Agreed, I picked up HTMX earlier this year to learn it by creating a basic todo web app and on my first pass I completely spaced on the fact that native HTML forms are limited to GET & POST. Personally, I’d love to see this proposal hit browsers.
Well, I failed at keeping it to 2-3 hours, I ran closer to 5. But it was fun taking questions and coding live, so I’ll definitely see folks on Thursday morning.
I lurked for the last 1-2 hours—it was nice to have on in the background and occasionally flip to the foreground. I’ll definitely show up for another one—maybe next time your cat will make an appearance. :)
Business news is off-topic for lobste.rs. Self-promoting one’s business is off-topic for lobste.rs. “I am promoting a new form of proprietary software license” is probably off-topic for lobste.rs.
I would argue it’s not “off-topic” seeing as it’s number 2 on the front page and is directly related to the law tag i.r.t. software licensing. There were actually 2 related posts on the front page regarding Fair Source, but they were merged. I also wouldn’t say it’s self-promotion either, as the main point of the article is about why I would relicense from ELv2 to FCL, and what Fair Source is. It’s not really about Keygen at all.
Besides, this is continuing the discussion started by pinjasaur, which began when he leaked the WIP version of the FCL website: https://lobste.rs/s/rvnhee/fair_core_license. I wanted to share the whole story, because a lot of people were lost in that earlier discussion because Fair Source was referenced but hadn’t launched yet.
This is more about Fair Source than anything. If the community disagrees, then I’d say change the link to point to https://fair.io and change the title to “Fair Source” i.e. do a reverse merge.
This is more about Fair Source than anything. […] I’d say change the link to point to https://fair.io and change the title to “Fair Source” i.e. do a reverse merge.
I swapped it around. We try to favor a primary source with announcements/responses merged into it, but the way these got submitted a couple weeks after the /s/rvnhee had me thinking that this was someone adopting the license and then someone resubmitting the main license site as a response to that.
Hm, sorry, definitely wasn’t intending on “leaking” anything. I’ve been incredibly interested in fair source/core after learning about it earlier this year. I’m surprised it’s not being received as well as I would have hoped, but I guess it’s more nuanced than I originally thought. Unfortunately I didn’t see your submission this morning when I posted it and I was at a conf all day so I missed the bulk of the activity + it getting merged together.
That’s okay. I’m sorry if that comment gave off the vibe like I was upset — I’m not. The website was public after all, and the “leak” provided valuable feedback. It was just a little bit earlier than I was expecting, that’s all.
I’m grateful that people are interested enough to pay close attention and share out. That’s working as intended, as far as I’m concerned. Thanks for sharing here and elsewhere, Paul! :-)
Replying to myself as I can’t edit this comment (now or maybe ever?). Didn’t see the OP when I submitted this morning otherwise I would have just added a comment.
Did some testing and got it merged into inappdebugger.com. Also going to get an amendment to the original article demonstrating it as a viable option with some side effects. Thanks again for sharing this.
I used to be pretty into shortcuts before I switched to android so I remembered the URL scheme with callbacks was a thing from when I made what could be summarized as “branch.io for shortcuts” :P
I don’t think it’s even a problem on Android anymore, apps tend to use the system WebView component and not bundle a whole browser themselves so at worst you get the same engine as Chrome.
Edit: important detail that I missed, the “Android System WebView” component is updated through Google Play instead of OS updates so it’ll usually be up-to-date even on devices that don’t get security patches from their vendors.
Thanks for the feedback, both of y’all. That was an oversight on my part—I’ve submitted an amendment to clarify that it’s only possible on Android to bundle a custom in-app browser since Apple specifically doesn’t allow that, even from browsers.
One of my biggest frustrations with in-app browsers is that, since they don’t share cookies with the system, they break paywalls.
I pay for a few different publications and it’s frustrating that any time I click a link to an article in an app that article comes up demanding I sign in.
The workaround is to hit the “open in system browser” button, but I worry how many paying customers of newspapers haven’t figured that out and get frustrated by it.
