1. 9

    windnws.com windo7s.com windkws.com windmws.com winlows.com windgws.com wildows.com wintows.com wijdows.com wiodows.com wifdows.com whndows.com wkndows.com wmndows.com

    What do the stats look like for these domains? Roughly uniform or some hit more than others?

    1. 4

      I also love putting emojis and null in forms to see if its handled correctly :)

      1. 1

        don’t forget to add some tags, like <b>s!

      1. 2

        I’ve used rmlint before and liked it a lot. It outputs a script to remove duplicates that you can inspect, but I’ve never had any problems.

        1. 3

          … the six collaborators drew on a wide breadth of scholarship. The paper’s citation list, with 128 references, is notably long.

          Honest question since I know next to nothing regarding research papers: does the amount of references a paper has matter to people who generally tend to read them? If so, why? Do other papers in the field tend to have less?

          1. 12

            It’s notable here, as one of the arguments Google’s given as defense of ordering the paper retracted is that it ignored too much other relevant research. 128 references is about an order of magnitude higher than what I feel is typical, based on the papers I’ve read. To be fair, I haven’t read many papers on the state of research and you’d expect that kind of review to have more references, but this absolutely smashes any expectations I’d have and makes the claim that it ignored research hard to swallow.

            In general, the quantity of good references in a paper reflects how well it’s grounded in existing research. How important prior work is to the paper’s claims will depend heavily on the paper in question. And, of course, if the citations are all garbage then it’s a huge red flag, but I haven’t heard anyone claim that here.

            1. 6

              I think it depends on the type of paper. If it’s a paper presenting brand new research, you’d expect to have a few references (my personal, very rough metric is “about as many as there are pages in the paper,” although they don’t have to be evenly distributed in terms of citations, and isn’t a hard and fast rule!); if it’s a survey paper or something that is collecting lots of other research and commenting on it in some systematic manner then I would expect more.

              128 seems a lot by most measurements, but if it only had 30 references (and interesting subject matter) I probably wouldn’t throw it out. I don’t think it’s overly important.

              1. 4

                I would imagine it matters in peer review. I have heard of cases of papers being rejected because they don’t cite some paper the reviewer wrote. Citing a lot of papers could also be some sort of defence against that. Not saying that’s what this paper is doing though.

              1. 1
                • Spending time with family

                • I think I’m going to work off-and-on a bit to stand up a wiki on AWS. I had a wiki on a VPS for years, but it wasn’t worth the monthly charge to keep it. I_think_ if I go with the smallest-tiered EC2 instance, I can keep the wiki and only pay a few bucks a month for it. I’m also keeping an eye on AWS costs to make sure something doesn’t go wrong. I’ve had more than one client who ended up with five-figure or more AWS charges because of small details somebody missed. (I understand that this would never happen with my selection, and I’ve put a billing alert on my account to double-check, but I’m still interested in seeing how fast the bill grows. Good luck trying to sort through AWS pricing.)

                • Going to publish an interview I did with a technical coach a couple of days ago. We didn’t get to actually code, but we talked a lot of about good tech practices and the difficulty of getting teams and orgs using them

                • Re-plan my studio development room. I keep trying to dial-in the right amount of tech and furniture so that I can comfortably code and also shoot creative video and chat. No matter what I do, it seems like after a few weeks I’m ready to reconfigure it all. Sigh.

                1. 4

                  Depending on what exactly you need, did you consider smaller cloud providers? Might help with pricing. Things like Vultr, Digital Ocean, Hetzner Cloud, etc.

                  1. 1

                    It’s a good point.

                    I felt it was worth a few bucks a month to have a reason to screw around with AWS. I spent some time getting up to speed on everything a couple of years ago and I don’t want to let those skills decay.

                    It’d be nice to configure the wiki on CloudFormation and then be able to dial it up or down or change the VPS whenever I feel like it. There are a few other things it would be fun to play around with if I ever have the time.

