1. 8

    Behind paywall. Can’t read it.

    1. 3

      I just let my Medium membership lapse since I realized I wasn’t nearly getting $60/year worth out of it. This is the first paywall I hit.

      1. 3

        I don’t notice a paywall. How does it work?

        1. 2

          I think you get something like 5 free reads a month and then you get a “We notice you like reading, upgrade?” paywall.

          1. 2

            Wow. Does any of that money go to the authors of the blog articles?

            1. 4

              I doubt it.

        1. 6

          This is amazing, thanks for sharing! I like that everything is linked/clickable.

          I also came across this container cheat sheet a while back: open in Google Drive

          1. 3

            Ah, that’s handy as well!

          1. 10

            My conclusion, based on reviewing evidence from numerous large software projects using C and C++, is that we need to be migrating our industry to memory safe by default languages (such as Rust and Swift).

            I totally support this. C(++) is awesome for being so bare bones when working with low level stuff. But I feel software projects not needing such functionality could greatly benefit from safe languages.

            1. 15

              Could you elaborate on what you consider low-level stuff, where Rust, Ada, or other safe languages are not an option? You can compile Rust to STM32 microcontrollers with 20KB RAM and 64KB flash (with no_std), Rust has SIMD intrinsics for various platforms, etc.

              To me, the major reason to go for C or C++ are ecosystems in which they are traditionally strong. gcc targets a lot of platform. Many embedded toolchains are only available for C or C++. The best traditional GUI libraries are in C or C++ (e.g. Qt). And (obviously) a gazillion lines of existing code are in C or C++, from open source unix kernels to deeply proprietary systems that will be used and maintained for decades to come.

              Even though it may not be the (only) goal of the C++ standards committee, I see Modern C++ as a band-aid for maintaining C++-based systems that will be around for a long time, than a serious contender for modern, safe languages.

              1. 1

                Of course, ‘low level’ is very vague. I meant projects in which you want to use raw pointers and want to calculate with them, want to use CPU registers, want to have control over the produced asm, projects for very constrained platforms or obscure architectures, and so on. I do not necessarily mean other languages aren’t an option. I’m sure languages like Rust could replace a lot of C(++) code bases, even for these ‘low level’ things. In fact, I’d totally go for replacing such projects with a Rust variant if possible. But at the same time I can understand why some might choose to go with C(++).

                1. 9

                  As far as I can tell as soon as your code is complex enough to make you want to move from C to C++ then you should probably reach for something safer. It’s hard to keep both the complexities of the invariants you need to manually ensure in your head while solving complex software problems.

                  1. 4

                    ATS is an option here. It allows type safe use of low level pointers, including addiction, dereferencing, etc.

                2. 2

                  C and C++ are completely different languages at completely different ends of a lot of spectrums. C is certainly bare bones, but C++ is not. What do you mean by ‘C(++)’?

                1. 1

                  Agree. However, I’d argue you shouldn’t really wait on tests.

                  Sure, when tweaking something run relevant tests locally. That’s usually just a small subset though. Then push to origin and let Continuous Integration take care of the rest to test in the background. Don’t wait on it, just take action if it suddenly fails due to your changes. When merging, enable auto merge once testing pipelines succeed. Don’t wait on it, don’t waste time, continue with a new feature.

                  This is probably easier said than done, but I do believe there are quite a few projects and developers that could benefit from such a workflow. And I don’t want to use this as an argument to not-optimize your tests. But, when you do have to wait, be sure to use your time as efficiently as possible.

                  1. 2

                    Sure, mostly I don’t wait, but that brings on the second cost I talk about: context switching.

                  1. 1

                    Yes, I’m experiencing the same, and it’s tiring. I also tend to forget quite a few day-to-day things outside of development, when focusing on a project for a while.

                    1. 1

                      If you have an Android phone I highly recommend Habits for day-to-day things / developing good habits. You get tight control over the intervals for each habit (do dishes every 2nd day, make dinner 6 out of 7 days, etc) and visibility on how you’re doing over time.

                    1. 56

                      Fortunately, it’s also the best of currently available major browsers, so it’s not exactly a hardship.

                      1. 22

                        Not on macOS. Sure, it has a whole lot of great features, but it’s just slow. It feels slow, looks slow, and macOS keeps telling me that Firefox is using an excessive amount of power compared to other browsers.

                        I guess it’s too much to ask for, for Firefox to feel like a good, native macOS app, like Safari, but the fact of the matter is that that is why I don’t use it as my main browser.

