Holy shit I love this, that's fucking amazing, it's basically a modern terminal browser, that actually has html5, css support etc. not like elinks, especially nice inside tmux for sure.

"Browsh is a fully-modern text-based browser. It renders anything that a modern browser can; HTML5, CSS3, JS, video and even WebGL. Its main purpose is to be run on a remote server and accessed via SSH/Mosh or the in-browser HTML service in order to significantly reduce bandwidth and thus both increase browsing speeds and decrease bandwidth costs."

https://www.brow.sh/
demo: https://youtube.com/watch/...
https://motherboard.vice.com/en_us/...

Worst thing you've seen another dev do? So many things. Here is one...

Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)

When I pointed out the security flaw, the developer accused me of 'hacking' the site.

I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")

Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>

Not even 5 minutes later a company wide email was sent from Adam..

"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"

The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.

That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.

"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.

Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.

So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.

Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s

So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.

The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"

... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.

Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.

</rant>

P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.

Okay, mine is actually mildly interesting.

I was, at the time, obsessed with operating systems. The only thing I knew how to do (and I only knew how to do it poorly!) was make websites. And thus, Frames(TM) was born.

It was really labored for what it was. The whole thing worked off iframes to create different "Windows" which you could drag around the screen in a typical window-based environment. It had a start menu (Without search - I wasn't that good yet), task bar, background image, the whole 9 yards.

Some highlights from that project:

- Not hosted anywhere. Everything was file:/// protocol
- Originally, everything was statically created, and I learned about document.createElement during this project
- To communicate between the "Operating system" and the different frames, I used localStorage, which was continuously exec'ing anything it could find. Smart smart boi.
- Of course, the only thing available was web storage. The "Hard drive" was about 5MB, and if you cleared browsing data, goodbye everything!

Hours and hours happily dumped into that project, but I am definitely happy it is gone forever.

Time for a rant about shitstaind, suspend/hibernate, and if there's room for it at the end probably swappiness, and Windows' way of dealing with this.

So yesterday I wanted to suspend my laptop like usual, to get those goddamn fans to shut up when I'm sleeping. Shitstaind.. pinnacle of init systems.. nope, couldn't do it. Hibernation on the other hand, no problem mate! So I hibernated the laptop and resumed it just now. I'm baffled by this.

I'll oversimplify a bit here (but feel free to comment how there's more to it regardless) but basically with suspend you keep your memory active as well as some blinkenlights, and everything else goes down. Simple enough.. except ACPI and I will not get into that here, curse those foul lands of ACPI.

With hibernation you do exactly the same, but on top of that, you also resume the system after suspending it, and freeze it. While frozen, you send all the memory contents to the designated swap file/partition. Regarding the size of the swap file, it only needs to be big enough to fit the memory that's currently in use. So in a 16GB RAM system with 8GB swap, as long as your used memory is under 8GB, no problem! It will fit. After you've moved all the memory into swap, you can shut down the entire system.

Now here's the problem with how shitstaind handled this... It's blatantly obvious that hibernation is an extension of suspend (sometimes called S3, see e.g. https://wiki.ubuntu.com/Kernel/...) and that therefore the hibernation shouldn't have been possible either. The pinnacle of init systems.. can't even suspend a system, yet it can hibernate it. Shitstaind sure works in mysterious ways!

On Windows people would say it's a hardware issue though, so let's talk a bit about that clusterfuck too. And I'll even give you a life hack that saves 30GB of storage on your Windows system!

Now I use Windows 7 only, next to my Linux systems. Reason for it is it's the least fucked up version of Windows in my opinion, and while it's falling apart in terms of web browsing (not that you should on an EOL system), it's good enough for le games. With that out of the way... So when you install Windows, you'll find that out of the box it uses around 40GB of storage. Fairly substantial, and only ~12GB of it is actually system data. The other 30-ish GB are used by a hibernation file (size of your RAM, in C:\hiberfil.sys) and the page file (C:\pagefile.sys, and a little less than your total RAM.. don't ask me why). Disable both of those and on a 16GB RAM system, you'll save around 30GB storage. You can thank me later.

What I find strange though is that aside from this obscene amount of consumed storage, is that the pagefile and hibernation file are handled differently. In Linux both of those are handled by the swap, and it's easy to see why. Both are enabled by the concept of virtual memory. When hibernating, the "real" memory locations are simply being changed to those within swap. And what is the pagefile? Yep.. virtual memory. It's one thing to take an obscene amount of storage, but only Windows would go the extra mile and do it twice. Must be a hardware issue as well.

