1.  

    Would you also categorize command-line tooling under this tag, or just the actual shells?

    1.  

      I was also thinking of tooling - hence the zsh-utils example. Similar to a programming language tag - updates for the language and anything written in that language could fall under the tag. This would also avoid separate tags for bash, zsh, posix shell etc, because of how similar they are overall.

      1.  

        It might be worth is just to have a tooling tag.

        I could make a much better case for that, though the concern is that it’d become a dumping ground for product advertising.

        1.  

          I think the name tooling might be too broad for what I was imagining. Since you could easily make the case that something like docker should be included under tooling because it’s dev tooling.

          It’s also a bit farther from my interest in shell scripting, which is a big part of the reason for my tag proposal.

    1. 10

      Cool, this is how image should be made!

      At work we even go a little further. We strip unnecessary symbols from binaries binaries and use extreme compression on files using upx. I believe we’re hitting the 3MB mark. We define a non-root user and disable as much capabilities as possible to make things even more constrained and secure.

      1. 15

        The symbols are unnecessary right up to the point that your program crashes and you’d like to know why.

        1. 7

          You can still keep the ELF symbols as separate files outside of the image, right? Similar to how dbg packages work with package managers.

          1. 3

            True. However, for our use cases this tradeoff is fine. We consider nginx to be stable enough, and haven’t had any crashes yet. The container will automatically restart if it does, and if we do need to debug a repeating crash we switch to a version with symbols.

            1. 12

              Which may or may not have the same problem…

              1. 5

                But isn’t it more fun to just watch people discover this on their own?

          2. 3

            Thanks for the kind words!

            That’s maybe too far of a stretch, but it’s not a bad idea.

            Feel free to check out my lighttpd and dnsmasq images, too.

            I’m in the works of doing a haproxy image and writing a blog post about my process for building tiny (IMO, correct) images like this one.

            1. 1

              If you want small and secure, check out Lwan. It might fit one of your use-cases. It’s supposed to be useful from embedded to servers.

              1. 1

                I’ve heard wonders about Lwan, but I haven’t had the time to try it out.

            2. 2

              I tried to build OP’s container and it gave errors copying rootfs (I think it has a build/CI process that isn’t in the repo).

              So I hacked it up to always use musl, strip the binary, and upx it. I verified that it builds with -fPIC to produce Position-Independent Code. The final container size is 3.2MB and it builds easily.

              https://github.com/sean-public/nginx-tiny

              1. 1

                OP here, you shouldn’t have any issues building the image.

                I think I know the issue are you running into. Try with the following:

                1. clone repo, cd into it
                2. run docker build -t nginx:glibc -f glibc/Dockerfile .

                Replace with musl for musl-based image

            1. 5

              I trust Mozilla so I will take them at their word that the file is being encrypted end-to-end. (And I know I could go read the code.) But can there be a way for a lay user to see that a file is actually encrypted? A user can compare a visual hash of the entire contents of the file. But how can they know it’s strong encryption? Perhaps we need to move the E2E support to the browser or the OS.

              1. 19

                I can confirm that they do (as I’ve been reversing it to build ffsend). The file content, along with additional metadata is encrypted on the client. The hash part of a share URL contains the secret required to decrypt a file, and is thus never sent to the remote server. They’re currently using 128-bit AES-GCM along with some derived keys using HKDF SHA-256, as described here, so decide for yourself.

                1. 5

                  Cool, thanks for the info! I never doubted that, but I’m just thinking out loud about ways we can make this obvious to non-technical users (something like the green lock in the URL bar.)

                  1. 4

                    It’s actually really funny how close this is to a project I wrote on a weekend a few years back at my first security company. The main difference was mine was focused on text oriented blobs instead of files, so I didn’t do metadata: https://blacknote.aerstone.com/

                    I also used NaCL instead of relying on AES-GCM. My testing also made me hyper skeptical about JavaScript random number generation, to this day I’m not certain how to solve that problems and still highly suggest that people steer clear of JavaScript for high entropy needs.

                    1. 4

                      Any idea why it’s 128-bit? I thought FF had 256-bit.

                      1. 3

                        I think this (and the following comments) answer it: mozilla/send/issues/86

                        1. 4

                          That a weak argument. Looking at big picture, though, the kind of folks that will be able to break the crypto can already afford 0-days from brokers to hack those Firefox users. So, probably not that important.

