1. 5

    Now I understand what Microsoft meant with “We <3 Open Source” in their last release article.

    1. 4

      Nice writeup. I’ve always heard that Git doesn’t handle files (with names), but handles obiects. How does that relate to this? Are file names just tags to an ‘object’, for which you change the tag on rename? And does committing make git resolve these names to these objects first?

      1. 11

        (Simplified) Git has multiple kinds of objects, one is a blob of content, addressed by its hash, another is a tree which is a list of file names associated with a blob’s hash, and yet another is a commit which is a commit message, a tree addressed by its hash, and zero or more parents addressed by their hash.

        These are all immutable, so you don’t change a tag, you create a new commit with a new tree and whose parent is the “previous” commit, and you make that your active commit (HEAD) which is again just addressing the commit object by its hash.

        Renames are a function of presentation of the data, if you ask it to look at two trees (do a diff) and one has a file a and the other has a file b and they both point at the same blob (their contents have the same hash), git is going to infer that they were renamed (whether that’s what happened or not).

        1. 3

          Oh hey does that mean that git deduplicates its storage of identical files for free? (Obvs not in the working tree, but in the .git directory.) Since they’ll have the same hash, it can just have the same blob referred to from multiple points in a single tree?

          1. 2

            Yep.

        2. 3

          This utility is quite nice to explore the underlying data structure:

          $ git ls-tree HEAD
          <snip>
          100644 blob 5caf2e89168505c24ad1e3146fd029929f27487a	main.go
          040000 tree d0357c0f78bab0bd5dbb19f7d805bcb987ce74a6	man
          040000 tree 1ce4d49aa464dfdfe0314b0937e2a203dacdc96e	nix
          100644 blob 0959aae462cbec0d6e1cd1d7691f1262350989ee	rc.go
          <snip>
          $ git ls-tree HEAD man/
          100644 blob b5b49633b7fe4cb364b476ad7255575e4e515765	man/direnv-stdlib.1
          100644 blob 57ff9cb23b73219eeac2317c2d4f52ed0cdbaf59	man/direnv-stdlib.1.md
          100644 blob b4a2fa2e806593c80dfbf5b0ad325303635ca74a	man/direnv.1
          100644 blob e180e462681bf41c458c47e85470cd2e882c3899	man/direnv.1.md
          100644 blob 763d8b9e0383ca9f2ae6d1433aaafbad1753f406	man/direnv.toml.1
          100644 blob 1487278964fd7d98c1200c01cbd020ab0953647e	man/direnv.toml.1.md
          

          see also git cat-file

          1. 1

            Git stores a directory as a list of (<name>, <hash>) pairs. The hash of that list is stored in the parent directory (along with the directory name).

            When you edit app/foo.sh and commit, foo.sh gets a new hash. The listing for app includes this new hash. The root directory entry for app also gets a new hash by the same process.

          1. 16

            This allows DirectX usage on Linux. The catch is that it only works on a Windows host. This is for WSL specifically, running in Hyper-V on a Windows host. It basically forwards DirectX calls to the Windows kernel through paravirtualization.

            1. 2

              I’m pretty sure wsl2 doesn’t run on hyper-v anymore.

              Edit: correction, looks like it sortof is. SO nvm

              1. 2

                The article says:

                The projected abstraction of the GPU follows closely the WDDM GPU abstraction model, allowing API and drivers built against that abstraction to be easily ported for use in a Linux environment.

                I think that means that it would be easier for GPU manufacturers to port their existing Windows drivers to support this new userspace API in Linux, than to port their existing Windows drivers to support existing Linux userspace APIs like the Direct Rendering Infrastructure. Linux already has a slight splintering of GPU APIs, with most drivers built on DRI, Intel drivers built on DRI with a different memory allocation scheme (DRI-GEM?), and NVidia doing completely their own thing.

                If Microsoft contributes a Mesa backend built on this WDDM API, and GPU manufacturers all publish drivers for it (unlike the bickering around Linux APIs, they all support Windows APIs happily enough), that would go a long way towards making graphics on Linux Just Work.

