I’m the Yujiri from yujiri.xyz. https://yujiri.xyz/contact.gmi

  • 21 Posts
  • 227 Comments
Joined 1Y ago
cake
Cake day: Jun 25, 2021

help-circle
rss

Good luck! And let us know how it goes!


Thanks! That page was exactly what I was looking for.


This is a concern I hadn’t really thought of before.

Stuff I read in the past that I think is important here:

As per Drew’s article, I think the main defense we have is the idea of finite scope. In a free alternative to twitter (or another social media platform), there is not an infinite set of features that are desirable. If we pick our feature set wisely, we can build a platform that feels as though nothing is missing, and if we do this, they won’t be able to do the “extend” part because it would be obvious that anything they could add would be making the experience worse, not better. Some of our solutions may have already achieved this - if that’s so, the strategy becomes convicing enough people of that.

For one example I’d name quote tweets. This is a feature that I think is probably an anti-feature. Compared to replies, it is a “third person” form of engagement, which naturally breeds toxicity rather than understanding in disagreement, and encourages people to engage with the worst people on the platform. It also biases people toward having less realistic and less optimistic views of those who disagree with them by showing them only the worst members of the opposing camp. See Shamus Young’s “This Game is Bad For You” - very insightful on this topic.

If we can identify and avoid all such anti-features, and convince enough people to see them as such, we foil the middle E in EEE.


I think all of these arguments are really bad, and I’m someone who hates universal package managers.

“Fragmentation is not an issue”

t seems, they all agree that all of the different packaging formats and managers are a problem. However, is it really so?

Well, duplication of effort is always a downside.

As a developer, by simply using a free licence, you can just sit back and let all of the distros build binaries and do all of the work for you.

The whole complaint being made is that this doesn’t always happen in a timely fashion, and even when it does, it requires a lot of work to be done by each of those distributions.

“There is no need for universal package managers”

Yet, there is a universal package manager that has been around longer than even traditional package managers. BUILDING FROM SOURCE! Many people forget that all of their software is a git clone, make, and make install away from being installed.

I wish it were that simple. In practice, most projects are much harder to build than that. Many use build systems other than plain make such as CMake or Meson and Ninja or GNU autotools (and every project that uses autotools has different levels of intermediate files committed so different commands are needed to build it), and you’ll need to install whatever bespoke build tools they have. I almost always run into arcane error messages that can give me a lot of trouble even as an experienced Linux user and programmer. This is especially true if you’re on a distribution (like anything Debian-based, in other words most newbie distros) where header files are in separate packages, so trying to build anything will give you errors as if you have nothing installed.

A story I always share when this comes up is of my GTK patch that fixed a GObject Introspection annotation (affects generated bindings for other langauges). I spent twelve fucking hours trying to compile GTK and failed. I gave up and submitted the patch without having seen a successful build (it got accepted).

Again, I am an experienced Linux user and programmer. If even I have so much trouble compiling programs from source, expecting anyone who doesn’t have my skill set to do it is crazy.

“Universal package managers are inefficient”

Flatpak, Snap, and AppImage are just not as fast as conventional package formats. Try using any modern version of Ubuntu, and just see how slow their Snaps are.

I have never noticed them being particularly slow, either to install or to run, though I can’t comment on Snap specifically as I’ve only used Flatpak and AppImage.

But, that isn’t really even the worst part. Because of the nature of universal package managers, they require much more space than traditional packages. Every single app, instead of sharing the dependencies of all other apps on the system, is bundled with all of its dependencies. This can add gigabytes of space to many apps, and slow down older HHD’s.

I mean, sure, reducing space requirements is noble, and universal package managers probably take up a little more space (I haven’t analyzed it myself). But it’s far from a chief concern in a day where even low-end drives have hundred of gigabytes of capacities. And as for " instead of sharing the dependencies of all other apps on the system" - blaming static linking is a serious mistake. The space impact of static linking is not a large cost and it easily makes up for it with its advantages in simplicity and reliability. I would blame dynamic linking for a lot of the headaches we have with packaging and compilation. Dynamic linking introduces the need for complex dependency resolution algorithms, tying each executable to a huge amount of environment it has to carry around in order to work, breaking the portability of programs and crowding your package manager output with obscure libraries you’ve never heard of and shouldn’t have to.

http://harmful.cat-v.org/software/dynamic-linking/


I don’t know very much about this topic, but I think that building a binary yourself can be faster because it can make optimizations involving non-standard CPU features (distro packages have to be compiled without these because the user’s CPU might not support the extension)


I was actually the only employee


I quit working for a fascist
I posted a while ago griping that I worked for a fascist, until ppl convinced me to delete it for safety since I still felt I needed him at that time. No more! I found a new job, working for a vegan (🥳), and quit my job at Awning Tracker. I timed it just after a paycheck so I didn't do any work I didn't get paid for. Didn't warn him at all, or even tell him I was leaving so it'll be a few days before he realizes I'm not doing any more for him. Considering also emailing all his customers to tell them about his views. I'm afraid of retaliation though. I don't know how much there is to be afraid of.

