I’m the Yujiri from yujiri.xyz. https://yujiri.xyz/contact.gmi

  • 6 Posts
  • 85 Comments
Joined 4Y ago
cake
Cake day: Jun 25, 2021

help-circle
rss
Why hide the post button if you’re not subscribed?
On a community's page there is no post button if you're not subscribed, only a subscribe button which appears a post button. At first I thought it was a rule you had to be subscribed to post in a community, but after I learned that you can post on any community by going to Create Post instead and selecting the community from the dropdown, it's just a pointless annoyance.
fedilink

What does it mean when a package version has extra parts at the end
I get semver: x.y.z, but in the context of distribution packages (never upstream releases), I often see versions like 5.2.1-1, what does the extra number mean?
fedilink



I for one am super excited about the potential of RISC-V to liberate our computer hardware :)


Maybe Drew goes completely crazy and decides to destroy anything related to this new language, I don’t know.

There’s no way he’d do that. He and others spent years building this project already. He’s not gonna throw away that much effort and a promising project just because people are seeing it sooner than he intended.


If you want a TLDR of how it compares to other languages, I think this: https://drewdevault.com/2021/03/19/A-new-systems-language.html

First I’ve heard of Odin, I think most of the languages you list can’t be considered true altneratives to C. A key aspect of C is manual memory management; probably any language with garbage collection cannot replace C in its appropriate use cases (kernels, interpreters, device drivers, etc).

My impression is that Hare aims to be drastically simpler than Rust, but borrows at least one major idea from it: pattern matching. I suspect a big reason Drew didn’t consider Zig satisfactory is because of its lack of unicode string support. See this fascinating thread where he argues with the Zig developers about their decision to leave it out: https://github.com/ziglang/zig/issues/234


The Hare programming language
[Why I'm doing this](https://yujiri.xyz/software/hare.gmi)
fedilink

These concerns seem very well thought out.

I think, and have thought for a while, that the web is simply a sinking ship. Even using librewolf might not cut it in the future if they stop being able to keep up with the effort of maintaining a browser fork, or if mozilla gives up on firefox upstream. That’s something I’ve been fearing for a while, after seeing microsoft give up (which i assume was because of custom elements), and seeing Google throw in more features of a similar caliber (CSS Houdini).

My opinion is that we ultimately need to abandon the web and replace it with simpler protocols with more specific purposes such as Gemini for publishing documents.


It’s a decent article but I think it could’ve benefitted from more concrete examples, in particular of this claim:

For visually impaired users, this might mean laying out information in a more logical sense than in a spatial sense.


The term “free software” as used in FOSS doesn’t mean software that promotes freedom, but software whose licenses allow certain freedoms. In this definition, Android is free software and FOSS.


Bit of a tangent here, but I think FOSS ideologues have a tendency to overrate the significance of software being FOSS.

We already have a Linux-based mobile OS: Android. It is open source, but it is still in practice a tool for Google to gain more control over us.

Having open source code is necessary, but not sufficient for software freedom. We also need the software to actually be designed to serve the user.


A fork that trimmed features would be unable to render many websites. The problem is more the protocol than the implementation.

My position is that the way forward is ultimately to abandon the web (ie. HTTP), and replace it with alternative protocols for each thing it does. Gemini for example for the “primary” use case of the web (publishing documents).


It’s big but I think that number’s inflated. I just downloaded the source bundle from sudo.ws and I find only 200k even if I count the entire repository, including docs (43k) and lib (38k), and lib looks like vendored dependencies to me. The actual src/ is only 15k.


Looks really cool, but sadly it segfaults for me as soon as I enter a password.


IMO Element is the only client that actually supports enough of the protocol to be useful.


Even if that comparison is exactly correct, wouldn’t it just mean that a userspace scheduler is redundant? You don’t want to have two pieces of software running at the same time with the same job.

But I don’t think that comparison is correct. OS kernels aren’t an external tool for managing process priorities. They’re how you create processes in the first place, so of course the OS is the appropriate place to manage them.


This sounds like a bad idea to me. Having more stuff running just to figure out which of the running stuff to prioritize.