                On the other hand, it would mean ceding control of a huge part of the Linux user experience to closed-source, proprietary companies that traditionally have not had users’ long-term interests at heart.

              1. 25

                I think the success rate of this system is also highly affected by the kind of public you have. Here is my experience:

                I built a bar management application, people purchase products themselves on their phone with their own account. It’s a socially controlled system.

                • People (re)authenticate just once a year
                • I estimated 80% forget their password, having to use the password reset link, the magic link flow is much nicer
                • A password is optional, a password manager/instant login can be used
                • Simple registration, only a name/email required, no password
                • You want things to be as simple as possible at a bar

                I did ask for some feedback on this, and many liked this system better for this use case. Others opted for using a password, and were fine with that as well. It doesn’t work everywhere, but I think developers should definitely consider a magic link implementation for some applications, to use the best of both worlds.

                1. 6

                  I agree it heavily depends on the type of userbase you have. For example, I prefer the traditional email address/password setup since I always use my password manager, which auto-fills the fields for me. Magic link-based authentication feels a bit more tedious to me as a user since it would mean I would always have to do the one extra step of going into my email for the link. Also, the (re)authentication once a year is an excellent idea. If it’s a phone app, one way to help prevent people from forgetting their password would be similar to what Authy does, where it gives you the option to enter your password if you want to be sure that you remember it or you can just hit ignore.

                1. 3

                  I am satisfied with Nextcloud, but this looks neat. It looks synchronous, though, and I wonder if that’d be a UX impediment to adoption.

                  1. 18

                    Yup. It is synchronous because it tries to establish a direct connection between the two peers. If, for example, they were on the same local network, the data would not travel out to some server only to be sent back again.

                    For asynchronous file transfer I love https://send.firefox.com. I also use https://upspin.io/ and a web gateway to it, but that requires some setup. I hope that changes one day.

                    Disclaimer: I’m author of https://webwormhole.io.

                    1. 4

                      I’d like to plug ffsend here as fully featured CLI tool for Firefox Send. It has been super useful ever since I built it.

                      1. 1

                        Pretty disappointed that upspin died out.

                        1. 1

                          This is just ludicrously good. Thank you so so much.

                          It’s also a great demo of RTCPeerConnection which is really helpful!

                          The only one thing I can think of as feedback: the dictionary used for the keys has some difficult to spell words in it, so if the use case of “read it down the phone” is high on your priorities, it might be better to use a larger number of short words. Or maybe even present the same binary key two ways: would you rather read a phrase or a long number? Depending on language and medium, one might be easier than the other.

                          1. 1

                            Thanks for the feedback. I completely agree the dictionary has to change. We use the PGP word list but some of the word combinations are quite unsavoury. I think it would also be cool to have word lists for different languages.

                            I’d also like to implement word completion at some point which I think might help with spelling.

                            1. 3

                              I have a similar need for a readable string encoding … I started off writing a response in this box but instead it is now a “shorter words list” blog post

                              1. 1

                                I really liked this blog, thanks for doing it :)

                        2. 4

                          This is a very different use case than next cloud.

                          1. 3

                            Is it really so materially different? My use case: I want to send a file to someone [which is too big for email] in as non-technical a way as possible.

                            1. 2

                              The point of magic wormhole is easily useable e2e encryption. Nextcloud does not have e2e encryption.

                              1. 1

                                Ignoring the underlying technical details and coming at it from the viewpoint of a user who doesn’t care about security (it’s not part of their use-case spec):

                                Wormhole means if I’m on the phone with you, I can transfer a file to you without setting anything up. We both just open the website, I tell you my code, you type it in, I drag in my file (or you drag in yours), done. Neither of us needs to have/sign up for an account or anything.

                                (I only glanced at nextcloud but my understanding is you need to set it up. Apologies if that’s not right.)

