It's amusing that Xe managed to turn what was historically mostly a joke/shitpost into an actually useful product. They did always say timing was everything.
I am kind of surprised how many sites seem to want/need this. I get the slow git pages problem for some of the git servers that are super deep, lack caches, serve off slow disks, etc.
Unesco surprised me some, the sub-site in question is pretty big, it has thousands of documents of content, but the content is static - this should be trivial to serve, so what's going on? Well it looks like it's a poorly deployed Wordpress on top of Apache, with no caching enabled, no content compression, no HTTP 2/3. It would likely be fairly easy to get this serving super cheap on a very small machine, but of course doing so requires some expertise, and expertise still isn't cheap.
Sure you could ask an LLM, but they still aren't good at helping when you have no clue what to ask - if you don't even really know the site is slower than it should be, why would you even ask? You'd just hear about things getting crushed and reach for the furry defender.
> but of course doing so requires some expertise, and expertise still isn't cheap
Sure, but at the same time, the number of people with expertise to set up Anubis (not that it's particularly hard, but I mean: even be aware that it exists) is surely even lower than of people with Wordpress administration experience, so I'm still surprised.
If I were to guess, the reasons for not touching Wordpress were unrelated, like: not wanting to touch a brittle instance, or organization permissions, or maybe the admins just assumed that WP is configured well already.
I have trouble with that because it’s brimming full of plugins too (see them all disorganized all over the source), and failing to keep such a system up to date ends in tears rapidly in that ecosystem.
> I am kind of surprised how many sites seem to want/need this.
The AI scrapers are not only poorly written, they also go out of their way to do cache busting. So far I've seen a few solutions, CloudFlare, require a login, Anubis, or just insane amounts of infrastructure. Some site have reported 60% of their traffic coming from bots not, smaller sites is probably much higher.
Fwiw, I run a pretty tiny site and see relatively minimal traffic coming from bots. Most of the bot traffic, when it appears, is vulnerability scanners (the /wp-admin/ requests on a static site), and has little impact on my overall stats.
My guess is that these tools tend to be targeted at mid-sized sites — the sorts of places that are large enough to have useful content, but small enough that there probably won't be any significant repercussions, and where the ops team is small enough (or plain nonexistent) that there's not going to be much in the way of blocks. That's why a site like SourceHut gets hit quite badly, but smaller blogs stay largely out of the way.
But that's just a working theory without much evidence trying to justify why I'm hearing so many people talking about struggling with AI bot traffic and not seeing it myself.
Well, we just spun up anubis in front of a two user private (as in publicly accessible but with almost all content set to private/login protected) forgejo instance after it started getting hammered (mostly by amazon ips presenting as amazonbot) earlier in the week, resulting in a >90% traffic reduction. From what we’ve seen (and Xe’s own posts) it seems git forges are getting hit harder than most other sites, though, so YMMV i guess.
I actually have a theory, based on the last episode of the 2.5 admins podcast. Try spinning up a MediaWiki site. I have a feeling that wiki installation are being targeted to a much higher degree. You could also do a Git repo of some sort. Either two could give the impression that content is changed frequently.
yep, I'm running a pretty sizeable game Wiki and it's being scraped to hell with very specific urls that pretty much guarantees cache busting. (usually revision ids and diffs)
I could believe that. Plus, because both of those are more dynamic, they're going to have to do more work per request anyway, meaning the effects of scraping are exacerbated.
My site that I’d like this for has a lot of posts, but there are links to a faceted search system based on tags that produces an infinite number of possible combinations and pages for each one. There is no way to cache this, and the bots don’t respect the robots file, so they just constantly request URLs, getting the posts over and over in different numbers and combinations. It’s a pain.
PoW anti-bot/scraping/DDOS was already being done a decade ago, I’m not sure why it’s only catching on now. I even recall a project that tried to make the PoW useful.
Xe here. If I had to guess in two words: timing and luck. As the G-man said: the right man in the wrong place can make all the difference in the world. I was the right shitposter in the right place at the right time.
And then the universe blessed me with a natural 20. Never had these problems before. This shit is wild.
The original ribbon sucked but with the improvements it's hard to say it's generally a bad choice.
The ribbon is a great fit for Office style apps with their large number of buttons and options.
Especially after they added the ability to minimize, expand on hover, or keep expanded (originally this was the only option), the ribbon has been a great addition.
But then they also had to go ahead and dump it in places where it had no reason to be, such as Windows Explorer.
> The ribbon is a great fit for Office style apps with their large number of buttons and options.
To me this is the exact use case where it fails. I find it way harder to parse as it's visually intense (tons of icons, buttons of various sizes, those little arrows that are sometimes in group corners...).
Office 2003 had menus that were at most 20-25 entries long with icons that were just the right size to hint what the entries are about, yet not get in the way. The ribbon in Office 2007 (Word, for example) has several tabs full of icons stretching the entire window width or even more. Mnemonics were also made impractical as they dynamically bind to the buttons of the currently visible tab instead of the actions themselves.
