they installed all the binary crap, since Arch Linux also seemed to work for everything except bluetooth, and audio on HDMI out (which also never worked well on Ubuntu; did get that working eventually), so I just installed that over Ubuntu after I ran in to an apt-get bug that was never fixed in the Ubuntu LTS (“stability”).

        Maybe things have improved in the meanwhile, but “sold as Linux laptop” does not automatically equal “good Linux experience”.

        once, across a reboot, the entire settings panel (which is an app) just… vanished. I had to research what it’s called and reinstall it from apt. It was more funny than annoying.

        apt has the horrible habit of “helpfully” removing packages it thinks you no longer need. Removing package A may also remove vaguely related package B, even though B is not a dependency of A. There are even cases where installing a package can remove other packages, or uninstalling can also install packages. The logic can be really opaque and hard to grok.

        1. 8

          apt has the horrible habit of “helpfully” removing packages it thinks you no longer need.

          Weird Debian/Ubuntu stuff like this is why I never recommend apt-based distros anymore.

          1. 11

            Hello!

            For a moment there, after reading your comment, I wanted to fold my keyboard like a taco.

            I am pretty confident that it wasn’t your intent… :)

            …Anyway… FYI, there is no such thing as Debian/Ubuntu. Debian is a thing and Ubuntu is a thing and they are distinct.

            Debian is a very old, well designed, and respected GNU distribution. Dependency management is hard (I mean, NP-complete!), but engineers in the Debian project know that, and they care. They worked out a system of rules for keeping the dependency graph clean. Beyond that, they make efforts to teach new maintainers how to understand those admittedly complex rules. They work hard to tame the chaotic sea of packages as much as possible. May their beards be long and tangle free forever!

            Ubuntu is … popular. I’ve used it before. My best friend still does, and asks me for help with his computer frequently.. One of my pet peeves is that a lot of individual little packages depend on big meta packages that depend on gigs of desktop environment stuff.. It’s almost impossible to run Ubuntu without the default environment installed. See, you don’t have to use it, but Ubuntu puts so little care and feeding into their dependency graph that you end up in nonsense situations…

            Both Debian and Ubuntu are “dpkg-based”. apt-get and apt and aptitude are front-ends.

            dpkg does as it is told. Two things tell it what to do: the front-end and the package dependency graph (let’s call that “the repo”.)

            I assume that all contemporary package managers that aren’t broken will “do as they are told”. So, the problem with Ubuntu is their package graph and maybe their front-end tool.

            My front-end never auto-removes anything, though does remind me that I can run a command to make it remove those things that nothing depends on. I use Debian and apt-get. When I manually invoke the auto-remove feature, so far it has never removed anything that was still needed, on account of that artfully human-curated dependency graph from the repos…

            1. 2

              The only time apt has ever proposed removing packages it deemed no longer needed is when I installed those packages in support of an out-of-distro package, e.g. a downloaded .deb archive or something from a repository which I subsequently removed. It was my experience with apt versus that with rpm - this was before RedHat thought up something like yum - which made me settle on Debian and Debian-based distributions. While building rpm packages was (and possibly is, it is a while ago I last built an rpm package) generally easier than equivalent .deb packages the robustness of a .deb system managed by apt was far higher than that of an .rpm system.

              1. 1

                What do you recommend instead?

                I have a lot of criticism about apt/dpkg-based distributions, but the alternatives seem to be consistently worse.

                1. 6

                  Void Linux.

                  1. -8

                    Void’s package manager and build system have been written from scratch.

                    … in C.

                    I think I’ll skip trying this. Using C or C++ in 2019 is just incredibly poor judgement.

                    1. 11

                      I would much rather my system has a fast and straightforward package manager written in lean C than something like Java, or Python. Calling his choice of C “incredibly poor judgement” comes across as patronising and kind of elitist - generally in poor taste

                      1. 4

                        Well the first commit to it was in 2009.

                        1. 1

                          I’ll comment that using C in 2019 can be the right choice for certain low level tasks like firmware or important system libraries or languages or operating systems.

                          As for XBPS, it was written in 2009 by an ex-NetBSD dev. C was the most respectable language for system level stuff at that point.

                      2. 1

                        Solus.

                    2. 3

                      Maybe things have improved in the meanwhile, but “sold as Linux laptop” does not automatically equal “good Linux experience”.

                      Another thing to note is that the “sold as Linux laptop” being conflated with “good Linux experience” tends to only be valid as long as the company continues to provide support.