                    But yup, if you’re only shopping price, there are a ton of better places than AWS. Even if some of their stuff is competitive, they suck you in and then kill you on incidental and upcharges without you realizing it. And then, for all of that work, unless you’re prepared to spend even more time and money, you’re now locked-in.

                  2. 2

                    AWS is pretty expensive, check scaleway (their smallest instance costs 1.8 EUR per month) or hetzner cloud. Vultr is also pretty cheap and has more regions to choose from including US, Asia and even Australia

                    1. 1

                      I have really liked Vultr.com for small cloud instances. They have some for $2.50 / mo., plus a signup bonus of $100 - https://www.vultr.com/?ref=8737202-6G (ref link). Billing is much easier IMO too.

                      If you have a lot of AWS credit though, it may be a better option.

                    1. 1

                      I think this thinking while useful at times, can send programmers down some pointless or even damaging rabbit holes. Often I’ve seen programmers create or refactor code to make everything an X. Sometimes it helps cohesiveness, but other times it just makes things more confusing - things you thought were an X don’t really represent well as an X and are a bad abstraction.

                      1. 8

                        RPC is one of those counterexamples. “Everything on the network is a function [or an object]” can get you in a lot of trouble when those functions/objects turn out to have very unusual properties, like enormously high latency, or a tendency to fail with unexpected exceptions during network outages.

                        When working on iChat at Apple, a co-worker and I once spent a while tracking down a weird performance problem; it turned out to be caused by an innocent looking object (an NSURL) secretly being a DistributedObjects proxy, so every time it was asked for its scheme or path the caller had to wait for an IPC call to another process where the real URL lived. That was happening in some inner loops but we hadn’t paid attention because it was obvious that nothing slow was going on in that code..l

                      1. 5

                        A practical work around may be to set up an http to https proxy on your local network. Maybe mitmproxy could do the job? I never tried setting that up, I may be wrong

                        1. 1

                          You are correct, I was personally going to make a comment about socat or literally a reverse proxy of any sort.

                          1. 1

                            I think this won’t work for Google Play because Android heavily uses certificate pinning.

                            edit - I may give it a try though

                          1. 7

                            I was expecting a proper rant, but this is a very good write down of a frustrating situation. There’s one thing I don’t agree with:

                            As a consumer, I would love to pay a little more for devices like these that continue to be repairable and update-able.

                            The ability to self-service and repair should always be free. Otherwise, people that are mostly reliant on in (low income, etc.) will miss out.

                            1. 3

                              Agree that the right to repair should be free. Lumping reparability and updateability in the same sentence maybe wasn’t the best choice in hindsight. With that sentence, I was considering the burden on the producer to support the software years down the line, but maybe with right to repair you don’t need that. If I can throw my own ROM on here, what would I care if Google supports it any longer.

                              1. 2

                                Maybe OP meant that the total cost of the device can be a bit higher, to cover stuff like added support for updating the software, and engineering for repairability.

                                1. 2

                                  Same, same, but different. This will end up in classes of devices, where the higher priced ones give you better access. Freedom to tinker should be a fundamental given.

                                  1. 2

                                    That’s pretty much what happened here; this looks like a $75 tablet from a drugstore that never had any appreciable vendor support.

                                    1. 2

                                      I agree in principle - if these requirements were enshrined in law, every manufacturer would have to abide by them and the cost would be spread out.

                                      As it is, I suspect a very small minority of consumers (including those with low income) are planning on keeping these devices much longer than 3 to 4 years.

                                      1. 7

                                        As it is, I suspect a very small minority of consumers (including those with low income) are planning on keeping these devices much longer than 3 to 4 years.

                                        This might be true in the US, but if you ever go to countries where our “low income” is a high income, this reverses. I travel Southern Africa a lot (due to having family there) and it’s amazing how much of a repair culture exists there. The attitude that repair is optional (also for cars and such) is hugely damaging there. It gets worse when parts, tools and services aren’t readily available/can’t be kept in stock.

                                        1. 1

                                          That’s a good point, I confess to having a very 1st world outlook in this case.

                                1. 1

                                  Off topic, you may want to run a spell checker over your posts.

