Now it's a tradition (did it in 2016 too)... I'm launching my 2020 presidential website tracker.
I'm being harsh and limiting everyone to a C rating for now. There are some basic things all the candidates really could be doing. If you see a mistake I made or find something new to track, feel free to report a bug/pull request.
First things first. I haven't been a huge fan of Snaps (despite working for Canonical) or Flatpaks. Both I felt initally put convenience over security. I believe both are maturing now, but it again puts the evaluation if a package is secure on users - instead of distros which actually have teams to review items before inclusion.. Anyway, with that said: On to how I am loving the Firefox Snap
I'm a long time Beta user of Firefox, but I've been using stable for a while cause it's just easier. I generally preferred getting the tarball from Mozilla directly which has a minor issue. Long story short, Nautilus doesn't want to be a program launcher of files provided in tarballs. In fact, Nautilus just dropped that support entirely - just at the same time where it was worked around in Firefox.
sudo snap install firefox --beta
That's it. No unpacking a tarball - no making a desktop entry so you can launch it more easily. Of course, just leave off --beta if you want to get the stable version of Firefox via a snap.
It uses a seperate profile from the deb installed Firefox, but you can only run one at a time. (This is the same if you download a tarball)
Some other steps that will vary based on wha you are doing: 1. Sync your data accross (I use mozilla sync) and setup your extensions, etc. 2. Replace the deb based one from your dock and add the snap based one there. (Right click details in Gnome to see which is which)
So snaps autoupgrade and I soon found myself on Firefox 63 beta and everything looked good until I tried to join a hangout. It didn't work. Since I was using snaps I just tried a: sudo snap revert firefox and I was back on 62 beta in time for my hangout starting in 2 minutes. (Note: it was likely worth just switching to stable instead with sudo snap refresh firefox --stable)
Snaps will automatically upgrade to the next version with the hope that it will have fixed whatever bug made you revert. A few days they released a new version of 63 beta and Hangouts broke again. In this case I determined it was actually a Google Hangouts/Meet bug. One good way to tell when different channels have had releases is to look at https://snapcraft.io/firefox.
The snap version does provide more protection from a compromised Firefox. It also seperates the Downloads folder for the snap to a snap specific one at ~/snap/firefox/common/Downloads.
From what I can tell these issues are all Firefox beta issues, not issues specific with the snap version. The only snap specific issue I've ran into is the first time you start a snap it takes a while.
I'm staying on a Firefox snap. It's faster to change between stable and beta channels. It also seems like it gets updates faster than Firefox in the Ubuntu archive.
Give it a try today with (or remove the beta for stable): sudo snap install firefox --beta
Florida, Tennessee, the EU and more are considering one timezone for the entire year - no more changing the clocks. Massachusetts had a group study the issue and recommend making the switch, but only if a majority of Northeast states decide to join them. I would like to see the NJ legislature vote to join them.
Interaction between countries would be helped by having one less factor that can impact collaboration. Below are two examples of ways this will help.
Let's consider a meeting scheduled in EST with partipants from NJ, the EU, and Arizona.
NJ - normal disruption of changing times, but the clock time for the meeting stays the same.
Arizona - The clock time for the meeting changes twice a year.
EU - because they also change their clocks at different points throughout the year. Due to this, they have 4 clock time changes during each year.
This gets more complicated as we add partipants from more countries. UTC can help, but any location that has a time change has to be considered for both of it's timezones.
Generally, these are scheduled in UTC, but the shifts people actually work are in their local time. That can be disruptive in other ways, like finding child care.
In conclusion, while these may be minor compared to other concerns (like the potential health effects associated with change the clocks), the concerns of global collaboration should also be considered.
I just finished moving my website from Wordpress to Nikola (static site generator), GitLab (git and hosting), and CloudFlare (CDN, HTTPS and more).
Their attitude in the handbook is "DON'T READ THIS MANUAL. IF YOU NEED TO READ IT I FAILED, JUST USE THE THING." That's my kind of software methodology. Don't blame the user, make the system better.
