π Quick links thread
-
Why not Arch Linux?
Dedoimedo, a blogger who reviews linux distros, sticks it to the arch linux people.
-
RIP Over-Engineered Blog
Blogger who I was following in his experimentations with react and isomorphic web apps finally realized not everything needs to be a SPA.
Now for the sweet, sweet joy of deleting code. Bye React, Redux, React Router, Universal JavaScript, and everything else! Have you ever wanted real numbers for technical debt? Here you go! Just look at all that red!
-
ELI5 The Panama Papers
Guy explains the Panama Papers affair like you're 5 years old. If you are not that interested, but want to keep track, it's worth the minute it takes to read.
-
Why Microsoft needed to make Windows run Linux software
A little bit of history why Windows lost foothold with developers and how's Microsoft hoping to regain it.
-
Heh:
The Ruby experience, well, it won't ever be good, because it's a pain on every platform. But it will be better.
-
@boomzilla said in π Quick links thread:
Ruby experience
Mine pretty much amounts to
http://i.imgur.com/glZHAFy.jpg
EDIT: wait... image opens as GIF in browser, link is to a JPEG, even when using right click -> copy image address, and link from Google leads to a completely different image?
-
http://mentalfloss.com/article/78246/70s-tv-was-hacked-play-videos-through-chromecast
"hacked" now means "buying a HDMI -> component video adapter".
Good job with that single quote, broken awful onebox software that's broken.
-
@boomzilla
The Ruby language: I don't like it very much. A bit of a tendency to be slow, and some really odd design decisions in a few places.
The Rubycommunity librariesgems: do some neat stuff, but have a tendency to not work well together in non-obvious horrible ways. Also, a real upgrade treadmill tendency is present.
Rails: KILL IT WITH FIRE! Everything above times a squillion. It shouldn't take several developers a month to update a Rails-based application to the next version of the core libraries; that's just a recipe for encouraging accumulation of technical debt in other areas of the app.
-
@dkf said in π Quick links thread:
The Ruby language: I don't like it very much. A bit of a tendency to be slow, and some really odd design decisions in a few places.
Sounds like the perfect choice for Discourse then.
-
@cartman82 said in π Quick links thread:
@dse said in π Quick links thread:
Microsoft CEO Satya Nadella bets big on artificial intelligence that will be fast, smart, friendly, helpful, and (fingers crossed) not at all racist.
So Microsoft thinks bots are the Next Big Thing.
I don't think so. I don't want to fucking talk to computers. Only an extrovert would dream of such a world.
I'd love a somewhat competent bot when I'm driving.
-
@Onyx said in π Quick links thread:
wait... image opens as GIF in browser, link is to a JPEG, even when using right click -> copy image address, and link from Google leads to a completely different image?
Yeah, and on mobile it's an mp4 that can be cast to a Chromecast!
0_1460320349613_glZHAFy.mp4
-
@cartman82 Nice article, but amazing how it did not mention the most obvious "cloud first" strategy means making it easier to develop web application.
-
@loopback0 said in π Quick links thread:
Sounds like the perfect choice for Discourse then.
Yes. I knew that was going to end in tears as soon as we switched. We've too much experience with dealing with it here at work, so seeing someone else dig themselves into the hole was just like watching a freight train crash.
-
Webpack: When To Use and Why
An excellent article explaining why your next ambitious SPA project should probably use webpack, and not gulp/grunt/browserify.
-
The webβs original sin
Guy behind the famous "quirks mode" website talks about the end of writing free online content professionally and his own situation.
The people in trouble are the professional free content creators. Their days are numbered. Youβll either be a free content creator, or a professional content creator β in the sense that you earn a living with content creation. But you canβt be both.
-
@cartman82 more of the same:
"webpack is the best thing since sliced bread!" with a lot of talk about how nice it is.
and almost zero information about how to really use it, just a bunch of "react uses this with this config"
don't get me wrong, i like it, but nowadays it's almost dark magic, you don't really understand how your build system works, you just touch the config file until it "works". which, to be fair, happens with almost all frontend build systems
-
@Jarry said in π Quick links thread:
and almost zero information about how to really use it, just a bunch of "react uses this with this config"
don't get me wrong, i like it, but nowadays it's almost dark magic, you don't really understand how your build system works, you just touch the config file until it "works". which, to be fair, happens with almost all frontend build systemsThe article pretty clearly slams webpack about it in the downsides section.
