Apple Silicon machines are designed first and foremost to provide a secure environment for typical end-users running macOS as signed by Apple; they prioritize user security against third-party attackers, but also attempt to limit Apple’s own control over the machines in order to reduce their responsibility when faced with government requests, to some extent. In addition, the design preserves security even when a third-party OS is installed.
… these machines may possibly qualify as the most secure general purpose computers available to the public which support third-party OSes, in terms of resistance to attack by non-owners.
If you run a third-party OS on a Chromebook, doesn’t that severely compromise the security of the Chrome OS system? If I remember correctly, many Chromebooks required you to take out a screw to install another operating system and the process prevented secure boot from functioning on the primary Chrome OS installation.
What’s nice about Apple Silicon Macs (from my understanding) is that their secure boot settings are per-OS, not systemwide. You can still perform all of the signature checks on a macOS installation without doing so on a Linux system on the same disk.
Without some kind of physical intervention by users doesn’t that leave macs vulnerable to a persistent attack? Like an evil maid or trojan that installs something like a keylogging hypervisor that boots regular macOS. That would be indistinguishable from the perspective of the user and probably macOS yet could easily be malicious.
reboot again because you forgot which buttons you needed to press on the keyboard :D
press correct buttons during boot
Enter the recovery OS
Enter the administrator password
Change the security setting
That said, I had to work on a chromebook for a while and that didn’t require a screw or anything to get into the unsafe mode, it was also a key chord.
There are a few critical differences though:
Changing to the insecure mode on a Chromebook erases all local content
From the article it sounds like beyond allowing you to launch a untrusted OS the security features are available to multiple OS’s (this is purely my reading of the article, I could very well be wrong). Whether linux or what have you support/use it i don’t know.
You’ve now shifted the goalpost from your original question (original goalpost was “vulnerable to a persistent attack” due to not requiring something similar to Chromebooks’ screw removal, new goalpost is alleging flaws in the SEP). I’ll no longer be responding to you.
Up to the Apple A10 by the checkra1n jailbreak (to bypass the measurement by the SEP used to lock data access on access to DFU for more recent iOS releases).
On the Apple A13 onwards, the measurement of the current SEP firmware version (by the monitor) is a component of the encryption key, making such attacks no longer able to have user data access.
It won’t ever. iMessage is bound to iOS hardware identifiers for authentication. It’s not the porting / RE that’s hard in that case, it’s that you can’t use it without real Apple hardware.
It’s definitely possible to run iMessage on a Hackintosh, where you just need a valid combination of device and logic board serial numbers and a few other magic boot loader values—there are tools to automate generating these. On the other hand, getting Messages.app plus all of the frameworks it requires to run on Linux wouldn’t be easy (remember that iMessage makes heavy use of the system keychain, APNs, and other fancy stuff that you can’t easily reimplement without pulling in half of macOS).
Ok, i phrased that wrong - you need to get an iPhone, but you can copy the identifiers out, which decreases the number of people interested in that solution since… they already have an iDevice.
I haven’t heard of anyone generating new valid numbers though. Have you got a link?
iMessage itself (the blue bubbles) still works just fine without an iPhone, you just don’t have an associated phone number to receive messages at without using your email address.
The serial numbers and SMBIOS stuff are for emulating a real Mac; they don’t come from an iPhone. The process is a bit more of a pain if you’ve never associated your Apple ID with a real Apple device or spent real money on the App Store (you usually have to make a purchase or call support to get your account permitted to use iMessage so as to cut down on spam), but it’s certainly possible.
Would love to get an international take and maybe someone has some data. Does flossing actually help?
I’ve never heard a German dentist recommend it more than in passing and I’ve been to a few different ones. Do Germans have a worse rate of dental problems than Americans? Actually I only ever heard it being mentioned as a sort of “everyone does it, you should do it, it’s second nature” by Americans and Canadians, never by Australians or people from the UK - but who knows how representative that is :)
It’s somewhat contested. Health authorities in the US have found evidence to be unreliable for flossing. That said, I do it daily and always manage to remove at least a little bit of something, even after brushing and using mouthwash, so I think it does serve a purpose.
My guess as someone who grew up in France, is that it’s less necessary if you have good healthcare and go to the dentist regularly. In the US the dentist can be costly even for a routine cleaning, so you better do your part and floss.
(I think it is useful, I’ve noticed a difference after starting to do it daily.)
At the end of the day we’re all human (I think), and tribalism is part of the package. It seems to show up when people invest in one thing vs another, whether the investment is time, money, emotion, brain rewiring (muscle memory!), etc…
As someone who actively used both at one point, and was probably on the proficient to advanced end of the spectrum in terms of editing experience with both, I cringe at claims that one editing style clearly outclasses the other in terms of efficiency, productivity, or whatever. I’d wager that 90% of the time in a keyboard-oriented editor, we navigate by word or line when we’re not navigating by search.
Arguing about editors reminds me of unproductive language disagreements, when we talk in terms of absolutes instead of trade offs.
Agree about 90 claim. After I’ve moved my arrow keys to home row via https://manybutfinite.com/post/home-row-computing/, I became almost as productive at raw text editing anywhere as I was in Emacs or Vim. Well, you also need ace jump and multiple cursors for coding specifically.
I think that some people portray Emacs and Lisp as “holy” and above criticism—although this is certainly a minority of those communities—so others respond with criticism of Emacs’s poor defaults and hostility to new users. People get into heated arguments about their favorite things, and that includes text editors.
It’s mostly team signalling. For some reason a bunch of nerds decided that Emacs/VIM is their Ford/(Holden|Chev) and they need to play silly tribal games.
Serious question: if the title were instead “Writing a Technical Book…”? Would that deserve a flag? Because if writing a technical book isn’t technical, I don’t know what is.
Also of note, other articles on the front page: “How India Censors The Web”, “…Maine Oyster Farm”, “History of C++”, “History of Lisp” , “Why [this unix command] exists”
I’m okay with all of those, since tech seeps everywhere in our lives. (The oyster farm story was a bit disappointing because it was a ton of words for just a little cloud stuff). Computers are everywhere. As people who use them to help people, we need to talk about how people use them and how we can do a better job of helping them. Perhaps we should just eliminate any reference to people at all? (In other words, an explanation of the technical details of X might be fine, but explaining how X got started and what people use it for would not be okay)
I’m just a bit confused. Trying to learn why people draw the distinctions that they do.
if the title were instead “Writing a Technical Book…”? Would that deserve a flag?
I believe so, yes. The flag isn’t about the story’s title but about the story’s content. The story is about writing books, not about computing. You could replace “Designing Data-Intensive Applications” with “Understanding molecular biology” or “Getting started with neurosciences” and the story’s content would not change: the conclusion is that writing popular books about technical content is worth it because it brings money and shares knowledge. This has really nothing to do with computing.
Also of note, other articles on the front page: “How India Censors The Web”, “…Maine Oyster Farm”, “History of C++”, “History of Lisp” , “Why [this unix command] exists”
I did not read any of these, so I refrained from flagging or upvoting them, but these titles do sound like titles of potentially technical stories about computing to me.
Computers are everywhere. As people who use them to help people, we need to talk about how people use them and how we can do a better job of helping them.
I agree, and there are places where talking about how people use computers and how we can do a better job of helping them already happens: hackernews and reddit. These discussions do not need to happen on lobste.rs in my opinion.
Many thanks! I don’t agree with you but I appreciate your taking the time to explain yourself farther.
To me you don’t know something unless you can use it, teach it, and explain it to others. We can certainly agree that the money/commercial aspect of technical books is not about computing (at least directly), but the entire world of conveying technical knowledge to others is as important to me as developer skills. After all, because other people did this, I can code! I owe them my thanks.
And I don’t think the commercial content necessarily needs to be off-topic. Technical people consume things in different ways than other people. My problem with content like this is that far too often it’s trying to appeal to the “I made a zillion dollars in two weeks! Aren’t I awesome!” crowd than it actually covers things that technical folks would need to know to help other technical folks. I suspect that’s because the content creators are shooting for a more general audience, but I don’t know. I agree that it can easily stray into non-tech areas, it just doesn’t always have to be that way.
Ah, but those are the best stories by far, and discussed better here than I’ve tended to find elsewhere, too!
For my part, I was glad to see this one get past the censors. Primo Levi also wrote books that weren’t about chemistry, but I’d like to think the chemists of his time still discussed them, even perhaps at conferences and meetings dedicated specifically to topics of the trade, like making varnishes and paint :-)
apologies, I was being sarcastic (some folks complain about posts hosted on medium and not being about computers to the extent of flagging a computer review tagged hardware as off-topic)
Sarcasm is mean and does not help people change their mind.
some folks complain
I am not complaining. I am describing why I flagged a story the way I flagged it, so that we can build a shared understanding of what is on and off-topic on lobste.rs. If you disagree with my reasons for flagging this story, I think a more useful response would have been to describe why you think I am wrong.