It is also a great handbook that has had pretty much every question I've asked. Documentation is still essential, but it's nice if the commands are self explanatory.
It just worked to import my Wordpress site (minus comments which I "inlined" or deleted for various reasons). I did do some manual HTML to markdown conversion for pages I want to edit more.
I first tried and had Nikola working with GitHub, but GitLab gives me:
I absolutely love that they have their company handbook maintained in Git and public to the world (with merge request welcome!).
CloudFlare's free plan rocks. And if I ever need to be able to handle more traffic faster, I can upgrade/downgrade as necessary.
I thought I was being smart. By not buying through AVADirect I wasn't going to be using an insecure site to purchase my new computer.
For the curious I ended purchasing through eBay (A rating) and Newegg (A rating) a new Ryzen (very nice chip!) based machine that I assembled myself. Computer is working mostly ok, but has some stability issues. A Bios update comes out on the MSI website promising some stability fixes so I decide to apply it.
The page that links to the download is HTTPS, but the actual download itself is not. I flash the BIOS and now appear to have a brick.
As part of troubleshooting I find that the MSI website has bad HTTPS security, the worst page being:
Given the poor security and now wanting a motherboard with a more reliable BIOS (currently I need to send the board back at my expense for an RMA) I looked at other Micro ATX motherboards starting with a Gigabyte which has even less pages using any HTTPS and the ones that do are even worse:
Unfortunately a survey of motherboard vendors indicates MSI failing with Fs might put them in second place. Most just have everything in the clear, including passwords. ASUS clearly leads the pack, but no one protects the actual firmware/drivers you download from them.
| Main Website | Support Site | RMA Process | Forum | Download Site | Actual Download | |
| MSI | F | F | F | F | F | Plain Text |
| AsRock | Plain text | Plain text | Plain Text | Plain Text | ||
| Gigabyte (login site is F) | Plain text | Plain Text | Plain Text | Plain text | Plain Text | Plain Text |
| EVGA | Plain text default/A- | Plain text | Plain text | A | Plain Text | Plain Text |
| ASUS | A- | A- | B | Plain text default/A | A- | Plain Text |
| BIOSTAR | Plain text | Plain text | Plain text | n/a? | Plain Text | Plain Text |
We rely on the security of these vendors for most self-built PCs. We should demand HTTPS by default across the board. It's 2017 and a BIOS file is 8MB, cost hasn't been a factor for years.
I decided to try it out and haven't looked back. The interface is certainly different than Tiny (and after 3 years I was very used to Tiny ) but I haven't really thought about it after the first week. The only item I found a bit difficult to use was arranging folders ~ I'd really prefer drag and drop. I only needed to do it once so not a big deal.
The free account has some limitations such as a limit to the number of feeds (64), limit to how fast they update, and no ability to save stories. The premium account is only $24 a year which seems very reasonable if you want to support this service or need those features. As of this writing there were about 5800 premium and about 5800 standard users, which seems like a healthy ratio.
Some security notes: the site get's an A on SSLLabs.com but they do have HSTS turned explicitly off. I'm guessing they can't enable HSTS because they need to serve pictures directly off of other websites that are HTTP only.
NewsBlur's code is on Github including how to setup your own NewsBlur instance (it's designed to run on 3 separate servers) or for testing/development. I found it particularly nice that the guide the site operator will check if NewsBlur goes down is public. Now, that's transparency!
They have a bunch of other advanced features (still in free version) that I haven't even tried yet, such as:
I'd love to see more of this nice combination of hosted web service (with paid & freemium version) and open source project. Do you have a favorite project that follows this model? Two others that I know of are Odoo and draw.io.
Comments: Mihai
NewsBlur is awesome. I have been using it since the demise of Google Reader with no issues and almost no downtime. It has been getting better and better, especially the Android app.
teh 1
I tried NewsBlur a blue moon ago. How it may’ve changed I don’t know, but I’ve kept steady with CommaFeed (with a few hiccups in between with service availability in the first few years and loss of all starred items) since the demise of Google Reader. It’s open-source too: https://github.com/Athou/commafeed
Are you running i386 (32-bit) Ubuntu? We need your help to decide how much longer to build i386 images of Ubuntu Desktop, Server, and all the flavors.