Close to 20 years later, people still complain about the ribbon. (1)
I think that says something about it.
--
1. And not just "grumble, grumble... get off my lawn..." Many of its controls are at best obscure. It hides many of them away. It makes them awkward to reach.
Many new users seem as clueless, or even more so, than pre-existing customers who experienced the rug pull. At least pre-ribbon users knew there was certain functionality that they just wanted to find.
(And I still remember how MS concurrently f-cked with Excel shortcut keys. Or seemed to have, when I next picked Excel up after a couple year hiatus from being a power user.)
I know nothing of your objections, so this is more about how I think of mine and how they relate to these kinds of changes.
Being a power users is difficult, I think the best way to do software is to make it APL complicated and only educate one guy in it. The way power users in Excel/Emacs/Accounting software out perform user friendly stuff is amazing. But somethings are meant for the masses, e.g. opening a file.
Dumbing down or magification of interfaces was needed for many other reasons. Gnome and Ribbon were necessary changes IMO, what we had was never going to improve. Of course I wish there was elements that could be reused elsewhere, but that is a pipedream of Smalltalk proportions.
I am now stuck with windows at work, and it is a horrible experience. Everything is so needlessly complicated. In the same way Linux is. I do believe Gnome did manage to improve things, at least when I look at children using Mac, Linux and Windows as power users. My view is that the complexity of Linux is still a little bit easier to understand, but that is just because of a long history and easy abstractions.
I think core objections are often not compatible with products that need to fit and be produced for many people. I do software that is used once by many this has changed my view if GUIs for ever, especially in regards to desktops.
For me peak UX was before Ribbon. Just menus and customizable toolbars. Didn't need nothing more to be productive enough. Nowadays I can hardly use Office suite, its feature discoverability essentially zero for me.
> I never understood the issue with the ribbon UI. Epecially for Office it was great, so much easier to find stuff.
1. I don't need to find stuff.
I knew where stuff is.
2. I read text. I only need menus. I don't need toolbars etc. and so I turn them all off.
I cannot read icons. I have to guess. It's like searching for 3 things I need in an unfamiliar supermarket.
3. Menus are very space efficient.
Ribbons hog precious vertical space. This is doubly disastrous on widescreens.
4. I am a keyboard user.
I use keys to navigate menus. It's much faster than aiming at targets with the mouse and I don't need to look. The navigation keys don't work any more.
Ribbons help those who don't know what they are doing and do not care about speed and efficiency.
They punish experts who do know, don't search, don't hunt, and customise themselves and their apps for speed and efficient use of time and screen space.
> They punish experts who do know, don't search, don't hunt, and customise themselves and their apps for speed and efficient use of time and screen space.
The problem is, most users are utterly braindead, they barely manage to type at speed instead of pecking at single keys. The astonishment I've gotten in some places for literally nothing more than Ctrl+C/Ctrl+V is more than enough proof.
That's also IMHO a large portion of why Linux never really took off on desktop. UX/UI people are rare enough to begin with, most of them don't work on FOSS in their free time, and so development is primarily done by nerds for nerds. That's great if you already know something about the application - but usually the learning curve is so steep that most users frustratedly give up. And documentation is either not existing, incomplete or horribly outdated, and StackOverflow etc. are even worse.
The exception is Blender. They got some serious money IIRC, cleaned up their act, and now there's a headline of some movie or game using Blender every few weeks.
The sad thing is that Windows has a great keyboard UI and it's superbly accessible for people with visual and motor disabilities.
Who have reduced earning opportunities because they are disabled, so FOSS should be great for them, but it isn't, because the nerds don't know CUA and don't know the keyboard UI. They spend their time mastering a couple of ancient apps like Vi and Emacs and ignore the fiery furnace of UI R&D that followed for the next 20Y after those early efforts.
Learn Windows' keyboard UI and you can drive the whole OS and all its apps with the speed of a genius Vim user with 20 years' practice. It makes Emacs look like a wet paper pad and a burned stick compared to a Moleskine notebook and a top quality fountain pen.
Xfce comes close and implements maybe 75% of the UI but once you are in an app all bets are off.
> Learn Windows' keyboard UI and you can drive the whole OS and all its apps with the speed of a genius Vim user
Do you have a reference for this? I've often needed to control Windows using only a keyboard and failed to do so. I'm aware of most shortcuts in this list[1] but these are for a few very specific things. (As an aside, I also remember controlling the mouse with the numpad using the Mouse Keys accessibility setting but this is worse than both keyboard shortcuts and the mouse.)
Look for underlined single letters in menus. With apps that use the "classic" style menus instead of ribbons or plain Electron crap, the single letters are the key.
I'm curious to know if this is what lproven meant in their comment above. Alt + a-z to access menu items is available in every OS and all "native" apps, but you can't "drive the OS and all apps" this way.