Author here. And yeah, it’s such a fragmented UX—I’ve gotten into the exact same habit as yourself. Ironically, in-app browsers could probably be used to circumvent paywalls by injecting some clever code or acting like some of the popular paywall bypassing browser extensions e.g. 1, 2.
+1 for pi-hole. Easy to set up, easy to administer, and SO incredibly satisfying because you get to watch the number of ads blocked tick up in real time :)
I’ve read some articles about which “lists” to use, and the default one does amazing work. I’m curious if there are ones that are “lesser known” that might be worth trying out?
I use the defaults as well, and given the popularity and highly active nature of the community, I suspect sticking with those may be a fairly good choice.
Always happy to be schooled by an expert however :)
I’ll use cpwd to copy the $PWD and then change to that directory in >= 1 tmux pane by pasting which works because I have autocd enabled.
I very frequently run git rimraf on the default branch to sync up and delete any local branches that were deleted from the origin.
I mimic zsh’s preexec & precmd helpers in bash to do things like update $DISPLAY to avoid stale values in tmux sessions, my history file, and run z to keep track of directory frecency.
The current data points used for generating fingerprints are: user agent, screen print, color depth, current resolution, available resolution, device XDPI, device YDPI, plugin list,
font list, local storage, session storage, timezone, language, system language, cookies, canvas print
Curious if a browser plugin that randomizes or obfuscates these exists.
The Tor browser does the best possible thing: it gives everyone the same UA, resolution, etc. And more importantly, it picks the most common values that are observed on the web for those. Every Tor browser user looks like the most statistically average web user in the world.
Firefox has privacy.resistFingerprinting, which I’ve used reasonably successfully. Sometimes it breaks sites that display time e.g. Gmail other times it breaks in bigger ways e.g. when writing to a <canvas> element. So it’s not uncommon for me to need to temporarily disable it for a one-off basis.
I’m running Firefox from the Debian repos with essentially all the privacy settings enabled as well as a bunch of extensions for fingerprint blocking, tracker blocking etc and it seems to have stopped this site from doing its tricks :)
I temporarily installed brave just to test this, then removed it because I find other things about it worrisome. But it did successfully block this specific site from identifying me. Vanilla firefox did not block it. tor browser successfully blocked it. So did vivaldi.
They have, in the past, decided it was OK to inject content into websites for their own financial gain. Here’s an example. This is related. Their administration of the “Brave Rewards” program (stripping ads from sites, showing their own stuff, and holding payments until the sites step up and ask for them) is also a little disturbing if less likely to be privacy-violating.
In short, if I want an alternate blink-based thing, I think Vivaldi is less likely to have a profit motive where they benefit from compromising my interests. And If I want something really privacy focused, I don’t think a blink thing is likely the smart play anyway. So there’s no upside to make me want to keep Brave around given what they’ve shown me.
Apparently the “Submit Story” form has eaten the .md extension from the link and I didn’t notice it. It should be readable in pretty-printed Markdown as well by re-adding it. Would some moderator edit the link, please? :)
I have a slightly more complex setup. I put all of my bash config under ~/.config/bash, which is in a git repo. I have a helper function that sources files in the pattern ${XDG_CONFIG_HOME}/bash/$1/$2 and ${XDG_CONFIG_HOME}/bash/$1/$2.d/*. I call this function with hosts and the output from hostname and with systems and the output of uname. This lets me have either individual files or directories full of files inside ~/config/bash/hosts for individual machines and the same in systems for things that are for every machine I have with a specific OS (e.g. FreeBSD, Linux, macOS, with a special case in Linux that tries again with Linux-WSL if it detects that it’s running in WSL).
This means all of my configs for all machines are in the same git repo and don’t get lost if anything happens to a particular machine.
I’ve been running a minimal setup with a MikroTik hAP AC2. Related to your Pi-hole comment, I added some NAT firewall config to redirect port 53 requests to the local Pi-hole. Full disclosure: approaching 2 years since I dove down that rabbit hole so the solution I found may be out of date now.
