adambrenecki's comments

Surely if it were the other way around, the timestamp being LE would mean that the resulting strings no longer sort lexicographically in timestamp order?

Another neat encoding is the base-20 character set that Open Location Codes ("plus codes") use:

> The characters that are used in Open Location Codes were chosen by computing all possible 20 character combinations from 0-9A-Z and scoring them on how well they spell 10,000 words from over 30 languages. This was to avoid, as far as possible, Open Location Codes being generated that included recognisable words. The selected 20 character set is made up of "23456789CFGHJMPQRVWX".

https://github.com/google/open-location-code/blob/master/doc...

Oracle aren't "charging for Java", they're charging for extended support for an old version of Java.

This is blatant clickbait.

> Avoiding it is fairly easy, by isolating all of the extension’s user interface in an <iframe> element.

Right, but if the social network website can modify the HTML that the Keybase extension is injecting, then surely it can also modify the iframe's URL to an attacker-controlled one? Or, for that matter, replace the event handler on the "Keybase Chat" button itself before it even gets clicked?

I'm not an extension developer, so there might be APIs available to extensions or restrictions on webpage JS that I'm not aware of, but I suspect the only secure way to do this (if you don't trust the page you're embedding in) might be to have the extension communicate with the native Keybase app, which then opens a chat window with the appropriate user, similar to how the 1Password browser extension works.

Open source doesn't just mean that the source is publicly available, either, though. This definitely isn't an open source license: https://gitlab.com/gitlab-org/gitlab-ee/blob/master/LICENSE

> ... it may not be possible for you to lock Europeans out reliably enough...

Here's a fun little example of this: If one of your parents was a British citizen, then you're a British citizen 'by descent'—not merely eligible to become a British citizen after you fill out a form, you're an automatic British citizen by default unless you renounce your citizenship. (This has caught out at least one member of the Australian parliament, where dual citizens aren't allowed to serve.) This means that you can have someone who's an EU citizen (for the time being, at least), who doesn't live in the EU, has never set foot on EU soil, and maybe isn't even aware that they're an EU citizen themselves.

> I do not have the resources to hire a Data Protection Officer (DPO) or EU Representative as required by GDPR.

Lots of people are responding to the DPO side of this sentence, saying that it's not as onerous as the author of this article is making it sound, but as someone who's also not based in the EU it's the "EU Representative" part that I'm more worried about myself.

Article 27 says:

> (1) Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.

Article 3(2) is the bit that says the GDPR applies to processing outside the EU of EU citizens' data etc.

> (2) The obligation laid down in paragraph 1 of this Article shall not apply to: > a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or > b) a public authority or body.

It's clear here that not everyone outside the EU needs to have an EU representative, but 2a is wordy and confusing enough that it's real hard for a non-EU non-lawyer to figure out with certainty whether or not they need one. The ambiguous combination of 'and's and 'or's don't help, but 'unlikely to result in a risk to the rights and freedoms of natural persons' sounds like something that's ambiguous enough on its own that you might need an EU lawyer to actually interpret it.

'a' and 'm' are assigned to in the body of the function. Having them as arguments that aren't provided (and thus initially set to undefined) just ensures that they can be assigned to without 'var', saving a character or two.

Here's something that's buried right at the bottom, but sounds really exciting:

> More concretely, our goal is to ship a high-performance standalone editor component suitable for use in any web application, something we could eventually use on GitHub.com. This standalone editor will give us a chance to test a limited set of critical features in production scenarios without building out an entire desktop-based editor. We plan to develop this new editor in the context of a prototype Electron application, but we'll offer the standalone component as a separate build artifact from the main app.

now.sh handles this quite nicely: when you log in there, they send you an email and display three random words. When you get the email, you verify the words match, click the link, and then you'll be logged in in the original browser tab, on the original device.

> (Of course, with DV certs being treated the same as OV certs, someone with a DV cert could just forge all of the metadata, as long as they control the domain; DV CA's don't verify the metadata, by definition.)