Aiwendil has a good answer but I’d just like to add this nitpick (also @kromonos@fapsi.be ): bash and fish aren’t terminals, they’re shells


Same. I used to use Protonmail but that was one of the main reasons I decided to leave


Riseup seemed like one of the best email providers in my investigation, but I didn’t have an invite and didn’t try to get one since I felt I might not be leftist enough for them to accept me. I ended up going with Disroot, which seems like a slightly less ideologically extreme version of Riseup.




This post seems to be an ad for some sort of development contracting company, which disgusts me, but I feel compelled to respond to the points anyway because their content is interesting independent of the ads. My position is that Node is a terrible choice, and I will rebut these reasons.

Easy learning curve

This paragraph assumes you already know frontend. Yes, it’s easier to learn backend JS than another backend language if you know frontend JS; it’s not easier to learn backend JS than another backend language if you don’t know frontend JS. (Not all developers are full stack)

The V8 JavaScript engine has been proven to be at least twice as fast as any other server-side language out there, including Java and PHP, while using far less memory than any of them.

This argument is bizarre. I have seen that Node is faster than other dynamic langauges, but have you forgotten that compiled languages exist? I would be astonished if you could find any evidence that Node is faster or uses less memory than say, Go (the backend language we use at my job).

One Language

Much like the previous point, this assumes the perspective of a developer who already knows JS and nothing else. If you know only JS, you might prefer to use that language everywhere. But let’s say you know two languages: Go and JS. Using Go would mean using different languages on the frontend vs backend of this particular application, but using JS would mean using different languages on the backend of this project vs your experience in other projects - neither side has the “One language” advantage.

Open Source and Community Developers

This is just silly as all relevant programming languages are open source. A closed source programming language would be a joke.

Scaling Up

The number of companies using it is irrelevant. The ability to scale is relevant, but it’s not a distinct benefit; it’s a consequence of being more resource-efficient, which almost any compiled langauge should beat Node’s ass on due to the intrinsic performance advantage of compilation.

Ease of Deployment

I have no idea what this is even talking about. I thought this was about web backend, where all languages can be deployed in the same way.

A great thing about JavaScript frameworks in general, and especially Node.js, is that they can be used across a variety of different platforms: desktop, mobile, and web.

This only applies to frontend. No one’s saying you shouldn’t use JS for the frontend of a web app as you have no choice.

Security

There’s no evidence that applications written in Node are more secure than applications written in another language such as Go or Rust, and the content of this point has nothing to do with “Security” anyway.

Ability to Use RESTful APIs

Any language can implement and use a REST API.

Lots of Modules / Plugins

It’s true that Node has one of the biggest ecosystems of available libraries, but it’s not the only one. Python, Go, and Ruby all have sufficiently large ecosystems that it seems impossible to find a task for which there isn’t a preexisting library.


I’m a Signal user and I can see the phone numbers of everyone in a group chat I’ve been invited to. It matters hardly at all that it’s not stored unhashed on the server.


Whoa, I had no idea Jami had multi-device support! I wonder how they pulled that off in a P2P setting. Last I checked they didn’t even have offline messaging (not even in the way Tox does).

Do you happen to know where the Jami protocol spec is? I couldn’t find it on their website…


Yeah, I mean that. The design of the protocol makes it basically impossible to implement. This is one of the core drawbacks of peer to peer compared to federation.


I saw this a while ago when I was searching high and low for a messenger to switch to from Element (didn’t end up switching to anything). I like a lot of things about it, but don’t like that it can’t support offline delivery or multi-device. I think no messenger without those features will ever take off because too many people demand them. In fact I remember that in group chats, it won’t even do the faux offline messaging that it does for 1-to-1 chats! I don’t know why but that was the biggest deal breaker for my own use case. I hope they eventually fix that, there’s no reason they can’t.

I also don’t like that it has moderation features, which feel really out of place to me in a peer to peer system. I don’t want that kind of social hierarchy in a context that more or less inherently assumes all participants are trusted. Moderation only makes sense in public forums IMO.

There’s also at least one security cocern: https://github.com/TokTok/c-toxcore/issues/426 Though the people pointing it out were pretty toxic and really exaggerated its severity :(

Despite all this, if offline messaging and multi-device aren’t requirements for you, I’d say Tox is a great option, maybe the best option.