A lot of the reason I’m checking Stack Overflow is (1) the docs for tool/framework/library X are horrible (2) this is the umpteeth tool/framework/library/build system/command line tool to do thing Y I’ve used and can no longer keep everything I need in my head.
I don’t know… I’d at least like to wait until my preferred political party or favourite celebrity endorses this “pro-thinking”. I don’t want to go chasing fads.
It’s not obvious to me that more money constrained enterprises do in fact produce worse software in general; or even that software can be ranked on a single good-to-bad axis irrespective of the goals of the developers and users of that software. I don’t see the amount of money an organization has as being particularly related to how good their software is, or even see that as a particularly relevant question, given that an instition might want to use their money to produce software that does what they think is good rather than what I think is good.
that probably means your company has no pressing need to deliver new and unfinished software and it’s healthy enough not to pressure lower layers in the hierarchy into working crazily even if unnecessary.
My personal experience is that time constraints are rarely the reason for bad software; rather, a number of organisational and/or historical reasons are. Writing bad or good software usually takes about the same time Actually, writing good software is usually faster if you take the long-term view, and I think most people understand that.
The “write once, never look back” coding CEO, that kinda clueless coworker who doesn’t quite seem to know what they’re doing, that asshole coworker who absolutely insists on rewriting everything in their preferred way as that’s the One True Way, that other team in the other city which was recently hired and doesn’t understand the context, changing requirements or directions from management, the customer, or legislation, unclear requirements, a generally toxic work environment which leaves everyone demoralized, someone deciding we should follow latest fad X. Stuff like that tends to be a far larger influence in my experience.
Of course, I’ve only worked in five companies, so it may be different in other companies. But this is my experience based on those five companies.
no but a lot of good software comes from research centers, foundations, public institutions, where the priority is on quality, reliability, correctness, fairness and developers are free to work without being directly exposed to a market-driven feedback loop. That doesn’t mean that these institutions are not immersed in a market economy, but that they invest resources in shielding some people from these pressures in order to be able to produce a kind of quality that is not possible otherwise.
yeah but they can produce that software despite the market, not thanks to the market. The way they get funding and allocate resources is in response and opposition to the market needs.
Peer 2 Peer production is also done in societies with free markets, but they work really hard to try to escape it. It’s a bug, not a feature.
Even when I don’t have a time constraint set by some sort of external party, I still get stuck in the trap of searching Stack Overflow and becoming more and more frustrated (although this usually happens with infrastructure and deployment problems, not actual programming issues).
But I’m not going to put that directly this time, just because some too sensitive people might get “offended”.
When you see something that doesn’t affect you in the slightest and was made for free and given to the community to help, and you complain anyway, maybe you should ask yourself who is “too sensitive.”
+1 to this request. Speaking as a moderator, there’s nothing obviously wrong with this post to me. If it in fact has some problem, fine, we can address that, but only if we know what it is.
It’s almost enough to make me think there isn’t any real complaint, just a personal vendetta… but of course, that’s hard to prove, and really it’s beside the point. Either there is a complaint or there isn’t; if there isn’t, vague insinuations accomplish nothing.
Haha what? I reread the post after I saw this (I don’t even like Rust man) and couldn’t find anything off-topic, or even remotely problematic. Are you referring to the art, perhaps?
Yes. This user had a complaint about the art used in https://lobste.rs/s/3bbj56/edutech_spyware_is_still_spyware#c_9sqrho as well. In both cases, it’s their personal vendetta against cartoonish drawings of animals with human traits. They might be right that others dislike the art style as well, but it’s certainly not worth complaining about.
cmd+shift+4 pops up a crosshair to take a screenshot of a region.
And pressing space after cmd+shift+4 lets you screenshot a particular window.
And since 10.14 (I think) taking a screenshot now gives you a little preview in the bottom-right of the display which delays it writing to a file. If you just want it to write the file and skip the preview, cmd+shift+5 gives you an Options menu where you can disable “Show floating thumbnail”.
The nice thing about that floating thumbnail is that you can drag & drop it like a real file. Sometimes I’m screen shotting just to share with someone in chat, and that dragging that thumbnail over means I can send images without ever having them written to disk.
Mentioned in the other comment but yeah– pressing control along with wither hotkey just copies to clipboard inmediately which I’ve found to bw the best path for this usecase. Then I’m able to just Cmd + V in the target.
On Catalina (not sure about previous versions), you can also hit cmd + shift + 5 and select the clipboard as the default destination. Then you won’t need to add control for screenshots to go to the clipboard.
I give this same advice to new bike owners (who are likely to underspend on their lock), but this advice now really grates on me. I own a seven thousand dollar bike (bikes that are friendly to people with disabilities aren’t cheap 😞). How do I protect it when I’m away from home? $700 bike locks aren’t really a thing, and if you if you thought bike insurance rates on “cheap” bikes were bad…
Compared to a typical $7k bike, I’d guess that yours is far more difficult to fence. I hear that a stolen bike is usually chopped up for parts, and you have
an asymmetrical wheel set in two unusual sizes
no stem or handlebars
a frame not compatible with typical wheel sets
So perhaps it has the theft appeal of an inexpensive bike? (Despite how cool I think it is :)
I would still downgrade or lock your rear seat, though!
This comment is a really insightful addition to @calpaterson’s threat model. Even Powertool Percy’s fences might be stymied by, say, a penny farthing. (Or at least, I really hope that’d be the case.)
Due to COVID, we haven’t had a situation in the past year where we’ve left our bike outside unattended for any amount of time, but I expect our eventual theft-mitigation efforts will be some combination of:
locks, and more locks
paint the bike to be more distinctive
embed a gps tracker (or two?) in the frame
remove the steering pin when leaving the bike unattended
insure the bike (ugh)
Despite how cool I think it is :)
It’s awesome. Totally has ruined “normal” bikes for me. The ability to easily maintain conversations with someone on a long ride is a game-changer in itself!
That’s a really cool bike! Unlike a normal recumbent bike, I’m not seeing anywhere for the rider in front to hold onto with their hands. Is there a seatbelt or some other solution so that the rider in front doesn’t fly off during an emergency stop?
There are handles beneath the front seat! You can also order a seatbelt as an accessory, but the font seat feels very secure—even during abrupt braking!
No such thing. An “ordinary” bicycle frame is actually a high-wheeler. The typical diamond frame design is a “safety”. Anyway, USS has been one school of recumbent design since the 1970s at least.
The obvious first choice is to bring it into your home. If that’s not an option, maybe you can rent space in a neighbor’s garage or at some nearby storage service? There is no safe way to lock a bike up outside for multiple hours (see Percy, from the article).
There is no safe way to lock a bike up outside for multiple hours (see Percy, from the article).
Given a thief with an angle grinder, there isn’t even a safe way to lock a bike up outside for multiple minutes! Of course, I can keep the bike safe at home, but at some point it’s more furniture than bike.
Ah, I read your “when I’m away from home” as “when I’m away and the bike is at home”, which, in hindsight, doesn’t make much sense, oops. Sorry.
When I drag my bike into areas where theft is seemingly high, I get very unshy about taking my bike into the building and stashing it next to the receptionist, cashiers, etc. Most of the time they don’t seem to care, but I suspect this could be different if you’re in an area where cyclists are looked down on more than they are here..
I bought some of the products from Stephen Briggs (I think was a founder together with his wife Sarah. Company name was Pragmasis), this was about 9-10 years ago or so.
I am overall very happy with product, and the quality of interaction I had with Stephen.
Thankfully, the chains (I bought several, as had different needs for different weight/length configs) – were not tested.
I’m also surprised to hear that. Unless you explicitly look for troll channels, my experience has either been quiet (but quick to answer) or constantly active, and on topic.
I can’t say I’ve seen the things that the grandparent comment mentioned, but they definitely wouldn’t be on Freenode. If you limit yourself to Freenode, IRC is a very safe and well-moderated experience, especially on some exemplary channels like the Haskell one.
I have accidentally wandered into uncomfortable conversations and much worse things on some of the other popular IRC networks, of which quite a few still exist: https://netsplit.de/networks/top100.php
The same thing is true of sketchy Discord servers as well; it’s not like IRC is unique in this regard.
A year or two back, Supernets was spamming hard on IRC networks. I forgot if Freenode was affected, but I know a lot of the smaller networks I was on were.
Not OP, but I spend my time on IRCnet and EFnet since my IRC use is just to stay in touch with friends. Anyway, last year I was DDoS’d pretty hard because someone wanted my nick on EFnet.
Sometimes I miss #C++ on EFnet, not enough to go back on EFnet, but I do miss it – a lot of wonderful people were there in the late 90s. Freenode feels a lot more sane in terms of management and tools for the system operators. Cloaks and nickname registration go a long way.
This is the primary reason I find programming in Common Lisp so enjoyable, as opposed to Rust (a probably superior language, but having to wait for 300 dependencies to compile / get linked is a far cry from compiling individual functions in a running Lisp image)
The lack of IDE support for better C++ build systems (e.g. Bazel) is a boat anchor on C++. I’m struggling right now to find a CMake replacement which supports both Visual Studio and CLion on Windows and Linux.