                          1. 3

                            It’s a horrible argument. There is very little difference to the developers to choose the stronger ciphers, especially since it is using the client for encryption. When I did this I just used NaCL and stuck to actually ya know…. listening to cryptographers. I really don’t understand why you wouldn’t select the more forwardly secure option.

                            1. 2

                              The only times it makes sense to go weaker by default are legacy (no choice) and resource-constrained microcontrollers (also no choice). This shit is running on desktops that routinely do 256-bit crypto. No excuse.

                              They so need to remember other developers might imitate whst popular projects do. Gitta set a good example with good defaults.

                  1. 3

                    I feel like I’ve been using this for at least a year, is it really actually new? Or did it just go from open beta to stable release?

                    1. 2

                      The user experience is the same. The internals have changed.

                    1. 2

                      How does this work if Skype snoops on the URL as you share it?

                      1. 3

                        Anyone having the full URL will be able to download the file as long as it’s available. Thus, if a Skype employee, or someone else manages to obtain the URL they’ll be able to download. You can set an additional password though, which you share through a different channel making the URL useless without it.

                        1. 4

                          I think Vaelatern might be referring to the habit that Skype et al. have of issuing a HEAD/GET for every URL in every message, for their “link preview” features. This probably doesn’t affect Mozilla Send though, as the shared URL is for an HTML document which contains the real download link, right?

                          1. 4

                            My bad! Nope, that doesn’t affect it at all. You have to explicitly click a download button on the share page. Only when the file is fully downloaded the download counter decreases.

                      1. 8

                        I just tried uploading a 350MB file as a test, and it looks like it doesn’t generate your unique URL for copy/pasting until it’s done. I remember ge.tt years ago would change the location bar almost immediately to the unique URL, and if someone else loaded the page while you were still uploading they still got a “please wait” page (or did it allow partial/streaming downloads? I forget). I’m always surprised when I don’t see similar functionality on file sharing sites these days. Is there some technical reason Mozilla avoided it here?

                        1. 8

                          I don’t know the real technical reason.

                          What I do know, is that the service currently only responds with the actual share URL after you’ve fully uploaded your file (it isn’t the interface holding it back). The actual share entry is probably only created when it has confirmed your upload didn’t fail. The fact that Amazon object storage is used probably also plays a role. The share URL contains a share ID and secret. The secret is generated by the client, and known before hand.

                          So, the method of encryption isn’t the problem here. I think the method of storage, and wanting reliable uploads resulted in this decision.

                        1. 26

                          I’ve been building a fully featured CLI tool for Firefox Send, supporting this new release.

                          For anyone that is interested: https://github.com/timvisee/ffsend

                          1. 7

                            I just can’t seem to understand why they’re effectively blocking Firefox though.

                            Changing your User Agent to that of a Chrome browser proves Skype is working. Things like WebRTC are supported. I’ve yet to find something that is broken.

                            They should call it Skype for Web Chrome instead.

                            1. 12

                              I just can’t seem to understand why they’re effectively blocking Firefox though.

                              It takes effort to test, and costs money to field support calls. Monocultures are just easier for members of the monoculture.

                              1. 8

                                I wonder though if there shouldn’t be a more active role for legislators here. I know that there is no monopoly here (multiple browsers that use Blink, easy to fork). But this is all awfully similar to the AARD code. People will blame Firefox (“it does not support the necessary features for Skype”), whereas it is largely an artificial limitation to cut out competition.

                                The support cost could be reduced by just stating ‘we don’t support Firefox, all Firefox support requests will be sent to /dev/null, if it does not work as it should use XYZ’. It’s not like these product have proper support anyway outside enterprise versions.

                            1. 1

                              What about marking the shell script for Full Access, and making it only editable by root. Wouldn’t that improve things security wise? Or do you need root anyway to configure a cron job?

                              1. 1

                                The script itself is not an binary, some interpreter (bash, python, lua, etc.) must run it, so whenever you are running a script, the binary name of the process is the interpreter, not the script, so I guess it wouldn’t work.

                              1. 3

                                Sadly my primary language is Java, so this is impossible in that case.

                                1. 9

                                  At least you try to keep symbol names within the 80 character limit, right? :)

                                  1. 1

                                    Changing the default indentation from 4 to 2 helps a lot.

                                  1. 3

                                    Yes, I like that too, also for properly being able to split without scrolling.