Possible to get a free audit for a protocol?
We are making [a federated end-to-end encrypted messaging protocol](https://yujiri.xyz/sufec.gmi) and implementation. I understand the importance of getting any security-related software audited by qualified cryptographers. Most other secure messengers have got an audit. However there is no business invovled here, just me and 2 friends involved in making it (and mostly just me), and I don't view forking over a ton of money for this as a reasonable option. I found the [Open Crypto Audit](https://opencryptoaudit.org) project which sounds like exactly what I'm looking for, but I don't think they exist anymore, their website and twitter account haven't been updated since 2015. I contacted them anyway just incase but haven't got a response. Any other options?


Why hide the post button if you're not subscribed?
On a community's page there is no post button if you're not subscribed, only a subscribe button which appears a post button. At first I thought it was a rule you had to be subscribed to post in a community, but after I learned that you can post on any community by going to Create Post instead and selecting the community from the dropdown, it's just a pointless annoyance.

How Gemtext improved my writing style
I used to write articles with very heavy use of bulleted lists and often complex structure inside them, such as multiple paragraphs, sublists, or code or quote blocks inside list items. Sometimes I had entire articles that consisted almost entirely of a giant list with each argument I wanted to make as an item. When I translated all my stuff to Gemini I was frustrated at the lack of nested block structure in gemtext. However, having to write within these limitations taught me that if a list has too complex a structure for gemtext lists, it shouldn't be a bulleted list. It should be headings. After editing all of those articles to use multiple headings instead of a single giant list, I think they're better this way.

What does it mean when a package version has extra parts at the end
I get semver: x.y.z, but in the context of distribution packages (never upstream releases), I often see versions like 5.2.1-1, what does the extra number mean?

I would also love to own a RISC-V computer for daily driver use. Drew had a story about using one, though he stated it wasn’t very practical. I’m desperately hoping they become practical by the time I have to replace my current laptop, ideallly in laptop form :)


Exciting! I dream of owning a RISC-V laptop as a daily driver :)


Nitpick, but imagine making a color coded graph and choosing 3 shades of the same color :)




I for one am super excited about the potential of RISC-V to liberate our computer hardware :)


This. Also I heard someone say that everyone who works “normal” 8 hour shifts actually has 1 of those hours dedicated to lunch break so it’s not paid, I don’t know first-hand because I’ve never worked that kind of job

Also shouldn’t they be accounting for taxes? One of my jobs I do have an hourly wage but it’s before tax (and the tax is ~8.8%)



I just don’t think it’s appropriate for a chat protocol to have built-in video and voice conferencing tbh. I think that’s best left to a separate protocol (like jitsi).




Increasing prices isn’t a one-way street to making more money. The amount of money you make is the price times the number you sell, and you sell less if the price is higher.


That isn’t how inflation works. Inflation is when the value of currency decreases, meaning prices as measured in currency increase to stay equal in value.


that username tho


The Hare programming language
[Why I'm doing this](https://yujiri.xyz/software/hare.gmi)

Review my CSV parse bullshit
I'm a newb at zig. I wrote this ``` const std = @import("std"); const File = std.fs.File; const Allocator = std.mem.Allocator; const ArrayList = std.ArrayList; const BUFSIZE = 1024; const CSVReader = struct { file: File, done: bool, buf: [BUFSIZE]u8, leftover_start: usize, leftover_len: usize, allocator: Allocator, pub fn next(self: *CSVReader) !?[][]u8 { if (self.done) return null; var record = ArrayList([]u8).init(self.allocator); var field = ArrayList(u8).init(self.allocator); // Read until EOF or the end of a record. while (true) { if (self.leftover_len == 0) { self.leftover_start = 0; self.leftover_len = try self.file.readAll(&self.buf); } for (self.buf[self.leftover_start .. self.leftover_start + self.leftover_len]) |byte, i| { // End of record. if (byte == '\n') { // If this happens right at the start of a record, it was just a trailing newline. if (record.items.len == 0 and field.items.len == 0) return null; try record.append(field.items); self.leftover_start = i + 1; self.leftover_len -= i; return record.items; // End of field. } else if (byte == ',') { try record.append(field.items); field = ArrayList(u8).init(self.allocator); // Part of field. } else { try field.append(byte); } } // EOF. Complete the last field and return the record. if (self.leftover_len < BUFSIZE) { self.done = true; try record.append(field.items); return record.items; } } } }; pub fn newReader(file: File, alloc: Allocator) CSVReader { return CSVReader{ .file = file, .done = false, .buf = undefined, .leftover_start = 0, .leftover_len = 0, .allocator = alloc, }; } ``` I know that some parts of this are wrong, like clearing a new ArrayList to clear it, but I really couldn't find any way in the docs to clear an ArrayList so I did that :D Edit: yeah it doesn't cope with quoted fields yet update got review from #zig:matrix.org ❤