I’m reading a lot of research papers and blog posts on fuzzing to try to learn more about the state of the art with regards to kernel and low-level library fuzzing. I’m especially interested in techniques that work without target binary instrumentation; is there any way to approximate coverage-guided fuzzing (or at least improve efficiency over naive fuzzing) without direct access to source code or in situations where compiling is prohibitively difficult (think the NT kernel on a running Windows system or XNU on real iPhone hardware)?
I’m certainly a beginner in this particular subfield of computer science but I’d like to dive into it to do some of my own research. If anyone has any resources to point me towards, I’d be very appreciative!
Learning Scala, because it someone recommended it and it seemed really interesting. From my little usage of it so far, it feels like Java meets Rust.
Sleep. A lot. I am running purely on caffeine right now.
Probably play some more Skyrim and Diablo III.
Work more on my nixinfo crate, I managed to get quite a bit of work done on it. Now most functions will output to a Result<String> instead of a String, and I managed to slim it down some.
Probably test out a bunch of more programming languages. I love Rust and all, but using the one same language all the time can get… ugh. Too bad it’s hard to find languages I haven’t already tried:
I don’t like C, C++, Dart, Go, JS, Python, Ruby, nor Swift.
Fortran, OCaml, Lisp, Nim, Pascal, and Perl are ok, but not something I’d prefer.
I find your list of programming languages very interesting! How much Scheme have you tried? If you’ve only tried Common Lisp, I’d give Scheme a chance on its own. They’re philosophically quite different.
Also, what about PHP is up your alley? Most of your other language preferences make sense to me in context, but PHP is confusing to me, especially given that you like Rust. I feel like PHP and Rust are philosophical opposites of one another in nearly every way, but I might be missing some aspect that’s important to you.
I love how programming languages are just as much tools for the mind as they are tools for the computer, so two different people might have radically different preferences.
Not very much. Though I do know of it. I’ll have to look into it.
Other lisp I’ve used are indeed Common Lisp and Emacs Lisp.
I was going to try Clojure as well, but at the time the Java requirement was throwing me off (I’m a little picky about what gets put on my system). That’s not quite an issue right now, obviously, since I’m using Scala. But at the time it was enough for me to avoid it.
Also, what PHP is up your alley?
Ok, this might sound a little weird, but hear me out. I really like shell scripting, like a lot. I’m always creating shell scripts all the time. PHP, to me, feels like the shell scripting of the web. There’s something about PHP that came just as naturally to me as bash scripting.
I love how programming languages are just as much tools for the mind as they are tools for the computer, so two different people might have radically different preferences.
Oh 100% I agree. I have one friend who swears left and right Python is the way the way to go, they can implement like anything in it. But at the same time I have another friend who hates Python with a passion and wouldn’t touch it with a 10 foot pole unless he was being threatened under death or something.
I am really sorry about the late response by the way. Like an hour or so after posting my reply, I crashed right at my desk and I just woke up a few minutes ago.
How is this on-topic? I didn’t think that political activism had a place here. I should ask the mods at thedonald.win to start a capitalist technology community…
I don’t know what you’re trying to say, sorry. These restrictions to the user do not seem like something anyone would want in a successor to a Free Software license. I don’t have any idea what assumptions the Free Software Definition makes, nor how they’re flawed or wrong.
The whole problem is that the Free Software gave also freedom to explot others’ people labor, use the software to kill people, organize concentration camps and jail political dissidents among many other things. The freedom to oppress is a freedom we should take away from governments and corporations. The new licenses aim to try to make a small step in this direction in order to increase the freedom, both natural and synthetic, of individuals.
You may reasonably disagree with @chobeat, but the point they make is clearly stated, and not “speaking in tongues”: they believe traditional FOSS licenses are overly permissive for not opposing human rights violations.
There’s room for discussion on whether licenses should try to go that far, what power such licenses would actually have, whether or not you may want to use such a license, and the effects these licenses would have on the software ecosystem and a society dependent on large software systems. There’s also always room for ducking out for any reason. It feels needlessly dismissive to tell someone they’re “speaking in tongues” when in fact they’ve made their point quite clearly.
I mostly agree with your sentiment but I fail to see how a software license would be of any use in preventing software from being used in the ways you listed. The GPL is enforceable because it’s used by major software (namely the Linux kernel) and enforcing it involves suing companies (as well as the point brought up in this comment: https://lobste.rs/s/qmkbvh/anti_capitalist_software_license#c_g4u3uf). Could this license be enforced against a corporation that chose to use software licensed with it? Possibly, but companies that are large enough to exploit others’ labor in any significant capacity would run far away from software licensed this way.
No oppressive government is going to care if someone sues them for an intellectual property or copyright law violation. I’m afraid that the kinds of issues you mention can only be taken care of by international diplomacy and the United Nations, not software licenses. Software-related ethics (especially with regards to technologies like facial recognition, which are rarely open-source in the first place) are a real issue. I don’t think that software licenses are going to achieve anything other than hindering the adoption of a project among not-evil-but-legally-conservative entities.
Nobody believes software licenses can make that difference. It’s not their goal and it’s not in the expectations of anybody.
To understand these licenses you need to insert them in the context they are used for, for the goals they are used for: slowly syphoning capital, talents and software to funnel them into economies that produce value that cannot be appropriated or co-opted by capitalism in its current form. These licenses are just one of many tools employed in these environments but they are not a magic wand. I don’t like this one specifically because it employes a grandiose language that seems useful only for signaling or rallying people around the cause, but it has no actual value as a tool.
Having licenses to improve the current world or creating new ones for an ideal, utopic futures is instrumental to achieve bigger goals, directly or indirectly, but they are not themselves imbued with particular liberating power. This is a mistake that should be avoided, because it’s the kind of misplaced idealism that rendered the Free Software useless in the real world.
I think that there are two competing views on the point of a notebook. Are you using your “notebook” (in whatever physical or digital format you choose) to write down notes during meetings and conversations, or is the primary purpose of this notebook to draw flowcharts and get a basic idea for the program you’re writing? The linked article talks about both uses but does not distinguish between them.
I think that digital notes (Markdown files, OneNote, Notion, Org mode, etc.) are a very solid way to write down things that you might need to remember later. Digital notes are hugely advantageous for use as a knowledge base since you can efficiently search and categorize huge amounts of information. Most people can type way faster than they can handwrite, allowing them to keep up with fast speakers using bullet points and abbreviations without any trouble.
That said, writing things with a keyboard is inherently very rigid and structured, which is both the great advantage and the great disadvantage. For ideation and project planning, complete flexibility in the way that ink is laid out on the page is a huge advantage, especially for people who like to think visually. You can easily draw a flowchart in the middle of a bulleted list without fighting any computer program. An iPad app like Notability with an Apple Pencil might be a good middle ground between digital note-taking and handwriting on paper, since it uses machine learning to transcribe handwriting for search purposes. However, paper is always going to be the much simpler and less clunky solution than anything involving a computer or tablet.
For meeting note-taking and knowledge base purposes, there is even some speculation that the inherent spacial representation of ink on paper allows people to recall content they write on paper better than content they type, since the physical position of a piece of information on a page helps the brain recall content better than without that extra bit of information. This might have something to do with the way that the human brain evolved. At the same time, easy digital search might be more important than recall for people with huge swaths of information to write down.
For those reasons, I think that both typing and handwriting have a place for both students and programmers. Neither really competes with the other if you realize that there are at least two purposes for a notebook.
Ironically, I’ve found that Arch is more stable than Fedora in a number of meaningful ways. Package management is more reliable and performant. Despite the fact that you’d be using bleeding-edge packages, all the important stuff is well-tested and generally works without a hitch. When something does break, the fact that you installed everything yourself makes the process of debugging the issue much simpler. The biggest stability advantage is that there are no major updates every six months where all sorts of things can break. Just pacman -Syu once a week or so and nearly everything will work just fine.
In my experience, XFCE is better supported and just as fast as LXDE for most purposes. I’ve really enjoyed using Sway as well, if you’d be interested in a tiling window manager. Of course, LXDE still works fine on Arch as well.
Most of the Fedora advantages come from the easy installer and the included security stuff (SELinux preconfigured and executables compiled with hardening flags). Since I’m willing to dedicate a little time to the installation process in order to get a faster and more enjoyable system out of the deal, neither of those advantages make a huge difference for me.
The documentation is pretty good and there are plenty of people you could talk to on IRC and Discord if you needed help. If you wanted, you could do a practice install in a virtual machine too.
I think having vendors provide and support their closed source products on Linux represents a major step forward for the platform.
I am super pleased that a fully open alternative in this space exists, but I use and love 1Password and am chuffed to hear about this, because right now I have to use sub optimal browser extensions or WINE hacks to approximate this.