                                  On topic, yes, this is annoying!

                                  1. 3

                                    Thanks, I’ll run one on it and make some corrections. I wrote it in vim, in which I’ve still not found a good spellcheck workflow.

                                    1. 10

                                      What’s wrong with the built-in :set spell?

                                      1. 1

                                        I set F3 to toggle spell check on and off, it really helps me keep it off except for spell checking passes.

                                  1. 2

                                    Proud to be a part of this community and I hope I can do my part reporting this dribble when I see it. Thanks.

                                    1. 4

                                      It is interesting you mention NVM as a cause of a slow prompt. I had just added NVM to my .zshrc yesterday but had to remove it because of how slow it is. From my limited look into the front end dev world I have found a lot of tools behaving similarly. Does anyone know if that is the norm?

                                      Anyways, I will have to try NVM plus your instant prompt feature!

                                      1. 2

                                        I was looking into this as well. There’s a long thread about this: https://github.com/nvm-sh/nvm/issues/1277

                                        Apparently, you can append --no-use to the source-line, and it’ll still load nvm, but not activate your default Node.js version, which is the cause of the slowdown in my case. I’m usually on the latest Node.js any way, so I’m going to try use nvm only for older versions the few times I need them, and otherwise rely on the install from my regular package manager (Homebrew).

                                        1. 1

                                          Good find! Thanks!

                                      1. 2

                                        Sshuttle sounds good. I will have to try it. For China and more aggressive governments, I will recommend Shadowsocks and Wireguard.

                                        1. 20

                                          A couple of points I agree with, but a lot of stuff that strikes me as so vague that it doesn’t say anything actionable.

                                          Writing non-trivial software that is correct (for any meaningful definition of correct) is beyond the current capabilities of the human species.

                                          I have a hard time engaging with this due to the vagueness of “non-trivial” and “meaningful”, unless the definition of non-trivial software is “software which is eventually found to be incorrect” (perhaps that being some sort of truth in itself).

                                          Most measures of success are almost entirely uncorrelated with merit.

                                          Without defining success, measures, merit, or the context for this (success in one’s career? success as a human?) I can’t really agree or disagree with this. It’s a non-statement.

                                          Being aligned with teammates on what you’re building is more important than building the right thing.

                                          In a commercial context, ultimately, the vast majority of engineers are responsible for shipping artifacts that customers want or, more importantly, that the business can get paid for. At a music software company, if almost all of my teammates are aligned that we’re making a database, and one is aligned that we’re making the jukebox that customers pay for, their idea is more important than our alignment.

                                          In commercial contexts, I posit that we’re here to create artifacts of value first and seek consensus and make friends second. Many folks seem to me to misunderstand this.

                                          The fact that current testing practices are considered “effective” is an indictment of the incredibly low standards of the software industry.

                                          This strikes me as incredibly dismissive and, frankly, arrogant of the author–just because they (presumably) haven’t run into high standards of testing and correctness in the software industry doesn’t mean they don’t exist or aren’t being improved on.

                                          “The software industry” spans throwaway Flash games that will never get an update, to millions and millions of lines of code that runs rockets (occasionally with errors, to be fair), to tight assembly and C loops that run microwaves and pacemakers, to piles of Javascript that get patched only if the percent of users keep throwing an exception in prod rises past some threshold, to dozens of others applications and verticals.

                                          Scoffing at the “incredibly low standards” of the software industry is about as reasonable as scoffing at the “incredibly low standards” of the construction industry, which similarly has projects ranging from painting a wall to building a hydroelectric dam–it’s too broad a brush!

                                          Thinking about things is a massively valuable and underutilized skill. Most people are trained to not apply this skill.

                                          I feel that this can easily be misread as implying that most people don’t think about things. A single word change–“trained” becomes “incentivized”–would remove my disagreement. We don’t have to assume the worst of those people or their environments in order to explain their observed behavior.

                                          1. 13

                                            I think many of the points in this post are easily agreeable because of the vagueness - people can read into these however they want to reaffirm their own beliefs.