                        1. 19

                          I use it on Mac OS X and it doesn’t feel slow to me at all. And it’s not using an excessive amount of power that I can tell. Perhaps it’s the version of Firefox being used?

                          1. 14

                            I’ve been sticking to Safari on MacOS because I’ve read that it really does make a difference to battery life (and I’m on a tiny Macbook so, you know, CPU cycles aren’t exactly plentiful). This thread just prompted me to check this for myself.

                            I opened a typical work mix of 10 tabs in both Safari 12.1 and Firefox 66.0.3 on MacOS 10.14.4: google calendar + drive, an open gdocs file, two jira tabs, this lobsters thread (well, it is lunchtime…) and the rest github. Time for some anec-data! :-)

                            After leaving both browsers to sit there for 10 mins while I made lunch (neither in the foreground, but both visible and showing a github page as the active tab), these are the numbers I eyeballed from Activity Monitor over about a 30 second period:

                            Firefox:

                            • Energy Impact: moving between 3.3 and 15.6, mostly about 4
                            • CPU: various processes using 0.3, 0.4, 0.5 up to one process using 1.4% CPU

                            Safari:

                            • Energy Impact: moving between 0.1 and 1.3, mostly around 0.5
                            • CPU: more processes than Firefox, but most using consistently 0.0 or 0.1% CPU

                            Firefox isn’t terrible but Safari seems really good at frequently getting itself down to a near-zero CPU usage state. I’ll be sticking with Safari, but if I was on a desktop mac instead I think I’d choose differently.

                            As an aside, Activity Monitor’s docs just say “a relative measure of the current energy consumption of the app (lower is better)”. Does anyone know what the “Energy Impact” column is actually measuring?

                            1. 5

                              I have had the same experience with Firefox/Chrome vs Safari.

                              I use Chrome for work because we’re a google shop and I tend to use Firefox any time my MacBook is docked.

                              But I’m traveling so much, I generally just use Safari these days.

                            2. 9

                              I use it on Mac OS X and it doesn’t feel slow to me at all.

                              If you can’t feel and see the difference in the experience between, say, Firefox and Safari, I don’t know what to tell you.

                              And it’s not using an excessive amount of power that I can tell. Perhaps it’s the version of Firefox being used?

                              Have you tried checking in the battery menubar-thing? There’s an “Using Significant Energy” list, and Firefox is always on it on my machine if it’s running. And that is both Firefox as well as Firefox Nightly, and it is so for all versions since a long time. My two installs are updated per today, and it’s the same experience.

                              1. 1

                                If you can’t feel and see the difference in the experience between, say, Firefox and Safari, I don’t know what to tell you.

                                There are plenty of people who can’t hear the difference between $300 and $2000 headphones. Yes, there are audiophile snobs who’re affronted by the mere idea of using anything but the most exquisitely constructed cans. But those people are a vanishingly small minority of headphone users. The rest of us are perfectly happy with bog standard headphones.

                                Apple likely had to descend through numerous circles of hell while hand-optimizing Safari for the single platform that it needs to run on. Will Firefox get there? Unlikely. Will most users even notice the difference? Most certainly not.

                                1. 6

                                  They will when their battery life is abysmal and they start hearing that it’s because of Firefox.

                                  I really want to see Firefox get more adoption, but there are a lot of techies with influence who will keep away because of this, myself included. It’s not a convenience thing - I just can’t get to mains power enough as it is in my job, so more drain is a major problem.

                                  1. 1

                                    They will when their battery life is abysmal and they start hearing that it’s because of Firefox.

                                    The problem is that the feedback cycle isn’t even long enough for them to hear about this. The cause and effect are almost immediate depending on your display resolution settings with bug 1404042.

                                    1. 3

                                      This is what happens when you fight the platform.

                                      1. 2

                                        This is what happens when the platform is hostile to outsiders.

                                        1. 8

                                          See, I don’t see it that way. I see it as Mozilla deciding on an architecture for their software that renders that software definitely suboptimal on the Mac. It’s just a bad fit. I’m not claiming that Mozilla should have done things differently – they are welcome to allocate their resources as they see fit, and the Mac is most definitely a minority platform. There are many applications that run on the Macintosh that are not produced by Apple that don’t have these problems.

                                          iOS is a different story, one where hostility to outsiders is a more reasonable reading of Apple’s stance.

