Me: Computer, please install this program

Computer: No

Me: what

Computer: that program is dangerous

Me: why is it dangerous? It's a text editor.

Computer: Exactly! It can write FILES! To your HARD DRIVE! Do you understand how INSANELY DANGEROUS that is? Files! Just anywhere! Brrrrr. Don't thank me, I'm just doing my job. Keeping you safe.

Me: download it anyway, please. I want to edit files.

Computer: I'm reporting you for this. You are a menace to society. Files. For shame.

Me: What should I be doing instead of files?

Computer: Glad you asked! It's 2020. You should be spinning up a Kubernetes of Dockers on your public cloud each of which is a Github which send JSON messages over HTTP3 to the microservice host on your Virtualbox private cloud which is running a whole bunch more Dockers each of which is a Node.js which is pulling dependencies from

Me: files seemed a bit simpler than that


Show thread

Context: attempting to install Timimi on Chromium Edge

Spoiler: Edge DOES NOT LIKE DOWNLOAD, and thinks I am probably a cyber-criminal doing cyber-crime.

Show thread

I just... I just want to be able to save a web page that I've loaded from my local filesystem. Because it's mine, see, because I loaded it from my home directory.

Computer says BIG NOPE.

I don't think today's web browser developers have ever seen an actual file system.

Show thread

Maybe using 'DNS name' as the unit of security compartmentalisation for the Web isn't such a sensible idea when pocket home computers can be terabytes of data.

Show thread

@natecull They also assume all users need to be protected from themselves and should only install stuff from their curated app store.


i don't know how easy it is to do on windows but....

personally i always just run #tiddlywiki on nodejs now
(which basically treats the tiddlywiki as a web interface and manages the files 'server side')

in practice it functions nearly the same, the only part of the tiddlywiki that isn't customisable via its own data files is boot.js

@natecull oh dear, sane & easy tiddlywiki persistence 😑

@natecull I can think of better things than files, but the Empire of Mist and Vapor and turning every application into a silo ain't it.
@moonman @natecull I used to work with Jeff Darcy, who was a big believer in files. Actually, his position was a little more sophisticated: he thought that the rush to beyond-POSIX paradigms was throwing the baby with the bathwater. The problem is of course the one of performance and scalability. So, his thesis was that there wasn't anything unattaibale about a scalable and distributed POSIX filesystem, just everyone who hacked in the area wasn't smart enough and persistent enough to complete the task. Jeff's vehicle of choice was Gluster, primarily because it allowed to substitute key parts of the implementation using a VFS-like stacking. Realizing that existing Gluster sucked balls, Jeff set out to write his system as a new Gluster core, called "NSR" for New Style Replication. This continued for a bit until we bought Ceph. Seeing the sign on the wall, Jeff took his toys to Facebook. So far, the reliable, distributed, and performant POSIX filesystem remains a "pick 2 out of 3" kind of thing.

@pro @moonman

I think I could learn to love a filesystem replacement which was something like JSON objects (though it would probably need extensions for binary blobs). But it would be neat if we could have extremely tiny 'files', and files which had dictionary structure, and the whole things could be recursively nested.

@natecull have you seen that systemd wants to get rid of /etc/passwd and /etc/shadow because it's "too inefficient" to have systemd and two files on your computer

@ben @natecull
"So, for the simple act of logging in, three mechanisms are required (systemd, /etc/shadow, /etc/passwd). This is inefficient"

"all information will be placed in a cryptographically signed JSON record for each user"

What even is critical thinking

@Tak @natecull it's like the specs are written by a markov chain

@ben @natecull I feel like this would be a clever design if there hadn’t been 30 years Linux development based on the old paradigm. Like does Systemd think it’s Apple and can just shift everyone to a new FS every release cycle??

@NightRose @natecull the proposed system is only more efficient (assuming each file on the system in addition to systemd adds a constant amount of "inefficient") if the system has exactly one user

@ben @natecull true, but I was thinking more of the supposed benefits in terms of the security and portability.

@NightRose @ben

(reading )

Good.... lord.

They're proposing to mangle everyone's user directories?

This is really nasty. How can I avoid getting this crap pushed to my home system? What distribution do I need to switch to to avoid any more future systemd nightmares?

@natecull Every time I think about using k8s my brain is like AAAAH AAAH BUT DOCKER IS SO SIMPLE WHY DID THEY MAKE IT SO COMPLICATED AAAH!!!! and I run screaming :) Also node seems cool except they seem to INSIST on shooting themselves in the foot with every bullet the Perl, Python, and Ruby communities shot themselves in the foot with 20 years ago and got better :)

@feoh oh no! what are the things that Node have done wrong?