                                            1. 4

                                              There’s definitely a tradeoff between saying things that are vague and nonactionable and saying things that are specific but incorrect. I went very far to the vague side of things for this post, since I think it’s pretty hard to define most of these things in a way that is precise enough to be useful, but its also still accurate, but I think these observations might still be useful.

                                              I have a hard time engaging with this due to the vagueness of “non-trivial” and “meaningful”, unless the definition of non-trivial software is “software which is eventually found to be incorrect” (perhaps that being some sort of truth in itself).

                                              By “non-trivial”, I mean software of the complexity of any web or mobile app I use, or a text editor or compiler. Probably software less complex than that as well, I’m not sure how much less complex.

                                              I was chatting with a friend about this before publishing this - here’s part of that conversation that might illuminate my thinking more:

                                              I’m thinking of real software that runs on real computers, not software in the abstract - in order for some application to be correct, imo, it would need to mitigate any incorrectness in the programming language, operating system, chip, etc. I think that many OS and language bugs are fairly commutative (maybe not the right word - what I mean is that many OS bugs will cause bugs in most programs (probably not a majority of OS bugs, but a significant number)). I think that when you combine that with the difficulty of writing a correct program, this is almost impossible with current tools. Like, what chip + OS + language would you choose? Thinking about it more, I guess writing formally verified C on seL4 or something might have a reasonable chance of being correct? No idea what chip you’d run it on, though (and disk, if it requires storage, etc) IMO it’s fair to count security vulnerabilities of categories currently unknown as bugs. Just because a format string vulnerability was written in the 90s, doesn’t mean it’s not exploitable. I don’t think “we didn’t know that bug could happen” is a good excuse.

                                              Without defining success, measures, merit, or the context for this (success in one’s career? success as a human?) I can’t really agree or disagree with this. It’s a non-statement.

                                              Different people have different definitions of these things, but I’ve yet to meet someone who had a definition of merit and success where I would say the two are strongly correlated. The combination of noise in the conditions that generate success and vast inequality in starting levels of success are usually the largest contributors to these being uncorrelated, for the various definitions of “success” and “merit” I’ve seen.

                                              In commercial contexts, I posit that we’re here to create artifacts of value first and seek consensus and make friends second. Many folks seem to me to misunderstand this.

                                              I think that it is incredibly difficult to build an artifact of value without being aligned on what artifact of value you’re building.

                                              This strikes me as incredibly dismissive and, frankly, arrogant of the author–just because they (presumably) haven’t run into high standards of testing and correctness in the software industry doesn’t mean they don’t exist or aren’t being improved on.

                                              I think that you need to look at at least the 99.99th percentile of software projects before you start seeing types of testing or verification that aren’t essentially automated manual testing - I think that it’s fair to say that the software industry, collectively, has low standards because of that.

                                              The software industry is very young, and I think that we basically haven’t figured out how to test software in a cost-effective way yet, but I think we can get there.

                                              I feel that this can easily be misread as implying that most people don’t think about things. A single word change–“trained” becomes “incentivized”–would remove my disagreement. We don’t have to assume the worst of those people or their environments in order to explain their observed behavior.

                                              The reason I chose “trained” instead of “incentivized” is that I think it’s pretty common for people to have been in situations that disincentivized thinking about things, but then continue to not think very much about things or notice things not making sense/not adding up once they’re removed from those situations.

                                              1. 6

                                                in order for some application to be correct, imo, it would need to mitigate any incorrectness in the programming language, operating system, chip, etc.

                                                I’m not prepared to say we cannot make an airplane correctly because pilots keep getting drunk, or we can’t make software because all cpus we can ever make are secretly analogue and leaking internal state in the form of RF (or whatever) because this kind of thinking is not useful.

                                                I’m generally satisfied that software is correct if it produces the correct output for the defined input domain. Most people have an even lower bar than that.

                                                1. 5

                                                  Thanks for the response!

                                                  Another point of disagreement:

                                                  The software industry is very young, and I think that we basically haven’t figured out how to test software in a cost-effective way yet, but I think we can get there.