Shipping an update to my blog that I’ve been wanting to do for a while: better UI theming including honoring the prefers-color-scheme CSS query. I did a basic implementation a few years back but the light/dark themes weren’t particularly well thought out nor did it honor prefers-color-scheme. I wrote about it, for the curious.
I’ve used BATS and it’s been a good experience. If you install via Homebrew just make sure to do brew install bats-core and notbats as the latter is an older, unmaintained release.
The job hunt continues. Although I’m stoked to attend the SQLite workshop at Frontend Masters on Wednesday & Thursday.
The fact that htmx has such high visibility in this is interesting to me because it’s immediately what came to mind.
Agreed, I picked up HTMX earlier this year to learn it by creating a basic todo web app and on my first pass I completely spaced on the fact that native HTML forms are limited to GET & POST. Personally, I’d love to see this proposal hit browsers.
I’ve recently started exploring web dev. htmx feels like “pro” html, whereas default html feels like an intentionally weakened “free tier” version.
htmx perfectly exemplifies the right side of the bell curve meme: simple declarative code, no build step, and people quietly shipping with it.
The authors of this are htmx creators/contributors (atleast one of them is the creator), so that should explain the visibility.
Well, I failed at keeping it to 2-3 hours, I ran closer to 5. But it was fun taking questions and coding live, so I’ll definitely see folks on Thursday morning.
I lurked for the last 1-2 hours—it was nice to have on in the background and occasionally flip to the foreground. I’ll definitely show up for another one—maybe next time your cat will make an appearance. :)
Thanks! I tried to bribe him as the stream started but he ate the treats and wandered off to sleep at the other end of the apt. Maybe next time.
Context for flagging this:
Business news is off-topic for lobste.rs. Self-promoting one’s business is off-topic for lobste.rs. “I am promoting a new form of proprietary software license” is probably off-topic for lobste.rs.
I would argue it’s not “off-topic” seeing as it’s number 2 on the front page and is directly related to the law tag i.r.t. software licensing. There were actually 2 related posts on the front page regarding Fair Source, but they were merged. I also wouldn’t say it’s self-promotion either, as the main point of the article is about why I would relicense from ELv2 to FCL, and what Fair Source is. It’s not really about Keygen at all.
Besides, this is continuing the discussion started by pinjasaur, which began when he leaked the WIP version of the FCL website: https://lobste.rs/s/rvnhee/fair_core_license. I wanted to share the whole story, because a lot of people were lost in that earlier discussion because Fair Source was referenced but hadn’t launched yet.
This is more about Fair Source than anything. If the community disagrees, then I’d say change the link to point to https://fair.io and change the title to “Fair Source” i.e. do a reverse merge.
I agree. Is it too late for this?
cc @pushcx
I swapped it around. We try to favor a primary source with announcements/responses merged into it, but the way these got submitted a couple weeks after the /s/rvnhee had me thinking that this was someone adopting the license and then someone resubmitting the main license site as a response to that.
Not the case, just unfortunate timing on my part. Thanks for moderating.
Hm, sorry, definitely wasn’t intending on “leaking” anything. I’ve been incredibly interested in fair source/core after learning about it earlier this year. I’m surprised it’s not being received as well as I would have hoped, but I guess it’s more nuanced than I originally thought. Unfortunately I didn’t see your submission this morning when I posted it and I was at a conf all day so I missed the bulk of the activity + it getting merged together.
That’s okay. I’m sorry if that comment gave off the vibe like I was upset — I’m not. The website was public after all, and the “leak” provided valuable feedback. It was just a little bit earlier than I was expecting, that’s all.
I’m grateful that people are interested enough to pay close attention and share out. That’s working as intended, as far as I’m concerned. Thanks for sharing here and elsewhere, Paul! :-)
I strongly disagree with this one.
Website redesign & relaunch plus new products licensing themselves as “fair source.”
