Hacker News: toupeira

New comment by toupeira in "Pure Digital CSS, Swiss Made, Clock – No JavaScript, almost no HTML"

toupeira — Thu, 31 Dec 2020 20:00:41 +0000

> Firefox doesn't even give me the option to view page source

Looks like they moved it into the Tools -> Web Developers menu. Ctrl+U still works too!

New comment by toupeira in "Coordinated disclosure of XML roundtrip vulnerabilities in Go’s standard library"

toupeira — Mon, 14 Dec 2020 22:57:59 +0000

OpenID Connect seems to be pretty well established: https://openid.net/certification/

It defines an authentication protocol on top of OAuth2, and is a different beast from the older OpenID standards.

New comment by toupeira in "macOS unable to open any non-Apple application"

toupeira — Fri, 13 Nov 2020 01:55:10 +0000

Debian stable is meant for servers, use unstable (it's quite stable!) or stable-backports if you want a recent kernel.

New comment by toupeira in "Mozilla Hubs – Private social VR in your web browser"

toupeira — Sat, 24 Oct 2020 01:11:45 +0000

More gripes:

- Tab queue is gone.

- Bookmark keywords stopped working.

- Sharing directly from another app to a synced desktop Firefox is gone.

New comment by toupeira in "Vilified early over Covid-19 strategy, Sweden seems to have scourge controlled"

toupeira — Wed, 30 Sep 2020 20:43:23 +0000

Cases per capita is still very misleading without accounting for number of tests though, no?

Looking at some countries that offer more detailed data, you can sometimes see the cases double, while hospitalizations and deaths grow at a much lower rate (if at all).

Compare for example the UK:

- This chart for the daily new cases shows a dramatic second wave that even exceeds the first one: https://www.worldometers.info/coronavirus/country/uk/

- This chart for the positive rate on the other hand shows a modest increase to ~3% over the past few weeks, far below the 30% in April: https://ourworldindata.org/coronavirus-testing#the-positive-...

- And if you look at the number of tests you'll see it has more than tripled since April, hence the increase in "cases": https://ourworldindata.org/coronavirus-testing#how-many-test...

New comment by toupeira in "The Era of Visual Studio Code"

toupeira — Tue, 22 Sep 2020 23:16:02 +0000

ALE also supports CLI linters and formatters, LSP support only came later and is entirely optional.

New comment by toupeira in "The Era of Visual Studio Code"

toupeira — Tue, 22 Sep 2020 23:04:03 +0000

The situation is similar to Google Chrome/Chromium: Most of it is open-source, but the release binaries contain some proprietary bits for telemetry, marketplace access, etc.

A FOSS build is available at https://vscodium.com/

New comment by toupeira in "Gitlab reducing free tier CI/CD minutes from 2000 to 400 minutes"

toupeira — Thu, 03 Sep 2020 18:35:21 +0000

If that's an Open Source project you could apply for a free Gold license and get 50'000 minutes per group per month (see links in the article).

New comment by toupeira in "Firefox Android Build that caused issues is working as intended"

toupeira — Wed, 26 Aug 2020 15:20:58 +0000

Yeah, they seem to be more interested in doing UX research and "highlighting value" of this broken feature: https://github.com/mozilla-mobile/fenix/issues/5652

New comment by toupeira in "Firefox Android Build that caused issues is working as intended"

toupeira — Wed, 26 Aug 2020 14:02:59 +0000

> Page caching is way too aggressive. It's not acceptable to show days old versions of a website in a new tab. Yet, this happens to me on pretty much all news websites and blogs that I visit. Including HN. I have to reload freshly opened news websites to get the current version. To me this feels like a bug and I hope this is not actually intended behavior (that would be seriously misguided).

If this is with collections, apparently it's intentional: https://github.com/mozilla-mobile/fenix/issues/10417

New comment by toupeira in "PHP 8.0.0 beta 2"

toupeira — Tue, 25 Aug 2020 20:37:20 +0000

Thanks, TIL!

New comment by toupeira in "WebBundles harmful to content blocking, security tools, and the open web"

toupeira — Tue, 25 Aug 2020 20:34:39 +0000

So what do you think about the privacy concerns raised in the article, which seem like the more important point?