For example, I would like to set options that are a few menus/button clicks deep in the Windows control panel (either the "classic" or new variant) using keyboard shortcuts/navigation. Or navigate the Windows registry editor. I'm not aware of a way to do this.
No, it's not in all native apps. KDE reinvents its own set of keystrokes, for instance, and half the KDE apps have no menu bars any more... And there's no global way to force them either.
Yes, the control panel and RegEdit are totally keyboard controllable.
You can literally just unplug the mouse from a Windows desktop and it remains totally 100% operable.
Some apps may not, because the developers didn't do their jobs right, but the OS is.
Windows actually had a decent built-in manual system with CHM, tooltips and whatnot. Even games could and did use it, like EarthSiege 2.
Back in the days when application developers stuck to the Windows-provided widgets instead of doing their own UI, it was wonderful. Symbols were consistent across applications, as were color schemes (IIRC, if you wrote your CSS correctly, Internet Explorer would pass these on to websites!) and behavior.
> And documentation is either not existing, incomplete or horribly outdated, and StackOverflow etc. are even worse.
Or the documentation is very complete, but only useful if you read and comprehend it in its entirety. Open source devs need to understand that not everyone using their software wants to become an expert in it. They just want to get a task done and the software is facilitating completing that task. That is something totally normal and those users should not be thought of as less important than the power users.
On a Mac, that's fine. On Windows, it's not, because then I can't control the app any more.
I have been using Word since version 4 on DOS and version 5 on Classic MacOS. On Windows, I used WinWord 1, 2, 6, 95, 97, 2000, XP and 2003... then 4 years later MS ripped out the UI I knew backwards and had known for about 16 years, since 1991, and replaced it with one inferior in every way for me.
I'm not denying it might be better for others but for me it's now a waste of disk space.
The old versions do all I need, so I keep them. For everything except Word, there is LibreOffice.
But LibreOffice Writer has no outline mode, and I am a writer: that is THE killer function of Word for me.
So, Word 97 under WINE on Linux and Word 2003 when I have to use Win10 or -- shudder -- Win11.
My big problem with it is that it’s stateful. A menu or toolbar admits muscle memory - since you get used to where a certain button or option is and you can find it easily. With ribbons you need to know if you’re in the right submenu first.
Though personally, I’m increasingly delighted by the quicksilver - style palette / action tools that vscode and IntelliJ use for infrequently used options. Just hit the hotkey and type, and the option you want appears under the enter key.
Your monitors, those of a well-off power user, may have become larger. Most regular users I've seen are on 15" laptops with screens at 1366×768, or (if they're lucky) 1920×1080 with scaling at 1.25× or so. 17" desktop monitors used to be commonplace about 20 years ago.
The slightly larger screen real estate (if any) is more than wasted by very inefficient "modern UIs" where you won't find paddings smaller than 16px, with three buttons where there used to be enough space for 9.
I don't know quite when it started to happen, but changing and/or eliminating the default Office keyboard shortcuts in the last few iterations has really irked me.
Perhaps giving a bit more information than throwing out random acronyms related to SSH would be a bit more fruitful in terms of responses.
What about TOFU and MITM would you like them to respond to? TOFU isn't inherently a bad thing. Neither is MITM. It depends on the threat model, the actors involved, etc.
Your comment (and the snarky followup) imply they're doing something wrong, but it's unclear what.
There is nothing that can be done beyond what they are doing?
You can receive their public keys out-of-band through an https-authenticated connection. Which means their approach to "the initial trust problem" is _not_ "trust on first use".
I don't know what other solutions there are to TOFU, but maybe it's nice if there's something like a standardised /.well-known/ssh-keys.json path for public ssh servers like github and pico.sh.
There’s SSHFP, but it’s off by default and assumes an attacker can’t modify dns, though most mitms would be executed with dns and dnssec deployment is generally a disaster.
Currently their host key page is only linked once at the bottom of their page and isn’t referenced in any onboarding docs, so effectively onboarding encourages “yolo”, and if users aren’t savvy they’re likely putting other things at risk, whatever their keys happen to also have access to.
The other argument that comes up here then is “well mitms are rare so this doesn’t seem like a big problem in practice”, however there are actually great targets here, for example you go to a conference and hijack the WiFi, then spend your time in hallway track advertising these services to your targets. This kind of thing has a high success rate.
The web improves on this problem with PKI, though similar phishing tactics exist in a similar situation where you encourage people to sign up explicitly guiding them to an incorrect domain, but propensity for using search in address bars strongly helps resist this too.
SSH is terrible for this use case, no matter how it makes people feel.
You can start tailscaled and tailscale inside the VM. It may take a while to come online sometimes due to limited proxy availability.
Edit: alt gives you the third button. To start a terminal, hold alt and right click, select new, release alt, and right click drag to size the terminal window.
Dave was ever-present in the areas he had passion for and that presence and unwavering advocacy had many positive outcomes. I'll miss his friendly challenges during future work in this space, they were always enjoyable and valuable even when we had differing approaches.
reply