Yes! I agree wholeheartedly. It’s a very good sign for the Linux desktop platform as a whole that companies are willing to write and support closed-source desktop applications. Unlike Windows or macOS, Linux desktop machines are much more diverse and backwards compatibility is much less guaranteed. It’s also worth mentioning that distributions and communities usually step up to support particularly important pieces of proprietary software (think Steam) on unsupported distributions and configurations.
Since 1Password is commercial software, making it available has to make financial sense. While they might be supporting Linux primarily as a marketing ploy to technical people instead of as a result of the number of Linux users, I think it’s more likely that they’re doing this because enough existing users would install it on Linux machines if given the option. That means that there has to be some significant overlap between 1Password users and Linux users.
Yup that’s absolutely true. They get the question often enough that there is (or was) a blurb in their support thing about using WINE as a hack-around, or at least their was before they came out with 1PasswordX for Chrome/Firefox.
1PasswordX is an OK solution, but I really REALLY missed the native app as I use it for things like secure note storage and credit card autofill as well.
Probably nothing, but that’s not the point. The point is that there are a decidedly non zero number of users who are already bought in to the 1Password ecosystem for any number of reasons, and providing first class support for them on Linux feels like a super clear cut win to me.
Two thing I like in 1Password compared to BitWarden are 1) the secret key which is totally random, used to encrypt/decrypt the database entries and only stored locally and 2) TouchID and FaceID support on macOS and iOS.
(Disclaimer: I switched from 1Password to BitWarden about 15 months ago, mostly because it had become clear that there was no way to stay up to date with current 1P features without also having Agile host my password store. I didn’t mind paying them, but I’d like to bring my own sync, please! It was also getting trickier to keep running 1Password under WINE, and most of my daily stuff had moved to a Linux desktop. So my basis for comparison might be out of date.)
BitWarden’s iOS Touch ID and Face ID support has gotten quite good lately. They also integrate with iOS password management much better than they used to. I have never tried touch ID on a mac so I don’t know if it works with that.
The things I still miss from 1Password are:
Much better password capture in the browser
Ability to sign into the background daemon once and have multiple applications (browsers, desktop clients) access it
Better integration with system locking
Richer password generation settings
The things I prefer about BitWarden are:
All source code is available
Easily self-hostable, either using their resource-intensive official package or the community supplied bitwarden_rs
Good command line client. (I think 1Password has one now… when I switched, their command line client was new and required you to host your database on Agile’s service, which was a deal breaker for me.)
The hard tie-in to the service component is really what stops me. I wish Agile would copy BitWarden in that regard and let people self-host but pay them the fee. I cheerfully do that because I want to support them, I just don’t want them to have my passwords.
As someone who just spent a little time attempting a port of an Electron app to FreeBSD, only to quit in disgust, I have a few opinions.
Electron apps are huge. Really, really, really big with a gigantic web of dependencies. Think an 18,408 line Yarn lockfile.
Those dependencies are JavaScript libraries. To put it mildly, there is not a large intersection between the JavaScript community and users of non-mainstream OSs (e.g. FreeBSD). And those libraries tend not to be written in a portable fashion. This example (admittedly from a few years ago now) of a library disregarding $PATH is just one.
Platform support in Electron is a gigantic steaming pile of bogosity based upon the wrong set of abstractions. Instead of learning from the autotools people who were doing this decades ago, they detect platforms, not features. So when a new platform comes along (say, FreeBSD) you can’t just specify which features it has and let it compile. No, you have to create a gigantic patch that touches a bazillion files, everywhere those files check for which platform it’s compiling on.
Once compiled and running, they’re still huge (up to 1GiB of RAM for an IM client!). And - although perhaps this is a reflection of the apps themselves, not the framework - many are sluggish as hell. Neither is an attractive prospect for resource-limited Linux machines, like PinePhones.
I had thought, prior to attempting a port of an Electron app, that people were unfairly criticizing it. Now having peeked under the covers, I don’t think people are criticizing it enough.
As someone who isn’t an Electron hater: Electron apps are slow to load and memory hogs, which is something you might live with if you are talking about your IDE or Slack, but starts getting really old when it’s a utility application that should load quickly or spends most of the time in your icon tray. Worse yet: poorly written Electron apps can become CPU hogs as well, but I guess the same goes for all software.
I agree that lots of Electron apps have issues with poor performance and high memory usage. That said, a well written Electron app can perform well. For example, I’m a heavy user of the Joplin desktop application and in my experience it performs well and has fairly low memory usage (currently under about 200MB) and doesn’t seem to have the issues that plague the Slack client. Admittedly the Slack client is a lot more complex…
Oh, I agree that there great, performant Electron apps. VSCode is one of my favorite examples of that. Spotify is another one.
One of my biggest gripes with Electron is that - because of the nature of how it’s embedded in binaries - you usually end up with with several full copies of the whole framework in memory. If you are using KDE or Gnome, most of the processes in your desktop are sharing a significant amount of memory in the form of shared libraries. This tends to be fine in systems with 16Gb+ of memory and a fast CPU, but for people with more meager resources… it’s a drag.
Electron has been around since 2013 and still, typing in Slack still has a noticeable latency (that drives me crazy). I also still have to restart it once a day or so, to avoid that it becomes more and more laggy.
In the meanwhile, ripcord was developed by a single indie developer in Qt. Has most of Slack’s functionality, only uses a fraction of the memory, and is lightning fast. Oh, and it is multi-platform.
People (not you) claim that it is only possible to write cross-platform applications in Electron. This is nothing further from the truth, people have been writing cross-platforms apps in Qt literally for decades. (And it’s not hard either.)
I’m not sure that I would consider Slack a stellar example of an Electron app. Slack is slow even by Electron standards. VS Code’s latency is indistinguishable from typing in the Lobsters comment in Chromium on my middle-of-the-road desktop machine. Discord is a much better Electron-based chat app from a performance standpoint, in my experience.
People (not you) claim that it is only possible to write cross-platform applications in Electron. This is nothing further from the truth, people have been writing cross-platforms apps in Qt literally for decades. (And it’s not hard either.)
For commercial software, the more important part is not whether it’s possible (or “hard”), but whether it’s commercially viable. Without any hard data one way or another, I’d say that writing Electron apps is much less expensive than writing native Qt apps for most companies (especially since web technology experience is much easier to come by).
I don’t mind electron, but even VS code drops 1-2 frames on keypress on my threadripper desktop (and Chrome/Firefox do not). So far I’m putting up with it for the language server integration.
Disclaimer: haven’t tried language server mode in Emacs myself as these days I do all my dev in Common Lisp, and SLIME has had this approach covered for over a decade with SWANK. But it’s nice to see other languages catching up to Lisp in this area too ;)
I’m looking forward to the day that systems like Electron will compile everything to WebAssembly as a build step. In a way, I think Gary Bernhardt might have been more correct than I gave him credit for in his famous The Birth & Death of JavaScript presentation.
There are the utilitarian critiques (they are big and slow) and there’s also the sort of Mac critique (they are not in any way native) and there’s my weird “I HATE THE WEB” critique that is probably not widely shared. I have a couple of them that I use daily, but I really, really, really wish I didn’t.
Markdown syntax support is a very nice addition. While most people don’t use Nano as their day-to-day text editor, it makes a very nice tool for quickly editing configuration files or writing Git commits. Although I think that Vim is always worth learning (at least to a decent level of familiarity to figure out whether modal editing suits how you think), Nano is probably a better choice for a default $EDITOR on premade Linux images and other similar situations.
Vim is always worth learning for technology enthusiasts, that much I’m in total agreement with.
However, i I want to provision an account for my wife to use on my Linux box, I would get about 15 seconds into “Let me explain the concept of modal editing” before she would time out and wander off to pet our dog :)
This is in no way an indictment of her intelligence. She is orders of magnitude smarter than I am in just about every way, but she has a very short attention span for technology.
Interesting:
I’m surprised to not see ChromeOS mentioned here, reading this analysis it seems it would stand up fairly well?
If you run a third-party OS on a Chromebook, doesn’t that severely compromise the security of the Chrome OS system? If I remember correctly, many Chromebooks required you to take out a screw to install another operating system and the process prevented secure boot from functioning on the primary Chrome OS installation.
What’s nice about Apple Silicon Macs (from my understanding) is that their secure boot settings are per-OS, not systemwide. You can still perform all of the signature checks on a macOS installation without doing so on a Linux system on the same disk.
Without some kind of physical intervention by users doesn’t that leave macs vulnerable to a persistent attack? Like an evil maid or trojan that installs something like a keylogging hypervisor that boots regular macOS. That would be indistinguishable from the perspective of the user and probably macOS yet could easily be malicious.
It does require physical actions. You have to
That said, I had to work on a chromebook for a while and that didn’t require a screw or anything to get into the unsafe mode, it was also a key chord.
There are a few critical differences though:
The article answered this.
It relies on their SEP being trustworthy which doesn’t have a great track record…
You’ve now shifted the goalpost from your original question (original goalpost was “vulnerable to a persistent attack” due to not requiring something similar to Chromebooks’ screw removal, new goalpost is alleging flaws in the SEP). I’ll no longer be responding to you.