Personally, I like gulp the most. It's the most elegant system and really appeals to a node programmer like me. But webpack just does things that no other build system can, so it's the obvious choice for now.
-
@Jarry Yeah - I don't do JS things but something that has awful documentation, unreadable source code, is a "minefield for newcomers" and is maintained by one person doesn't seem like a good thing.
-
@loopback0 said in π Quick links thread:
but something that has awful documentation, unreadable source code, is a "minefield for newcomers" and is maintained by one person
...is about par for the JS course.
-
@Yamikuronue said in π Quick links thread:
is about par for the JS course.
That's the impression I get from a lot of JS stuff, alas.
-
http://www.reuters.com/article/us-science-psychedelic-idUSKCN0X82B2
No wonder little drunks are always happy
-
Why arenβt we using SSH for everything?
Ssh is a pretty powerful protocol, and technically could support all sorts of nifty usages beyond just the remote shell. Food for thought...
-
@cartman82 huh.... i'll totally have to dive into that when i have a moment. could be useful.....
-
@cartman82 We use shell scripts over SSH to control remote nodes. I've know about those SSH features for a while; I once looked into a library that would allow us to call SSH directly (instead of via the CLI binary) and run multiple commands separately, but I couldn't find anything on RHEL5.
-
@PleegWat said in π Quick links thread:
@cartman82 We use shell scripts over SSH to control remote nodes. I've know about those SSH features for a while; I once looked into a library that would allow us to call SSH directly (instead of via the CLI binary) and run multiple commands separately, but I couldn't find anything on RHEL5.
Same here. I just set up a tunnel through ssh, upload a script and run it remote. Wouldn't be a bad idea to actually read the spec at some point.
-
What does it mean if you try to connect to chat.shazow.net and you see a different fingerprint hash? Youβre being man-in-the-middleβd.
Most likely (in my experience) it means that DHCP has rendered this bit of security useless.
-
@cartman82 said in π Quick links thread:
Personally, I like gulp the most.
I would never use it purely because of the name.
-
@cartman82 said in π Quick links thread:
Why arenβt we using SSH for everything?
Because setting it up requires CLI dickery that nobody understands? Including about 75% of the people who use it daily.
-
@blakeyrat said in π Quick links thread:
@cartman82 said in π Quick links thread:
Personally, I like gulp the most.
I would never use it purely because of the name.
you prefer
grunt
? because that's the name of its biggest competitor.
-
-
@blakeyrat said in π Quick links thread:
@accalia said in π Quick links thread:
you prefer grunt?
No.
ah. so you use
npm
scripts and chain them together with thepre
andpost
prefix syntax?
-
-
@blakeyrat said in π Quick links thread:
@accalia said in π Quick links thread:
ah. so you u
No.
hmm... well that's all the common build systems used in nodejs that i can think of....
so you must not use any build or test system and release your code as is.... or you reinvented the wheel and wrote your own proprietary build system, probably utilizing the build system that's part of Visual Studio to make sure that it's a windows only thing and to minimize the amount of time you spend out of a GUI.... but i'm just guessing based on previous rants there.
-
@accalia You're being intentionally stupid, is what you're doing.
-
@blakeyrat said in π Quick links thread:
Why arenβt we using SSH for everything?
Because setting it up requires CLI dickery that nobody understands? Including about 75% of the people who use it daily.
SSH the protocol isn't the same as SSH the CLI client utility.
-
@cartman82 I've never seen anything that uses SSH that didn't require first dicking around with the CLI to generate keys.
-
@boomzilla said in π Quick links thread:
What does it mean if you try to connect to chat.shazow.net and you see a different fingerprint hash? Youβre being man-in-the-middleβd.
Most likely (in my experience) it means that DHCP has rendered this bit of security useless.
It doesn't if you use DNS (now we have to secure that as well, though SSH will then warn you again that the server fingerprint doesn't match your local cache).
Also, using DHCP on servers is a bit of a
-
@JBert said in π Quick links thread:
It doesn't if you use DNS (now we have to secure that as well, though SSH will then warn you again that the server fingerprint doesn't match your local cache).
Also, using DHCP on servers is a bit of aMeh...that all sounds like overkill for a VM that I'm running on my local machine or my son's machine on the local network.
-
@JBert said in π Quick links thread:
Also, using DHCP on servers is a bit of a
No, we do that all the time, but you want the DHCP service to always return the same IP address for the same MAC address. As long as you use fixed bindings, it substantially simplifies the system management. (Using it with PXE booting is also sane.)