Best way to give away clothes in Charlotte, NC
I have a lot of clothes I wanna give away with as little hassle as possible, just want to drop them off and be done with it, I don't care about getting any money for it, don't own a car so it has to be very close, and I want to avoid charities with bad reputations

Vent about anti-libertarian bullshit
I'm sick of the anti-libertarian bulllshit around these parts. I swear everyone who dislikes libertarianism has no fucking clue what libertarianism even is, they just use the word "libertarian" as a wildcard for "someone I don't like". Like this example of a post claiming "blockchain + NFTs + metaverse" as "corporate right-libertarian silicon valley bullshit": https://lemmy.ml/post/136201 Literally almost every libertarian is straight-up against intellectual property, so obviously they hate NFTs! But of course my comment pointing that out was downvoted without response. I also saw a tweet identifying NFT supporters as libertarians but I don't have a link. While I'm at it, libertarians are not people who support borders, or pedophiles, or police, or what have you. Also, the US gov's response to coronavirus was not libertarian and if you say that then please shut the fuck up. The FDA delaying vaccine approval is not libertarian. Patents on vaccines are not libertarian. Occupational licensing reducing the supply and increasing the price of health care is not libertarian.

Recruiter scheduled a call and didn't show up after 30 minutes
This guy from Piper Companies wanted to interview me at 13:00 but he didn't show up at 13:04 so I emailed him to ask if he needed to cancel and he said he was just finishing a previous call and he'd be on in "one or two minutes". As 5, then 10, then 15 more minutes passed I began to consider emailing him again saying it's not polite to let someone's call run this long into a scheduled call with someone else, but I was afraid of hurting my chances of getting hired, but after waiting 26 minutes I decided fuck it and sent it to him. Waited 4 more minutes and gave up. If you can't respect my time, why should I bother with you? Probably would've rejected me anyway. This isn't the first time I've had potential employers or recruiters miss the time *they* scheduled but it's the first time it was confirmed to be out of impoliteness rather than forgetfulness.

"100% satisfaction or your money back!"
A lot of food products in the US say this. I'm curious if anyone has ever tried to get a refund for a product that wasn't defective or spoiled or anything, but merely <100% satisfying?

How does wf-recorder work without root?
I was told that one of the core benefits of Wayland is that it prevents applications from snooping each other, such as by recording the contents of windows that don't belong to them or logging keystrokes that don't belong to them. But the program [wf-recorder](https://github.com/ammen99/wf-recorder) can record my entire screen without root! Doesn't that mean any rogue application could do the same thing?

Am making a P2P messaging protocol and hope for protocol review
cross-posted from: https://lemmy.ml/post/93192 > It's not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.

Am making a P2P messaging protocol and hope for protocol review
cross-posted from: https://lemmy.ml/post/93192 > It's not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.

Am making a P2P messaging protocol and hope for protocol review
It's not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.