Oh, and swappiness. This is a concept that many Linux users seem to misunderstand. Intuitively you'd think that the swappiness determines what percentage of memory it takes for the kernel to start swapping, but this is not true. Instead, it's a ratio of sorts that the kernel uses when determining how important the memory and swap are. Each bit of memory has a chance to be put into either depending on the likelihood of it being used soon after, and with the swappiness you're tuning this likelihood to be either in favor of memory or swap. This is why a swappiness of 60 is default most of the time, because both are roughly equally important, and swap being on disk is already taken into account. When your system is swapping only and exactly the memory that's unlikely to be used again, you know you've succeeded. And even on large memory systems, having some swap is usually not a bad idea. Although I'd definitely recommend putting it on SSD in a partition, so that there's no filesystem overhead and so that it's still sufficiently fast, even when several GB of memory are being dumped in.

I started reading this rant ( https://devrant.com/rants/2449971/... ) by @ddit because when I started reading it I could relate to it, but the further he explained, the lesser relatable it got.

( I started typing this as a comment and now I'm posting this as a rant because I have a very big opinion that wouldn't fit into the character limit for a comment )

I've been thinking about the same problem myself recently but I have very different opinion from yours.

I'm a hard-core linux fan boy - GUI or no GUI ( my opinion might be biased to some extent ). Windows is just shit! It's useless for anything. It's for n00bs. And it's only recently that it even started getting close to power usage.

Windows is good at gaming only because it was the first platform to support gaming outside of video game consoles. Just like it got all of the share of 'computer' viruses ( seesh, you have to be explicit about viruses these days ) because it was the most widely used OS. I think if MacOS invested enough in it, it could easily outperform Windows in terms of gaming performance. They've got both the hardware and the software under their control. It's just that they prefer to focus on 'professionals' rather than gamers.

I agree that the linux GUI world is not that great ( but I think it's slowly getting better ). The non-GUI world compensates for that limitation.

I'm a terminal freak. I use the TTY ( console mode, not a VTE ) even when I have a GUI running ( only for web browsing because TUI browsers can't handle javascript well and we all know what the web is made of today - no more hacking with CSS to do your bidding )

I've been thinking of getting a Mac to do all the basic things that you'd want to do on the internet.

My list :
linux - everything ( hacking power user style )
macOS - normal use ( browsing, streaming, social media, etc )
windows - none actually, but I'll give in for gaming because most games are only supported on Windows.

Phew, I needed another 750-1500 characters to finish my reply.

!rant !dev

So, following up my last rant.
https://devrant.com/rants/2433162

I quit on Friday, this is what I said to my bosses.

"In the last week I had, 2 panic attacks, and I have 2 theories for this, one is that I have underlying psychological problems, the other theory is that we are under an impossible task, I choose to say now that I have to quit because I have psychological issues, but if you are willing to hear my other theory, that involves saying that meeting the deadline is not viable, then I can tell you that, so do want to listen that part?.

Bosses: No, we heard enough, we are going to have your contract terminated in order, and we will let you know when you can come and pick your paycheck."

So, that's them. Now about me and how I re-discovered GTD, or more precisely how I organized my whole weekend using taskwarrior with GTD, and why I think is going to be useful as a freelancer.

Before I feel good about telling you about my weekend I have to tell you a few things about myself.

I am a very impulsive person, I have a lot of energy in short surges, so I have to be able to maximize my activity when I'm in a surge, and I have to maximize my rest when I am not.

That's hard to do, it requires a balanced lifestyle, I am also very prone to being neurotic, and overwhelmed by the amount of stuff that I want to do.

And on top of that, when I am resting, I have surges of things that I want to have, do, or implement, it could be software related, as "Doing an app that will be the Uber of home services", to house improvements like, "I have to fix that leaking roof", and all the sort of stuff that happens in between hardware and software. That surge of consciousness doesn't allow me to have the proper rest that I need before I engage with activities again.

Because of this I have a very cyclic rhythm, with whole weeks burning my energy into doing stuff, and weeks resting doing very little and thinking too much.