                                                  The software industry has been around since the 50s, arguably earlier. We are nearly as old, for example, as the airline industry. A lot of folks have and are doing cost-effective testing on every part of their designs that matter–I think you also are discounting just how effective good manual testing can be in favor of an academic view of “correctness”.

                                                  One of the big differences between engineering and science is that engineers are judged on their ability to make things of value without being completely correct or accurate and instead on being “close enough for practical purposes”.

                                                  1. 2

                                                    One of the big differences between engineering and science is that engineers are judged on their ability to make things of value without being completely correct or accurate and instead on being “close enough for practical purposes”.

                                                    Science has p=0.05 for more-or-less the same reason, right?

                                                    1. 8

                                                      I suppose you’re right, though I think that’s more for deciding how important results are.

                                                      My favorite quote about engineering is by Dr. A. R. Dykes:

                                                      Engineering is the art of modelling materials we do not wholly understand, into shapes we cannot precisely analyse so as to withstand forces we cannot properly assess, in such a way that the public has no reason to suspect the extent of our ignorance.

                                                      1. 2

                                                        Importance seems a very loaded term - I’m sure, given time, that I could find an extremely unimportant hypothesis to test.

                                                        I suspect the closest analogy is deciding whether observations (raw materials) are sufficiently likely to match a hypothesis (specification) to justify their use.

                                                    2. 2

                                                      Aeronautics comes with a particularly grave incentive for testing - in a way, I’m glad we haven’t had the same kind of progress in software.

                                                      1. 2

                                                        Whether it’s headline design failures like the 737 Max, cost overruns like the F-35, or perpetual failures like leaving the climate crisis or public health unaddressed (it’s common for small prop aircraft to use tetraethyllead in their fuel, for example) I’m not convinced that testing an airplane in a cost-effective way is a solved problem, either.

                                                        But both aeronautics and software engineering are ridiculously young disciplines. It took plumbers millennia to work out not to use lead.

                                                    3. 4

                                                      Let’s keep in mind things like NonStop already run five 9’s without formal verification. From there, you might do something like Verisoft that went from app down to the chip, DeepSpec that went further in that way, or Rockwell Collins’ approach (pdf) with AAMP7G CPU.

                                                      Then there’s lighter-weight approaches applied to larger systems with low, defect rates such as Cleanroom and Praxis Correct-by-Construction (pdf). Note that these aren’t an upper bound of the low-cost approaches given there’s been many advances in lightweight and automated methods for reducing defects in various parts of the life cycle.

                                                  1. 4

                                                    To me it doesn’t seem like a good use case for the Pi but for others it may work great. My case is with C++ code - it’s very CPU intensive to build and can be improved with high concurrency. For that my local machine is much better suited, but maybe this would be good for a nightly build or something that’s not too dependent on time.

                                                    1. 1

                                                      The standardization of aspects of technology is both extremely powerful and extremely dangerous. And I think that is what would be needed here. Standardization, i.e, on these Image objects, and interfaces for reading and writing them.

                                                      1. 8

                                                        I’m using a OnePlus 5T with custom ROM (Lineage).

                                                        I’m not sure about OnePlus support, and they definitely don’t support Lineage. But their phones seem to be quite nice to put custom stuff on. I really like them.

                                                        1. 2

                                                          I’m using this phone too which I purchased about a year ago. It’s a great value. When I bought it, it was only about $370. It’s unlocked, has dual SIM, headphone jack, and a decent screen in my opinion.

                                                          I try not to be on the phone a lot, so I didn’t go looking for the latest and greatest, but this one is a lot better than I expected.

                                                        1. 5

                                                          What are some other reasons folks prefer us to the orange site?

                                                          1. 9

                                                            This isn’t an “other” reason, but I like most that there is some level of explanation required on downvotes. I think this makes people more willing to engage even if they might be a little more controversial (the invite-only policy helps control the really wacky stuff). That said, I think there are some users who equate “I disagree with” with “incorrect,” which I disagree with and is incorrect. I’ve always had the policy that I simply won’t upvote something I think is wrong; I’ll only downvote something I know is wrong.

