Really interesting development approach here. On unix, this depends on _one_ crate: libc. That crate is just a bunch of wrappers for libc. Absolutely everything else is implemented in the project itself. This is kind of baffling - they have their own everything (from base64 library to a cross platform terminal handling system) instead of using well-proven crates like termios. Why? I don't know. But very unusual in the rust world
Guessing it’s because it needs to go everywhere Windows is and they didn’t want to have a target on their back from pulling in a bunch of dependencies that they’d have to prove were safe. (Especially since Windows installs where this editor works may not get frequently updated, like embedded)
It might have been faster to just write the code they needed vs consult a lawyer and local security person for every crate they wanted to pull in.
Go and read https://news.ycombinator.com/item?id=44031529 . The developer xyrself is in the comments talking about the choices that were made and the alternatives that were considered.
It is absolutely accepted in microeconomics, where one can assume that preferences are exogenous to the model (that is: not affected by changing the model's variables).
In macroeconomics it is not so simple, because the effects of a higher price for labor are felt all over the economy, leading to feedbacks that might increase overall employment. The Ford wage increase to increase demand for Ford's products is often cited - because there is a multiplier effect from economic activity even a single firm can theoretically benefit from handing out more money to its employees.
There are also arguments from near term versus long term. In the long term, economies with no access to very cheap labor feel more pressure to robotize production, leading to higher productivity and more production overall, and also might lead to a better educated workforce by simply excluding below-minimum-wage productive labor from getting any jobs, and therefore push some of them to school. Those are short term costs that have proven to lead to long term gains.
But I do also think it's not very common to assume that higher minimum wages will lead to a net increase in employment. It is more common to argue that it will lead to a better outcome (for some definition of good) in the aggregate, _even if_ it might lead to some unemployment.
This depends on the threat model. Having 2FA in the PW manager defends against someone phishing the password and database leaks on the server side,
which are the most common in my threat model. But note that if they can phish your pw, they can probably phish your 2FA as well.
It does obviously not protect against the scenario where someone is breaking into your password vault.
I tend to enable 2FA but conveniently save the token in the PW manager for relatively low equity stuff, just to make it less enticing for an attacker, but use hardware FIDO for everything actually important.
> TOTP is trivially phishable . . . via social engineering
Is it? I've been on the Internet since the 80s and haven't been phished a single time (despite being the recipient of many obvious attempts). Maybe I could be phished, but I think that's evidence it's not trivial.
I have to wonder how many people sophisticated enough to use and pay for a password manager like Bitwarden could be "trivially" phished.
That's great for you, but also a sample size of one (probably technically sophisticated) user, i.e. irrelevant to the bigger picture.
The phishability of TOTP really is exactly as bad as that of passwords, except that a once-phished TOTP isn't reusable by the attacker(s), unlike a phished password.
But even one-time access is often catastrophic, especially if it allows the attacker to rotate credentials.
POPCNT and LZCNT were added back with SSE4.2, which means all Intel CPUs since Nehalem and Haswell (respectively) and AMD since Barcelona support them.
Very nice! One question: I was curious why you chose this subset of Scandinavian special characters.
There are three extended chars in Swedish (äöå) and Norwegian/Danish (æøå), but your fonts have æ, but not ø, which means you could drop the æ and still support Swedish, or add an ø to also support Norwegian and Danish. Was this an oversight or is there some locale that has just æ and not ø? (and before anyone asks I did not confuse æ with the oe-ligature œ, which is a different glyph used in French, and which the fonts also do support)
This was just an oversight. I actually got very far into the project before I realized that ø was missing from my set.
It’s something that I could definitely go through and patch into all the fonts, but I was waiting to see if there was enough demand for the effort. I think supporting two more languages would be very cool though.
From a Dane that finds multiple of these fonts gorgeous and highly appreciate the elaborate kern pairs: please consider patching the fonts with an ø. ;-)
I will absolutely consider it. I am getting some good ideas from other comments as well, so I'll put those in my project notes to do as a possible update to the fonts.
Not really - Linux syscalls are stable, so you are free to run your binary with a statically compiled libc and never touch the installed one. You can also handcraft your syscalls in assembly.
This will not work on Windows, where the kernel API is a DLL and syscall numbes are routinely changed.
I'm in Germany, my watch originally came in German + English, but when the clockwork had to be replaced recently, the replacement was only available in Italian + English.
Guessing from the interface it exposes, BPC seems to work by making a ruleset matching sites with a battery of possible changes, including resetting cookies (to reset freebie-counters), fetching from Google cache, disabling javascript (for purely client-side paywalls) and by finding exceptions for the paywall (user-agent, referer, IP).
The last one is probably the one that is closest to being a breach of some law. If the plugin did not ship with rules for a lot of sites, it would probably be considered harmless, but shipping a list of the magic user-agents etc. that circumvents paywalls seems risky, legality-wise.
Although, it seems really weird, user-agents are generally thought of as an authentication mechanism, right?
I’m 0% sympathetic to sites that for which this works. The reason they accept these user agents is to mislead Google, right? I think it is fine for a site to not send content to me if I have ads or JavaScript disabled, or if I don’t have a subscription. But it is wrong to falsely advertise that the content is available.
For some reason I assumed this had some automatic archive integration or something like that—actually circumventing real account mechanisms by copying out the content to some third party host. Because otherwise, taking them down seems pretty dumb. But then, I should not have assumed, the world is a pretty dumb place.