@feoh the answer to "why make everything so complicated" is of course, "because Google won't fund any technology that can't handle a billion nodes, and if you're running a billion nodes the complexity pays off after the first million or so"

if you're trying to run one node, the complexity.... maybe doesn't pay off.

@natecull @feoh It's literally useless to use k8s for your personal simple services (which are not being used by millions of people, only you and the other 10 internet bots shitting with you). Those nodes are fine to us, but we have to use k8s? fuck them.

@natecull I think 'done wrong' is an oversimplification, but, I mean, look at the entire leftpad() fiasco as a for-instnace. One person de-publishing their work brought large chunks of the node.js ecosystem crashing down around its ears, and then there's the huge issue with malware in the NPM package registry... The list goes on.


yep I think this thread is exactly my complaint about JSON.

It's so nearly almost okay, but not quite, and the "not quite"-ness really shows when we try to use it for config files and queries

@natecull the fact that people use JSON as config file format even though it doesn't support comments drives me up the walls

@natecull "surely then," you might think, "you welcome YAML, the JSON superset with comments and all!"

but as professional YAML developer (DevOps) i have learned that YAML is a delusion, and the only truth is how layers and layers of software in the background interpret your typos.



I've always been a bit worried about YAML. Is it interpreted differently by different software?

I suppose what I keep thinking is: comments are great, but, I would kinda like my data formats to be robust to round-tripping, and that means that comments ought to be just ordinary data elements that whatever consuming software knows to ignore.

Otherwise even if JSON had comments, the files wouldn't be 'JSON files', they'd be 'text files that happen to have JSON and also comments, and it's really really important that you never accidentally delete the comment part'.

That feels a bit wonky.

@natecull This is one of those things XML did well badly. A lot of toolkits at least had the option to retain and re-emit comments.

(Though this leads to its own problem is the data changes in ways that the comments don't.)

It even marked 'processing instructions' (things for machines that were none of its business) differently from comments (things for humans that were none of its business.)

@natecull Me: five different companies now have my credit card information


because granting write permission for one folder on your hard drive to a web page located inside that folder definitely totally logically implies granting transitive read permission to all files on your hard drive to all DNS domains everywhere on the Internet, and there is absolutely no way to build software where this does not occur.

@natecull http(3) - why no message broker. Nice handling with async, "less overhead", easier scheduling ....

same computer: ~happily executes arbitrary code on web pages~

@multiple_creatures but that's okay, see, because the code came from a Website who've paid for an HTTPS certificate, that must mean it's Certified Not Evil

@natecull You should try a system you actually own, like GNU/Linux ;)

@babel It's not an OS thing, it's a browser thing. Firefox does similar games with locking down filesystem access, which is why hacky workarounds like Timimi exist in the first place.

Although possibly Firefox's "dangerous code" detector algorithm isn't quite as draconian as Chromium Edge's.

@babel If there were an Open Source browser that didn't do all this ridiculous security theatre and rethought permissions from the ground up based around something like directory-based capabilities, then that would be nice

but there isn't

@babel of course, yes, because Firefox is open source, of course I have the legal right to fork it and just (checks several billion lines of code) fix the bug

@babel @natecull Ubuntu does the same thing. I installed gimp once from their "app store" thing and it couldn't even export files.
And i had to look up why. And find the settings to let it write to files.
It didn't even ask me.

(but it's not a problem on any other distro I've used)

@grainloom @babel

Hmm is that Snap or something like that? I think recently Ubuntu is pushing some kind of virtualised app format, which.... I dunno, maybe it's a good thing, I just don't know anymore.

I think.... I think we really would need to write a whole new OS to do Capabilities correctly, and that's a pity

@natecull @grainloom Yes, I thinks is snap which I don't like at all. I've had issues with permissions using flatpak and snaps before.


Why do I have the impression that your computer sounds an awful lot like Donald Trump ? 🤣



In this case, 'computer' is Microsoft Chromium Edge's built-in 'this file may be dangerous' detector, which seems to be very non-transparent, has extremely strong opinions, runs on a hair trigger..... hmmmmmmm

@natecull Users should always be able to take control, and should revolt when they can't.

.. but the risk from "just a text editor" is there, unless there is a sandboxing in place or something.


I know the risk is there. The problem is, the risk is there because the security model (for the browser) is pretty useless.... alll of 'file:///' is one security domain.

The security domain shouldn't be just the hostname. It should be a whole path prefix.

But fixing this error probably will break large chunks of the Web, and people who have large numbers of web servers and don't care about file:/// are the ones paying for browser development.


(That's the root cause, and why I was trying to download an EXE from Github to work around it, and then Microsoft got angry because it was an unsigned EXE, as if code signing of arbitrary binaries would mean anything and would help.)

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!