                                                            Aside from that, though, it’s really the high S:N that keeps me coming back. I’ll glance at Orange now and then but I’m not even logged in anymore most of the time.

                                                            1. 3

                                                              I agree with you - it’s a great idea but I wish it wasn’t so in your face. There are many bullshit down votes on lobsters and they still have huge negative connections event hough they are clearly wrong. Take a look at this submission as a prime example.

                                                              1. 1

                                                                Not everyone agrees on correct and incorrect. Things that may appear obvious to you and things that may appear obvious to someone else can be completely different. If you’re getting a lot of incorrect votes, and you think you’re unambiguously correct, perhaps there’s room for a discussion for either you to learn a valuable new lesson or for them. Either way a incorrect downvote is probably better than a flamewar.

                                                                1. 1

                                                                  I haven’t participated in many “flame wars” on lobsters. I don’t generally find that to be the character of discourse here.

                                                                  Clearly that mechanism works for you, and it’s in the code, so more power to you and in future when I find myself thinking “whiskey tango foxtrot?” about an Incorrect in a case where assigning factual incorrectness seems impossible to me, I’ll politely message in hopes of getting a clue :)

                                                              2. 2

                                                                Totally agree. This post is the first I’ve ever voted off topic on here. I think people are WAAAY too fast & loose with Troll, Incorrect, etc.

                                                                However that’s a very small quibble in an otherwise great big pile of satisfaction I have around this place :)

                                                                1. 1

                                                                  The incorrect flag is often the alternative to a unnecessary discussion without meaningful resolution :). While I get that some people want to duke it out (myself included), it often just clogs up the comments.

                                                                  1. 1

                                                                    I don’t agree. I see it being used in cases where factual correctness would be nearly impossible to determine. When it’s used to call out an actual factual inaccuracy I’m all for it, but sometimes I think people use it as a passive agressive “I think your comment is full of crap” signalling mechanism, and I’m not wild about that.

                                                                    1. 1

                                                                      Is that better than a 30 post argument back and forth where neither are satisfied because the outcome is probably not fully knowable?

                                                                      1. 2

                                                                        I don’t personally have that problem very often. Once in a while I fail to catch myself, but I try to take it to private message when the back and forth counter starts to tick up.

                                                                        I suppose I could and should do the same with the incorrect thing as well.

                                                                2. 2

                                                                  I have a downvote on one of my comments which is expressing an opinion, and the reason for a downvote was “incorrect”. There’s no way for me to contest or countermoderate, so I will disregard the voting system entirely. Downvotes feel the same as reddit.

                                                                3. 8

                                                                  Mainly for me it is the technical signal:noise here is much better than on HN. While I appreciate the industry relevance of stories about such-and-such company’s IPO, or such-and-such CEO’s being fired, it’s not what I go to a tech aggregator to read. I prefer the densely concentrated technical content of lobste.rs to the broad mix of HN.

                                                                  Not to mention the comments… reading HN comments is usually painful, while the comments here are insightful and civil.

                                                                  1. 7

                                                                    What are some other reasons folks prefer us to the orange site?

                                                                    I can easily quote the previous reply in a readable way. I appreciate that HN predates Markdown, but some more formatting would be very helpful. Might seem like a small thing, but writing on HN can be somewhat annoying.

                                                                    Also, stories tend to perform more consistently here than on HN (example). On HN it’s a bit of a gamble, the same story can get 1 upvote or 400; you never know.

                                                                    1. 4

                                                                      I appreciate that HN predates Markdown

                                                                      Markdown dates to 2004; HN launched in 2007.

                                                                      1. 3

                                                                        https://news.ycombinator.com/item?id=1 : October 9th, 2006.

                                                                        Still postdates Markdown, but Markdown took some time to be adopted (as arp242 says).

                                                                        1. 1

                                                                          Oh, I thought HN was older. It still predates Markdown’s ubiquity.