Mouse not working
Update: I eventually got it to work by unloading some Logitech-specific kernel modules as suggested by someone on Gitlab. I have a Logitech wireless USB mouse that I can't get to work on either of two Linux laptops, but previously worked on one of them and currently works on a Windows laptop. The laptop it used to work on is running [Artix](https://artixlinux.org) (systemd-less Arch) with Sway. Current state of affairs is that I see a device created for it: /dev/hidraw1 (the touchpad is hidraw0 here), and `swaymsg -t get_inputs`, with or without the mouse connected, shows: ``` Input device: PS/2 Generic Mouse Type: Mouse Identifier: 2:1:PS/2_Generic_Mouse Product ID: 1 Vendor ID: 2 Libinput Send Events: enabled Input device: PNP0C50:00 2808:0101 Mouse Type: Mouse Identifier: 10248:257:PNP0C50:00_2808:0101_Mouse Product ID: 257 Vendor ID: 10248 Libinput Send Events: enabled ``` and no inputs are received. `wev` also shows nothing. The other laptop is running Manjaro with the default XFCE desktop. Here is dmesg output from it being connected: ``` [24700.621257] usb 1-2: new full-speed USB device number 7 using xhci_hcd [24700.768351] usb 1-2: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice=24.01 [24700.768359] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [24700.768363] usb 1-2: Product: USB Receiver [24700.768366] usb 1-2: Manufacturer: Logitech [24700.785403] logitech-djreceiver 0003:046D:C52B.000B: hiddev96,hidraw0: USB HID v1.11 Device [Logitech USB Receiver] on usb-0000:00:14.0-2/input2 [24700.912748] logitech-hidpp-device 0003:046D:101B.000C: hidraw1: USB HID v1.11 Device [Logitech Wireless Device PID:101b] on usb-0000:00:14.0-2/input2:1 [24705.438614] audit: type=1101 audit(1637459838.096:311): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="raven" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.438875] audit: type=1110 audit(1637459838.096:312): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.441881] audit: type=1105 audit(1637459838.099:313): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.462551] audit: type=1106 audit(1637459838.119:314): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:session_close grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24705.462770] audit: type=1104 audit(1637459838.119:315): pid=15583 uid=1000 auid=1000 ses=6 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24710.941691] audit: type=1101 audit(1637459843.599:316): pid=15611 uid=1000 auid=1000 ses=6 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="raven" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24710.942373] audit: type=1110 audit(1637459843.599:317): pid=15611 uid=1000 auid=1000 ses=6 msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' [24710.949104] audit: type=1105 audit(1637459843.606:318): pid=15611 uid=1000 auid=1000 ses=6 msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' ``` But the Xorg log and xev show nothing, and no inputs are received.
7

This one limitation of preformatted text really annoys me
Most criticism of Gemini or Gemtext I read seems to boil down to "I oppose Gemini's entire concept, there is no revision of it that would satisfy me without fundamentally abandoning what it is". But one qualm I had about Gemtext isn't like this; it is easily addressable, and although obscure, really intensely bothers me because there isn't like, a decent workaround. It's not like, statically typed languages not having generics, oh well at least I can just copy the function definition for each type I need to use it with, but for this Gemtext issue, there's literally no workaround that would allow me to represent what I want. A preformatted text line beginning with ```` ``` ````. My proposed solution was to change the definition of a preformatted text toggle line so that it can start with more than 3 backticks, and a line that would turn preformatted text *off* only does so if it has the same number off backticks as the line that turned it on, otherwise it's part of the preformatted text. The amount of protocol complexity this would add is minimal, and to me it's significant because this is more like completing an existing feature than adding a new feature. I tried discussing this on the mailing list, and while there was some reasonable discussion and counter-suggestions, the conversation was ultimately shot down with "fuck off gemini is perfect" (paraphrase) and I gave up on convincing anyone. Also I hate mailing lists they have terrible UX so I didn't want to stick around any longer.

I'm aware that Session has been discussed twice before on this community, but the last thread was 6 months old so excuse my starting a new one. There's one big concern I wanted to bring up, which is the disagreements over whether it has forward secrecy. [The spec](https://arxiv.org/pdf/2002.04609.pdf) says it does, but I've found *two* other sources saying it doesn't: https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (search for "Perfect Forward Secrecy removed") https://www.securemessagingapps.com Why are they saying this? Is there a critical caveat to Session's forward secrecy (does it not have it in closed groups?), or are both sources just wrong? (I've also heard one source say its closed groups are limited to 10 members which would be a showstopper for me and another source say they're limited to 100 and the spec says 500 so i don't know what to believe.) I'm also concerned about it being built on top of a blockchain and cryptocurrency, not because I'm suspicious of cryptocurrency in general but because I find it difficult to understand, and because that it costs thousands of dollars to run a Session node seems to me like the network is bound to be owned exclusively by a few rich companies and investors. Is it? Is there a place I can see who owns how much of it, particularly how much is owned by the Oxen developers? UPDATE: I believe I've just learned that Sesison DOES NOT have forward secrecy or deniability; the whitepaper linked on their CURRENT website is outdated. https://getsession.org/blog/session-protocol-technical-information
18

rustfmt is too verbose!
This has been a major frustration of mine ever since I discovered the tool, and while I've thus far been willing to swallow my disgust for its preferences in favor of the benefits of an autoformatter, moments like this shake my faith. This is what rustfmt wants to do: ``` - let peer = self.connected.iter().reduce(|a,b| - if key_distance(a.id, recipient) < key_distance(b.id, recipient) { a } else { b }).unwrap(); + let peer = self + .connected + .iter() + .reduce(|a, b| { + if key_distance(a.id, recipient) < key_distance(b.id, recipient) { + a + } else { + b + } + }) + .unwrap(); ``` It won't even accept a modest counter-proposal like moving `.connected.iter()` to the first line. Nor can I find any settings for rustfmt.toml that can change its mind. Please tell me I am not the only one who hates rustfmt.