                                1. 1

                                  I concur that wormhole (web or CLI) serves a slightly different use case. That said, in fairness, Nextcloud allows you to provide single-URL (one-click) access to a file, and recipients don’t need a user account on the NC server. However, it’s true that you do need to install or set up NC on your server (or use a provider).

                          1. 2

                            I use it to resize and scroll through tmux panes, because doing this by keyboard feels horrendous.

                            And once in a while I feel lazy, and click/scroll around in Vim through NERDtree to explore some code.

                            1. 1

                              http://timvisee.com/blog - don’t write much (yet)

                              1. 2

                                Just Ubuntu, it runs everything.

                                Gentoo on a laptop just for fun, and Debian on servers.

                                1. 1

                                  Or any other specific IDE for that matter.

                                  1. 26

                                    I find the ‘I need to edit in a web browser’ argument pretty weak.

                                    I run a static website. It’s repository is currently hosted on GitLab GitLab has a web interface to edit files. Changes are automatically tested and pushed to the public through CI. And best of all, as I use markdown I usually prefer to edit in Vim, but I can use a million other tools if I’d like.

                                    I’m not too sure about this workflow on an iPad, but I’m sure it isn’t as bad as the article author states for a static website.

                                    1. 15

                                      GitHub also allows you to edit, preview, and commit directly from their web UI. So no, I don’t buy the argument either.

                                      1. 5

                                        If he really wanted the pragmatic approach on iPad, he could’ve used Working Copy app, which allows you to edit your code and push it up to your Git repo. Then at this point he could have the setup that is described above, where it’s all automated.

                                        1. 3

                                          Another aspect that’s important with a setup like this is having a deploy pipeline keyed off changes to the master branch.

                                          Between github/gitlab webui PR authorship, and circleci deploying the changes, we don’t need a webui either for our static blogs.

                                          1. 2

                                            does GitHub have CI pipelines? because you would need to create a CI pipeline to deploy changes from your repo to production in order for the web UI to be usable for this use case.

                                            1. 3

                                              I don’t use their CI, but apparently yes they do have this.

                                              For a team blog I’m working on at the moment, I’m using GitHub’s GitHub Pages mechanisms to automatically deploy whatever is on the gh-pages branch of the blog’s repository. It’s free, it’s easy, and it works.

                                              1. 1

                                                Yeah, it’s not as robust as GitLab’s but is fairly easy to set up. I was able to go from never using actions to having a commit trigger build and FTP everything over in about two hours [0] and most of that was figuring out sftp command line quirks between Mac, Ubuntu and my host.

                                                [0] http://prepend.com/setup/2019/12/figuring-out-actions.html

                                              2. 1

                                                I was able to teach a retired journalist to use this workflow (and Markdown) without much trouble. The website was simple, he had a lot of time on his hands, and he was eager to learn.

                                              3. 10

                                                Agreed, compared to that workflow my argument in regards to using a web browser is weakened. I’ll edit the post to reflect that. Thanks for the feedback.

                                                1. 8

                                                  I think there is still an important point in that argument. The only alternatives that have been presented have been ad-hoc solutions like a headless CMS – yet another separate component that you need to setup – or GitHub/GitLab’s in-browser editing – yet another external service that you need to rely on. With an actual CMS like WordPress, you have a single consistent interface that you can totally own and control yourself.

                                                  1. 1

                                                    That’s true, thanks.

                                                2. 5

                                                  I don’t think this is an easy option for everyone. You still have to know a thing or two about git, github/gitlab, and continuous integration. It might be easy for you, but it’s not easy for everyone. You wouldn’t need to learn an insane amount of stuff, but I imagine it’s still more work than using WordPress.

                                                  1. 3

                                                    Super sad. Need to be looking for a capable alternative now.

                                                    1. 17

                                                      I can happily recommend the Ergodox EZ (https://ergodox-ez.com/). It really holds up to expectations. I’m using it at my day job and also at home.

