Me: Computer, please install this program
Computer: that program is dangerous
Me: why is it dangerous? It's a text editor.
Computer: Exactly! It can write FILES! To your HARD DRIVE! Do you understand how INSANELY DANGEROUS that is? Files! Just anywhere! Brrrrr. Don't thank me, I'm just doing my job. Keeping you safe.
Me: download it anyway, please. I want to edit files.
Computer: I'm reporting you for this. You are a menace to society. Files. For shame.
Me: What should I be doing instead of files?
Computer: Glad you asked! It's 2020. You should be spinning up a Kubernetes of Dockers on your public cloud each of which is a Github which send JSON messages over HTTP3 to the microservice host on your Virtualbox private cloud which is running a whole bunch more Dockers each of which is a Node.js which is pulling dependencies from
Me: files seemed a bit simpler than that
Computer: WELL WE HAD A VOTE AND YOU WEREN'T THERE AND WE SAID FILES SUCK.
I just... I just want to be able to save a web page that I've loaded from my local filesystem. Because it's mine, see, because I loaded it from my home directory.
Computer says BIG NOPE.
I don't think today's web browser developers have ever seen an actual file system.
Maybe using 'DNS name' as the unit of security compartmentalisation for the Web isn't such a sensible idea when pocket home computers can be terabytes of data.
@natecull They also assume all users need to be protected from themselves and should only install stuff from their curated app store.
i don't know how easy it is to do on windows but....
personally i always just run #tiddlywiki on nodejs now
(which basically treats the tiddlywiki as a web interface and manages the files 'server side')
in practice it functions nearly the same, the only part of the tiddlywiki that isn't customisable via its own data files is boot.js
@natecull oh dear, sane & easy tiddlywiki persistence 😑
I think I could learn to love a filesystem replacement which was something like JSON objects (though it would probably need extensions for binary blobs). But it would be neat if we could have extremely tiny 'files', and files which had dictionary structure, and the whole things could be recursively nested.
They're proposing to mangle everyone's user directories?
This is really nasty. How can I avoid getting this crap pushed to my home system? What distribution do I need to switch to to avoid any more future systemd nightmares?
@natecull Every time I think about using k8s my brain is like AAAAH AAAH BUT DOCKER IS SO SIMPLE WHY DID THEY MAKE IT SO COMPLICATED AAAH!!!! and I run screaming :) Also node seems cool except they seem to INSIST on shooting themselves in the foot with every bullet the Perl, Python, and Ruby communities shot themselves in the foot with 20 years ago and got better :)
@feoh oh no! what are the things that Node have done wrong?
@feoh the answer to "why make everything so complicated" is of course, "because Google won't fund any technology that can't handle a billion nodes, and if you're running a billion nodes the complexity pays off after the first million or so"
if you're trying to run one node, the complexity.... maybe doesn't pay off.
@natecull I think 'done wrong' is an oversimplification, but, I mean, look at the entire leftpad() fiasco as a for-instnace. One person de-publishing their work brought large chunks of the node.js ecosystem crashing down around its ears, and then there's the huge issue with malware in the NPM package registry... The list goes on.
@natecull Let's switch to plan B... ehrm, Plan 9.
@natecull speaking of files and githubs and JSON: https://dev.glitch.social/@hirojin/104139699524954907
yep I think this thread is exactly my complaint about JSON.
It's so nearly almost okay, but not quite, and the "not quite"-ness really shows when we try to use it for config files and queries
@natecull the fact that people use JSON as config file format even though it doesn't support comments drives me up the walls
@natecull "surely then," you might think, "you welcome YAML, the JSON superset with comments and all!"
but as professional YAML developer (DevOps) i have learned that YAML is a delusion, and the only truth is how layers and layers of software in the background interpret your typos.
I suppose what I keep thinking is: comments are great, but, I would kinda like my data formats to be robust to round-tripping, and that means that comments ought to be just ordinary data elements that whatever consuming software knows to ignore.
Otherwise even if JSON had comments, the files wouldn't be 'JSON files', they'd be 'text files that happen to have JSON and also comments, and it's really really important that you never accidentally delete the comment part'.
That feels a bit wonky.
@natecull Me: five different companies now have my credit card information
because granting write permission for one folder on your hard drive to a web page located inside that folder definitely totally logically implies granting transitive read permission to all files on your hard drive to all DNS domains everywhere on the Internet, and there is absolutely no way to build software where this does not occur.
@natecull http(3) - why no message broker. Nice handling with async, "less overhead", easier scheduling ....
same computer: ~happily executes arbitrary code on web pages~
@multiple_creatures but that's okay, see, because the code came from a Website who've paid for an HTTPS certificate, that must mean it's Certified Not Evil
@natecull You should try a system you actually own, like GNU/Linux ;)
@babel It's not an OS thing, it's a browser thing. Firefox does similar games with locking down filesystem access, which is why hacky workarounds like Timimi exist in the first place.
Although possibly Firefox's "dangerous code" detector algorithm isn't quite as draconian as Chromium Edge's.
@babel If there were an Open Source browser that didn't do all this ridiculous security theatre and rethought permissions from the ground up based around something like directory-based capabilities, then that would be nice
but there isn't
@babel of course, yes, because Firefox is open source, of course I have the legal right to fork it and just (checks several billion lines of code) fix the bug
Hmm is that Snap or something like that? I think recently Ubuntu is pushing some kind of virtualised app format, which.... I dunno, maybe it's a good thing, I just don't know anymore.
I think.... I think we really would need to write a whole new OS to do Capabilities correctly, and that's a pity
Why do I have the impression that your computer sounds an awful lot like Donald Trump ? 🤣
In this case, 'computer' is Microsoft Chromium Edge's built-in 'this file may be dangerous' detector, which seems to be very non-transparent, has extremely strong opinions, runs on a hair trigger..... hmmmmmmm
oh, damn. xD
@natecull Users should always be able to take control, and should revolt when they can't.
.. but the risk from "just a text editor" is there, unless there is a sandboxing in place or something.
I know the risk is there. The problem is, the risk is there because the security model (for the browser) is pretty useless.... alll of 'file:///' is one security domain.
The security domain shouldn't be just the hostname. It should be a whole path prefix.
But fixing this error probably will break large chunks of the Web, and people who have large numbers of web servers and don't care about file:/// are the ones paying for browser development.
(That's the root cause, and why I was trying to download an EXE from Github to work around it, and then Microsoft got angry because it was an unsigned EXE, as if code signing of arbitrary binaries would mean anything and would help.)
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!