I don't know if every DV CA does this, but I got a couple of StartSSL's free certs a while back (before LE was around, and before the WoSign acquisition and subsequent debacle), and I recall the documentation saying "because this is a DV cert, we're just going to ignore all the metadata in your CSR and generate a certificate with those fields blank", or something along those lines.

> Dramatiq is licensed under the AGPL and it officially supports Python 3.6 and later. Commercial Licensing is also available.

Oh.

> I’ve done a ton of open source work over the course of my career. Companies have used that work to generate income for themselves. Inevitably, I’ve ended up supporting that software on those companies’ behalf for free and that is not sustainable long term.

This is totally 100% true and understandable. Unfortunately, a lot of devs are going to go "hmm, I could battle to convince someone that can approve purchases that it's worth forking out $2k/year for this, or I could just use Celery".

I agree. Even if you think /user/ or /res/ is too long or unsightly, you could have shorter prefixes like (in an example.com/username system) example.com/.settings or example.com/_settings, or (in an example.com/settings system) example.com/@username or example.com/~username.

That said, it might still be a good idea to blacklist these anyway, as you might end up with someone registering the username 'reset-password' (which isn't on this list yet) trying to phish your users, or 'support' trying to masquerade as your support, depending on what your app does.

You could probably get away with re-rendering at the actual paragraph level, provided you do a bit of minimal bookkeeping to track which input paragraph corresponds to which output paragraph—which, if you want to make it so that the input and output windows scroll alongside each other, you need to do anyway.

On a note that's tangentially related to this but more directly related to the top-level post, ProseMirror has a demo which involves a markdown-to-WYSIWYG editor where both sides are editable: http://prosemirror.net/examples/markdown/

Wagtail has a similar sort of thing, inspired by Sir Trevor I think, called StreamField; it still has to have a RichTextBlock type to support inline-level formatting (bold, italic, links, etc.) Currently it's either CKEditor or TinyMCE (I forget which) but they're replacing it with something implemented using Draft.js and serialised as JSON, which isn't far off what ProseMirror or this new CKE version do as far as I can tell.

You could say the same about the use of a capacitative display on glass rather than a resistive screen you operate with a stylus, or the high (for 2007) pixel density, or the smooth (for 2007) UI and animations, or inertial drag-to-scroll, or a whole bunch of other things the iPhone did first to make a touchscreen smart phone pleasant and enjoyable to use. I know that when I first used the OG iPhone, drag-to-scroll was the first thing that really felt like magic to me.

In reality, it's the combination of all those things and more that made the iPhone work, made it more appealing than anything Palm, RIM or Danger made. Just adding a proximity sensor, or one of the other things to that list, to a Palm Treo wouldn't have made it an iPhone.

Wait, so they're replacing a license that has a dodgy patent grant that everyone distrusted, with a license that doesn't have a patent grant at all? Why not Apache?

Anything over 10,000 AUD (about 8,000 USD) purchased with cash. AirPods are expensive but not _that_ expensive.

My guess is that they paid online for in-store pickup, and Apple asked for ID to confirm they're the one that made the purchase. In which case that's an Apple thing, not a government thing.

If you're copying code into a Keynote presentation, you can use Pygments' RTF output mode, copy it to the clipboard, and just paste it into a text box in Keynote. That way, because it's actual text, it's smooth regardless of output resolution. Here's an example I just pulled from my shell history:

    pygmentize -f rtf -O "fontface=Fira Code,fontsize=26" -l prolog familyinteract.pl | pbcopy

(That was for pasting code into Pages; for Keynote you'll probably want a bigger font size.)

I'm in Adelaide, Australia and I've never had this problem; I get maps within a second on both iOS and macOS, ADSL and LTE (Telstra in both cases).

(As an aside, from what I've heard, public transport support being terrible in Vic is mostly on PTV's head, not Apple or Google.)