                                                                      2. 7

                                                                        There’s a few extra features here that go a long way, but not too many that it pollutes the main features. These extras go along way for me

                                                                        • reply notifications
                                                                        • preview
                                                                        • messaging
                                                                        • sane formatting
                                                                        1. 4

                                                                          I’ll add messaging can help keep down the site noise, too. I might use a message if it’s a compliment or something I’m pretty sure only benefits the person I’m replying to.

                                                                        2. 5

                                                                          Transparent moderation.

                                                                          Edit - related to the above, a semi-clear feeling for what’s on-topic. I, for one, am happy not to see random Wikipedia articles submitted.

                                                                          1. 4

                                                                            I have exactly zero interest in, and thus tolerance for, articles about ‘founders’ and startup culture that have exactly zero technical content.

                                                                            I don’t see myself ever starting a company, and if I ever do I’m not convinced keeping up with HN is the path to success I’d choose.

                                                                            1. 4

                                                                              Reply notifications.

                                                                              Means you can have a conversation.

                                                                              Hack news tends to invite twitter style snarks rather than engagement.

                                                                              1. 4

                                                                                HN is often too corporate which I hadn’t seen it happen on lobsters yet. Many threads devolve to IPOs and silicon Valley cringy corporate cultures.

                                                                                I’m not sure how exactly lobsters discourage it so it might be just because we’re too small.

                                                                                1. 3

                                                                                  People mentioned community feel. I’ll add specific example of the “What are you doing/reading/etc?” threads where people just show up, talk about themselves, support each other, and sometimes connect in interesting ways. It has a sort of small town or neighborhood feel. Hacker News is so big that their Show or Ask threads are like reading a survey of a city’s worth of people. The latter is also why you’ll see more opportunities, though.

                                                                                  Different strengths and weaknesses.

                                                                                  1. 2

                                                                                    I prefer it because the articles are more on topic to programming and development. As for a second reason, I find that people tend to be more civil here. I’m personally a fan of heavy handed moderation around aggressive or troll-like interactions , even if sometimes I get hit with it myself as it keeps the discussion interesting and productive.

                                                                                  1. 2

                                                                                    Game looks well done but I think your word list could use some help.

                                                                                    ZDnet was the solution to a game I played on easy. It is harder than it looks though! And it looks hard!

                                                                                     rhe
                                                                                    nails
                                                                                    zdnet
                                                                                    bitch
                                                                                     ost
                                                                                    
                                                                                    1. 2

                                                                                      Thanks! I’m on the lookout for a better word list – suggestions welcome. For now, I’ll likely just manually delete zdnet and msgid and re-generate the puzzles.

                                                                                      1. 2

                                                                                        This is a fantastic game and great implementation of it. Thank you for posting this!

                                                                                        I’m on the lookout for a better word list – suggestions welcome.

                                                                                        In terms of English, one of the best word lists I’ve come across are the 12dicts word lists, especially the 3of6game list. (Direct download link). It’s clear how much care and attention have gone into these lists.

                                                                                        I’m currently working on a side-project for generating easy-to-memorize yet strong passwords and the generation method requires high quality words and pairs-of-words. I spent today hastily ripping out the word list generator into a separate public GitHub repo.

                                                                                        In order to find words and pairs-of-words I use Wikipedia dataset dumps as a source of words and filter out any words not in a dictionary. I was hoping that this method would work well in all languages. Although this works OK for a English top 10k wordlist using a Debian-sourced dictionary (you get better results when you use 3of6game as a dictionary), today was the first time I tried Polish and the Polish top 10k wordlist using a Wiktionary-sourced dictionary isn’t good.

                                                                                        I know of the Google Ngrams project and trying to reproduce it and come up with good wordl ists and language models is quite difficult!

                                                                                      2. 2

                                                                                        I got msgid as a word. That was… not ideal

                                                                                      1. 4

                                                                                        Pretty good article.

                                                                                        I went in thinking Apple was being hypocritical and now think that perhaps their move was pretty smart. Can’t push too much at once.

                                                                                        Also pretty surprised at Alphabet’s different approach also pretty smart.