                                  2. 2

                                    Now that I’m at work, I’m seeing what hjst is showing. This doesn’t bother me that much because I use the laptop at work more like a desktop (I keep it plugged in). But yes, I can see how Firefox might be a bit problematic to use on the Mac.

                                  3. 1

                                    I’ll have to check the laptop at work. At home I have a desktop Mac (okay, a Mac mini).

                                  4. 4

                                    There are known issues which are taking a long time to fix. Best example is if you change the display resolution on a retina Mac. You can almost see the battery icon drain away on my machine.

                                    1. 3

                                      I find it depends a lot on what FF is doing - usual browsing is fine, but certain apps like Google Docs or anything involving the webcam make it go crazy.

                                      1. 20

                                        Google sites, unsurprisingly if disappointingly, don’t work as well in Firefox as they do in Chrome. But that’s really on Google, not Mozilla.

                                        1. 15

                                          They used to actively break them - e.g. GMail would deliberately feed Firefox Android a barely-functional version of the site. https://bugzilla.mozilla.org/show_bug.cgi?id=668275 (The excuse was that Firefox didn’t implement some Google-specific CSS property, that had a version in the spec anyway.) They’ve stopped doing that - but Google’s actions go well beyond passively not-supporting Firefox.

                                    2. 5

                                      For me, it feels faster than Chrome on MacOS, but the reason I don’t use it is weird mouse scroll behavior (with Apple mouse). It differs too much from Chrome’s behavior. I don’t know how to debug it, how to compare, what is right behavior (I suspect Chrome’s scrolling is non-standard and it dampens acceleration, while Firefox use standard system scrolling). It just feels very frustrating, but in subtle way: I become nervous after reading lots of pages (not right after the first page). I tried various mouse-related about:config settings but none of them had any effect (and it’s hard to evaluate results because differences are very subtle).

                                      Maybe the answer is to use standard mouse with clicky scroll wheel, but I hate clicky scroll wheels. “Continuous” scrolling is one of the best input device improvements of recent times (however it would be better if it was real wheel/trackball instead of touch surface).

                                      1. 1

                                        Have you tried Nightly yet? I believe there are some great improvements made recently for this. It isn’t all fixed, but it has improved.

                                        1. 3

                                          I’m on Nightly right now, and it hasn’t improved for me at least.

                                        2. -1

                                          I think macOS disadvantages apps that compete with Apple products. That’s unfortunate though.

                                          1. 7

                                            Any evidence for this statement?

                                            1. 9

                                              Do you have any proof?

                                              Anecdotally I use a lot of third-party apps that are a lot better than Apples contemporaries.

                                              I just think the truth is that Firefox’ hasn’t spent enough time on optimizing to each platform, and on macOS where feel and look is a huge deal, they simply fall through.

                                              1. 1

                                                The reports that Firefox has issues on macOS and Apple’s behaviour with iOS, for starters.

                                                1. 7

                                                  Often the simplest solution is the correct one, meaning that it’s more likely that Firefox just hasn’t optimized for macOS properly. If you look at the bug reports on the bug tracker, this seems to be the case.

                                                  Also if your theory were to be correct, why is other non-apple browser like chromium not having these issues? Could it perhaps be that they have in fact optimized for macOS, or do you propose that apple is artifically advantaging them?

                                                  1. 13

                                                    pcwalton hints at twitter that gains that e.g. Safari and Webkit have is through the usage of private API in macOS. You could probably use those API as well from Firefox, at the cost of doing tons of research on your own, while Webkit can just use them. (further down the thread, he hints at actually trying to bind to them)

                                                    https://twitter.com/pcwalton/status/1068933432275681280

                                                    1. 3

                                                      That’s very interesting, and it’s probably a factor. However these are problems that Firefox have, not all third-party browsers. No Chromium based browser have these issues, at least in my experience. Maybe it’s through privat API that you can optimise a browser the most on macOS, but it doesn’t change the fact that Firefox is under-optimised on macOS, which is why it performs as it does.

                                                      1. 8

                                                        Point being: Chromium inherits optimisations from apples work which Mozilla has to work hard to develop in a fashion working with their architecture. Yes, there’s something to be said about organisational priorities, but also about not being able to throw everyone at that problem.

                                                        I’m really looking forward to webrender fixing a lot of those problems.

                                                        1. 1

                                                          And it’s a sad fact, because I’d love to use Firefox instead of Safari.

                                                          1. 7

                                                            Sure, from a users perspective, all of that doesn’t matter.