Wait, when was the SEP compromised?
Up to the Apple A10 by the checkra1n jailbreak (to bypass the measurement by the SEP used to lock data access on access to DFU for more recent iOS releases).
On the Apple A13 onwards, the measurement of the current SEP firmware version (by the monitor) is a component of the encryption key, making such attacks no longer able to have user data access.
Call me when it runs IMessage.
It won’t ever. iMessage is bound to iOS hardware identifiers for authentication. It’s not the porting / RE that’s hard in that case, it’s that you can’t use it without real Apple hardware.
It’s definitely possible to run iMessage on a Hackintosh, where you just need a valid combination of device and logic board serial numbers and a few other magic boot loader values—there are tools to automate generating these. On the other hand, getting Messages.app plus all of the frameworks it requires to run on Linux wouldn’t be easy (remember that iMessage makes heavy use of the system keychain, APNs, and other fancy stuff that you can’t easily reimplement without pulling in half of macOS).
Ok, i phrased that wrong - you need to get an iPhone, but you can copy the identifiers out, which decreases the number of people interested in that solution since… they already have an iDevice.
I haven’t heard of anyone generating new valid numbers though. Have you got a link?
iMessage itself (the blue bubbles) still works just fine without an iPhone, you just don’t have an associated phone number to receive messages at without using your email address.
The serial numbers and SMBIOS stuff are for emulating a real Mac; they don’t come from an iPhone. The process is a bit more of a pain if you’ve never associated your Apple ID with a real Apple device or spent real money on the App Store (you usually have to make a purchase or call support to get your account permitted to use iMessage so as to cut down on spam), but it’s certainly possible.
Here’s a more detailed link on that topic: https://dortania.github.io/OpenCore-Post-Install/universal/iservices.html
Would love to get an international take and maybe someone has some data. Does flossing actually help?
I’ve never heard a German dentist recommend it more than in passing and I’ve been to a few different ones. Do Germans have a worse rate of dental problems than Americans? Actually I only ever heard it being mentioned as a sort of “everyone does it, you should do it, it’s second nature” by Americans and Canadians, never by Australians or people from the UK - but who knows how representative that is :)
It’s somewhat contested. Health authorities in the US have found evidence to be unreliable for flossing. That said, I do it daily and always manage to remove at least a little bit of something, even after brushing and using mouthwash, so I think it does serve a purpose.
There is evidence that flossing prevents gingivitis. The problem with studying flossing is 1) controlled trials have ethics barriers, and 2) that most people self-report that they floss when they don’t.
My guess as someone who grew up in France, is that it’s less necessary if you have good healthcare and go to the dentist regularly. In the US the dentist can be costly even for a routine cleaning, so you better do your part and floss.
(I think it is useful, I’ve noticed a difference after starting to do it daily.)
My Swedish dentist tells me to floss regularly.
Although I do not prefer emacs day-to-day, I never understood the disdain for it. It must be the cool thing to do/say on the Internet.
At the end of the day we’re all human (I think), and tribalism is part of the package. It seems to show up when people invest in one thing vs another, whether the investment is time, money, emotion, brain rewiring (muscle memory!), etc…
In-group/out-group dynamics, mostly? Getting incensed by some other person’s choice of tools is pretty weird, when you think about it.
As someone who actively used both at one point, and was probably on the proficient to advanced end of the spectrum in terms of editing experience with both, I cringe at claims that one editing style clearly outclasses the other in terms of efficiency, productivity, or whatever. I’d wager that 90% of the time in a keyboard-oriented editor, we navigate by word or line when we’re not navigating by search.
Arguing about editors reminds me of unproductive language disagreements, when we talk in terms of absolutes instead of trade offs.
Agree about 90 claim. After I’ve moved my arrow keys to home row via https://manybutfinite.com/post/home-row-computing/, I became almost as productive at raw text editing anywhere as I was in Emacs or Vim. Well, you also need ace jump and multiple cursors for coding specifically.
I think that some people portray Emacs and Lisp as “holy” and above criticism—although this is certainly a minority of those communities—so others respond with criticism of Emacs’s poor defaults and hostility to new users. People get into heated arguments about their favorite things, and that includes text editors.
It’s mostly team signalling. For some reason a bunch of nerds decided that Emacs/VIM is their Ford/(Holden|Chev) and they need to play silly tribal games.
Is there a reason the font weight is so low? The text is already grey, making it light doesn’t help with readability.
Presumably because that weight looks really nice on macOS, which dilates fonts. It looks strange with ClearType or FreeType.
I flagged this story as off topic because it’s not about computing.
Serious question: if the title were instead “Writing a Technical Book…”? Would that deserve a flag? Because if writing a technical book isn’t technical, I don’t know what is.
Also of note, other articles on the front page: “How India Censors The Web”, “…Maine Oyster Farm”, “History of C++”, “History of Lisp” , “Why [this unix command] exists”
I’m okay with all of those, since tech seeps everywhere in our lives. (The oyster farm story was a bit disappointing because it was a ton of words for just a little cloud stuff). Computers are everywhere. As people who use them to help people, we need to talk about how people use them and how we can do a better job of helping them. Perhaps we should just eliminate any reference to people at all? (In other words, an explanation of the technical details of X might be fine, but explaining how X got started and what people use it for would not be okay)
I’m just a bit confused. Trying to learn why people draw the distinctions that they do.
I believe so, yes. The flag isn’t about the story’s title but about the story’s content. The story is about writing books, not about computing. You could replace “Designing Data-Intensive Applications” with “Understanding molecular biology” or “Getting started with neurosciences” and the story’s content would not change: the conclusion is that writing popular books about technical content is worth it because it brings money and shares knowledge. This has really nothing to do with computing.
I did not read any of these, so I refrained from flagging or upvoting them, but these titles do sound like titles of potentially technical stories about computing to me.
I agree, and there are places where talking about how people use computers and how we can do a better job of helping them already happens: hackernews and reddit. These discussions do not need to happen on lobste.rs in my opinion.
Many thanks! I don’t agree with you but I appreciate your taking the time to explain yourself farther.
To me you don’t know something unless you can use it, teach it, and explain it to others. We can certainly agree that the money/commercial aspect of technical books is not about computing (at least directly), but the entire world of conveying technical knowledge to others is as important to me as developer skills. After all, because other people did this, I can code! I owe them my thanks.
And I don’t think the commercial content necessarily needs to be off-topic. Technical people consume things in different ways than other people. My problem with content like this is that far too often it’s trying to appeal to the “I made a zillion dollars in two weeks! Aren’t I awesome!” crowd than it actually covers things that technical folks would need to know to help other technical folks. I suspect that’s because the content creators are shooting for a more general audience, but I don’t know. I agree that it can easily stray into non-tech areas, it just doesn’t always have to be that way.
Thanks again!
Ah, but those are the best stories by far, and discussed better here than I’ve tended to find elsewhere, too!
For my part, I was glad to see this one get past the censors. Primo Levi also wrote books that weren’t about chemistry, but I’d like to think the chemists of his time still discussed them, even perhaps at conferences and meetings dedicated specifically to topics of the trade, like making varnishes and paint :-)
Is it hosted on Medium to boot?
No? It’s a Jekyll site.
apologies, I was being sarcastic (some folks complain about posts hosted on medium and not being about computers to the extent of flagging a computer review tagged hardware as off-topic)
Sarcasm is mean and does not help people change their mind.
I am not complaining. I am describing why I flagged a story the way I flagged it, so that we can build a shared understanding of what is on and off-topic on lobste.rs. If you disagree with my reasons for flagging this story, I think a more useful response would have been to describe why you think I am wrong.
All good. I see the sarcasm now. Text makes it hard to convey tone.
“The root cause is a lack of thinking.” We would all like to appear pro-thinking.
I’d suggest the root cause are time constraints.
A lot of the reason I’m checking Stack Overflow is (1) the docs for tool/framework/library X are horrible (2) this is the umpteeth tool/framework/library/build system/command line tool to do thing Y I’ve used and can no longer keep everything I need in my head.
I would like very much to join the “We would all like to appear pro-thinking” party! Or can we get that added to some group’s platform?
Limiting our sophistry to at least appear in favor of thinking is something we should all be able to get behind.
We’ll have buttons that say “I’ve thought about it!”
I don’t know… I’d at least like to wait until my preferred political party or favourite celebrity endorses this “pro-thinking”. I don’t want to go chasing fads.
That could be another party slogan! “I don’t know…. I don’t want to go chasing fads”.
and time constraints come from need for profit. The market economy is incompatible with good code.
That’s ridiculous. Time constraints can come from anywhere and trying to use it as a dig against market economies is tenuous, at best.
Then it might be by chance that the software world is in a terrible state and the more money-constrained enterprises produce the worst software.
Anyway could you tell me where time constraints would come from in the current production mode?
A limited lifespan in which to do what we must do.
Many of us are keenly aware of our impending end of file.
