First a big thank you for your fantastic efforts and for letting the world participate by open sourcing all that stuff!
But one thing: Please make it easy to generate VIDEO OUTPUT with your libraries!
This is an artificial limitation that I hit with many charting libraries - output generation is html (js) only and people who would like to create moving images have unnecessary problems shoehorning that nice chart library into outputting to a high resolution video.
Please do not limit your designs to one output medium.
what events? It would be great if he spoke openly, so people not following tor very intensively would know what is so concerning. Yes, I am living under a rock.
In the config.rc file you could call that folder however you want.
I personally do not like ".meta", because it is not clear what kind of information it may contain. "Meta" might be anything, documentation, description, website, design papers, everything is meta. It is a bit like using "Information" as a menu entry for a website.
beefsack is right, please do NOT make it a github specific thing. Just one config folder. All config files for services, integration, etc. should go there.
May I ask you for some little thing that might change the (development) world? Would you please like to introduce a folder, where people might put their dependency.yml file - this is an effort to finally stop the spreading cancer of "put one more config file into the project root".
I would like to suggest to call that folder simply "config" - all the projects and tools out there should have no problem with that. Optionally there could be one top level config file called "config.rc" - this file points to the actual config dir if it is not "config".
It would be verrry nice if one service just starts with that and hopefully all the others will follow and it will become a defacto standard. The pollution of the top level project directories really must stop.
Especially Bookie looks good and would be a preferred candidate to transition to if you are still using the very old 'Sitebar', 'Scuttle' or the interesting 'Semantic Scuttle'.
> but there is a reason no one wants to do that these days
The reason is, that JS is enabled by default, nothing else.
If users had the possibility to actively decide before any remote code will execute on their computer, how many would like to enable it?
We are just one default checkbox setting away from what you call "utopia" here - a word that should be used for much bigger things.
Of utopic naivity in deed is the expectation that such powerful features will not be misused - delivering browsers with code execution enabled by default will be looked at as one of the most funny things of the first internet in a few
decades.
Web application development paradigms that enforce JavaScript usage as an absolute necessity are examples of "naive utopian deadends". It is totally anti-avantgarde and anti-progressive, we should not waste so many young talents on that.
"remote-execution-by-default": web browsers execute code that was loaded from an untrusted source somewhere on the internet. Every (ok, most) browsers by default allow any website you visit to execute JavaScript code in your browser.
"same origin" is about the source of that code, only of minor relevance here as long as no working signed code distribution mechanism and infrastructure exists - why not, btw, after all these years?
For communications and general information transmission we do not need remote code execution.
Yes, browsers try to do that in a "safe way" - the "sandboxing" approach has been exercised for many years now, mostly without success. Maybe Qubes OS can be a successful approach to this problem, but we still have too many non-technical problems to solve, as reality shows, so enough time to do more research. Until then: css only should be the default.
CSS gives us a very good way to stop going on with that inacceptable defaults while we fix the first version of the internet.
I am missing one important argument in this discussion:
CSS only design is an important piece of a future web with reduced security and privacy threads.
The (interesting) model of allowing remote code execution per default was a beautiful, but naive vision. We have to make big advances in technology, politics and society to make this model work in a way that does not make internet users victims by default. We are not there yet. Reality is: the crooks destroyed that vision and are advantaged by the current situation, while all internet users are being trapped in their first moment of browser usage without their consent or knowledge.
For many use cases, (e.g. government websites, banking, anything where you type in your name) css-only design should become a requirement by law to protect the user until we figured out how to write secure software that respects user privacy and how to form governments that will respect their citizens (possibly will take longer). Until then browser vendors should implement more and better possibilities for CSS that help to avoid JavaScript whenever possible.
I very much like JS animations and stuff happening in the browser window, also there are some edge cases where JS brings some important advancements to a UI, but we have to face that privacy and security are much more important issues than having a nice UI and we have to change the current situation, as we, as programmers, are responsible for it.
The "remote-execution-by-default" experiment has failed, we need to change that, and CSS is a great way to go on with a web that might be less problematic for everyone, but still offers very nice usage experiences.
Have you seen the whole presentation or just the first minutes? In the beginning he is showing some edge cases of css only usage, but then he actually demos some really good examples. The slides are here:
Interesting! Would you please like to post some links to actual privilege escalation code for a stock Ubuntu 16.04 - thank you very much for your attention!
thanks, this looks like a good start.
I would like to add "watchers" and "signals" that could trigger sequences. But I do not want to reinvent things, sure there must be something already out there (I am just an occasional user of js animations for gui elements, so I have no clue about the js animation universe).
consul and vault are very nice for devops.