Fork me on GitHub
#clojure-europe
<
2020-10-22
>
dharrigan06:10:26

Good Morning!

ordnungswidrig06:10:23

The early worm gets eaten...

slipset07:10:37

God morgen, ja?

otfrom13:10:03

going through my old vector editing code and using pop and peek a lot more. I just wish it worked on transient vectors

Ben Hammond15:10:12

if you wish that, surely you should be using Java mutable datastructures

Ben Hammond15:10:24

that's exactly what they are for

borkdude15:10:14

that's what also crossed my mind

otfrom15:10:15

there is that. The clojure transient ones have conj! and assoc! which do most things. I just wish I had the rest of the api from the persistent ones

otfrom15:10:57

peek shouldn't need a bang tho

borkdude15:10:15

@otfrom Maybe look into that zach tellman Java lib?

otfrom15:10:57

I've been stung by abandonware there a few too many times (lots of good thought tho. lots to learn from)

borkdude15:10:41

you mean ZT abandonware?

borkdude15:10:57

We're still using yada on aleph, runs pretty well. I wonder what libs have stung you @otfrom

borkdude15:10:14

never heard of it

otfrom15:10:26

I needed some state machine help

borkdude15:10:28

(I did google it now)

otfrom15:10:06

it is good smart stuff

borkdude15:10:00

some things just don't stand the test of time I guess (in terms of wanting to invest time and energy). also it doesn't help that he's not working on Clojure anymore

borkdude15:10:23

the bifurcan thing he still seems to be working on. maybe there's similar mutable/functional collections in Java world

otfrom16:10:52

yeah, the move away from clojure doesn't help much. There is a lot of good stuff in there (aleph and manifold being good examples)

otfrom16:10:27

aleph and manifold seem to have reasonable communities around them

otfrom16:10:33

part of it for me is having had other tools disappear underneath me in the past (tho those were proprietary). I think that is part of what I like about the conservative slow moving nature of clojure

borkdude16:10:52

I think I've heard you talk about this on defnpodcast :)

borkdude16:10:05

I've seen a tweet yesterday of someone whose google account was deactivated and he lost access to all his mail, etc. This seems like a nightmare to me. I do use gmail/google docs etc a lot.

otfrom16:10:49

yeah, at least mail services are reasonably replaceable. I do worry that I'm too dependent on big G atm

otfrom16:10:12

self hosted email while possible is difficult atm

borkdude16:10:30

I discovered Google Takeout which sends all your data as zip files

otfrom16:10:37

slightly easier for individuals but tricky for companies with spam filtering et al

otfrom16:10:05

my behaviour is basically a large pile of scar tissue

otfrom16:10:09

and laziness

borkdude16:10:11

so now at least I've got a backup. But the loss of access to certain accounts which I may not be able to recover... I do have a dedicated password manager, but I'm not sure if it's 100% accurate...

otfrom16:10:42

I keep my important passwords encrypted locally

borkdude16:10:49

yeah, I do have that too

borkdude16:10:08

but you know how it goes, create a new account, let your browser save it and forget to update PW manager...

borkdude16:10:30

anyway, now I'm scared but I'm not certain yet what to do.

otfrom16:10:53

now it is a battle between fear, laziness, and hubris

otfrom16:10:02

(hubris is believing that you will do it later)

borkdude16:10:17

and undecidedness/ignorance

borkdude16:10:41

Be in the here and now* (battle between fear etc.)

borkdude16:10:30

Don't let laziness escape your try... you will finally catch the error before you die! (Clojure proverbs)

otfrom16:10:31

finally, finally

orestis16:10:04

I’m using 1Password and have disabled as much as I can all browser password prompts. Also http://fastmail.fm for email, I migrated my google mail some years ago and it’s nice.

otfrom16:10:39

I should probably migrate my personal email to fastmail or similar I really need google apps for the business tho

otfrom16:10:57

given my customers, perhaps Office 365 would make more sense

otfrom16:10:41

tho who do I trust more? Google doing some kind of AI experiment as a hobby (to see how they can work in more advertising) or MS and their muddled product thinking

otfrom16:10:45

I'm not sure

otfrom16:10:13

the only real fall back is as always FLOSS, but then I lose a lot of collaboration features and UX sugar

otfrom16:10:45

if everyone knew git and emacs and org it would be fine (it wouldn't actually, I've tried it before and it was painful)

orestis17:10:59

Moving emails to Fastmail is easy. I still have a google account and we pay for a family office 365 license so there’s that too.

otfrom17:10:52

congrats on the release @slipset 🙂

slipset17:10:19

Thanks. Took some time to figure out what the problem really was.

otfrom17:10:45

I lost about 30 minutes today to not reading properly

slipset17:10:25

Funny thing is that deps-deploy is a somewhat contradictory piece of tooling.

slipset17:10:57

If you live in the clj-tooling space, there is really no need to deploy your things to clojars.

otfrom17:10:25

github ftw!

otfrom17:10:45

maybe clojars could move over to a content addressing system for the source code?

borkdude17:10:09

@orestis also using 1password (still the one time pay version from years ago, it still works!)

dharrigan17:10:44

I use bitwarden

dharrigan17:10:46

I run it locally

borkdude17:10:31

Fastmail looks good but maybe doesn't make sense when you're from the EU as it seems a US based company?

dharrigan17:10:42

I use Protonmail 🙂

borkdude17:10:58

how is their web ui? I usually don't use a desktop client

dharrigan17:10:03

It's very very nice

dharrigan17:10:10

They've put a lot of thought into it

otfrom17:10:54

I'd actually quite like SMTP and IMAP, but then I want to have it ALL IN EMACS!

