One of the things I absolutely loved about Hacker News was the technical, and generally high quality discussions about technology. That is something I also really appreciate about Tildes right now. But as the years progressed I went to HN less and less because I found just about any topic related to PHP, JS and Node were filled with toxic low effort comment/jokes about the language.

I don't feel it is constructive to replay the exact same tired jokes about the exact same warts everyone has known to exist and avoided/worked around for years now. It's okay to not like these languages or technologies, but can we try to be better and a little more inclusive and constructive in our community? I feel like it's going to be a losing battle as the site grows if we're already stooping to these levels.

I am a university student who has just finished (survived is probably a more accurate word) third year and am going to begin a placement year at a programming company at the very start of July. I have been told that I will primarily be coding in C#, and that they will also teach me coding on the job, however I would like to get some form of a head start prior. I've already done some basic C++ beforehand, but I know that C# is slightly different and was wondering if anyone could suggest some resources that would not only teach me C# properly but also quickly. Like I mentioned previously, the place I am working at does not require me to know how to code properly, but it would be nice to have some footing before the placement starts. Additionally, I am also hoping that it will impress them so that my chances of landing a graduate job with them after my fourth year are increased!

A few weeks ago I posted a project I was working on to read news from the command line. I incorporated the suggestions given in that thread (license, requirements.txt, etc), incorporated suggestions I've received elsewhere, and added a few features.

Here's the updated link: News Desk

Any feedback would be much appreciated!

Edit: And a specific point for feedback. I store the user's API key in ~/.nd_config/key which I think is a step up from requiring the user to set their key as an environment variable (which is how I had it originally). Still though, is there some way I can not store the key in plaintext and still have it in a format that is readable by the computer and can be used to verify API access?

Everyone has their own way of visualizing a problem they're working on, and every strategy has some reason for being used. Some people prefer text (e.g. pseudocode) while others prefer diagrams, for example. What do you use to make problems easier to approach, conceptualize, and solve? Why that particular strategy rather than some other one? What kind of practical implementations of your strategy exemplifies the benefits of your strategy for modeling the problem?

Guide can be found here

Right now, the guide assumes you aren't dual booting. This is because I've never really dual booted off a single HDD, so while I probably could include it in the guide, I don't feel comfortable without first testing the process.

This guide also sets you up with BTRFS, but you can still use ext4, just requires changing two lines.

Link: https://www.eff.org/cyberspace-independence

Full Text:

A Declaration of the Independence of Cyberspace
by John Perry Barlow

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.

Governments derive their just powers from the consent of the governed. You have neither solicited nor received ours. We did not invite you. You do not know us, nor do you know our world. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.

You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. You do not know our culture, our ethics, or the unwritten codes that already provide our society more order than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.

Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.

Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here.

Our identities have no bodies, so, unlike you, we cannot obtain order by physical coercion. We believe that from ethics, enlightened self-interest, and the commonweal, our governance will emerge. Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule. We hope we will be able to build our particular solutions on that basis. But we cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications Reform Act, which repudiates your own Constitution and insults the dreams of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These dreams must now be born anew in us.

You are terrified of your own children, since they are natives in a world where you will always be immigrants. Because you fear them, you entrust your bureaucracies with the parental responsibilities you are too cowardly to confront yourselves. In our world, all the sentiments and expressions of humanity, from the debasing to the angelic, are parts of a seamless whole, the global conversation of bits. We cannot separate the air that chokes from the air upon which wings beat.

In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media.

Your increasingly obsolete information industries would perpetuate themselves by proposing laws, in America and elsewhere, that claim to own speech itself throughout the world. These laws would declare ideas to be another industrial product, no more noble than pig iron. In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish.

These increasingly hostile and colonial measures place us in the same position as those previous lovers of freedom and self-determination who had to reject the authorities of distant, uninformed powers. We must declare our virtual selves immune to your sovereignty, even as we continue to consent to your rule over our bodies. We will spread ourselves across the Planet so that no one can arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before.

Davos, Switzerland
February 8, 1996

As some of you may know, Tildes is written in Pyramid. I've done some OSS work in Pyramid and Flask, but my paid web dev work the past few years has been mostly in Django. There are some newer frameworks out there like Sanic or Falcon, and some older ones like Zope, CherryPy and Turbogears, that I've played with but have no real experience in.