                      1. 2

                        apt has the horrible habit of “helpfully” removing packages it thinks you no longer need

                        … but it will never remove any packages you installed…

                        1. 4

                          That’s the theory, but in practice it will also do really surprising things with packages you explicitly installed, not that this is a good model in the first place. I don’t have any examples at hand, and lack an apt-based machine. Here’s another old example which illustrates the kind of broken behaviour:

                          $ apt-get install consolekit:i386
                          
                          Reading package lists...
                          Building dependency tree...
                          Reading state information...
                          The following packages were automatically installed and are no longer required:
                            python-mutagen python-mmkeys python-cddb
                          Use 'apt-get autoremove' to remove them.
                          The following extra packages will be installed:
                            docbook-xml libck-connector0:i386 libpam-ck-connector:i386 libpam0g:i386
                            libpolkit-gobject-1-0:i386 sgml-data synaptic
                          Suggested packages:
                            docbook docbook-dsssl docbook-xsl docbook-defguide libpam-doc:i386 perlsgml
                            doc-html-w3 opensp dwww deborphan
                          Recommended packages:
                            rarian-compat
                          The following packages will be REMOVED
                            acpi-support aptdaemon apturl colord consolekit dell-recovery
                            gnome-bluetooth gnome-control-center gnome-power-manager gnome-system-log
                            gnome-user-share hplip indicator-datetime indicator-power indicator-sound
                            jockey-common jockey-gtk landscape-client-ui-install language-selector-gnome
                            libcanberra-pulse libck-connector0 libnm-gtk0 libpam-ck-connector
                            manage-distro-upgrade nautilus-share network-manager-gnome policykit-1
                            policykit-1-gnome printer-driver-postscript-hp pulseaudio
                            pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-x11
                            python-aptdaemon python-aptdaemon.gtk3widgets python-aptdaemon.pkcompat
                            sessioninstaller software-center software-properties-gtk
                            ubuntu-system-service ubuntuone-control-panel-common
                            ubuntuone-control-panel-qt ubuntuone-installer update-manager
                            update-notifier xul-ext-ubufox
                            The following NEW packages will be installed
                            consolekit:i386 docbook-xml libck-connector0:i386 libpam-ck-connector:i386
                            libpam0g:i386 libpolkit-gobject-1-0:i386 sgml-data synaptic
                          0 to upgrade, 8 to newly install, 46 to remove and 0 not to upgrade.
                          Need to get 3,432 kB of archives.
                          After this operation, 20.6 MB disk space will be freed.
                          Do you want to continue [Y/n]?
                          

                          Removed my wireless drivers like this once :-/ Easiest way to get them back was run the Dell recovery stuff :-(

                          I’ve been told that apt is the new apt-get; I don’t know how well it does in comparison, as this was before apt.

                          1. 4

                            There is a lot to unpack here.

                            It appears that you’re working with multiarch. That’s more complex that average.

                            Second, there does not appear to be a package named dell-recovery in the Debian repos. Was it there in the past, or is it a third party package? I bet it depended on specific versions of some packages rather than depending on something like “>= version 1.2.3. This is super-common among third party packages because the authors don’t know what to expect in the future from those packages and they fear an upstream upgrade breaking their package…

                            Finally, that package consolekit has been removed from Debian, so I can’t figure out how to check the reverse dependencies… But I can tell you, it was in the admin section. Those packages are all.. I dunno, “low level” or “fundamental”. It appears that you asked your 64-bit Debian to install the 32-bit version of a fundamental package.

                            1. 1

                              But why are those packages being removed? Why remove packages when installing a package? What’s the rational?

                              1. 1

                                There is a conflict between the new package (or its dependencies) and existingly installed packages (or their dependencies). Thus the package cannot be installed on the current syste. Instead of simply refusing, apt suggests a possible system the package could be installed on (by removing some current packages) and asks you if that is what you want to do.

                              2. 1

                                What would you prefer happen in this case? Just refuse to install?

                                1. 6

                                  For example; that’s what most systems do. Or give me an option asking me what to do. Certainly not removing critical packages like pulseaudio, gnome-control-center, etc. No other system I’ve used tries to be “smart” like this.

                                  Computers are really dumb, and algorithms like this doubly so. In attempting to do “the sane thing” apt-get is more likely to leave a system in a usable state, rather than the reverse.

                                  1. 2

                                    I understand your point that maybe it should force you to be explicit and remove conflicting packages yourself. It does however ask you if you want to continue after it has told you what it plans on doing. Also, often if you say no it’ll offer an alternate solution to the conflict that may be more palatable.

                                    1. 7

                                      It does however ask you if you want to continue after it has told you what it plans on doing

                                      Yeah, but the output needlessly long, noisy, and has a general “wall-of-text”-y feel to it. It’s easy to miss things, especially if it’s just a few packages that are removed (instead of a whole bunch).