                                    I must say I actually prefer 120 characters, especially in Rust, as it tends to have long(er) signatures. Less weird line breaks, code tends to look nicer this way. It fits perfectly on my 1080p monitor in Vim with no sidebars. But I usually default to 80 characters to match others.

                                    1. 5

                                      Hah. :P Every Rust crate I’ve ever published is fairly strictly wrapped to 79 columns inclusive. I do this mostly because of the reasons mentions in the OP, but I’ve also found it to be fairly useful pressure towards refactoring code. Reducing right-ward drift and introducing more intermediate names usually—but not always—leads to code that I personally find easier to read. Reducing right-ward drift usually means introducing new functions or writing code with early returns/breaks.

                                      At work, for Go, we compromised at 99 columns (inclusive) for code and 79 columns (inclusive) for comments. We aren’t as strict as I am in my Rust projects, but it’s good enough.

                                      I would absolutely love for these problems to be solved by tooling, but so far, none that I’m aware of do. The auto-wrapping in text editors sucks. gofmt gracefully ignores line lengths. rustfmt takes the opposite approach (by enforcing line length and potentially inserting or removing line breaks), but this leads to issues too.

                                    1. 10

                                      Now why on the earth such library, that you don’t know line by line, should be able to call “FLUSHALL” and flush away your database instantly? Maybe the library test will have such command inside and you realize it when it’s too late.

                                      Yes. This.

                                      1. 1

                                        Redis should be used as volatile cache, not as your only persistent database.

                                        1. 3

                                          Flushing the volatile cache is still bad.

                                          1. 1

                                            Neither volatility nor homogeneity have anything to do with ACL.

                                            It’s simple damage prevention: If X has no business with data A, optimally it should never be able to access it in the first place.

                                        1. 3

                                          What do people use to make these? I know there’s Monodraw for macOS users, but it seems like this would be extremely tedious to do by hand.

                                          1. 3

                                            I bet at least some of them used Emacs’ picture-mode. Word’s don’t quite do it justice, so I found a video of a chap drawing UML diagrams using it for you :-)

                                            1. 2

                                              If you’re a vim user, the DrawIt plugin can be helpful. There’s also asciiflow.com as an online approach. Other than that, by hand is indeed how those are often done :)

                                              1. 2

                                                I’ve used DrawIt in Vim, along with some custom bindings to easily move text blocks. And it was awesome!

                                                It did have some compatibility/binding issues with other plugins I used I believe, thus I removed it again a while ago.

                                                1. 1

                                                  I’ve done this sort of thing a couple of times, entirely by hand. It doesn’t take too long once you get into the flow of things, as long as you have some ability to do block selection, copy, and paste. By block I mean vim’s Ctrl-v not v or V.

                                                  I’m sure there are tools for it, but it goes back to the old issue of investment. I don’t do it enough to justify spending time and effort learning how to use a tool to do it a little more quickly.

                                                  1. 1
                                                  1. 19

                                                    I always find it kind of funny that Google didn’t want generics in Go, but hacked it into one of their projects: https://github.com/google/gvisor/blob/master/tools/go_generics/generics.go

                                                    1. 26

                                                      There are many people in google, surely not all teams agree on this issue.

                                                      1. 16

                                                        There’s also a bit of a difference between an implementation that works for one project and The Solution built into the language, which is supposed to (ideally) be a choice in the design space that’s fairly good across a broad range of uses. There are a bunch of solutions that work for various definitions of work, but the ones I’ve read all still have weird warts and edge cases (but different ones). Besides lower-level questions like how they interact with other parts of Go syntax and semantics, there’s also still quite a bit of disagreement, I think, on which of the basic tradeoffs in generics design are right for Go. Some people want Go generics more along the lines of ML-style parametric polymorphism or Java-style generics, while others want something more like C++ or D-style templates that instantiate specialized versions per-type. (The implementation linked above looks like the 2nd type.) Probably only one of these mechanisms will end up in the core language, not both.

                                                        Edit: This “problem overview” from August 2018 has more details on the tradeoffs and current draft proposal.

                                                        1. -2

                                                          And yet apparently the language was shitty enough to force them to do this?

                                                      1. 15

                                                        I must say that magic links are useful in some cases:

                                                        I like them on websites you login on once a year, with the bonus users can’t forget a password. You won’t be able to leak sensitive passwords either, which some users like. There are way to many users using the same passwords over and over again, and the majority does not seem to be using a password manager.