I’m proud to hear you’re getting into Gemini, by the way :) I first heard of it a while ago but recently got really onboard and I’m working on converting my own website to Gemini.


Those are all part of it, but for a broad answer, just think about any other type of software that has various alternatives. What’s the difference between web browsers? Between text editors? Email clients? Not everyone can agree on one perfect way for an app or desktop environment to be. There’s always some people who think they’d be more productive with a different design, or that a different design would be more intuitive to them, etc.


Yeah, I actually deleted my account today (I hadn’t used it in almost a year and I only opened it again cause I got a notif)


I had a similar experience earlier today: i was on the web version of the Wage app (freelancing platform) and saw a banner saying they’re gonna scrap the website and force everyone to use the mobile app only

All the proprietary stuff is just getting more user-hostile by the day. like, how long before average people can’t tolerate it anymore and start switching to free stuff? i really wanna see that.



Idealism, if Linux was going to take over innately it already would have

I don’t understand, you could use this argment against anything, just pick something that took off and imagine someone saying this before it did, why is Linux different?

History (let’s be honest it’s like a discord server if it doesn’t take off all at once it never will)

Why? Lots of things take off only after a long time. Why is Linux like a discord server? You don’t explain how you’re arriving at these conclusions

It’s inaccessible (terminals cannot replace everything. I’m talking to you if you say “bloat”)

No, terminals can’t replace everything, nor are we trying to make them do that. Linux has GUI applications and conventional desktop environments. I’m one of the ppl who’s constantly raging against bloat and I use apps like eog. Terminals are great but they are meant for a certain set of uses, not for everything

There’s only corporate funding, so they will appropriate it

I’m not sure what this statement even means, are you saying only corporate things get funded or Linux only gets funding from corporations? And what is ‘appropriation’ mean here? Corporations using Linux is not a problem

We tolerate people who don’t tolerate others (including the less tech-savvy)

Sure, there are bigots and toxic ppl in many Linux communites… just like there are in non-Linux communities. I’m not convinced that Linux communities have an especially high concentration of toxic ppl, especially since you specify “the less tech-savvy”. I don’t think there’s a widespread problem with how Linux ppl treat the less tech-savvy. I think a lot of ppl have this opinion because they do things like ask questions that are answered in the documentation, or send bug reports without any information, or act too demanding of maintainers or free software.

Useful link: http://www.catb.org/esr/faqs/smart-questions.html

Microsoft has way too much power (money)

Yeah, I hate Microsoft too and I wish they had less power and money than they do. But this is just a despair argument. There’s no reason free software can’t win people over, especially with Microsoft going ham on anti-features in recent versions of Windows and more people becoming more critical of capitalism. Money lets them make products and software effectievly, but it can’t let them replicate the things that make free software special.

Few people remember RMS started copyleft as a political goal (too many people are uncomfortable challenging their beliefs, so they want Linux to be “apolitical”)

I don’t see what this has to do with the Linux desktop taking off. Yeah, copyleft is a great idea and to me it is a deeply ideological thing that I support, not just a praxis. But, as someone else said, letting people enjoy Linux apolitically is good because it expands the user base.

No one is doing the political organizing

What political organizing?

Copyleft is flawed and needs to be improved (here’s a template example https://thufie.lain.haus/NPL.html) [also mind you that there’s a need to prevent corporate appropriation]

Copyleft isn’t a magic solution to all problems, and maybe we could do better with different licenses… but that NPL seems like a terrible idea. First, I don’t think you can define terms like “tracking individuals” or “discriminate”/“hate speech” in a legally sound way (the given definition of Discriminate is absurdly over-broad, and the given definition of Hate Speech is both too open to interpretation, since it hinges on the word “hatred”, and too narrow, because of the word “solely”). But even if you could get around the definition issues, you shouldn’t just load a license with your entire ideology. The more stuff you add to the license, the fewer people will agree, and the harder it will be for your software to take off.

People worship RMS instead of realizing he alienates women, people with down syndrome, etc.

Do they? You can be in a lot of Linux communities for a long time without hearing about RMS, and lots of Linux users don’t even like him.