                                      Here’s how it could look:

                                      $ apt-get install consolekit:i386
                                      
                                      The following packages will be REMOVED
                                        acpi-support aptdaemon apturl colord consolekit dell-recovery
                                        gnome-bluetooth gnome-control-center gnome-power-manager gnome-system-log
                                        gnome-user-share hplip indicator-datetime indicator-power indicator-sound
                                        jockey-common jockey-gtk landscape-client-ui-install language-selector-gnome
                                        libcanberra-pulse libck-connector0 libnm-gtk0 libpam-ck-connector
                                        manage-distro-upgrade nautilus-share network-manager-gnome policykit-1
                                        policykit-1-gnome printer-driver-postscript-hp pulseaudio
                                        pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-x11
                                        python-aptdaemon python-aptdaemon.gtk3widgets python-aptdaemon.pkcompat
                                        sessioninstaller software-center software-properties-gtk
                                        ubuntu-system-service ubuntuone-control-panel-common
                                        ubuntuone-control-panel-qt ubuntuone-installer update-manager
                                        update-notifier xul-ext-ubufox
                                      
                                      The following NEW packages will be installed
                                        consolekit:i386 docbook-xml libck-connector0:i386 libpam-ck-connector:i386
                                        libpam0g:i386 libpolkit-gobject-1-0:i386 sgml-data synaptic
                                      
                                      Need to download 3,432 kB; 20.6 MB disk space will be freed.
                                      8 to install, 46 to remove
                                      
                                      :: WARNING: this operation will REMOVE packages!
                                      
                                      Do you want to continue [y/N]?
                                      

                                      So much cleaner, and the default is now “no”, as it’s an unexpected dangerous operation. The warning text should probably stand out (bold, standout attr, colour, whatever your taste prefers).

                                      This is getting a bit off-topic, but commandline interfaces are user interfaces every bit as much as graphical desktop and web apps. It’s something that needs to thought about, designed, ideally it should be tested, and should be tweaked based on how people are actually using it.

                                      apt-get is a good example of a terrible user interface in many ways. It’s the commandline version of a chaotic ERP product or 2001-era webapp that has grown since. Sure, it may be powerful and the underpinnings are probably good, but the UX is … not ideal.

                                      apt has since replaced apt-get; I don’t know if it does better as I haven’t used any of this in a while, but this post suggests it may not :-(

                                      1. 4

                                        They already put REMOVED in all caps. Also, after you do a few thousand apt-get invocations, you certainly notice when the ‘removed’ stanza is present vs when it is not.

                                        Debian was the first OS I knew about that had a reliable, sane package manager.

                                        If the solution to the problem is to reinstall packages, then the system is NOT broken. If the solution to the problem is to reinstall the OS from scratch, then the system is BROKEN.

                                        I hope everybody understands that in this circumstance, Debian was preventing the system from becoming broken. Small price to pay…

                                    2. 2

                                      In attempting to do “the sane thing” apt-get is more likely to leave a system in a usable state, rather than the reverse.

                                      Never personally happened to me, but I know a bunch of people new to linux who have broken an ubuntu system with an apt command. This stuff never seems to happen on arch/fedora/whatever, but apt just seems to have a propensity for breaking stuff if you aren’t careful.

                            1. 16

                              Hmm. I can’t help but wonder why virtualenv + Docker is necessary in 95% of cases? Why not just install the requirements globally to the Python install… given, you’re in a container and running likely only 1 app… ?

                              1. 7
                                1. System python packages might occasionally conflict with packages in your virtualenv (see https://hynek.me/articles/virtualenv-lives/).

                                2. For multi-stage Docker builds, where you have compiler etc. in first stage, and then copy over compiled code (Python C extensions etc.) into second stage image that doesn’t have gcc etc so gives you a smaller image. In this case, installing directly with pip means some files end up in /usr/bin, others in site-packages, so it’s hard to copy everything over. Virtualenv solves that since everything is one directory.

                                1. 1

                                  This would be great context to add to the top of the post!

                                  1. 1

                                    Yeah. People asked this a lot, so going to write another article about that specifically and will then link to it from this article.

                                2. 6

                                  … and why not using the already great Python images: https://docs.docker.com/samples/library/python/ ?

                                  1. 3

                                    Or on top of that, why bother activating at all? You can always just give the full path to your virtualenv python binary and it’ll know where everything else is.

                                    1. 3

                                      As I discuss in the article, this is definitely an option. However:

                                      1. This is repetitive, so it’s easy to forget when you add the 10th call to Python, in cases where you have complex setup.
                                      2. It doesn’t affect Python subprocesses, which some programs will run.