                                                        But, I do believe you should make the use of a password optional for such implementation.

                                                        1. 9

                                                          The other benefit (for multi-tenant environments) is that magic links automatically have the same protections that the users’ corporate IT department have decided are important for security/HR reasons. No need to make multiple orthogonal password policies or support multiple MFA flows, and offboarding is automatic.

                                                          It’s like a poor man’s SAML. (You also have to support SAML)

                                                          1. 5

                                                            IMO magic links are better than passwords. Most people essentially have everything tied to their email anyway (password recovery in almost every case sends an email). It also solves the fact that most users will reuse the same passwords, or pick extremely weak passwords so they can remember them all.

                                                            Obviously password managers fix this too, but most users will not make use of them.

                                                            To quote the article:

                                                            but I think it’s important to recognize how users are used to logging in across the internet

                                                            The status quo is also that every few weeks a site has a data breach, and malignant actors gain access to several accounts because most users are “used to” reusing passwords.

                                                            1. 3

                                                              I like magic links, with JWTs for long (one-month) validity. Login rarely? Check your email rarely. Login regularly? Check your email rarely. And I don’t have to store passwords.

                                                              I do not know how to deal with people who don’t get email on their phone and need to log in on their phone.

                                                              1. 3

                                                                Why doesn’t the magic link authorise the session that initiated the send? Store the session id, magic token and authorised status in a table…

                                                                1. 1

                                                                  Because you already opened a new tab, you’d need to refresh the sending window or just use the window you already have. Also I wanted to minimize state where possible.

                                                                  1. 2

                                                                    IIRC, Slack uses a websocket connection to log you into the original session (even if it’s on a different device).

                                                                    1. 1

                                                                      Which requires more JavaScript, but I can see the value in that, especially combined with the JWT approach. Should be a great way to get people logged in on mobile.

                                                              2. 2

                                                                Magic links are near necessary for people who use an offline password manager but like to use Slack/etc.. on their phones.

                                                                The article calls out Slack for starting this trend, and that may be the case in some way, but Slack has the right idea of using magic links primarily for logging into their mobile app, and for desktop stuff, you still can use your password.

                                                                1. 4

                                                                  And then there’s people like me who don’t have access to email on their phone.

                                                                  1. 2

                                                                    Slacks magic link authorises your phone even if you click it on desktop.

                                                                    1. 1

                                                                      Indeed, then you’re back to the camp of turning passwords into QR codes and copying them to the phone that way.

                                                                1. 6

                                                                  Very interesting!

                                                                  Where does it come from though? Who has created this? How was this AI built? What data was fed into this AI to train it? Is a new image generated each request? What hardware is this running on?

                                                                  1. 5

                                                                    A link to the creator’s comment on HN.

                                                                  1. 13

                                                                    Rust is superb for these cases, where proper memory management is important. Even preventing you from creating accidental data races, unlike runtime languages such as Java or C#.

                                                                    I agree that you can’t blame developers for such bugs. The best of the best developers make mistakes, as bigger applications can become super complex when talking about memory.

                                                                    I do blame developers for complaining about memory bugs in C(++) programs though, when choosing a language guaranteeing memory safety like Rust was/is a viable option.

                                                                    1. 1

                                                                      Was/is it, though? How often do programmers actually get to choose programming languages or tools to a project? From my (limited, sure) experience, not very often.

                                                                      Also, technical merit is not the only parameter in determining the best tool for a job. New languages have a adoption cost, and a maintenance cost (i.e., how hard is it gonna be to hire more people to work with it). This has to be factored in with deadlines, and since times is money, the final decision is pretty much never made by the programmers.

                                                                      So, no, I don’t think it’s valid to blame programmers for “choosing” c/c++ when that decision is so often not made by them. At least it’s not ok without some extra qualifiers or something.

                                                                    1. 8

                                                                      tl;dr: Always use semicolons

                                                                      1. 9

                                                                        This is the worst trend in modern JS IMO. There’s no reason not to use semi-colons in this language.

                                                                        1. 4

                                                                          A E S T H E T I C

                                                                        2. 7

                                                                          And always use brackets around statement blocks. I have no idea why so many people think that they are being clever by eliminating basic syntax.