Personally, I like Django for its "batteries included" and its big ecosystem, Flask for its minimalism and Pyramid for its elegant design. There's no single framework that fits all needs and all have their share of annoyances - Django can be quite difficult to swap out things like the default ORM or template system (though these have gotten better in recent versions), Flask has some architectural issues with request and other global variables, and Pyramid perhaps suffers from a relatively small ecosystem and lack of "one way to do it".

What are your experiences and preferences?

Maven tries to be the kitchen sink in a lot of ways - rigid requirements to use plugins instead of scripts, trying to wrap your scm, and even act as a docker wrapper... this is insanely frustrating and an anti-patter for the rest of the software space. I would rather find a new job than work at a company that keeps pumping out maven and jhipster apps. It doesn't play nice with CI, it uses an insanely ugly configuration (xml) and most java developers don't even really know what they are doing when they are using it.

Making a micro-service api? You don't need jhipster or maven or even java - there are so many other better alternatives. Need something simple? flask. Need something performant? go. And there are so many others in between that won't give you a NullPointerException, require you to download the entire internet just to serve some serialized json, or make your devops team hate you.

Interested in hearing rebuttals and other peoples alts and overall preferences.

Firefox recently introduced DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR) in nightly builds for Firefox 62.

DoH and TRR are intended to help mitigate these potential privacy and security concerns:

1. Untrustworthy DNS resolvers tracking your requests, or tampering with responses from DNS servers.
2. On-path routers tracking or tampering in the same way.
3. DNS servers tracking your DNS requests.

DNS over HTTPs (DoH) encrypts DNS requests and responses, protecting against on-path eavesdropping, tracking, and response tampering.

Trusted Recursive Resolver (TRR) allows Firefox to use a DNS resolver that's different from your machines network settings. You can use any recursive resolver that is compatible with DoH, but it should be a trusted resolver (one that won't sell users’ data or trick users with spoofed DNS). Mozilla is partnering with Cloudflare (but not using the 1.1.1.1 address) as the initial default TRR, however it's possible to use another 3rd party TRR or run your own.

Cloudflare is providing a recursive resolution service with a pro-user privacy policy. They have committed to throwing away all personally identifiable data after 24 hours, and to never pass that data along to third-parties. And there will be regular audits to ensure that data is being cleared as expected.

Additionally, Cloudflare will be doing QNAME minimization where the DNS resolver no longer sends the full original QNAME (foo.bar.baz.example.com) to the upstream name server. Instead it will only include the label for the zone it's trying to resolve.

For example, let's assume the DNS resolver is trying to find foo.bar.baz.example.com, and already knows that ns1.nic.example.com is authoritative for .example.com, but does not know a more specific authoritative name server.

1. It will send the query for just baz.example.com to ns1.nic.example.com which returns the authoritative name server for baz.example.com.
2. The resolver then sends a query for bar.baz.example.com to the nameserver for baz.example.com, and gets a response with the authoritative nameserver for bar.baz.example.com
3. Finally the resolver sends the query for foo.bar.baz.example.com to bar.baz.example.com's nameserver.
   In doing this the full queried name (foo.bar.baz.example.com) is not exposed to intermediate name servers (bar.baz.example.com, baz.example.com, example.com, or even the .com root nameservers)

Collectively DNS over HTTPs (DoH), Trusted Recursive Resolver (TRR), and QNAME Minimization are a step in the right direction, this does not fix DNS related data leaks entirely:

After you do the DNS lookup to find the IP address, you still need to connect to the web server at that address. To do this, you send an initial request. This request includes a server name indication, which says which site on the server you want to connect to. And this request is unencrypted.
That means that your ISP can still figure out which sites you’re visiting, because it’s right there in the server name indication. Plus, the routers that pass that initial request from your browser to the web server can see that info too.