dharrigan18:10:56

I also run mail-in-the-box

dharrigan18:10:17

which is super simple to setup and gives you a fullly controlled email system, hosted by yourself on some vm somewhere.

borkdude18:10:48

I also run a mail server on a VM but I don't want to rely on that

dharrigan18:10:03

It does do automatic backups, which one can transfer (securely) somewhere. I've restored a fresh install of mail-in-the-box from a previous backup with no issues (actually a migration from a digital ocean vm to an aws vm)

dharrigan18:10:27

All depends I suppose on the effort one is willing to put into hosting one own's email system 🙂

ordnungswidrig18:10:46

I’m thinking of migrating my custom setup to mail-in-the-box

borkdude18:10:03

Hmm, what if Protonmail goes bankrupt though? I guess mail is never safe unless you do it yourself, but then again, my VPS can get hacked

ordnungswidrig18:10:11

I think they might a better at protecting their servers than the random guy

ordnungswidrig18:10:28

E2E encryption is the only solution

dharrigan18:10:53

There's always a risk they may go bankrupt, but there are no signs of that occuring. They seem to be pretty up-front about things.

dominicm19:10:00

Doesn't proton not support smtp? :)

dominicm19:10:50

Proton have always seemed a bit shady to me. There was that whole ransom business. It also feels weird to claim the email is E2E, email is only E2E within their service. I can do better than that with XMPP etc.

dharrigan19:10:46

That's not completely true about end-to-end encryption only within their service

dharrigan19:10:19

All email has that issue, at the edges, it'll just be plain text - and I use gpg extensively, but once it's decrypted on the client (and you have to trust the client), then it's just plain text

dharrigan19:10:44

Anyhooo, they have ProtonMail bridge which enrypts email on the client before sending to their servers.

dharrigan19:10:07

aka like gpg encrypting the email before sending it across t'interwebs

dominicm19:10:22

Must admit I don't keep up. For me, GPG + JavaScript is a nono :)

dharrigan19:10:38

Can you explain?

dominicm19:10:02

Ah, just looked up the bridge. Doesn't solve use-cases like Android :)

dominicm19:10:16

The deployment model of the web isn't particularly amenable to user-consenting deploys, verification, etc. Nothing stops me from being delivered a special bundle which uploads the plaintext as well. Browsers aren't really all that safe. Not to mention the fact the client could steal my whole gpg key.

dharrigan19:10:01

Ah true that

dharrigan19:10:13

Good thing I use (neo)mutt

dharrigan19:10:20

I'm a cli kinda guy 🙂

dharrigan19:10:56

browsers (and their vunerabilities) are certainly a weak link in the chain

dominicm19:10:29

Not so much browsers, but browsers assume you trust the server, which I don't when it comes to encryption. Client->Client encryption only pls.

dominicm19:10:37

With protonmail android client (assuming there is one) how do you get your GPG key across?

dharrigan19:10:45

Must admit (myself) that I don't use proton email on android

dharrigan19:10:32

I don't think they do gpg on the mobile

dominicm19:10:40

So is plain text on mobile?

dharrigan19:10:03

I would imagine it is encrypted before sending

dharrigan19:10:14

and decrypted upon receiving.

dharrigan19:10:46

However, if it's sent over ssmtp, then that would also be encrypted in transit

dharrigan19:10:01

then you just have to trust your mobile phone 😉

dominicm19:10:25

Well yes, the Play Store update cycle is nefarious in itself. But that's what F-Droid is for :)

dominicm19:10:13

GPG is supported on mobile. I'm guessing they generate a key on the client, upload the public component so that messages are encrypted for all devices, and you don't get access to history.

dharrigan19:10:41

interesting 🙂

dharrigan19:10:58

their source code is there

dharrigan19:10:11

personally, I use wireguard and run my own vpn service

dharrigan19:10:13

just for moi

dominicm19:10:18

You're all finding out about the size of my tin foil hat

dharrigan19:10:45

Oh, I'm pretty careful when it comes to leaking my data too 🙂 Can't prevent all leakage, but I try to contain as much as I can.

dominicm19:10:13

Admittedly I'm terrible with email, I use gmail. But I'm always pretty skeptical about anything that makes bombastic claims that mean they make compromises.

borkdude19:10:12

@dominicm Did you see that tweet yesterday about that guy whose account was closed?

dominicm19:10:08

@borkdude No. But I hear about it all the time. It's an active anxiety of mine. I'm worried they'll decide I'm a bad person and shut down my account.

dominicm19:10:42

I just don't know that I'm yet happy with alternatives. I'll definitely be moving to something under my own domain in future (as I have with XMPP) so that I can always move elsewhere if the need arises.

borkdude19:10:46

that's my main worry, the randomness of it

dominicm19:10:33

I don't worry too much because I don't comment on YT or anything like that, so there's no real leverage they have over me. I'm hoping for now they won't scan my emails and decide I'm bad because of that (or I guess if I emailed someone who became a spammer? dunno)

dominicm19:10:49

@borkdude what did that guy on twitter get banned for?

borkdude19:10:40

that's the whole problem: he doesn't know and google doesn't say. https://twitter.com/dhh/status/1318999696006926343

dominicm20:10:58

Yeah, I saw the link. Just rolled my eyes a little at dhh bringing it up :p He's on an anti-google path at the moment (not wrongfully)

dominicm20:10:03

Well, anti big-tech. It's pretty cool how he went to congress & such