                                      The proposed solution suffers from neither problem.

                                  1. 3

                                    Still poorly distinguishable ‘o’ and zero. Just shows how committees can be wrong about things.

                                    1. 4

                                      I’m more annoyed by the almost-square parentheses.

                                      1. 3

                                        This matters a fair amount in the terminal where the context is often insufficient to differentiate between a number and a letter, but does it matter as much in a dashboard where the context is probably much stronger? I think a pilot won’t wonder too often if the plane is going 6OO mph or 600 mph.

                                        1. 4

                                          Idk if radio callsigns or transponder signals use 0/O in ways that can be conflated, but it seems an obvious confusion that could be removed. The NATO phonetic alphabet distinguishes ZEERO from OSCAR pretty clearly, after all.

                                      1. 4

                                        If I understand correctly the suspected malware was trying to snoop crypto keys from the environment? Obviously it sucks that this happened, but surely how you run your node application is also a big part of the problem.

                                        If you’re going to run it with sensitive information about other software available in the environment, isn’t that a bad practice to begin with? Likewise, if you run it with elevated privileges then aren’t you also making a mistake, from a defense-in-depth standpoint? I think we (as application developers using the node ecosystem) all need to take a bit more collective responsibility for letting issues like this affect us.

                                        Somewhat-relatedly, Ryan Dahl, the creator of Node, is now working on deno “A secure TypeScript runtime built on V8”. One of the features is

                                        File system and network access can be controlled in order to run sandboxed code. Defaults to read-only file system access and no network access. Access between V8 (unprivileged) and Rust (privileged) is only done via serialized messages defined in this flatbuffer. This makes it easy to audit. To enable write access explicitly use –allow-write and –allow-net for network access.

                                        1. 2

                                          If you’re going to run it with sensitive information about other software available in the environment, isn’t that a bad practice to begin with?

                                          In a server context yes, but node is also in use in a fair amount of desktop software as well where that’d be the norm rather than the exception.

                                          1. 2

                                            That’s a good point, I had forgotten about how common that use case is. And now I actually find that the most concerning of the three, for these kinds of vulnerabilities ( the others being: browser - fairly well sandboxed; server node app - securable by developer / devops / security policies).

                                        1. 4

                                          I remember the pidgin plugin that would send anyone who started composing an IM for you a message first. Good times!

                                          But, what I love even more are that all of the commits have been perturbed so their hash starts with cafe! The author notes he’s changing the timestamps, author and committer fields until he gets what he wants.

                                          1. 1

                                            Man, that brings back some fun memories with Pidgin plugins back when AIM was huge. My favorite was when I hooked up a copy of ELIZA, and had it chat with my girlfriend. I’m not whether it says a lot about my girlfriend, my conversational skills, or ELIZA that it took her quite awhile to figure out she wasn’t talking with me.

                                          1. 10

                                            I know this post will sound really bad no matter how I say it, but I wonder how much of sexism, in the present (unlikely) or future (more likely) will be more fear than misogyny.

                                            Womens are becoming a touchy subjects and, in today’s world where a trial is decided by the public before it goes to court, a false rape accusation does more damage than the trial itself (at least imo). If I were an employer I’d be worried of female employees, not out of hatred or anything, but because they would hold so much power to screw me over.

                                            I personally don’t care what gender you are or religion or species.. I even like talking to assholes as long as they have something interesting to say. (Sadly I tend to be a bit of an asshole myself) But I would still be scared of talking to random women in a context like a conference because I might say something that puts me in a really bad place. It feels like I would be talking to someone with a loaded gun in my face.

                                            I think the best friends I have are those who made me notice my mistakes instead of assuming the worst of me, while the tech scene today seems more like a witch-hunting marathon to me.

                                            On that subject, why does the world have to work with cues and aggressive stances? Why can’t we be honest with each other? I see it every day, someone above me expects everyone to catch on her cues, if they don’t, they’re the bad guys, without even letting the other end knowing anything.

                                            Most angry tweets and blog posts about this topic are from people who just kept everything in or bursted out in anger at them and they got defensive or responded just as aggressively (kinda to be expected, honestly). I would love to see examples of people who were made aware of their behavior and everything went fine after that.

                                            1. 18

                                              a false rape accusation does more damage than the trial itself (at least imo).

                                              A genuine rape accusation also does more damage than the trial itself. In both cases, the victim is affected. It’s only how we perceive it that’s different.

                                              I think somewhere along the line communities started to encourage angry reactions as a way of maximising engagement. Somewhere along the line, we forgot to be kind by default, in a way we weren’t offline. I meet people who spend a lot of time in online communities, and you can see (amongst some people) that their online behaviour leaks into their personal offline behaviour, but rarely the other way.