Replying to myself as I can’t edit this comment (now or maybe ever?). Didn’t see the OP when I submitted this morning otherwise I would have just added a comment.
try
Could you provide more information on this? I assume the context is it might be an escape hatch on the iOS side.
Yeah it’s a way to open the default browser on iOS
Did some testing and got it merged into inappdebugger.com. Also going to get an amendment to the original article demonstrating it as a viable option with some side effects. Thanks again for sharing this.
I’m curious, how did you find out about it?
I used to be pretty into shortcuts before I switched to android so I remembered the URL scheme with callbacks was a thing from when I made what could be summarized as “branch.io for shortcuts” :P
Huh, haven’t seen that strategy before. I’ll have to do some testing. Thanks for the tip!
On iOS, WebView runs exactly the same WebKit version as Safari, so it can’t be outdated. Is the above referring only to Android?
I don’t think it’s even a problem on Android anymore, apps tend to use the system WebView component and not bundle a whole browser themselves so at worst you get the same engine as Chrome.
Edit: important detail that I missed, the “Android System WebView” component is updated through Google Play instead of OS updates so it’ll usually be up-to-date even on devices that don’t get security patches from their vendors.
Thanks for the feedback, both of y’all. That was an oversight on my part—I’ve submitted an amendment to clarify that it’s only possible on Android to bundle a custom in-app browser since Apple specifically doesn’t allow that, even from browsers.
One of my biggest frustrations with in-app browsers is that, since they don’t share cookies with the system, they break paywalls.
I pay for a few different publications and it’s frustrating that any time I click a link to an article in an app that article comes up demanding I sign in.
The workaround is to hit the “open in system browser” button, but I worry how many paying customers of newspapers haven’t figured that out and get frustrated by it.
Author here. And yeah, it’s such a fragmented UX—I’ve gotten into the exact same habit as yourself. Ironically, in-app browsers could probably be used to circumvent paywalls by injecting some clever code or acting like some of the popular paywall bypassing browser extensions e.g. 1, 2.
Have a lot of interviews, and waiting on some ongoing interview processes.
Hope something sticks soon. It’s been close to four months now.
Same story here. Fingers crossed for both of us.
All the best for your job search! May you find something you like soon!
I run uBlock Origin on my devices. I will not use a browser that doesn’t let me run an ad blocker.
I also self host Pi-hole. With 6 Android devices on my home network, it blocks more than 50% of the DNS requests.
+1 for pi-hole. Easy to set up, easy to administer, and SO incredibly satisfying because you get to watch the number of ads blocked tick up in real time :)
I’ve read some articles about which “lists” to use, and the default one does amazing work. I’m curious if there are ones that are “lesser known” that might be worth trying out?
Any advice here?
I’ve used https://firebog.net/ before—specifically their “ticked” list—and would recommend it.
Thank you!
I use the defaults as well, and given the popularity and highly active nature of the community, I suspect sticking with those may be a fairly good choice.
Always happy to be schooled by an expert however :)
cpwdto copy the$PWDand then change to that directory in >= 1 tmux pane by pasting which works because I haveautocdenabled.git rimrafon the default branch to sync up and delete any local branches that were deleted from the origin.$DISPLAYto avoid stale values in tmux sessions, my history file, and runzto keep track of directory frecency.weather.Curious if a browser plugin that randomizes or obfuscates these exists.
The tor browser (which is a set of firefox configurations + extensions) blocked this successfully for me.
The Tor browser does the best possible thing: it gives everyone the same UA, resolution, etc. And more importantly, it picks the most common values that are observed on the web for those. Every Tor browser user looks like the most statistically average web user in the world.
Firefox has
privacy.resistFingerprinting, which I’ve used reasonably successfully. Sometimes it breaks sites that display time e.g. Gmail other times it breaks in bigger ways e.g. when writing to a<canvas>element. So it’s not uncommon for me to need to temporarily disable it for a one-off basis.I’m running Firefox from the Debian repos with essentially all the privacy settings enabled as well as a bunch of extensions for fingerprint blocking, tracker blocking etc and it seems to have stopped this site from doing its tricks :)
Brave has something builtin AFAIK
I temporarily installed brave just to test this, then removed it because I find other things about it worrisome. But it did successfully block this specific site from identifying me. Vanilla firefox did not block it. tor browser successfully blocked it. So did vivaldi.