                                                                          1. 2

                                                                            “It’s fewer characters therefore it’s simple and lightweight” - the same reason I see justifying React hooks. You still have an object, you still have a stand-in for “this”, but now it’s secret and hidden from the application programmer in ambient library magic, and therefore your code is somehow “functional” despite being full of mutable state.

                                                                            1. 1

                                                                              because it feels alright to omit them when you’re writing the statements for the first time because the context is fresh in your memory

                                                                          1. 19

                                                                            Good! I’ve also recently switched from Gmail to a different provider with my own domain (which allows you to switch providers easily in the future!). Never did it before because I was afraid of it being a lot of work, but it was much easier than I thought, and I have a LOT of accounts. Managing them in some password store helps keep track of things. I won’t delete my Gmail mailbox though, in case I missed some. I recommend others to switch too.

                                                                            1. 3

                                                                              Could you please tell us which provider you switched to?

                                                                              I have used GMail/GApps and Office365 as mail providers for my domain, and I have my issues with both, wishing to switch as well. I have checked multiple providers but have not found any perfect fit yet.

                                                                              1. 3

                                                                                Of course. I switched to Soverin as recommended by a friend. They are based in the Netherlands, hosting in Germany. They provide a proper non-rate-limited mailbox with plenty of storage, aliases, forwards, a calendar and some other features. As far as I can tell as an outsider, they have arranged things quite well with security, transparency, hardening, backups and whatnot. Not to forget, they even have helpful support. I must say, I’m very happy so far.

                                                                                I primarily use Thunderbird and Aqua Mail (Android) through IMAP/SMTP. Soverin also provides a fully featured Roundcube web interface, but it is a little slow in my experience for quick email reading. So, I’ve set up my own Rainloop instance as a much simpler and quicker alternative which connects to the mailbox as well for accessing it on devices I don’t have a mail client configured on.

                                                                                It may not be as fully featured and quick as Gmail for example. But I still receive email within seconds through Soverin, awesome. This new setup is also much less bloated, which I like as my frustration with the Gmail/Inbox interface grew throughout the years.

                                                                                It might seem I’m selling Soverin here. I’m not affiliated with them though, just a happy customer. I do definitely recommend if you live around Europe (the Netherlands/Germany)!

                                                                                What are you looking for in a provider, and/or what do you definitely dislike?

                                                                                1. 2

                                                                                  I’m looking for the usual stuff:

                                                                                  • IMAP+SMTP/JMAP, IMAP IDLE
                                                                                  • CalDAV
                                                                                  • CardDAV
                                                                                  • decent web interface, 2FA
                                                                                  • custom domains, with <5 users.
                                                                                  • reasonable pricing
                                                                                  • reasonable attachment size limit (20+MB)
                                                                                  • sufficient storage (1+GB)
                                                                                  • DKIM and stuff
                                                                                  • spam filtering
                                                                                  • flexible filtering (sieve?)
                                                                                  • WebDav
                                                                                  • no backdoors for NSA/BND/FSB

                                                                                  Red flags are

                                                                                  • access only via custom apps (eg. protonmail, tutanota)
                                                                                  • home grown crypto (tutanota)

                                                                                  My problems with GMail are:

                                                                                  • Google
                                                                                  • UI is not particularly good, but gets worse with every “innovation”

                                                                                  My problems with O365:

                                                                                  • Microsoft
                                                                                  • UI is not particularly good, but gets worse with every “innovation”
                                                                                  • Other “valued added” parts of the bundle are not working as intended (eg. OneDrive client on windows is terribly broken, Forms is buggy, the GApps counterpart is much better)
                                                                                  1. 1

                                                                                    https://soverin.net/warrant-canary

                                                                                    3 month old warrant canary - not inspiring confidence :P

                                                                                    1. 1

                                                                                      Weird, it’s just a few days old for me.

                                                                                      1. 2

                                                                                        Try shift-reloading a few times, looks like a load balancer caching issue :P

                                                                              1. 3

                                                                                One way to accidentally write bad code is to jump straight into the implementation, without considering the design, and then lock it in with tests.

                                                                                I’m afraid this is quite often the case because of presure from the business side of things. Everything must be implemented as quickly as possible!

                                                                                I don’t want to say design isn’t looked at in these situations. But I do believe implementation is started on too quickly. It can be troublesome if requirements as defined by business aren’t concrete yet and are changing all the time.