                                                      1. 4

                                                        The Ergodox legitimately changed the way I see peripherals and even at a deeper level computer interaction. The combination of ortho-linear and split, thumb clusters, and layers made me feel like I’d never been using a keyboard properly my whole life. I’ve been chasing that same thing for mouse input ever since. Obviously I highly suggest haha.

                                                        1. 1

                                                          I’m very interested in whether anyone has found a mouse that is similarly game-changing. I think part of what makes Ergodox EZ so impressive is its open source nature, including the firmware, configuration tools, and hardware. I haven’t found any meaningfully open source mouse in production. I just might make a separate post on Lobste.rs asking for mouse recommendations!

                                                          1. 2

                                                            I can’t speak for open source but the Logitech MX Ergo has been wonderful.

                                                            1. 2

                                                              Not a game changer in the way you’re talking about (open source) - but from a personal ergonomic perspective I got similar benefits to the split ortholinear keyboard from a vertical mouse and prefer to pair the two if possible. I’m not aware of a similarly successful open source vertical mouse design. I use a Kinesis VM4.

                                                              1. 1

                                                                I also recommend it. Also have it paired with the ergodox. Very happy with this setup.

                                                          2. 3

                                                            I got one a few weeks ago and I’m loving it. It has user swappable key switches which make it super customisable. You can get the exact feeling you want on each individual key if you want to.

                                                            1. 3

                                                              I have an Ergodox EZ and I also have a Kinesis Advantage2. I really prefer the Advantage, but both are great keyboards.

                                                              1. 3

                                                                I went with Redox (https://github.com/mattdibi/redox-keyboard) - a modified version of Ergodox which is slightly smaller. If one is living in EU and don’t have time/supplies/heart for hardware hacking you may order one from falba.tech (I’m not affiliated, just a happy customer).

                                                                1. 3

                                                                  I bought an Ergodox EZ this past summer and it’s one of the best decisions I’ve made. It was expensive but certainly worth it- the quality is great. I plan to eventually build a second one when I get the time.

                                                                  1. 1

                                                                    One of the best choices I made! I’m using the Ergodox Infinity, but that’s kinda similar. Makes typing super comfy. I’m using my mouse in the middle (when using the mouse…).

                                                                  1. 2

                                                                    Using Zola (GH) with a custom theme (GH). Really liking it!

                                                                    1. 1

                                                                      I thought about using Zola I might give it a try

                                                                    1. 1

                                                                      How does this prevent replay attacks, without ‘state’?

                                                                      1. 2

                                                                        Looks like there is a timestamp embedded in the hash so the hmac is only valid for a given, configurable duration.

                                                                        1. 1

                                                                          I see. So that would still allow a replay attack, but within a given time frame. And I guess this time frame should be quite long to prevent unwanted errors for users.

                                                                          1. 1

                                                                            Agreed that replay attacks would be allowed.

                                                                            But the duration could be quite short, as the server could regenerate the hmac every request. Not sure how that would work with web sockets, but for the normal request/response case it’d be fine.

                                                                      1. 31

                                                                        I don’t like all this centralization.

                                                                        1. 28

                                                                          All the packages were already centralized, though, and TBH I think Microsoft / Github are likely to be better stewards of the npm system, given all their resources.

                                                                          1. 10

                                                                            This. One can make the argument that there should be a fundamental shift in how we do package management, but that feels like a very different conversation. This is a critical piece of centralized architecture changing hands to an organization that is objectively better equipped to manage it, and that feels like a net win for the ecosystem.

                                                                            That doesn’t mean we can’t still have that conversation about shifting away from that centralized architecture, but I think we can still take this win.

                                                                            1. 6

                                                                              This is a critical piece of centralized architecture changing hands to an organization..

                                                                              ..that has a history of pulling crazy stunts just to make money. Uncomfortable indeed.

                                                                              1. 12

                                                                                Honestly, I was always kind of concerned that NPM, Inc. would do something insane / evil to make money. MS / GitHub don’t actually need to make money on this, that’s the benefit as I see it.