                                                            Just wanted to say that this is hard and an uphill battle, not that people don’t care.

                                                            The Firefox team is well aware of those two contexts.

                                                    2. 0

                                                      It’s certainly possible. But at the very least Apple has little incentive to have Firefox work well on macOS. Chrom{e|ium} is so widely used, that Apple would hurt themselves if it didn’t work well on macOS.

                                                      I’d be a bit surprised if Mozilla is really falling down on optimising Firefox on macOS. It’s not as if Mozilla is a one man operation with little money. But perhaps they decided to invest resources elsewhere.

                                                2. 1

                                                  That’s true in cases where apps want you to pay for features (like YouTube not offering Picture-in-Picture since it’s a paid feature and Apple wants money for it to happen) but not true in the case of Firefox. Unfortunately, Firefox’s JavaScript engine is just slower and sucks up more CPU when compared to others.

                                              2. 7

                                                Yeah, I’ve switched between Firefox and Chrome every year or two since Chrome came out. I’ve been back on Firefox for about 2 years now and I don’t see myself going back to Chrome anytime soon. It’s just better.

                                                1. 3

                                                  Vertical tabs or bust.

                                                1. 5

                                                  I agree, and would even extend it for other kinds of content: how about parody or humor?

                                                  1. 3

                                                    Yes, to make it useful more than once a year.

                                                  1. 1

                                                    What about coreutils?
                                                    https://github.com/coreutils/coreutils/tree/master/src

                                                    I mean, the codebase isn’t small, but it consists of quite a few standalone applications that are super small. And they are highly impactfull for sure!

                                                    1. 2

                                                      I found coreutils surprisingly easy to hack on, when I wanted to work around Emacs hanging at 100% CPU when given very long lines (which are quite common when running terminals inside Emacs). I wanted to pipe everything through the fold command to insert newlines every 1000 characters, but that didn’t work since it buffers the content (i.e. the current line, containing the shell prompt and the command we’re writing, wouldn’t appear until it reached 1000 characters). I ended up forking it, ripping out a bunch of optional stuff (including memory allocations) and hard-coding it to my use-case, and it works really well.

                                                      I know it’s only a small, standalone utility (as you say), but I was surprised how trivial I found it; considering that I generally try to avoid touching C, and have heard horror stories about GNU’s coding conventions, build system, etc.

                                                    1. 5

                                                      I think Wikipedia should do this on all European pages, such as the Dutch one.

                                                      1. 2

                                                        Czech and Slovak wikis have joined as well.

                                                      1. 3

                                                        Would you also categorize command-line tooling under this tag, or just the actual shells?

                                                        1. 2

                                                          I was also thinking of tooling - hence the zsh-utils example. Similar to a programming language tag - updates for the language and anything written in that language could fall under the tag. This would also avoid separate tags for bash, zsh, posix shell etc, because of how similar they are overall.

                                                          1. 2

                                                            It might be worth is just to have a tooling tag.

                                                            I could make a much better case for that, though the concern is that it’d become a dumping ground for product advertising.

                                                            1. 3

                                                              I think the name tooling might be too broad for what I was imagining. Since you could easily make the case that something like docker should be included under tooling because it’s dev tooling.

                                                              It’s also a bit farther from my interest in shell scripting, which is a big part of the reason for my tag proposal.

                                                        1. 10

                                                          Cool, this is how image should be made!

                                                          At work we even go a little further. We strip unnecessary symbols from binaries binaries and use extreme compression on files using upx. I believe we’re hitting the 3MB mark. We define a non-root user and disable as much capabilities as possible to make things even more constrained and secure.

                                                          1. 15

                                                            The symbols are unnecessary right up to the point that your program crashes and you’d like to know why.

                                                            1. 7

                                                              You can still keep the ELF symbols as separate files outside of the image, right? Similar to how dbg packages work with package managers.

                                                              1. 3

                                                                True. However, for our use cases this tradeoff is fine. We consider nginx to be stable enough, and haven’t had any crashes yet. The container will automatically restart if it does, and if we do need to debug a repeating crash we switch to a version with symbols.

                                                                1. 12

                                                                  Which may or may not have the same problem…

                                                                  1. 5

                                                                    But isn’t it more fun to just watch people discover this on their own?

                                                              2. 3

                                                                Thanks for the kind words!

                                                                That’s maybe too far of a stretch, but it’s not a bad idea.

                                                                Feel free to check out my lighttpd and dnsmasq images, too.