                                                                                        1. 1

                                                                                          I was looking for information about Android’s approach, and found the following on Google’s support:

                                                                                          If your backups are uploaded to Google, they’re encrypted using your Google Account password. For some data, your phone’s screen lock PIN, pattern, or password is also used for encryption.

                                                                                          If you back up to Google Drive, here’s what’s backed up:

                                                                                          • Contacts
                                                                                          • Google Calendar events and settings
                                                                                          • SMS text messages (not MMS)
                                                                                          • Wi-Fi networks and passwords
                                                                                          • Wallpapers
                                                                                          • Gmail settings
                                                                                          • Apps
                                                                                          • Display settings (brightness and sleep)
                                                                                          • Language and input settings
                                                                                          • Date and time
                                                                                          • Settings and data for apps not made by Google (varies by app)

                                                                                          Photos are another story, I guess.

                                                                                          As for contacts, they may be encrypted for backups, but they’re all fully available from other Google services like GMail, right? 🤔

                                                                                          1. 2

                                                                                            https://support.google.com/android/answer/2819582?hl=en

                                                                                            What gets backed up

                                                                                            If your backups are uploaded to Google, they’re encrypted using your Google Account password. For some data, your phone’s screen lock PIN, pattern, or password is also used for encryption.


                                                                                            OK, so, let’s be real here:

                                                                                            • If the data is encrypted with your Google Account password, then either they’re storing your password in cleartext on the device and/or in the cloud, both of which options would be a rather bad idea given that you’re supposed to only use the password to get the authentication session token, or that you have to enter it all the time, which would be a rather poor UX. (I presume they must be storing it on the device, encrypting it with the lock PIN/pattern?)

                                                                                            • Even if they themselves don’t have a password, I don’t see how they could possibly resist a request from a secret court to save such password the next time it is supplied by the user; this doesn’t compare favourably to what Apple was supposed to have been working on.

                                                                                            As for lock PIN or pattern, what sort of encryption are they using? These are usually just a few digits long, there aren’t that many combinations to try out all the inputs if you already have all the data for it locally.

                                                                                            1. 2

                                                                                              If the data is encrypted with your Google Account password, then either they’re storing your password in cleartext on the device and/or in the cloud

                                                                                              Is this necessarily true? I feel like there could be some ways to “effectively” do this, without storing your password in cleartext. Here’s an example: If you are asked for your pw when you encrypt, Google can sha512 your password and use that to decrypt in the same kind of way.

                                                                                              Of course, I don’t know that Google is making that ask at each encryption / decryption. Also, that would mean you would lose your data if you forgot your password, which is probably not the case. However, I just want to point out there could be some clever use of cryptography going on here.

                                                                                              1. 1

                                                                                                Well, your reply started with “let’s be real” but you’re only presuming on what Google’s doing. I’m not sure they are as bad at encryption as you credit them for, but I can’t prove that either.

                                                                                                At any rate, Google is working with US gov law enforcement, to the extent that US-based companies are obliged to. That’s not great, but that’s expected.

                                                                                                  1. 1

                                                                                                    I don’t know what Google does, but we know what Firefox Sync does, and it doesn’t require them to store your password in plaintext or to enter it all the time. They run your password through a key derivation algorithm, with different parameters so that the server-side hash and the encryption key wind up different in spite of starting with the same password.

                                                                                                    The two derived keys are what the client retains a plain text copy of.

                                                                                              1. 1

                                                                                                Searching for an app in the System Settings Notifications page and then clearing the search no longer duplicates the items in the list (Kai Uwe Broulik, Plasma 5.17.5)

                                                                                                Yes!!!

                                                                                                Weird timing but my DE running KDE just broke a few hours ago, starting with random notifications saying the window switcher isn’t working, and then “the screen locker is broken…” and then finally, a black screen when I login. Except I can open the terminal with a shortcut (and possibly other windows). This may not be the best place, but if anyone smarter than I has ideas, I’d appreciate it. The weird thing is I was installing PyQt packages when it started. I wonder if it’s related, since KDE runs Qt.