                                                                                1. 5

                                                                                  What stunts are you referring to? None really come to mind in the last decade, and the Github acquisition, while admittedly still in or close to the honeymoon phase, has overall seemed to go well. On the open source side of things, Microsoft’s management of TypeScript has been fine, and I haven’t heard too many complaints about how they’ve been doing in terms of maintaining VSCode.

                                                                                  1. 1

                                                                                    I agree that recently, I assume after Nadella started as CEO, MS has been doing a lot of great work to clean their track record.

                                                                                    So perhaps (hopefully!) things have structurally changed since the times they introduced their own version of Java, or since their tricks to retain a monopoly over internet browsing, or indeed originally their repackaging other people’s work just to sell an OS to IBM without primary experience in building it.

                                                                                    1. 6

                                                                                      Except for testing the waters whether it is time to be evil again.

                                                                                2. 3

                                                                                  The tools for decentralized package management already exist, to some extent. Both npm and pip, for example, support directly installing dependencies from sourcecode repos (ie. git). Granted, this means you have to ‘compile’ as part of your install process, which isn’t always feasible, but most of the time that’s fine.

                                                                                  1. 3

                                                                                    From working with Go, installing dependencies from repos leads to less reliable builds because when a single fetch fails go’s module resolver will abort. We ended up having to wrap lots of build tasks in retries in our tooling to handle network hiccups, and that still didn’t help that a single third party server being down can break everything.

                                                                                    The solution seems to be to run a centralized proxy that itself calls out to the repos to insulate your build from this problem. That is what go is doing now, and it seems to work pretty well. That gets you (theoretically) the best of being both distributed and reliable, buts it’s more involved than a centralized system.

                                                                                    1. 5

                                                                                      We use vendoring with Go. imho that’s the best: you do get decentralized repos, but you don’t need to download anything on dev machines or CI server.

                                                                                      1. 2

                                                                                        Another benefit of the Go proxy approach is that it does not require git and hg installation.

                                                                                      2. 2

                                                                                        Yep, totally agree! npm already can be run without needing an npm registry at all, but you can also run your own registry if you’d like (or use someone else’s). I was more trying to address calls for things like Entropic that always happen when npm, inc news comes up.

                                                                                  2. 6

                                                                                    In these trying times it’s important to remember that we need letrec.

                                                                                    1. 1

                                                                                      The alternative to npm is yarn, which is owned by Facebook. I’m not super comfortable with Github owning NPM, but I also think it will be fine considering you can run your own private repositories.

                                                                                      1. 13

                                                                                        yarn is still based on the NPM registry.

                                                                                        1. 7

                                                                                          The alternative to npm is yarn, which is owned by Facebook.

                                                                                          This is refuted in their own Q&A: https://yarnpkg.com/advanced/qa#is-yarn-operated-by-facebook

                                                                                          1. 5

                                                                                            A more relevant alternative is Entropic, which is actually decentralized and integrates with npm as a legacy source and was specifically developed to address the SPOF of an investor-backed startup.

                                                                                            However, development seems to have stalled at the end of last year: https://github.com/entropic-dev/entropic/commits/master

                                                                                            1. 2

                                                                                              Two of the core maintainers made statements this week on twitter that they cannot really work on it for a multitude of reasons.

                                                                                            2. 1

                                                                                              At the end of the day, you’re still using the Node.js ecosystem with all of its problems, one of which is how deeply entrenched npm and its registry are. The solution would be an alternative to Node.js.

                                                                                              If server-side JS is a requirement, then Deno looks interesting.

                                                                                          1. 3

                                                                                            As always, great explanation of various technical details. Great talk as Rust introduction.

                                                                                            1. 3

                                                                                              I also find the ‘The Rust Programming Language’ book quite interesting (especially parts like ‘Ownership’. Yes it is language specific. But it explains all the language concepts Rust uses very well, which I feel makes you a better programmer overall. It is available for free online, and you can find hard copies in store.

                                                                                              1. 4

                                                                                                I just want to add that common web frameworks like Laravel are doing this through their templating system.