It’s not obvious to me that more money constrained enterprises do in fact produce worse software in general; or even that software can be ranked on a single good-to-bad axis irrespective of the goals of the developers and users of that software. I don’t see the amount of money an organization has as being particularly related to how good their software is, or even see that as a particularly relevant question, given that an instition might want to use their money to produce software that does what they think is good rather than what I think is good.
I generally have a lot more time to spend on code I’ve written while employed than code I’ve written in my spare time.
that probably means your company has no pressing need to deliver new and unfinished software and it’s healthy enough not to pressure lower layers in the hierarchy into working crazily even if unnecessary.
My personal experience is that time constraints are rarely the reason for bad software; rather, a number of organisational and/or historical reasons are. Writing bad or good software usually takes about the same time Actually, writing good software is usually faster if you take the long-term view, and I think most people understand that.
The “write once, never look back” coding CEO, that kinda clueless coworker who doesn’t quite seem to know what they’re doing, that asshole coworker who absolutely insists on rewriting everything in their preferred way as that’s the One True Way, that other team in the other city which was recently hired and doesn’t understand the context, changing requirements or directions from management, the customer, or legislation, unclear requirements, a generally toxic work environment which leaves everyone demoralized, someone deciding we should follow latest fad X. Stuff like that tends to be a far larger influence in my experience.
Of course, I’ve only worked in five companies, so it may be different in other companies. But this is my experience based on those five companies.
Or you could accept the market forces at that place converge on “do it better.”
Which explains why all the good software comes from north korea, the soviet union and pre-reform china…
no but a lot of good software comes from research centers, foundations, public institutions, where the priority is on quality, reliability, correctness, fairness and developers are free to work without being directly exposed to a market-driven feedback loop. That doesn’t mean that these institutions are not immersed in a market economy, but that they invest resources in shielding some people from these pressures in order to be able to produce a kind of quality that is not possible otherwise.
And these research centers, foundations, public institutions are of course located in societies with free(-ish) markets.
yeah but they can produce that software despite the market, not thanks to the market. The way they get funding and allocate resources is in response and opposition to the market needs.
Peer 2 Peer production is also done in societies with free markets, but they work really hard to try to escape it. It’s a bug, not a feature.
Even when I don’t have a time constraint set by some sort of external party, I still get stuck in the trap of searching Stack Overflow and becoming more and more frustrated (although this usually happens with infrastructure and deployment problems, not actual programming issues).
You know what I’m going to complain about and I think there’s a significant amount of users here who share my thoughts at this.
But I’m not going to put that directly this time, just because some too sensitive people might get “offended”.
Well, just stay on topic in the posts, okay? That’s not the first time and not the only blog with this particular “issue”.
When you see something that doesn’t affect you in the slightest and was made for free and given to the community to help, and you complain anyway, maybe you should ask yourself who is “too sensitive.”
Could you please briefly point out what the issue is? Is the problem a lack of depth, some web-technology used, the drawings?
+1 to this request. Speaking as a moderator, there’s nothing obviously wrong with this post to me. If it in fact has some problem, fine, we can address that, but only if we know what it is.
It’s almost enough to make me think there isn’t any real complaint, just a personal vendetta… but of course, that’s hard to prove, and really it’s beside the point. Either there is a complaint or there isn’t; if there isn’t, vague insinuations accomplish nothing.
The user already had a comment deleted, this is just a continuation/provocation.
https://lobste.rs/s/3bbj56/edutech_spyware_is_still_spyware#c_9sqrho
He can’t point it out, because he will be downvoted into oblivion
Haha what? I reread the post after I saw this (I don’t even like Rust man) and couldn’t find anything off-topic, or even remotely problematic. Are you referring to the art, perhaps?
Yes. This user had a complaint about the art used in https://lobste.rs/s/3bbj56/edutech_spyware_is_still_spyware#c_9sqrho as well. In both cases, it’s their personal vendetta against cartoonish drawings of animals with human traits. They might be right that others dislike the art style as well, but it’s certainly not worth complaining about.
Great list of tips!
And pressing space after cmd+shift+4 lets you screenshot a particular window.
And since 10.14 (I think) taking a screenshot now gives you a little preview in the bottom-right of the display which delays it writing to a file. If you just want it to write the file and skip the preview, cmd+shift+5 gives you an Options menu where you can disable “Show floating thumbnail”.
Don’t miss the fact that ⇧⌘5 can also do screen recordings, with or without audio. Previously you had to run QuickTime Player and find it in the menu.
Pressing control along with either of those just copies the image to the clipboard, ready for pasting!
The nice thing about that floating thumbnail is that you can drag & drop it like a real file. Sometimes I’m screen shotting just to share with someone in chat, and that dragging that thumbnail over means I can send images without ever having them written to disk.
Mentioned in the other comment but yeah– pressing control along with wither hotkey just copies to clipboard inmediately which I’ve found to bw the best path for this usecase. Then I’m able to just Cmd + V in the target.
On Catalina (not sure about previous versions), you can also hit cmd + shift + 5 and select the clipboard as the default destination. Then you won’t need to add control for screenshots to go to the clipboard.
I give this same advice to new bike owners (who are likely to underspend on their lock), but this advice now really grates on me. I own a seven thousand dollar bike (bikes that are friendly to people with disabilities aren’t cheap 😞). How do I protect it when I’m away from home? $700 bike locks aren’t really a thing, and if you if you thought bike insurance rates on “cheap” bikes were bad…
Compared to a typical $7k bike, I’d guess that yours is far more difficult to fence. I hear that a stolen bike is usually chopped up for parts, and you have
So perhaps it has the theft appeal of an inexpensive bike? (Despite how cool I think it is :)
I would still downgrade or lock your rear seat, though!
This comment is a really insightful addition to @calpaterson’s threat model. Even Powertool Percy’s fences might be stymied by, say, a penny farthing. (Or at least, I really hope that’d be the case.)
Due to COVID, we haven’t had a situation in the past year where we’ve left our bike outside unattended for any amount of time, but I expect our eventual theft-mitigation efforts will be some combination of:
It’s awesome. Totally has ruined “normal” bikes for me. The ability to easily maintain conversations with someone on a long ride is a game-changer in itself!
Obviously seven $100 locks. /s
That’s a really cool bike! Unlike a normal recumbent bike, I’m not seeing anywhere for the rider in front to hold onto with their hands. Is there a seatbelt or some other solution so that the rider in front doesn’t fly off during an emergency stop?
There are handles beneath the front seat! You can also order a seatbelt as an accessory, but the font seat feels very secure—even during abrupt braking!
No such thing. An “ordinary” bicycle frame is actually a high-wheeler. The typical diamond frame design is a “safety”. Anyway, USS has been one school of recumbent design since the 1970s at least.
The obvious first choice is to bring it into your home. If that’s not an option, maybe you can rent space in a neighbor’s garage or at some nearby storage service? There is no safe way to lock a bike up outside for multiple hours (see Percy, from the article).
Given a thief with an angle grinder, there isn’t even a safe way to lock a bike up outside for multiple minutes! Of course, I can keep the bike safe at home, but at some point it’s more furniture than bike.
Ah, I read your “when I’m away from home” as “when I’m away and the bike is at home”, which, in hindsight, doesn’t make much sense, oops. Sorry.
When I drag my bike into areas where theft is seemingly high, I get very unshy about taking my bike into the building and stashing it next to the receptionist, cashiers, etc. Most of the time they don’t seem to care, but I suspect this could be different if you’re in an area where cyclists are looked down on more than they are here..
https://securityforbikes.com/products.php?cat=Extreme+Security+Chain+and+Lock+deals
I bought some of the products from Stephen Briggs (I think was a founder together with his wife Sarah. Company name was Pragmasis), this was about 9-10 years ago or so.
I am overall very happy with product, and the quality of interaction I had with Stephen. Thankfully, the chains (I bought several, as had different needs for different weight/length configs) – were not tested.
Expectation: a pure text-based chat system, from a more enlightened age
Reality: trolls spamming channels with huge ascii-art dildos and/or swastikas, and ddos
Not in my reality.
I’m also surprised to hear that. Unless you explicitly look for troll channels, my experience has either been quiet (but quick to answer) or constantly active, and on topic.
Never saw anything like that on freenode. Mind me asking - what channels do you visit?
I can’t say I’ve seen the things that the grandparent comment mentioned, but they definitely wouldn’t be on Freenode. If you limit yourself to Freenode, IRC is a very safe and well-moderated experience, especially on some exemplary channels like the Haskell one.
I have accidentally wandered into uncomfortable conversations and much worse things on some of the other popular IRC networks, of which quite a few still exist: https://netsplit.de/networks/top100.php
The same thing is true of sketchy Discord servers as well; it’s not like IRC is unique in this regard.
A year or two back, Supernets was spamming hard on IRC networks. I forgot if Freenode was affected, but I know a lot of the smaller networks I was on were.
Not OP, but I spend my time on IRCnet and EFnet since my IRC use is just to stay in touch with friends. Anyway, last year I was DDoS’d pretty hard because someone wanted my nick on EFnet.
