Clojurians Log v2
clojure-europe
Good Morning!
The early worm gets eaten...
Morning :)
morning
God morgen, ja?
Morning
Morning
mogge
going through my old vector editing code and using pop and peek a lot more. I just wish it worked on transient vectors
if you wish that, surely you should be using Java mutable datastructures
that's exactly what they are for
that's what also crossed my mind
there is that. The clojure transient ones have conj! and assoc! which do most things. I just wish I had the rest of the api from the persistent ones
update!
pop!
peek shouldn't need a bang tho
@otfrom Maybe look into that zach tellman Java lib?
I've been stung by abandonware there a few too many times (lots of good thought tho. lots to learn from)
you mean ZT abandonware?
yes
We're still using yada on aleph, runs pretty well. I wonder what libs have stung you @otfrom
automat
never heard of it
I needed some state machine help
(I did google it now)
just lots of archived repos on https://github.com/ztellman?tab=repositories
it is good smart stuff
some things just don't stand the test of time I guess (in terms of wanting to invest time and energy). also it doesn't help that he's not working on Clojure anymore
the bifurcan thing he still seems to be working on. maybe there's similar mutable/functional collections in Java world
yeah, the move away from clojure doesn't help much. There is a lot of good stuff in there (aleph and manifold being good examples)
aleph and manifold seem to have reasonable communities around them
part of it for me is having had other tools disappear underneath me in the past (tho those were proprietary). I think that is part of what I like about the conservative slow moving nature of clojure
I think I've heard you talk about this on defnpodcast :)
I've seen a tweet yesterday of someone whose google account was deactivated and he lost access to all his mail, etc. This seems like a nightmare to me. I do use gmail/google docs etc a lot.
yeah, at least mail services are reasonably replaceable. I do worry that I'm too dependent on big G atm
self hosted email while possible is difficult atm
I discovered Google Takeout which sends all your data as zip files
slightly easier for individuals but tricky for companies with spam filtering et al
my behaviour is basically a large pile of scar tissue
and laziness
so now at least I've got a backup. But the loss of access to certain accounts which I may not be able to recover... I do have a dedicated password manager, but I'm not sure if it's 100% accurate...
I keep my important passwords encrypted locally
yeah, I do have that too
but you know how it goes, create a new account, let your browser save it and forget to update PW manager...
anyway, now I'm scared but I'm not certain yet what to do.
now it is a battle between fear, laziness, and hubris
(hubris is believing that you will do it later)
and undecidedness/ignorance
Be in the here and now* (battle between fear etc.)
Don't let laziness escape your try... you will finally catch the error before you die! (Clojure proverbs)
finally, finally
(added)
Iβm using 1Password and have disabled as much as I can all browser password prompts. Also http://fastmail.fm for email, I migrated my google mail some years ago and itβs nice.
I should probably migrate my personal email to fastmail or similar I really need google apps for the business tho
given my customers, perhaps Office 365 would make more sense
tho who do I trust more? Google doing some kind of AI experiment as a hobby (to see how they can work in more advertising) or MS and their muddled product thinking
I'm not sure
the only real fall back is as always FLOSS, but then I lose a lot of collaboration features and UX sugar
if everyone knew git and emacs and org it would be fine (it wouldn't actually, I've tried it before and it was painful)
Moving emails to Fastmail is easy. I still have a google account and we pay for a family office 365 license so thereβs that too.
congrats on the release @slipset π
Thanks. Took some time to figure out what the problem really was.
I lost about 30 minutes today to not reading properly
Funny thing is that deps-deploy is a somewhat contradictory piece of tooling.
If you live in the clj-tooling space, there is really no need to deploy your things to clojars.
github ftw!
maybe clojars could move over to a content addressing system for the source code?
@orestis also using 1password (still the one time pay version from years ago, it still works!)
I use bitwarden
I run it locally
Fastmail looks good but maybe doesn't make sense when you're from the EU as it seems a US based company?
I use Protonmail π
how is their web ui? I usually don't use a desktop client
It's very very nice
They've put a lot of thought into it
I'd actually quite like SMTP and IMAP, but then I want to have it ALL IN EMACS!
I also run mail-in-the-box
which is super simple to setup and gives you a fullly controlled email system, hosted by yourself on some vm somewhere.
