• 0 Posts
  • 29 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle



  • Except for the fact that it’s now invasive as hell and trying to monitor/sell everything on your computer after the rewrite. We had to ditch teams after the rework because it wanted to phone home to dozens of IPs with information about our computers and actions.

    The high score was blocking 112 outgoing requests with personal data in a single 1 hour call. (We have network connections locked down on our computers using Little Snitch).

    Absolute madness and frankly every single person involved in Microsoft Teams should be thrown in jail for espionage and stalking.



  • Honestly, these days it’s pretty simple. The thing you need to remember is that you do not need to know EVERYTHING all at once. Learn a little bit, use it, keep what you use, discard what you don’t, get it in muscle memory, and learn a bit more. Very quickly you’ll be zooming through vim.

    You can learn the basics, and go from there- the basics of vim (which imo everyone should know- vi is often the fallback editor), and then you can just casually learn stuff as you go.

    Here’s the basics for modern default/standard vim: Arrow keys move you around like you expect in all ‘modes’ (there’s some arguments about if you should be using arrow keys in the vim community- for now, consider them a crutch that lets you learn other things). There’s two ‘modes’- command mode, and edit mode.

    Edit mode acts like a standard, traditional text editor, though a lot of your keybinds (e.g. ctrl-c/ctrl-v) don’t work.

    Press escape to go back into command mode (in command mode, esc does nothing- esc is always safe to use. If you get lost/trapped/are confused, just keep hitting escape and you’ll drop into command mode). You start vim in command mode. Press i to go into edit mode at your current cursor position.

    To exit vim entirely, go to command mode (esc), and type :wq<enter>.

    ‘:’ is ‘issue command string’,

    ‘w’ is ‘write’, aka save,

    ‘q’ is quit.

    In other words, ‘:wq’ is ‘save and quit’

    ‘:q’ is quit without saving, ‘:w’ is save and don’t quit. Logical.

    Depending on your terminal, you can probably select text with your mouse and have it be copied and then pasted with shift-ins in edit mode, which is a terminal thing and not a vim thing, because vim ties into it natively.

    That gets you started with basically all the same features as nano, except they work in a minimal environment and you can build them up to start taking advantage of command mode, which is where the power and speed of vim start coming into play.

    For example ‘i’ puts you in edit mode on the spot- capital i puts you in command mode at the beginning of the line. a is edit mode after your spot- capital A is edit mode at the end of the current line.

    Do you need these to use vim? Nope. Once you learn them, start using them, and have them as muscle memory, is it vastly faster to use? Yes. And there’s hundreds of keybinds like that, all of which are fairly logical once you know the logic behind them- ‘insert’ and ‘after’ for i/a, for example.

    Fair warning, vim is old enough that the logic may seem arcane sometimes- e.g. instead of ‘copy and paste’ vim has ‘yank and put,’ because copy/paste didn’t exist yet, so the keybinds for copy/paste are y and p.


  • ysjet@lemmy.worldtoLinux@lemmy.mlSwitch from Ubuntu to something immutable?
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    5 months ago

    I’d you want immutability and things that just works, snaps are the exact opposite of what he needs. I’m gearing up to swap away from Ubuntu for the same reasons as him, and the snap ecosystem is utterly fucked and accelerating my timetable daily.

    I’ve never seen something so damn broken, and it gets more so every update. It’s gotten to the point of where snap store will just straight up log me out of my session out of the blue when it finds an update so it can install it, losing all of my work.





  • In the case of Discourse, a hardware engineer is an embarrassment not deserving of a job if they can’t hit 90% of the performance of an all-time-great performance team but, as a software engineer, delivering 3% the performance of a non-highly-optimized application like MyBB is no problem. In Knuth’s case, hardware engineers gave programmers a 100x performance increase every decade for decades with little to no work on the part of programmers. The moment this slowed down and programmers had to adapt to take advantage of new hardware, hardware engineers were “all out of ideas”, but learning a few “new” (1970s and 1980s era) ideas to take advantage of current hardware would be a waste of time.

    You can really tell this guy is some hardware design engineer at nvidia that has absolutely no fucking clue about how real-world user space programming works. Also I like how 74% slowly kept getting inflated until it became 90%.

    Like, this dude is trying to claim that fucking Donald Knuth himfuckingself cannot figure out some new computer hardware.

    Multiple processors working in concert is not, and never has been, a cure-all. It’s highly situational and generally not useful.

    What’s dumb is that, as a Systems Design Engineer at NVIDIA, Dan Luu should know that. After all, how has SLI been doing recently?