                                              I think the recent furore over Equifax’s CSO having a music degree is a good example of this. Nobody should care about someone’s degree, but a marketwatch piece designed to provoke angry responses, provoked angry responses on the Internet. The Twitter algorithms designed to increase engagement increased engagement and the Internet went twitter crazy.

                                              There has to be a way to use a combo of the tools we use for engagement to promote de-escalation and de-engagement. Deprioritising inflammatory content to make the world a better place is not losing out. It’s winning.

                                              That’s what I really love about lobsters. People may have issues misinterpreting context and social cues here, but generally people are kind to each other.

                                              1. 10

                                                a false rape accusation does more damage than the trial itself

                                                That sort of accusation could, for example, prevent you from winning an Oscar. Or become elected US President.

                                                1. 11

                                                  [Note: Before reading this, readers should probably know I have PTSD from a head injury. The side effects of nervous eyes, mumbly voice, and shaky hands apparently make me look like an easy target for male and female predators alike. I’m like a magnet for assholes who I usually deal with patiently, dismiss, or stand ground. Mostly ignore them. This issue required special treatment, though, since I was always treated very differently when it as something like this.]

                                                  Far as scenario you’re worried about, it’s a real thing that’s happened to me multiple times. Not rape claims fortunately but sexual harassment or discrimination. I think I was getting false claims to managers two or three times a year with dozens making them to me directly as a warning or rebuke but not to my bosses. They just wanted me to worry that they could or would destroy me. Aside from the random ones, it was usually women who wanted a discount on something, wanted to be served ahead of other customers, or (with employees) not wanting to do the task they were given since it was beneath them or “man’s work.” Saying no to any of that was all it took…

                                                  However, I was in a service position dealing with thousands of people plus dozens of workers due to high turnover. With all those people, just a few claims a year plus dozens of threats shows how rare this specific kind of bully is. Those that will fully push a false, gender-oriented claim are rare but highly damaging: each claim led people [that didn’t know me well] to assume I was guilty by default since I was male, interrogations by multiple supervisors or managers, and a waiting period for final results where I wondered if I’d loose my job and house with no work reference. Employment gaps on resumes make it harder to get new jobs in the U.S.. I got through those thanks to what I think were coworker’s testimony (mostly women) and managers’ judgment that the good and bad of me they’ve seen versus straight-up evil stuff a tiny number of women were claiming didn’t match up.

                                                  Quick example: As a team supervisor, I always gave jobs to people in a semi-random way to try to be equal in what people had to do. Some supervisors seemed to cave in if a worker claimed the work was better for another gender, esp labor vs clerical vs people-focused work. When giving an assignment, the most shocking reply I got was from a beautiful, racially-mixed woman who had been a model and so on. A typically-good, funny worker who had a big ego. She said the specific task was a man’s job. I told her “I enforce equality like in the 19th Amendment here: women get equal rights, equal responsibilities.” She gave me a snobby look then said “I didn’t ask for that Amendment. Keep it, get rid of it, I don’t care. (Smirked and gestured about her appearance) I don’t need it. And I’m not doing man’s work.” I was a little stunned but kept insisting. She grudgingly did the job but poorly on purpose to disrupt our workflow. I had to correct that bias in my head where I assumed no woman would ever counter law’s or policies giving them equality outside maybe the religious. I was wrong…

                                                  Back to false claims. That they defaulted against males, including other men who got hit with this, maybe for image reasons or just gender bias led me to change my behavior. Like I do in INFOSEC, I systematically looked for all the types of false claims people made esp what gave them believability. I then came up with mitigations even down to how I walk past attractive women on camera or go around them if off-camera. The specific words to use or avoid is important, esp consistency. I was pretty paranoid but supporting a house of five people when lots of layoffs were happening. The methods worked with a huge drop in threats and claims. Maybe the bullies had less superficial actions to use as leverage. So, I kept at it.

                                                  This problem is one reason I work on teams with at least two people who are minorities that won’t lie for me. The latter ensures their credibility as witnesses. Main reason I like mixed teams is I like meeting and learning from new kinds of people. :) It’s a nice side benefit, though, that false claims dropped or ceased entirely when I’m on them for whatever reason. I’m still not sure given I don’t have enough data on that one. I also push for no-nonsense women, especially older with plenty of experience, to get management roles (a) since I’ve always promoted women in the workplace on principle and because mixed teams are more interesting; (b) side benefit that a woman whose dealt with and countered bullshit for years will be more likely to dismiss a false claim by a woman. When I finally got a female boss, esp who fought sexism to get there, the false claims that took serious investigation were handled usually in minutes by her. There was just one problem while she was there with a Hispanic woman… highly attractive with excellent ability to work crowds… that wanted my position launching a smear campaign. It almost worked but she had previously tried something on same manager she needed to convince. Her ego was so strong she didn’t think it would matter because she’d win her over too. Unbelievable lol. She left in a few months.