So How do I enable it?
DoH and TRR can be enabled in Firefox 62 or newer by going to about:config:

• Set network.trr.mode to 2
  • Here's the possible network.trr.mode settings:
    • 0 - Off (default): Use standard native resolving only (don't use TRR at all)
    • 1 - Race: Native vs. TRR. Do them both in parallel and go with the one that returns a result first.
    • 2 - First: Use TRR first, and only if the name resolve fails use the native resolver as a fallback.
    • 3 - Only: Only use TRR. Never use the native (after the initial setup).
    • 4 - Shadow: Runs the TRR resolves in parallel with the native for timing and measurements but uses only the native resolver results.
    • 5 - Off by choice: This is the same as 0 but marks it as done by choice and not done by default.
• Set network.trr.uri to your DoH Server:
  • Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query
    (but you can use any DoH compliant endpoint)
• The DNS Tab on about:networking will show which names were resolved using TRR via DoH.

Links:
A cartoon intro to DNS over HTTPS
Improving DNS Privacy in Firefox
DNS Query Name Minimization to Improve Privacy
TRR Preferences

I'm not affiliated with Mozilla or Firefox, I just thought ~ would find this interesting.

What are some of your favorite videos that explain deep topics in depth?

I've recently been on a 3blue1brown binge (youtube) and am looking for more videos of that ilk. Doesn't have to be a series or a consistent uploader, one off videos are sometimes the best. Just thought I'd ask ~comp if there's anything in particular that comes to mind.

This is in part inspired by the video posted by /u/Deimos in the Technical Goals section of Tildes, titled Simplicity Matters

Has anyone here used NixOS for any significant amount of time as their daily driver? I've been considering using it since I learned about it, I really like the idea of how it manages packages, but I'm a bit hesitant, particularly about the availability of packages, and how the whole folder structure changes from the usual Linux. I'm also worried since I haven't seen any guide about how to use python other than the usual advice to get a virtualenv for everything.

I consider myself a fairly advanced Linux user, I have used Arch as my daily driver for 4 years, and Linux for like 10 years, as a side note, so I'm not really that afraid of troubleshooting.

I've been using Solus for years now as my main driver, but I think I may be switching to Arch soon. Or at least, start using Arch on my laptop, and keep Solus on my desktop. The main reason I wanna give Arch a try is because of how minimal it can be. I don't need a lot of applications, and I like to have the least amount of software installed on my machine as I can. Plus, distro-hopping is a disease, and it's time I try something new, haha.

So, I was just curious what DE people are using with Arch. Ideally I want something very minimal, but not too ugly. I liked using Budgie with Solus, so I may very well just use Budgie with my Arch install, but I thought I would see if anyone has any recommendations first! Thanks!

By coding headphones I mean with active noise cancellation, to be focused on your work. However I'd like to have it more universal since i do play videogames in my freetime, so with a microphone would be best - Or should i have 2 sets for both activities?

Something below 100€ would be nice (naive yes, but I aint got much).

I looked at the Mixcder e7 on Amazon, which looked promising. Thoughts?

Each element in the report has an 'Evaluation Time'. The catch, as I'm beginning to realise, is that only those rendered 'Now' actually have any ability to expand or collapse the bands within the report. i.e. it makes an initial pass (evaluation time 'Now') and figures out the sizes, and then goes back and recalculates the content (but not the size) of the stuff.
Which is great, except that I'm trying to print something (which should disappear when empty) from a subreport, which only works if it's deferred. Guess I'll have to accept that that band can't be collapsed when empty. It's OK, I'll just redesign my report then.

/rant over.

I was missing this feature from Reddit and saw others were as well so I thought I would share a user script I created to solve this issue until it's added (if it's added)

// ==UserScript==
// @name         Tildes.net: Open external links in new tab
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Opens external links on tildes.net in a new tab
// @author       SleepyGary
// @match        https://tildes.net/*
// @grant        none
// ==/UserScript==

(function() {
    'use strict';

    document.querySelectorAll('a').forEach(el => {
        if (!el.href.includes('tildes.net') && el.href !== '') {
            el.target = "_blank";
        }
    });
})();

I have an idea, it's not particularly new. I think git code sharing could integrate very nicely with blockchains.

I think it could be done elegantly without modifying the git protocol at all, just as an optional superset (like Github) to provide forks, PR and discussion.

Something like:

• smart contract based system
• something like lightening network for off master chain pushes
• local node hosting all obtained versions of code, something like PNPM meets zeronet
• cloning/pushing over DHT with web torrent.
• client key pairs for collaboration and authentication

Do you guys think it could be done? Thoughts? Ideas? Criticisms?

Would anyone be interested in working on something like this? I'd like all the help I can get and any input people have.