    That said, yes, of course, web dev bloat is absolutely out of control, and slow websites absolutely have nothing to do with hardware or network. That’s a culprit of bad frameworks, horrific amounts of ads/trackers/bullshit, and honestly just general lack of programming fundamentals in the web dev space. Might as well call them web technicians and really ruffle some feathers. :P




  • ysjet@lemmy.worldtoProgrammer Humor@lemmy.mlC++ Moment
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    9 months ago

    https://wiki.ubuntu.com/Apport

    It intentionally acts as an intercept for such things, so that core dumps can be nicely packaged up and sent to maintainers in a GUI-friendly way so maintainers can get valuable debugging information even from non-tech-savvy users. If you’re running something on the terminal, it won’t be intercepted and the core dump will be put in the working directory of the binary, but if you executed it through the GUI it will.

    Assuming, of course, you turn crash interception on- it’s off by default since it might contain sensitive info. Apport itself is always on and running to handle Ubuntu errors, but the crash interception needs enabled.




  • Really dude? I never once devolved to name calling, I stated that s/he lied when s/he made false statements. What else am I supposed to say there?

    I also don’t understand how saying they doesn’t know what the subject matter s/he’s taking a stance on is ‘know-knowing’ either? S/He’s straight up said they doesn’t know what a CVE is, doesn’t know what experimental means, and while they claims to be in this field of work, they doesn’t know what a web worker is and confused a web transaction with a database transaction.

    Sure, I could have been nicer about it when they started escalating, but I never made it personal, and have no intentions of doing so either.

    EDIT: realized I was assuming their gender.


    1. I’m glad we agree a DoS is a vulnerability.
    2. CVE best practices state that CVEs are required to be assigned to experimental features. F5’s company policy is that CVE best practices are followed. F5 is the company that owns nginx. Therefore, it was required. Nice ‘legal requirement’ strawman. Also, ‘Common’ in this situation is not defined as ‘Widespread; prevalent,’ it’s defined as ‘Of or relating to the community as a whole; public.’
    3. That was a typo regarding ‘stable,’ my bad. I meant to say ‘It is just not available on stable, but is both via commercially and via the open source version.’ However, it’s still available on commercial versions and open source, and ‘non-stable’ versions are not inherently unstable, they’re just called ‘mainline’. Proof: https://nginx.org/en/download.html Stable is basically just ‘long term support/LTS’ versions of nginx.
    4. Again, you are intentionally misusing the definitions of the word common. Lets see what MITRE has to say about it, hmm?

    Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.

    Source: https://cve.mitre.org/about/

    1. Yes, I would consider notifying the development mailing list as ‘quietly’ fixing it, as most all companies using it will not be on the development mailing list. It’s meant to be an area for developers to discuss things. They didn’t inform the public, they informed the devs.
    2. Where are you getting database from? You’ve randomly pivoted into talking about database transactions then started babbling about how you somehow think using a production mainline release with production options on a fully supported commercial binary is somehow inherently unsafe, as though it wouldn’t still be in dev or test.

    Since you seem to have no idea about how web servers work, or indeed, experimental features, I’ll let you in on a secret- The only difference between a non-experiemntal option in nginx and an experimental option is that they’re unsure if they want that feature in nginx, and are seeing how many people are actually using it/interested in, or they think that usage patterns of the feature might indicate another, better method of implementation. “Experimental” does not mean “unfinished” or “untested.”

    If you know nothing about programming, CVEs, or even web engines, please stop embarrassing yourself by trying to trumpet ill-thought out bad takes on subjects you don’t understand.


  • ysjet@lemmy.worldtoOpen Source@lemmy.mlNginx gets forked by core developer
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    3
    ·
    edit-2
    9 months ago

    There is an astounding number of lies in your post, good lord.

    1. It is an issue. A DoS is a fairly serious vulnerability, and very much is a vulnerability.
    2. Experimental features are explicitly defined to require their vulnerabilities to be assigned CVEs.
    3. It is not just available on the stable version, but both commercially and via the open source version.
    4. CVEs are not just for serious issues, they are for vulnerabilities. All vulnerabilities. It is a number that allows you to reference an vulnerability, nothing more, nothing less.
    5. Mentioning a CVE on the mailing list is the absolute least they should be doing.
    6. ‘workers can just be restarted anyway’ shows a deep misunderstanding of what a worker does. Any pending or active transactions that worker had now hangs, meaning that the service is still being denied. Trying to recover automatically from a DoS does not mean the DoS is not happening- it just means that the DoS is slower to get rolling, or intermittently seems to work mid-DoS.

  • ysjet@lemmy.worldtoOpen Source@lemmy.mlNginx gets forked by core developer
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    4
    ·
    9 months ago

    Experimental features are explicitly defined as requiring CVEs. You are supposed to run them in production, that’s why they’re available as expiermental features and not on a development branch somewhere. You’re just supposed to run them carefully, and examine what they’re doing, so they can move out of experiment into mainline.

    And that requires knowledge about any vulnerabilities, hence why it’s required to assigned CVEs to experimental features.

    And I’m not sure why you think a DoS isn’t a vulnerability, that’s literally one of the most classic CVEs there are. A DoS is much, much more severe than a DDoS.