Tor isn’t invincible but it’s much more difficult to track than a simple proxy or VPN because an adversary who compromises your proxy server or VPN can immediately see both the source and destination of your traffic, whereas traffic on Tor is routed through 3 different intermedaries, and not the same ones each time. Even if an attacker controlled your entry node, that wouldn’t tell them where your traffic is going or what it is. The attack described in that article requires the attacker to control both your destination and your entry node, and even then requires statistical analysis and for the victim to download a large file. I’m not aware of any anonymity system that makes tracking harder than Tor does, without requiring a trusted server operator.


Depends on what terms you want. Summary of popular options:

  • GPL is meant to ensure that any derivative works are also FOSS
  • LGPL is similar, but the definition of “derivative work” is narrower, so proprietary projects can use its code as long as they aren’t extending the LGPL work itself. Often used for libraries
  • AGPL is like GPL, but also applies if someone is using your software as the backend for a network service rather than a program they distribute to users. A company can make a derivate work of GPLed software and offer access to it as a network service without being subject to the GPL terms because making something available as a network service doesn’t count as distributing the derived work.
  • ISC (or MIT or BSD, all roughly the same) is meant to not project derivative works. It makes your project FOSS but allows proprietary derivatives

Most VPNs cost money and are drowned in dishonest marketing. Yes, Tor is slower but for an upload that’s not an isssue because you don’t do it constantly and it’s not time-sensitive

Because you say so, nope

Would you mind not putting words in my mouth?


No Tor node knows both the origin and destination of traffic. The system was carefully designed to ensure this, so no, it’s not comparable at all.


Tor is a better way to hide your IP than a VPN (unless Tor exit nodes are blocked by the service you’re connecting to)


I have an old gmail that I can’t quite get rid of yet, one company address for one of my jobs and one disroot that I use for everything else. I just added 3 accounts in Claws Mail and it gives a pretty good UX


This is a great effort! There’s just one thing that I think you really should correct/clarify, In the chapter on firefox:

The browser is free and open source, highly customisable, blocks cookies & trackers

Firefox doesn’t “block cookies”. The default settings block “cross-site tracking cookies” and “cross-site cookies in private windows”, while the “Strict” setting blocks “Cross-site cookies in all windows”. Cookies themselves are not a privacy concern (and blocking them would break a huge proportion of websites)



the reality is a lot of the audience this person is likely trying to reach already has discord installed

People interested in a complete outsider OS are using discord?

My guess is the people interested in this type of project are the ones using IRC and email for everything.


How does wf-recorder work without root?
I was told that one of the core benefits of Wayland is that it prevents applications from snooping each other, such as by recording the contents of windows that don't belong to them or logging keystrokes that don't belong to them. But the program [wf-recorder](https://github.com/ammen99/wf-recorder) can record my entire screen without root! Doesn't that mean any rogue application could do the same thing?
fedilink

Am making a P2P messaging protocol and hope for protocol review
cross-posted from: https://lemmy.ml/post/93192 > It's not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.
fedilink

I'm aware that Session has been discussed twice before on this community, but the last thread was 6 months old so excuse my starting a new one. There's one big concern I wanted to bring up, which is the disagreements over whether it has forward secrecy. [The spec](https://arxiv.org/pdf/2002.04609.pdf) says it does, but I've found *two* other sources saying it doesn't: https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (search for "Perfect Forward Secrecy removed") https://www.securemessagingapps.com Why are they saying this? Is there a critical caveat to Session's forward secrecy (does it not have it in closed groups?), or are both sources just wrong? (I've also heard one source say its closed groups are limited to 10 members which would be a showstopper for me and another source say they're limited to 100 and the spec says 500 so i don't know what to believe.) I'm also concerned about it being built on top of a blockchain and cryptocurrency, not because I'm suspicious of cryptocurrency in general but because I find it difficult to understand, and because that it costs thousands of dollars to run a Session node seems to me like the network is bound to be owned exclusively by a few rich companies and investors. Is it? Is there a place I can see who owns how much of it, particularly how much is owned by the Oxen developers? UPDATE: I believe I've just learned that Sesison DOES NOT have forward secrecy or deniability; the whitepaper linked on their CURRENT website is outdated. https://getsession.org/blog/session-protocol-technical-information
fedilink