What were worrisome parts? May be I can evaluate too.
They have, in the past, decided it was OK to inject content into websites for their own financial gain. Here’s an example. This is related. Their administration of the “Brave Rewards” program (stripping ads from sites, showing their own stuff, and holding payments until the sites step up and ask for them) is also a little disturbing if less likely to be privacy-violating.
In short, if I want an alternate blink-based thing, I think Vivaldi is less likely to have a profit motive where they benefit from compromising my interests. And If I want something really privacy focused, I don’t think a blink thing is likely the smart play anyway. So there’s no upside to make me want to keep Brave around given what they’ve shown me.
Apparently the “Submit Story” form has eaten the
.mdextension from the link and I didn’t notice it. It should be readable in pretty-printed Markdown as well by re-adding it. Would some moderator edit the link, please? :)Edit: link to the pretty-printed version: https://write.as/bpsylevc6lliaspe.md
That’s neat—didn’t know write.as had that feature.
Similarly, I have a
~/.bash.localfile which allows for machine-specific config (it’s.gitignored) and overrides by beingsourced last: https://github.com/Pinjasaur/dotfiles/blob/193df781b46e1f7e7a556f386172b76f067adcd9/.bash_profile#L28-L32I have a slightly more complex setup. I put all of my bash config under
~/.config/bash, which is in a git repo. I have a helper function that sources files in the pattern${XDG_CONFIG_HOME}/bash/$1/$2and${XDG_CONFIG_HOME}/bash/$1/$2.d/*. I call this function withhostsand the output fromhostnameand withsystemsand the output ofuname. This lets me have either individual files or directories full of files inside~/config/bash/hostsfor individual machines and the same insystemsfor things that are for every machine I have with a specific OS (e.g. FreeBSD, Linux, macOS, with a special case in Linux that tries again with Linux-WSL if it detects that it’s running in WSL).This means all of my configs for all machines are in the same git repo and don’t get lost if anything happens to a particular machine.
I also have a .aliases-local alongside local bash, and check for existence of both before sourcing in my dotfiled bashrc.
Same!
I’ve been running a minimal setup with a MikroTik hAP AC2. Related to your Pi-hole comment, I added some NAT firewall config to redirect port 53 requests to the local Pi-hole. Full disclosure: approaching 2 years since I dove down that rabbit hole so the solution I found may be out of date now.
Shipping an update to my blog that I’ve been wanting to do for a while: better UI theming including honoring the
prefers-color-schemeCSS query. I did a basic implementation a few years back but the light/dark themes weren’t particularly well thought out nor did it honorprefers-color-scheme. I wrote about it, for the curious.I’m on week 2 of a sabbatical, so doing some of the following:
Curious to hear more about driving school. Any particular topics? I’ve always thought it would be cool to attend one of those rally school courses.
The
+selector is one I found late, which is a shame because it’s very useful. Especially when trying to style prose.I remember hearing about it originally in the context of a “lobotomized owl” selector:
* + *Still brings a smile to my face. :^]
Semi-related: Is there anything that you’d recommend for unit testing bash scripts?
Noah’s Mill, but I’m also a fan of ryes.
I’ve used BATS and it’s been a good experience. If you install via Homebrew just make sure to do
brew install bats-coreand notbatsas the latter is an older, unmaintained release.shunit2
(I’m the blog post author)
I’ve not actually tried testing bash scripts - once they get passed a fairly simple level I usually replace them with a small go binary
I’ve looked into BATS, but the only time I bothered testing anything bash, I just ended up doing simple mocking like: https://github.com/adedomin/neo8ball-irc/blob/master/test/test.sh
of course this is testing something which would probably be considered a strange, if not mental, use of bash.