                                                  So, yeah, I’d not go to one of these conferences at all probably. If I do, I’m bringing at least two women, one non-white, who barely like me but support the cause. If they leave me, I’m either going outside or doing something on my computer/phone against a wall or something. I’m not going to be in there alone at all given this specific type of bully or claim will likely win by default in such a place. Normally, though, I don’t mind being alone with women if there’s witnesses around that’s a mixed crowd, I’ve gotten to know them (trust them), or they’re one of the personalities that never pull stuff like this. I’ve gotten good at spotting those thanks to the jobs I did working with strangers all day. I get to relax more than you’d think from this comment, though, since vast majority of females on my team, other teams, and customers’ like me or at least neutral. The risk reducing behaviors are so habitual after years of doing them I barely notice I’m doing them until I see a post like this.

                                                  Not funny note: There was also real sexism and harassment against women, esp from younger crowd. We had to deal with that, too. On rare events, some physical assault and stalkers that required police and other actions to deal with. One of the problems in many organizations is people will say the woman is making it up. Then, justice won’t happen. Our women were honest enough and male assholes brazen enough that we usually knew who was lying. Similarly when the women were bullshitting about harassment. In many other places or in trials, the defense was the woman might have been making it all up to spite the male. The reason that defense often works is because of the kind of bullies and lies I describe above. I get so pissed about false claims not just since they impacted me but because a steady stream of them in the media is used to prevent justice for real victims. That combination is why I write longer and fight harder on this issue.

                                                  1. 9

                                                    a false rape accusation does more damage than the trial itself (at least imo)

                                                    In our society, a woman reporting a rape has to deal with a lot of shit from a lot of different people. Stuff like victim blaming, “What did you wear?”, “Oh you must’ve been reckless” make it already very hard for women to report rape when it happens. If anything we should be more concerned with women not reporting rape cases rather than false reports – especially since the latter is very small compared to the former. Sorry for not providing any sources, I’m on mobile right now.

                                                    1. 15

                                                      I know this post will sound really bad no matter how I say it,

                                                      It does sound really bad. My favorite part is when you use the phrase “witch hunting” to somehow excuse the fear of women being around.

                                                      but I wonder how much of sexism, in the present (unlikely) or future (more likely) will be more fear than misogyny.

                                                      Oh so very little. Do not fear for mysoginy, it will be around forever.

                                                      1. 16

                                                        My favorite part is when you use the phrase “witch hunting” to somehow excuse the fear of women being around.

                                                        I could not find a gender-neutral term that carried a similar meaning. This is definitely a fault on my part (my english dictionary is not that rich) but I was referring to the act of persecution by one or more individuals to the intended result of ruining someone’s life, humiliating them etc.

                                                        Oh so very little. Do not fear for mysoginy, it will be around forever.

                                                        What little hope for humanity and its self-improvement you seem to have. I understand the feeling.

                                                        My point was not whether misogyny will go away (it won’t), but how much of the perceived misogyny will be out of outright hatred rather than fear of consequences. Someone who doesn’t interact with women will be perceived as misogynous, but maybe he might just want to stay safe from ending up in a really bad situation? My “gun pointed at your head” analogy still stands. It feels uncomfortable and you can’t expect people to behave normally in those situations.

                                                        You seem to be the exact type of person I’m talking about, all going on the aggressive thinking I’m your worst enemy, not giving me the benefit of the doubt. I personally find it really hard to express my thoughts (it’s not just a language barrier, sadly), and getting attacked like that makes me really demoralized and demotivated to even talk. When I am not allowed to talk my mind without people instantly getting so aggressive at me, how am I supposed to not fear doing it?

                                                        1. 15

                                                          I personally find it really hard to express my thoughts (it’s not just a language barrier, sadly), and getting attacked like that makes me really demoralized and demotivated to even talk. When I am not allowed to talk my mind without people instantly getting so aggressive at me, how am I supposed to not fear doing it?

                                                          Thanks for saying this.

                                                          1. 5

                                                            I’m sorry that I sounded aggressive, because I was not trying to. I’m still not angry, nor replying out of spite or hate. :) I’m not a native english speaker (either?), so it can be that. Oh, and I also never thought of you as my worst enemy.

                                                            I could probably hug your right now, seriously, although I’m a little unsure how to understand your analogy that interacting with women is like having a gun pointed at your head.