Sometimes I miss #C++ on EFnet, not enough to go back on EFnet, but I do miss it – a lot of wonderful people were there in the late 90s. Freenode feels a lot more sane in terms of management and tools for the system operators. Cloaks and nickname registration go a long way.
I’m in, like, 15 networks, and never saw anything like that either.
This is the primary reason I find programming in Common Lisp so enjoyable, as opposed to Rust (a probably superior language, but having to wait for 300 dependencies to compile / get linked is a far cry from compiling individual functions in a running Lisp image)
Ha! I’m currently coming at this from converting a small C++ project to Rust and I’m finding Cargo to be so much more enjoyable than CMake :)
The lack of IDE support for better C++ build systems (e.g. Bazel) is a boat anchor on C++. I’m struggling right now to find a CMake replacement which supports both Visual Studio and CLion on Windows and Linux.
I’m reading a lot of research papers and blog posts on fuzzing to try to learn more about the state of the art with regards to kernel and low-level library fuzzing. I’m especially interested in techniques that work without target binary instrumentation; is there any way to approximate coverage-guided fuzzing (or at least improve efficiency over naive fuzzing) without direct access to source code or in situations where compiling is prohibitively difficult (think the NT kernel on a running Windows system or XNU on real iPhone hardware)?
I’m certainly a beginner in this particular subfield of computer science but I’d like to dive into it to do some of my own research. If anyone has any resources to point me towards, I’d be very appreciative!
nixinfocrate, I managed to get quite a bit of work done on it. Now most functions will output to aResult<String>instead of aString, and I managed to slim it down some.I find your list of programming languages very interesting! How much Scheme have you tried? If you’ve only tried Common Lisp, I’d give Scheme a chance on its own. They’re philosophically quite different.
Also, what about PHP is up your alley? Most of your other language preferences make sense to me in context, but PHP is confusing to me, especially given that you like Rust. I feel like PHP and Rust are philosophical opposites of one another in nearly every way, but I might be missing some aspect that’s important to you.
I love how programming languages are just as much tools for the mind as they are tools for the computer, so two different people might have radically different preferences.
Not very much. Though I do know of it. I’ll have to look into it.
Other lisp I’ve used are indeed Common Lisp and Emacs Lisp.
I was going to try Clojure as well, but at the time the Java requirement was throwing me off (I’m a little picky about what gets put on my system). That’s not quite an issue right now, obviously, since I’m using Scala. But at the time it was enough for me to avoid it.
Ok, this might sound a little weird, but hear me out. I really like shell scripting, like a lot. I’m always creating shell scripts all the time. PHP, to me, feels like the shell scripting of the web. There’s something about PHP that came just as naturally to me as bash scripting.
Oh 100% I agree. I have one friend who swears left and right Python is the way the way to go, they can implement like anything in it. But at the same time I have another friend who hates Python with a passion and wouldn’t touch it with a 10 foot pole unless he was being threatened under death or something.
I am really sorry about the late response by the way. Like an hour or so after posting my reply, I crashed right at my desk and I just woke up a few minutes ago.
Get into Haskell! It’s very rewarding. Rust and Haskell are good friends.
I really should. I used Haskell for a time when I was on XMonad a long time ago, but when I left it I also left Haskell.
I like Haskell, though I do remember it having a bit of steeper learning curve when I tried it.
Though I do think there was something about Haskell that really threw me off. Just not sure what it was because it was so long ago.
Anyways yeah, I’ll have to get back into Haskell at some point.
How is this on-topic? I didn’t think that political activism had a place here. I should ask the mods at thedonald.win to start a capitalist technology community…
I think we can consider this off topic if and only if we would also consider a discussion of GPLv3 vs GPLv2 off topic. I suspect we would not.
If discussion of free software is allowed, discussion of its successors should be allowed too.
This is not a successor to the ideas behind Free Software licensing.
The ideas no, the values yes. The need to go beyond free software is because the flaws and assumptions were wrong
I don’t know what you’re trying to say, sorry. These restrictions to the user do not seem like something anyone would want in a successor to a Free Software license. I don’t have any idea what assumptions the Free Software Definition makes, nor how they’re flawed or wrong.
The whole problem is that the Free Software gave also freedom to explot others’ people labor, use the software to kill people, organize concentration camps and jail political dissidents among many other things. The freedom to oppress is a freedom we should take away from governments and corporations. The new licenses aim to try to make a small step in this direction in order to increase the freedom, both natural and synthetic, of individuals.
You may reasonably disagree with @chobeat, but the point they make is clearly stated, and not “speaking in tongues”: they believe traditional FOSS licenses are overly permissive for not opposing human rights violations.
There’s room for discussion on whether licenses should try to go that far, what power such licenses would actually have, whether or not you may want to use such a license, and the effects these licenses would have on the software ecosystem and a society dependent on large software systems. There’s also always room for ducking out for any reason. It feels needlessly dismissive to tell someone they’re “speaking in tongues” when in fact they’ve made their point quite clearly.
I mostly agree with your sentiment but I fail to see how a software license would be of any use in preventing software from being used in the ways you listed. The GPL is enforceable because it’s used by major software (namely the Linux kernel) and enforcing it involves suing companies (as well as the point brought up in this comment: https://lobste.rs/s/qmkbvh/anti_capitalist_software_license#c_g4u3uf). Could this license be enforced against a corporation that chose to use software licensed with it? Possibly, but companies that are large enough to exploit others’ labor in any significant capacity would run far away from software licensed this way.
No oppressive government is going to care if someone sues them for an intellectual property or copyright law violation. I’m afraid that the kinds of issues you mention can only be taken care of by international diplomacy and the United Nations, not software licenses. Software-related ethics (especially with regards to technologies like facial recognition, which are rarely open-source in the first place) are a real issue. I don’t think that software licenses are going to achieve anything other than hindering the adoption of a project among not-evil-but-legally-conservative entities.
Nobody believes software licenses can make that difference. It’s not their goal and it’s not in the expectations of anybody.
To understand these licenses you need to insert them in the context they are used for, for the goals they are used for: slowly syphoning capital, talents and software to funnel them into economies that produce value that cannot be appropriated or co-opted by capitalism in its current form. These licenses are just one of many tools employed in these environments but they are not a magic wand. I don’t like this one specifically because it employes a grandiose language that seems useful only for signaling or rallying people around the cause, but it has no actual value as a tool.
Having licenses to improve the current world or creating new ones for an ideal, utopic futures is instrumental to achieve bigger goals, directly or indirectly, but they are not themselves imbued with particular liberating power. This is a mistake that should be avoided, because it’s the kind of misplaced idealism that rendered the Free Software useless in the real world.
I think that there are two competing views on the point of a notebook. Are you using your “notebook” (in whatever physical or digital format you choose) to write down notes during meetings and conversations, or is the primary purpose of this notebook to draw flowcharts and get a basic idea for the program you’re writing? The linked article talks about both uses but does not distinguish between them.
I think that digital notes (Markdown files, OneNote, Notion, Org mode, etc.) are a very solid way to write down things that you might need to remember later. Digital notes are hugely advantageous for use as a knowledge base since you can efficiently search and categorize huge amounts of information. Most people can type way faster than they can handwrite, allowing them to keep up with fast speakers using bullet points and abbreviations without any trouble.
That said, writing things with a keyboard is inherently very rigid and structured, which is both the great advantage and the great disadvantage. For ideation and project planning, complete flexibility in the way that ink is laid out on the page is a huge advantage, especially for people who like to think visually. You can easily draw a flowchart in the middle of a bulleted list without fighting any computer program. An iPad app like Notability with an Apple Pencil might be a good middle ground between digital note-taking and handwriting on paper, since it uses machine learning to transcribe handwriting for search purposes. However, paper is always going to be the much simpler and less clunky solution than anything involving a computer or tablet.
For meeting note-taking and knowledge base purposes, there is even some speculation that the inherent spacial representation of ink on paper allows people to recall content they write on paper better than content they type, since the physical position of a piece of information on a page helps the brain recall content better than without that extra bit of information. This might have something to do with the way that the human brain evolved. At the same time, easy digital search might be more important than recall for people with huge swaths of information to write down.
For those reasons, I think that both typing and handwriting have a place for both students and programmers. Neither really competes with the other if you realize that there are at least two purposes for a notebook.
I’m going to be reinstalling OS on my daily driver.
Can someone recommend something in the spirit of Fedora LXDE but more stable?
Ironically, I’ve found that Arch is more stable than Fedora in a number of meaningful ways. Package management is more reliable and performant. Despite the fact that you’d be using bleeding-edge packages, all the important stuff is well-tested and generally works without a hitch. When something does break, the fact that you installed everything yourself makes the process of debugging the issue much simpler. The biggest stability advantage is that there are no major updates every six months where all sorts of things can break. Just
pacman -Syuonce a week or so and nearly everything will work just fine.In my experience, XFCE is better supported and just as fast as LXDE for most purposes. I’ve really enjoyed using Sway as well, if you’d be interested in a tiling window manager. Of course, LXDE still works fine on Arch as well.