There is a real cost to support i386 and the benefits have fallen as more software goes 64-bit only.
Please fill out the survey here ONLY if you currently run i386 on one of your machines. 64-bit users will NOT be affected by this, even if you run 32-bit applications. http://goo.gl/forms/UfAHxIitdWEUPl5K2
The latest Ubuntu LTS is out, so it's time for an updated memory usage comparison.
Boots means it will boot to a desktop that you can move the mouse on and is fully loaded. While Browser and Smooth means we can load my website in a reasonable amount of time.
Lubuntu is amazing in how much less memory it can boot in. I believe it is still the only one with ZRam enabled by default, which certainly helps a bit.
I actually did the memory usage for ZRam to the nearest MB for fun. The 32 bit version boots in 224 MB, and is smooth with Firefox at only 240MB! The 64 bit boots at only 25 MB more (251), but is needs 384 MB to be smooth.
If you are memory limited, change flavors first, 32-bit won't help that much
Looking just at "Browser and Smooth" because that's a more clear use-case. There is no significant memory difference between the 32 and 64 bit varients of: Xubuntu, Ubuntu Gnome, Ubuntu (Unity).
Lubuntu, Kubuntu, and Ubuntu Mate do have significant deltas, which let's explore: Kubuntu - If you are worried about memory requirements do not use. Ubuntu Mate - It's at most a 128MB loss, likely less. (We did that to 128MB accuracy). Lubuntu 64 bit is smooth at 384MB. 32 bit saves almost 144 MB! If you are severally memory limited 32-bit Lubuntu becomes your only choice.
Hard Memory Limit The 32-bit hard memory requirement is 224 MB. (Below that is panics) The 64-bit hard memory requirement is 251 MB. Both of these were tested with Lubuntu.
Check out the 14.04 Post. I used Virt-Manager/KVM instead of Virtualbox for the 16.04 test.
Extras: Testing Notes, Spreadsheet
The race is now down to 5. (From 21!)
What's changed in their website setups?
Donald Trump got rid of Flash, otherwise everything else appears to be the same.
Ted Cruz went from a A+ rating to just an A (lost HSTS?).
Nothing changed for John Kasich.
Hillary Clinton went from an inconsistent server setup with many IPv4 addresses to just 1 IPV4 address. The www. redirect behavior (from without to it) does mess up HTTPS Everywhere and ssllabs tests. A major plus is she added HSTS to her site, so her ssllabs rating is now A+.
Bernie Sanders added IPv6 support and HSTS to the main site. Unfortunately a sha2 intermediate certificate prevents his site from going from A to A+. And his donation provider has HSTS setup correctly and get's an A+.
At this point in the campaign, only A ratings (ssllabs) are left! The Democrats seem to have prioritized implementing HSTS, but neither appears to have gone for the preload list.
HSTS - Means you tell the browser to enforce SSL
You can find the raw data in this spreadsheet
I also included sub domains in this list, but it wasn't as interesting as I hoped.
I'm specifically looking for: OS/2 Metafile (.met) PICT (Mac's precursor to PDF) https://en.wikipedia.org/wiki/PICT
Also useful might be: PCD - Kodak Photo CD RAS - Sun Raster Image
I'm trying to evaluate if LibreOffice should keep support for them (specifically if the support is good). Unfortunately I can only generate the images using LibreOffice (or sister projects) which doesn't really provide a great test.
Please either: Provide a link in a comment below Email me B @ (If emailed, please mention if I can share the image publicly)
If I find the support works great I'd try to integrate a few of them into LO tests so we make sure they don't regress.
Feedback:
I know that the ffmpeg project has a huge set of sample images: https://samples.ffmpeg.org/image-samples/
Especially: https://samples.ffmpeg.org/image-samples/sunrast/
Maybe this is of help to you,
Take a look at the File Formats wiki, they may have links to samples:
http://fileformats.archiveteam.org/
Please contribute to the wiki if you can.