                                                            As far as I can tell, we agree that misogyny will not go away – try to destroy an idea… – but we kinda disagree about how we should deal with it. I am not in a position to lecture anyone on the topic, and deeply nested threads tend to go off-topic easily, so I’ll happily reply to your emails if you’d like to.

                                                            1. 2

                                                              Thank you for your kind words, I’m sorry I misinterpreted your reply then!

                                                              I hate to link to it but I think that what best describes my analogy is a scenario like what ESR described. With no proof (even though the source claimed there had been attempts already) either back then or now, that was ruled as “unlikely” at best, but the fact that it doesn’t sound completely ridiculous and could be actually be put to action by a malicious group worries me.

                                                              I honestly don’t think most women are like that at all, and as you said, this is going a bit off topic.

                                                              About “how to deal with it”, I’m not proposing a solution, I do wonder if being more straightforward with people and less “I’ll totally blogpost this unacceptable behavior” would make anything easier though.

                                                              For example, the author quotes Berry’s paragraph about not giving anything for granted, yet instantly assumes that assuming that females are less technical is a big drag for women in tech. What about a little understanding? With so many women in sales and PR positions, the guy might be just tired as hell of having to deal with marketers (although the CTO title should have spoken for itself.)

                                                              Not denying that some people are just sexist jerks, though.

                                                          2. 8

                                                            Both literal witch hunts and the more recent metaphorical sense were frequently directed at men. The notion that “witch” is female is an ahistorical modern one and simply not part of what the word means in the context of a “witch hunt”.

                                                            1. 0

                                                              …So? Are you reading that Internet comment in the 1700s when historical witch hunts were actually happening?

                                                              1. 3

                                                                The witches arrested during the Salem Witch Trials (in 1692-3, around 150 being arrested) and killed (24, 20 executed, 4 died in jail) weren’t all women. A cursory scan of the accused show plenty of male names (although it does seem to bias towards women).

                                                          3. -2

                                                            The post content here is a man relating his experience of seeing his cofounder get talked over and ignored because she is a woman, so you immediately comment about… how bothersome it is that a woman might one day accuse you of sexual assault?

                                                            What the actual fuck is wrong with you? You should be thoroughly ashamed of yourself. Delete your account.

                                                            1. 16

                                                              What the actual fuck is wrong with you? You should be thoroughly ashamed of yourself. Delete your account.

                                                              I generally avoid these topics like the plague, but this is the exact reason why. It’s absolutely appalling to me that anyone thinks this is a good response to any comment ever. If you are trying to persuade people or this person, then you have completely failed in backing up your comments with anything but insults. If you aren’t trying to persuade anyone, then you are just a troll who enjoys yelling at someone who is clearly (based on the other comments in this thread) is trying to genuinely learn. You took a teaching moment and made it a display of hatred.

                                                              1. -1

                                                                If you are trying to persuade people or this person, then you have completely failed in backing up your comments with anything but insults

                                                                This assertion is completely absurd. I’ve been this asshole, been told off and/or beaten up, and learned better. Violent complaint is precisely how signalling to people that their behavior is utterly abhorrent works in society.

                                                                1. 6

                                                                  How should I signal to you that your behavior here, in this thread, is utterly abhorrent? Should I threaten to beat you up? Tell you to delete your account? Scream aggressive obscenities at you?

                                                                  Whatever it is you think you need to hear to stop behaving this way, pretend that I said it.

                                                                  1. 3

                                                                    I’ve been this asshole, been told off and/or beaten up, and learned better.

                                                                    I’ll just say that I find this comment immensely more helpful than your previous comment. If you’d like to expound on how specifically you’ve “been this asshole” in the past, and what you’ve learned from the experience I’d wager that’s much more likely to convince Hamcha (and the rest of us) to change their mind and behavior.

                                                                2. 5

                                                                  I questioned the reason she was ignored and proposed a motivation for which people might fear dealing with women. I also questioned what would have happened if the guy would have put any effort in making the issue clear to the people he’s talking shit about other than vague clues before making accusations with circumstantial evidence.

                                                                  What is there to be ashamed of?

                                                                  1. 3

                                                                    Normal people can have conversions with members of the opposite or same gender without constantly panicking about rape allegations. Do you specifically avoid female waiters at restaurants or cashiers at supermarkets? Is this somehow different to taking to a woman in a nontechnical role? If not, why do you think it is reasonable to pretend a woman who codes is any different? Hell, how on earth can you pretend the possibility of rape allegations is a valid reason to pretend that a person does not exist while in a meeting with multiple participants?