-
http://www.kloepfer.org/ipv6-homenet.html
Maybe NAT wasn't such a bad idea after all?
-
@cartman82 said in π Quick links thread:
Maybe NAT wasn't such a bad idea after all?
Yeah, in most situations I don't actually want full access to my internal devices.
-
@Tsaukpaetra my router just silently drops any connection attempt to an IPv6 address from outside the network.
-
@Tsaukpaetra said in π Quick links thread:
in most situations I don't actually want full access to my internal devices.
-
Cool article discussing the process behind redesigning RyanAir's boarding pass:
-
@cartman82 it'd be nice if ssh provided some way of running commands on a remote machine, though. As excited as that dude was about the fact that you can ssh into that one machine, type ls, and, nothing happens because it's just a chat server, it's actually a pain in the ass that the ssh protocol mandates that all commands get passed to the shell, without specifying anything about what shell is provided.
So if you ssh into a windows machine, 50/50 chance you're gonna get a cmd shell, or cygwin bash. I mean, if you'resetting up an interactive shell channel, I guess it's ok. But why in the fuck did they decide that 'exec' channels, that are literally just "run this command and redirect stdin and stdout to ssh" should be specified as a string to be parsed by the shell and not an executable name and array of args?
-
@PleegWat if you use java, favor sshj over jsch. Sshj is newer and unproven, but jsch is fucking awful.
-
@dse said in π Quick links thread:
http://www.reuters.com/article/us-science-psychedelic-idUSKCN0X82B2
No wonder little drunks are always happy
Anybody who has ever used LSD already knows that little kids are tripping for their entire waking lives, and that this is why it's so incredibly important to be kind to them.
-
@cartman82 said in π Quick links thread:
Why arenβt we using SSH for everything?
I'm going to respond before reading the linked article and punt on "mostly because MS has only very recently decided to embrace it".
-
@blakeyrat said in π Quick links thread:
I've never seen anything that uses SSH that didn't require first dicking around with the CLI to generate keys.
-
@Buddy said in π Quick links thread:
@cartman82 it'd be nice if ssh provided some way of running commands on a remote machine, though. As excited as that dude was about the fact that you can ssh into that one machine, type ls, and, nothing happens because it's just a chat server, it's actually a pain in the ass that the ssh protocol mandates that all commands get passed to the shell, without specifying anything about what shell is provided.
The shell that's provided is up to the server. That's not a bug; that's a security feature, and it puts control over the facilities offered via ssh where they belong: in the hands of the server administrator.
The shell that the ssh protocol passes all commands to is the one specified in /etc/passwd for the user you're connecting as, and there is absolutely no reason you can't create user accounts for access over ssh whose /etc/passwd entries contain something other than
/bin/sh
. For example, I have a bunch of ssh servers that exist primarily as port forwarders, for which the only ssh-accessible user's "login shell" is/bin/cat
; those can't run any commands at all.@Buddy said in π Quick links thread:
So if you ssh into a windows machine, 50/50 chance you're gonna get a cmd shell, or cygwin bash. I mean, if you're setting up an interactive shell channel, I guess it's ok. But why in the fuck did they decide that 'exec' channels, that are literally just "run this command and redirect stdin and stdout to ssh" should be specified as a string to be parsed by the shell and not an executable name and array of args?
Because locking down an sshd that could potentially launch any executable on your server is harder than locking down one that you know has to go through your chosen gatekeeper in order to do that. The config file for sshd is already quite monstrous enough without piling on a need to turn it into a sudoers-alike as well. It's better to re-use existing system facilities for all that stuff.
Yes, that does mean that a client that wants to execute arbitrary commands against a server needs to serialize command name and arguments into a single string that the server's gatekeeper will then deserialize back into executable + array-of-args. But there are endless well-established and reliable ways of doing that, from Bourne-shell escaping conventions to JSON to SOAP; given a sane gatekeeper it's just not that big an issue.
No, cmd.exe is not a sane gatekeeper.
The ability to invoke arbitrary executables without needing to know anything about the configuration of the server you're invoking them on is also not actually all that useful, mainly because each OS is going to have its own idiosyncratic selection of executables; even if you're restricting yourself to your own executables, those will typically have different naming and pathname placement conventions per OS. Unix, for example, doesn't require that executables' names end in
.exe
while Windows doesn't typically stuff all its executables into anything like/usr/bin
.