                                                                I’m in the works of doing a haproxy image and writing a blog post about my process for building tiny (IMO, correct) images like this one.

                                                                1. 1

                                                                  If you want small and secure, check out Lwan. It might fit one of your use-cases. It’s supposed to be useful from embedded to servers.

                                                                  1. 1

                                                                    I’ve heard wonders about Lwan, but I haven’t had the time to try it out.

                                                                2. 2

                                                                  I tried to build OP’s container and it gave errors copying rootfs (I think it has a build/CI process that isn’t in the repo).

                                                                  So I hacked it up to always use musl, strip the binary, and upx it. I verified that it builds with -fPIC to produce Position-Independent Code. The final container size is 3.2MB and it builds easily.

                                                                  https://github.com/sean-public/nginx-tiny

                                                                  1. 1

                                                                    OP here, you shouldn’t have any issues building the image.

                                                                    I think I know the issue are you running into. Try with the following:

                                                                    1. clone repo, cd into it
                                                                    2. run docker build -t nginx:glibc -f glibc/Dockerfile .

                                                                    Replace with musl for musl-based image

                                                                1. 5

                                                                  I trust Mozilla so I will take them at their word that the file is being encrypted end-to-end. (And I know I could go read the code.) But can there be a way for a lay user to see that a file is actually encrypted? A user can compare a visual hash of the entire contents of the file. But how can they know it’s strong encryption? Perhaps we need to move the E2E support to the browser or the OS.

                                                                  1. 19

                                                                    I can confirm that they do (as I’ve been reversing it to build ffsend). The file content, along with additional metadata is encrypted on the client. The hash part of a share URL contains the secret required to decrypt a file, and is thus never sent to the remote server. They’re currently using 128-bit AES-GCM along with some derived keys using HKDF SHA-256, as described here, so decide for yourself.

                                                                    1. 5

                                                                      Cool, thanks for the info! I never doubted that, but I’m just thinking out loud about ways we can make this obvious to non-technical users (something like the green lock in the URL bar.)

                                                                      1. 4

                                                                        It’s actually really funny how close this is to a project I wrote on a weekend a few years back at my first security company. The main difference was mine was focused on text oriented blobs instead of files, so I didn’t do metadata: https://blacknote.aerstone.com/

                                                                        I also used NaCL instead of relying on AES-GCM. My testing also made me hyper skeptical about JavaScript random number generation, to this day I’m not certain how to solve that problems and still highly suggest that people steer clear of JavaScript for high entropy needs.

                                                                        1. 4

                                                                          Any idea why it’s 128-bit? I thought FF had 256-bit.

                                                                          1. 3

                                                                            I think this (and the following comments) answer it: mozilla/send/issues/86

                                                                            1. 4

                                                                              That a weak argument. Looking at big picture, though, the kind of folks that will be able to break the crypto can already afford 0-days from brokers to hack those Firefox users. So, probably not that important.

                                                                              1. 3

                                                                                It’s a horrible argument. There is very little difference to the developers to choose the stronger ciphers, especially since it is using the client for encryption. When I did this I just used NaCL and stuck to actually ya know…. listening to cryptographers. I really don’t understand why you wouldn’t select the more forwardly secure option.

                                                                                1. 2

                                                                                  The only times it makes sense to go weaker by default are legacy (no choice) and resource-constrained microcontrollers (also no choice). This shit is running on desktops that routinely do 256-bit crypto. No excuse.

                                                                                  They so need to remember other developers might imitate whst popular projects do. Gitta set a good example with good defaults.

                                                                      1. 3

                                                                        I feel like I’ve been using this for at least a year, is it really actually new? Or did it just go from open beta to stable release?

                                                                        1. 2

                                                                          The user experience is the same. The internals have changed.

                                                                        1. 2

                                                                          How does this work if Skype snoops on the URL as you share it?

                                                                          1. 3

                                                                            Anyone having the full URL will be able to download the file as long as it’s available. Thus, if a Skype employee, or someone else manages to obtain the URL they’ll be able to download. You can set an additional password though, which you share through a different channel making the URL useless without it.

                                                                            1. 4

                                                                              I think Vaelatern might be referring to the habit that Skype et al. have of issuing a HEAD/GET for every URL in every message, for their “link preview” features. This probably doesn’t affect Mozilla Send though, as the shared URL is for an HTML document which contains the real download link, right?