                                                                    Your regurgitation of sexist crap is shameful. Your lack of thought about it is bewildering. Delete your account.

                                                                  2. 3

                                                                    Who taught you to shame people for their feelings and beliefs?

                                                                    1. 0

                                                                      Some beliefs are horrendously evil. Your freedom to believe harmful crap does not constitute immunity from being yelled at for spouting it in public.

                                                                1. 5

                                                                  I dislike how this leaks metadata by storing the site names in plaintext. I’d care more about people finding out I had a Neopets account than I would about the password to that (entirely hypothetical) account.

                                                                  Also, is it possible to store a username for a site as well as a password? It doesn’t look like it from the examples. Sometimes remembering what username you used for a site is harder than the password.

                                                                  1. 3

                                                                    Also, is it possible to store a username for a site as well as a password? It doesn’t look like it from the examples.

                                                                    Yes, you can store a username or any arbitrary data. See the section titled Usernames, Passwords, PINs, Websites, Metadata, et cetera.

                                                                    1. 2

                                                                      See the section titled Usernames

                                                                      Oh, duh. I searched the man page for “username” but not the website.

                                                                      1. 2

                                                                        Sounds like they need to patch their man page.

                                                                    2. 3

                                                                      You can name the files whatever you like. You could create an encrypted file that was a map of random filenames to the account name if wanted. I’ve thought about creating a patch that would do that storing and lookup for you.

                                                                      1. 1

                                                                        I’m not associated with pass, but I think that would be a much-welcomed optional feature, should you find the time to implement it.

                                                                      2. 2

                                                                        You can store any data you want. However I do agree I don’t like storing the site names in plaintext, but in general I find pass a really handy tool. I have just migrated from keepassx2 to pass.

                                                                      1. 2

                                                                        I’ve got two sites using Python and Reportlab. It gets the job done, but certain layout tasks are particularly painful. In places where performance isn’t quite as much of an issue and you’re not super picky about the output, wkhtmltopdf and it’s associated libraries are super easy to get up and running with.

                                                                        Lambda does seem like it’d be particularly well suited for this.

                                                                        1. 2

                                                                          Why not? Considering the type of task, the process seems a good candidate for going the"serverless" way. It’s a simple 1:1 pipeline , am I missing something?

                                                                          1. 1

                                                                            I think you inserted a “not” into my last sentence (I probably could’ve found a better way to word it).

                                                                            I would absolutely give Lambda a shot for this.

                                                                        1. 3

                                                                          In order for the fix to be enabled, the code calling addJavascriptInterface must be compiled against API 17 or above – that is, you must target Android 4.2 or later.

                                                                          Yikes! Sadly this means anyone making the business decision to target older devices leaves their app vulnerable even on modern devices. (I don’t think version splitting is popular on android, is it?)

                                                                          1. 2

                                                                            I don’t develop anything super complex on Android, but I always just set my targetSDK setting to the current highest API level. I’ve never come across anything where this has created a backwards compatibility issue. As long as you don’t actually use any new API feautes (which IntelliJ will warn you about), old devices can use your app fine. So I suspect that most vulnerable apps in their search, could fix the problem by bumping their targetSDK version and recompiling.

                                                                            I’d be interested in hearing about any common issues caused by just always using the latest targetSDK.

                                                                          1. 2

                                                                            Would it be fair to say that Flask is roughly equivalent to Sinatra, only in Python instead of Ruby?

                                                                            1. 3

                                                                              I’ve only done a tiny bit of playing with Sinatra, but I’d say that it’s an apt comparison. From my vague recollection of Sinatra I’d say it’s slightly more micro than flask.

                                                                              1. 1

                                                                                What do you mean? What’s there so heavy about Flask?

                                                                              2. 1

                                                                                Would it be fair to say that Flask is roughly equivalent to Sinatra, only in Python instead of Ruby?

                                                                                Yes.

                                                                                Except that, while in the Ruby world, Rails is the number one (only?) choice, the Python world is more fragmented. I won’t say if this is a good or bad thing. I personally prefer Flask.

                                                                                I bought the book when it came out. It is more useful for people who already know some Flask, as it teaches best practices (a bit like 2 scoops of Django).

                                                                              1. 5

                                                                                So basically WebOS had it right, we just weren’t ready for the future?

                                                                                1. 2

                                                                                  webOS got an awful lot of things right, but its failure in the marketplace was a logical outcome given its poor performance and insanely inept management and marketing. I really wish it had succeeded, but I’m also quite happy just to see its UI paradigms showing up in iPhone, Windows Phone, Android, and, as you rightly point out here, normal websites.

                                                                                  1. 2

                                                                                    I think you mean Hypercard. ;)