New comment by toupeira in "A new Firefox for Android experience"

toupeira — Tue, 25 Aug 2020 19:14:30 +0000

I got force-upgraded to Fenix a few weeks ago, I had checked out the betas and previews previously and was amazed at how much stuff is still missing or broken:

- Most extensions are not supported yet. Looks like we'll at least get this in Nightly soon:

  - https://github.com/mozilla-mobile/fenix/issues/14034

- Bookmark keywords are missing:

  - https://github.com/mozilla-mobile/fenix/issues/2497

  - https://github.com/mozilla-mobile/fenix/issues/12099

  - https://github.com/mozilla-mobile/fenix/issues/12100

- Tab Queue is missing:

  - https://github.com/mozilla-mobile/fenix/issues/470

  - https://github.com/mozilla-mobile/fenix/issues/12338

- Sharing a link from an app directly to another device is missing:

  - https://github.com/mozilla-mobile/fenix/issues/1523

  - https://github.com/mozilla-mobile/fenix/issues/11780

- Collections are confusing:

  - https://github.com/mozilla-mobile/fenix/issues/10417

  - https://github.com/mozilla-mobile/fenix/issues/11506

- Top toolbar is confusing:

  - https://github.com/mozilla-mobile/fenix/issues/11298

  - https://github.com/mozilla-mobile/fenix/issues/11314

- Somehow, they even managed to make opening a tab confusing:

  - https://github.com/mozilla-mobile/fenix/issues/10368

  - https://github.com/mozilla-mobile/fenix/issues/11833

  - https://github.com/mozilla-mobile/fenix/issues/12301

  - https://github.com/mozilla-mobile/fenix/issues/12774

New comment by toupeira in "PHP 8.0.0 beta 2"

toupeira — Fri, 21 Aug 2020 16:25:51 +0000

Article with an overview of the changes: https://stitcher.io/blog/new-in-php-8

Some highlights are union types, a JIT compiler, named arguments, annotations, and match expressions.

The approach to named arguments is interesting. It's nice that you don't have to change the signature of existing functions, but the downside seems to be that you can't enforce the usage of named arguments on callers, as in other languages like Ruby and Python where keyword arguments need to be declared as such.

    function foo(string $a, string $b, ?string $c = null, ?string $d = null) 
    { /* … */ }

    foo(
        b: 'value b', 
        a: 'value a', 
        d: 'value d',
    );

New comment by toupeira in "GitHub is experimenting with personal READMEs"

toupeira — Thu, 28 May 2020 19:00:50 +0000

GitLab supports this: https://gitlab.com/gitlab-org/gitlab/blob/master/doc/user/ma...

New comment by toupeira in "Google no longer providing original URL in AMP for image search results"

toupeira — Thu, 28 May 2020 00:15:13 +0000

Chromium is Open Source, Google Chrome isn't.

New comment by toupeira in "Should I Block Ads?"

toupeira — Fri, 22 May 2020 21:42:34 +0000

None of the podcasts I listen to have ads, many use things like Patreon or have a "first hour free, second hour only for members" model.

New comment by toupeira in "Stealing secrets from developers using WebSockets"

toupeira — Thu, 21 May 2020 20:00:06 +0000

Thanks, I was aware of the DNS rebinding possibility but not sure how to best protect against that. I'm also less worried about websockets and other things that I know are running on my machine, but more about all the other random devices floating around in my network.

What I really want is a way to block (by default) all connections to my local network from websites outside of my network, like a firewall.

It amazes me that browsers just allow this, this should require a permission prompt.

New comment by toupeira in "Stealing secrets from developers using WebSockets"

toupeira — Thu, 21 May 2020 19:37:10 +0000

Oh well. I ended up adding these rules to uBlock Origin, suggestions for improvement welcome:

    ||localhost^$important,third-party
    ||127.*^$important,third-party
    ||10.*^$important,third-party
    ||192.168.*^$important,third-party
    ||172.16.*^$important,third-party
    ||172.17.*^$important,third-party
    ||172.18.*^$important,third-party
    ||172.19.*^$important,third-party
    ||172.20.*^$important,third-party
    ||172.21.*^$important,third-party
    ||172.22.*^$important,third-party
    ||172.23.*^$important,third-party
    ||172.24.*^$important,third-party
    ||172.25.*^$important,third-party
    ||172.26.*^$important,third-party
    ||172.27.*^$important,third-party
    ||172.28.*^$important,third-party
    ||172.29.*^$important,third-party
    ||172.30.*^$important,third-party
    ||172.31.*^$important,third-party

New comment by toupeira in "Ask HN: Dark mode for HN please?"

toupeira — Sat, 16 May 2020 00:51:59 +0000

Reddit's user CSS was different, mods could edit it on subreddits and all visitors would receive it. On HN you'd only get the CSS you've set yourself, so there shouldn't really be a security concern (except for CSRF attacks against the settings form I guess).