Now about my weekend. Friday night I was browsing the web, and a thought came to my head. "The way you use your terminal, says a lot about your personality", and I got curious, so I searched for, "Show me your terminal", and found a post in dev.to to see all kind of nice terminal setups, from the very minimalist to very feature rich oh-my-zsh themes with plugins for git, aws and what not. One of these pictures really got my attention, a guy had set up his terminal to show him, how many task has he done in the day, and how many cups of coffee has he had.

So by investigating how he set up his terminal to show in the prompt the number of successfully completed tasks in the day, I found out that he was using taskwarrior, he was also kind enough to share the source code of his prompt setup, which I bookmarked to later incorporate that into my oh-my-zsh config.

After reading about taskwarrior, I also got a reference to GTD, I don't remember if this was one of those thoughts that I have and follow immediately, or if I read something that led me to a YouTube video summarizing GTD.

In the end, after watching that GTD video, I decided to give it a try to organize my life, and help me find a remote job, keep my house in order, plan my social activities as "hang out with friends", "visit mom and dad", and give the proper amount of attention to my GF, with whom I am deeply in love, and willing to spend the remaining of my years with her.

So my fist task was.

task add Ask for GF's parents blessing.

Which of course I have no intention of doing right now, but is one of the things that I will eventually have to do.

Then it started, I started adding tasks, and things to do, and go through the whole Capture phase of GTD.

Now it is a good time to write a small summary of what I think GTD is.

GTD is a life habit of organizing your life in todo-lists. And it was a very specific core method, that in the video summary that I watched was called CPR.

Capture, Process and Review.

Capture:
When you capture you just add your tasks to a bucket list.
So I took a notebook and started writing down everything that I wanted to have done. I also started to capture ideas as they came up to me, I did this by writing a telegram saved message in my phone, or directly adding it as a task in TW.

Process:
I read my telegram messages and put them into my task warrior list, then I started to organize my tasks into projects, breaking down every task that was not an atomic unit.
* And different projects started to emerge from this. One of them was project:Housekeeping.

And here's my screenshot of what I did this weekend, also the number of projects that I have, and all the things that I have to do in order to have what I think would be a very balanced, fun, and productive life.

You'll be able to see in the screenshot, that there's a blocked task, yes, tw allows you to organize dependencies too, so one task is delegated, and blocked by the delegation task.

App Review – Zomato 2.0

Some apps are as essential as oxygen by example of https://apps.apple.com/us/app/... . Zomato, for sure, is one of them. If you love to eat outside and you’re not living in a cave, chances are that you’ve already gone through Zomato on the web or used one of their mobile apps. If not – Zomato is the place where you can locate eating joints, scan through their menus, check for home delivery numbers and a lot more than that. If you are diabetic you keep sweets in your pocket, similarly Zomato is something every food-loving person needs to keep in their mobile phones(I agree how PR-ish that sounds but it’s true).

Zomato had recently integrated social features on its website. That was followed by the much needed overhaul of their mobile apps. They’ve also updated their iOS app recently and I decided to give it a shot. Zomato 2.0 on the iPhone is super slick to say the least. The redesign brings a lot of character to the app. The Zomato app is now much more smoother, cleaner and powerful. The added social functionality adds more value to the app.

Design and Features

The 2.0 update completely changes the entire look and feel of the app. Everything from the app’s start screen to restaurant details has been changed. The default menu lets you explore and search eating places. Now there are icons for top 25 restaurants, reviews, favorites and more. The icons have been perfectly placed and it’s very easy to spot what you’re looking for.

Everything is just right. The app is highly responsive and there’s hardly any lag. If any, it will depend on your internet connectivity. Browsing menus is still a breeze and I personally love the way you can toggle between information, menu, photos and last but not the least, the reviews. Everything placed just perfectly to help you make that ultimate make or break decision – to eat or order from here or not?

Social

Everything is getting social. Even the next door Dolly-beauty-parlor apps are getting more social now. Zomato just integrated its social features on the web recently and they’re now a part of their mobile apps. On the iPhone app you need to login to access these social features. There’s a Top Foodies leaderboard that could prove to be a crucial game mechanic for the app. Browsing users’ profiles allows you to follow users. The profile pages tie up a user’s reviews and followers. This is all pretty neat and a part of a major plan at Zomato to take over the world.

With lists, network, user reviews etc. there’s a lot more to the app. I’m hearing that there’s still a lot more to come when it comes to social features on the Zomato iPhone app. I better start following up with people and posting reviews. This just kicked Foursquare where it hurts the most. And with that I’ve lost the little amount of motivation I had to check-in to places on Foursquare