I'm reminded of the ArchLinux AUR, which deals with a problem kind of like this. AUR managers show a diff of what changed in a package on each update.
Perhaps one could make extension auditing easier by scripting together a Git repository from extracted xpis, and presenting updates as patches to that repository. This is probably only viable for high-security environments - it's not with it in the common case.
Of course, the real fix would come from Firefox itself: it should provide signed extensions and a way to tie them back to Git repositories with source code, which would eliminate the need for the above automation, and allow people to crowdsource extension auditing.
Alternatively: I was thrown off by the new tab behavior in Tree-Style Tabs and didn't want the complexity of a tree of tabs. Vertical Tabs Reloaded[0] gives me the "tabs in a sidebar to the left" without the complexity.
Yeah, when I worked at thousand-person companies it was like this:
CEO -> SVP -> VP -> Eng manager -> IC
Or, alternatively,
CEO -> Director -> Manager of managers -> Manager -> IC
I didn't feel like either needed more middle management (each had about ~2k employees), but in the case of the latter some reorganization would have helped (some managers had 50+ reports).
As an indication of the effect that the original 1999 paper has had on security research, and its legacy, let me also mention the paper "Why Johnny Still Can’t Encrypt" [1] from 2006, and the paper "Why Johnny Still, Still Can't Encrypt" [2] from 2015.
Perhaps in a few more years Johnny will finally be able to encrypt using email software that supports the emerging Autocrypt standard. [3]
Repeatedly what makes a big difference has been ambient availability. Something is "just there" and you rely on it without even thinking about it - the way we mostly take clean water for granted in in the industrialised world.
I believe this was important for DSL and similar technologies often labelled "broadband" Internet service. Having 5Mbps rather than 50kbps seems important but what I'm confident really mattered was that the former was Always On, you didn't have to "go online" to check email or do a search or watch a video any more, and that changes how you think about everything.
For encrypted messaging that's delivered by systems like Whatsapp (and of course Signal) because everything is always encrypted all the time. It is not delivered when you need to explicitly "turn on" encryption, no real users will do that for routine conversations.
It makes a huge difference in transit too, transit engineers call it "metro service" - once you schedule at high enough frequency users change how they use the service. If there's one train a day people need to plan "OK, the train is at 11:23 so I need to be at the station a few minutes before that". When there's one bus a minute (some London peak bus routes) that never occurs to the passenger at all. They just catch a bus when they need one, because obviously there will be a bus, there is always a bus.
In many countries 4G wireless Internet has this sort of "ambient availability" outdoors in populated areas, but not so much in the wilderness or indoors.
EduRoam (and to a lesser extent GovRoam) do this for WiFi. The experience is that whether you're at your university or some foreign university maybe for a conference, WiFi just works the same everywhere magically.
Autocrypt seems to have some thoughts towards ambient availability but it's a long way from here. I wish you luck but if you can't reach that point it's probably not going to make a significant difference.
Compact mode, which Reddit also offers, is an easy way to satisfy both camps. Set the default to whatever your users prefer (determine this with A/B testing) and allow the other choice in Settings.
Totally agree. I did government research for a while and published papers. Don't exclude them - anyone at the intersection of government work and research is likely to have meaningful contributions to this website.
In this contest, you are to intentionally insert a difficult-to-detect bug into otherwise legible code. In the obfuscated C contest, you are writing obfuscated code.
Yi is really nice, overall. The code is clean too.
I don't remember all of the issues, but there are a ton of small things that make the editor unusable to me. I used it for a couple of weeks, and I spent some time working on these issues, but never had PR-worthy code. Here's what I can remember off the top of my head:
- Startup time is very slow because of the way configuration works. In my local copy, I made a version without runtime configuration, and that solved this problem. This conflicts pretty badly with the whole architecture, so I didn't make a PR.
- :n :N don't work. Opening multiple files from the command line doesn't work.
- :cq doesn't work. I fixed this, but my fix was a hack, so I didn't make a PR.
- Operating on regions with '{' and '}' is off by one line in some directions.
- You can't replace regions with shell commands. For example, using '!}sort' to sort a paragraph.
Not ideal, but it's better than nothing.