Most of the Fedora advantages come from the easy installer and the included security stuff (SELinux preconfigured and executables compiled with hardening flags). Since I’m willing to dedicate a little time to the installation process in order to get a faster and more enjoyable system out of the deal, neither of those advantages make a huge difference for me.
I rely on that installer, as i know little about the internals… how can i still install arch?
The documentation is pretty good and there are plenty of people you could talk to on IRC and Discord if you needed help. If you wanted, you could do a practice install in a virtual machine too.
It looks like this is closed source? That seems a bit of a shame for a Linux product.
I’ve got to respectfully disagree.
I think having vendors provide and support their closed source products on Linux represents a major step forward for the platform.
I am super pleased that a fully open alternative in this space exists, but I use and love 1Password and am chuffed to hear about this, because right now I have to use sub optimal browser extensions or WINE hacks to approximate this.
Yes! I agree wholeheartedly. It’s a very good sign for the Linux desktop platform as a whole that companies are willing to write and support closed-source desktop applications. Unlike Windows or macOS, Linux desktop machines are much more diverse and backwards compatibility is much less guaranteed. It’s also worth mentioning that distributions and communities usually step up to support particularly important pieces of proprietary software (think Steam) on unsupported distributions and configurations.
Since 1Password is commercial software, making it available has to make financial sense. While they might be supporting Linux primarily as a marketing ploy to technical people instead of as a result of the number of Linux users, I think it’s more likely that they’re doing this because enough existing users would install it on Linux machines if given the option. That means that there has to be some significant overlap between 1Password users and Linux users.
Yup that’s absolutely true. They get the question often enough that there is (or was) a blurb in their support thing about using WINE as a hack-around, or at least their was before they came out with 1PasswordX for Chrome/Firefox.
1PasswordX is an OK solution, but I really REALLY missed the native app as I use it for things like secure note storage and credit card autofill as well.
Yeah, right? What does this even offer that Bitwarden doesn’t?
Probably nothing, but that’s not the point. The point is that there are a decidedly non zero number of users who are already bought in to the 1Password ecosystem for any number of reasons, and providing first class support for them on Linux feels like a super clear cut win to me.
As someone working to migrate off of apple platforms, I’m pretty happy this exists!
Two thing I like in 1Password compared to BitWarden are 1) the secret key which is totally random, used to encrypt/decrypt the database entries and only stored locally and 2) TouchID and FaceID support on macOS and iOS.
(Disclaimer: I switched from 1Password to BitWarden about 15 months ago, mostly because it had become clear that there was no way to stay up to date with current 1P features without also having Agile host my password store. I didn’t mind paying them, but I’d like to bring my own sync, please! It was also getting trickier to keep running 1Password under WINE, and most of my daily stuff had moved to a Linux desktop. So my basis for comparison might be out of date.)
BitWarden’s iOS Touch ID and Face ID support has gotten quite good lately. They also integrate with iOS password management much better than they used to. I have never tried touch ID on a mac so I don’t know if it works with that.
The things I still miss from 1Password are:
The things I prefer about BitWarden are:
The hard tie-in to the service component is really what stops me. I wish Agile would copy BitWarden in that regard and let people self-host but pay them the fee. I cheerfully do that because I want to support them, I just don’t want them to have my passwords.
Stop supporting and embracing Electron apps, please.
Serious question: what’s wrong with Electron apps?
As someone who just spent a little time attempting a port of an Electron app to FreeBSD, only to quit in disgust, I have a few opinions.
Electron apps are huge. Really, really, really big with a gigantic web of dependencies. Think an 18,408 line Yarn lockfile.
Those dependencies are JavaScript libraries. To put it mildly, there is not a large intersection between the JavaScript community and users of non-mainstream OSs (e.g. FreeBSD). And those libraries tend not to be written in a portable fashion. This example (admittedly from a few years ago now) of a library disregarding
$PATHis just one.Platform support in Electron is
a gigantic steaming pile of bogositybased upon the wrong set of abstractions. Instead of learning from the autotools people who were doing this decades ago, they detect platforms, not features. So when a new platform comes along (say, FreeBSD) you can’t just specify which features it has and let it compile. No, you have to create a gigantic patch that touches a bazillion files, everywhere those files check for which platform it’s compiling on.Once compiled and running, they’re still huge (up to 1GiB of RAM for an IM client!). And - although perhaps this is a reflection of the apps themselves, not the framework - many are sluggish as hell. Neither is an attractive prospect for resource-limited Linux machines, like PinePhones.
I had thought, prior to attempting a port of an Electron app, that people were unfairly criticizing it. Now having peeked under the covers, I don’t think people are criticizing it enough.
As someone who isn’t an Electron hater: Electron apps are slow to load and memory hogs, which is something you might live with if you are talking about your IDE or Slack, but starts getting really old when it’s a utility application that should load quickly or spends most of the time in your icon tray. Worse yet: poorly written Electron apps can become CPU hogs as well, but I guess the same goes for all software.
I agree that lots of Electron apps have issues with poor performance and high memory usage. That said, a well written Electron app can perform well. For example, I’m a heavy user of the Joplin desktop application and in my experience it performs well and has fairly low memory usage (currently under about 200MB) and doesn’t seem to have the issues that plague the Slack client. Admittedly the Slack client is a lot more complex…
Oh, I agree that there great, performant Electron apps. VSCode is one of my favorite examples of that. Spotify is another one.
One of my biggest gripes with Electron is that - because of the nature of how it’s embedded in binaries - you usually end up with with several full copies of the whole framework in memory. If you are using KDE or Gnome, most of the processes in your desktop are sharing a significant amount of memory in the form of shared libraries. This tends to be fine in systems with 16Gb+ of memory and a fast CPU, but for people with more meager resources… it’s a drag.
I’m sure performance issues will be addressed in time.
Electron has been around since 2013 and still, typing in Slack still has a noticeable latency (that drives me crazy). I also still have to restart it once a day or so, to avoid that it becomes more and more laggy.
In the meanwhile, ripcord was developed by a single indie developer in Qt. Has most of Slack’s functionality, only uses a fraction of the memory, and is lightning fast. Oh, and it is multi-platform.
People (not you) claim that it is only possible to write cross-platform applications in Electron. This is nothing further from the truth, people have been writing cross-platforms apps in Qt literally for decades. (And it’s not hard either.)
I’m not sure that I would consider Slack a stellar example of an Electron app. Slack is slow even by Electron standards. VS Code’s latency is indistinguishable from typing in the Lobsters comment in Chromium on my middle-of-the-road desktop machine. Discord is a much better Electron-based chat app from a performance standpoint, in my experience.
For commercial software, the more important part is not whether it’s possible (or “hard”), but whether it’s commercially viable. Without any hard data one way or another, I’d say that writing Electron apps is much less expensive than writing native Qt apps for most companies (especially since web technology experience is much easier to come by).
I don’t mind electron, but even VS code drops 1-2 frames on keypress on my threadripper desktop (and Chrome/Firefox do not). So far I’m putting up with it for the language server integration.
Come to the dark side, we have cookies!
https://github.com/emacs-lsp/lsp-mode
Disclaimer: haven’t tried language server mode in Emacs myself as these days I do all my dev in Common Lisp, and SLIME has had this approach covered for over a decade with SWANK. But it’s nice to see other languages catching up to Lisp in this area too ;)
I’m sure once the performance issues are addressed the complaints about performance issues will subside.
I’m looking forward to the day that systems like Electron will compile everything to WebAssembly as a build step. In a way, I think Gary Bernhardt might have been more correct than I gave him credit for in his famous The Birth & Death of JavaScript presentation.
There are the utilitarian critiques (they are big and slow) and there’s also the sort of Mac critique (they are not in any way native) and there’s my weird “I HATE THE WEB” critique that is probably not widely shared. I have a couple of them that I use daily, but I really, really, really wish I didn’t.
Markdown syntax support is a very nice addition. While most people don’t use Nano as their day-to-day text editor, it makes a very nice tool for quickly editing configuration files or writing Git commits. Although I think that Vim is always worth learning (at least to a decent level of familiarity to figure out whether modal editing suits how you think), Nano is probably a better choice for a default $EDITOR on premade Linux images and other similar situations.
Vim is always worth learning for technology enthusiasts, that much I’m in total agreement with.
However, i I want to provision an account for my wife to use on my Linux box, I would get about 15 seconds into “Let me explain the concept of modal editing” before she would time out and wander off to pet our dog :)
This is in no way an indictment of her intelligence. She is orders of magnitude smarter than I am in just about every way, but she has a very short attention span for technology.
I’ve started using micro as a nano replacement. It’s pretty good for writing prose.
Interesting. Why do you say this? Especially in comparison to any other terminal based text editor like nano or vim.
….haven’t you ever heard of Microprose?
(I don’t know if that’s the joke they were going for or not…)
Mouse support, word wrap and default CUA key bindings, mostly. Makes it act like most “normal” GUI text areas. Give it a try!