I also run a mail server on a VM but I don't want to rely on that
It does do automatic backups, which one can transfer (securely) somewhere. I've restored a fresh install of mail-in-the-box from a previous backup with no issues (actually a migration from a digital ocean vm to an aws vm)
All depends I suppose on the effort one is willing to put into hosting one own's email system π
Iβm thinking of migrating my custom setup to mail-in-the-box
Hmm, what if Protonmail goes bankrupt though? I guess mail is never safe unless you do it yourself, but then again, my VPS can get hacked
I think they might a better at protecting their servers than the random guy
E2E encryption is the only solution
There's always a risk they may go bankrupt, but there are no signs of that occuring. They seem to be pretty up-front about things.
Doesn't proton not support smtp? :)
Proton have always seemed a bit shady to me. There was that whole ransom business. It also feels weird to claim the email is E2E, email is only E2E within their service. I can do better than that with XMPP etc.
That's not completely true about end-to-end encryption only within their service
All email has that issue, at the edges, it'll just be plain text - and I use gpg extensively, but once it's decrypted on the client (and you have to trust the client), then it's just plain text
Anyhooo, they have ProtonMail bridge which enrypts email on the client before sending to their servers.
aka like gpg encrypting the email before sending it across t'interwebs
Must admit I don't keep up. For me, GPG + JavaScript is a nono :)
Can you explain?
Ah, just looked up the bridge. Doesn't solve use-cases like Android :)
The deployment model of the web isn't particularly amenable to user-consenting deploys, verification, etc. Nothing stops me from being delivered a special bundle which uploads the plaintext as well. Browsers aren't really all that safe. Not to mention the fact the client could steal my whole gpg key.
Ah true that
Good thing I use (neo)mutt
I'm a cli kinda guy π
browsers (and their vunerabilities) are certainly a weak link in the chain
Not so much browsers, but browsers assume you trust the server, which I don't when it comes to encryption. Client->Client encryption only pls.
With protonmail android client (assuming there is one) how do you get your GPG key across?
Must admit (myself) that I don't use proton email on android
I don't think they do gpg on the mobile
So is plain text on mobile?
I would imagine it is encrypted before sending
and decrypted upon receiving.
However, if it's sent over ssmtp, then that would also be encrypted in transit
then you just have to trust your mobile phone π
Well yes, the Play Store update cycle is nefarious in itself. But that's what F-Droid is for :)
GPG is supported on mobile. I'm guessing they generate a key on the client, upload the public component so that messages are encrypted for all devices, and you don't get access to history.
<https://f-droid.org/en/packages/ch.protonvpn.android/>
interesting π
Free VPNs
<https://github.com/ProtonVPN/android-app> their source code is there
personally, I use wireguard and run my own vpn service
just for moi
You're all finding out about the size of my tin foil hat
Oh, I'm pretty careful when it comes to leaking my data too π Can't prevent all leakage, but I try to contain as much as I can.
Admittedly I'm terrible with email, I use gmail. But I'm always pretty skeptical about anything that makes bombastic claims that mean they make compromises.
@dominicm Did you see that tweet yesterday about that guy whose account was closed?
@borkdude No. But I hear about it all the time. It's an active anxiety of mine. I'm worried they'll decide I'm a bad person and shut down my account.
I just don't know that I'm yet happy with alternatives. I'll definitely be moving to something under my own domain in future (as I have with XMPP) so that I can always move elsewhere if the need arises.
that's my main worry, the randomness of it
I don't worry too much because I don't comment on YT or anything like that, so there's no real leverage they have over me. I'm hoping for now they won't scan my emails and decide I'm bad because of that (or I guess if I emailed someone who became a spammer? dunno)
@borkdude what did that guy on twitter get banned for?
that's the whole problem: he doesn't know and google doesn't say. https://twitter.com/dhh/status/1318999696006926343
Oh, dhh :P
@dominicm actually this guy: https://twitter.com/Cleroth/status/1318911490863337472
Yeah, I saw the link. Just rolled my eyes a little at dhh bringing it up :p He's on an anti-google path at the moment (not wrongfully)
Well, anti big-tech. It's pretty cool how he went to congress & such