                                                                              1. 4

                                                                                My bad! Nope, that doesn’t affect it at all. You have to explicitly click a download button on the share page. Only when the file is fully downloaded the download counter decreases.

                                                                          1. 8

                                                                            I just tried uploading a 350MB file as a test, and it looks like it doesn’t generate your unique URL for copy/pasting until it’s done. I remember ge.tt years ago would change the location bar almost immediately to the unique URL, and if someone else loaded the page while you were still uploading they still got a “please wait” page (or did it allow partial/streaming downloads? I forget). I’m always surprised when I don’t see similar functionality on file sharing sites these days. Is there some technical reason Mozilla avoided it here?

                                                                            1. 8

                                                                              I don’t know the real technical reason.

                                                                              What I do know, is that the service currently only responds with the actual share URL after you’ve fully uploaded your file (it isn’t the interface holding it back). The actual share entry is probably only created when it has confirmed your upload didn’t fail. The fact that Amazon object storage is used probably also plays a role. The share URL contains a share ID and secret. The secret is generated by the client, and known before hand.

                                                                              So, the method of encryption isn’t the problem here. I think the method of storage, and wanting reliable uploads resulted in this decision.

                                                                            1. 26

                                                                              I’ve been building a fully featured CLI tool for Firefox Send, supporting this new release.

                                                                              For anyone that is interested: https://github.com/timvisee/ffsend

                                                                              1. 7

                                                                                I just can’t seem to understand why they’re effectively blocking Firefox though.

                                                                                Changing your User Agent to that of a Chrome browser proves Skype is working. Things like WebRTC are supported. I’ve yet to find something that is broken.

                                                                                They should call it Skype for Web Chrome instead.

                                                                                1. 12

                                                                                  I just can’t seem to understand why they’re effectively blocking Firefox though.

                                                                                  It takes effort to test, and costs money to field support calls. Monocultures are just easier for members of the monoculture.

                                                                                  1. 8

                                                                                    I wonder though if there shouldn’t be a more active role for legislators here. I know that there is no monopoly here (multiple browsers that use Blink, easy to fork). But this is all awfully similar to the AARD code. People will blame Firefox (“it does not support the necessary features for Skype”), whereas it is largely an artificial limitation to cut out competition.

                                                                                    The support cost could be reduced by just stating ‘we don’t support Firefox, all Firefox support requests will be sent to /dev/null, if it does not work as it should use XYZ’. It’s not like these product have proper support anyway outside enterprise versions.

                                                                                1. 1

                                                                                  What about marking the shell script for Full Access, and making it only editable by root. Wouldn’t that improve things security wise? Or do you need root anyway to configure a cron job?

                                                                                  1. 1

                                                                                    The script itself is not an binary, some interpreter (bash, python, lua, etc.) must run it, so whenever you are running a script, the binary name of the process is the interpreter, not the script, so I guess it wouldn’t work.

                                                                                  1. 3

                                                                                    Sadly my primary language is Java, so this is impossible in that case.

                                                                                    1. 9

                                                                                      At least you try to keep symbol names within the 80 character limit, right? :)

                                                                                      1. 1

                                                                                        Changing the default indentation from 4 to 2 helps a lot.

                                                                                      1. 3

                                                                                        Yes, I like that too, also for properly being able to split without scrolling.

                                                                                        I must say I actually prefer 120 characters, especially in Rust, as it tends to have long(er) signatures. Less weird line breaks, code tends to look nicer this way. It fits perfectly on my 1080p monitor in Vim with no sidebars. But I usually default to 80 characters to match others.

                                                                                        1. 5

                                                                                          Hah. :P Every Rust crate I’ve ever published is fairly strictly wrapped to 79 columns inclusive. I do this mostly because of the reasons mentions in the OP, but I’ve also found it to be fairly useful pressure towards refactoring code. Reducing right-ward drift and introducing more intermediate names usually—but not always—leads to code that I personally find easier to read. Reducing right-ward drift usually means introducing new functions or writing code with early returns/breaks.

                                                                                          At work, for Go, we compromised at 99 columns (inclusive) for code and 79 columns (inclusive) for comments. We aren’t as strict as I am in my Rust projects, but it’s good enough.

                                                                                          I would absolutely love for these problems to be solved by tooling, but so far, none that I’m aware of do. The auto-wrapping in text editors sucks. gofmt gracefully ignores line lengths. rustfmt takes the opposite approach (by enforcing line length and potentially inserting or removing line breaks), but this leads to issues too.