Unlurker|Replay|About
The f*** off contact page (nicchan.me)
Whenever I encounter one of these fuck off pages, I make a point to remove all possibility of ever purchasing anything from them. (including you, Google).
I hate generic name-text-submit-forms as the only method of contact. Somehow the article makes them the definition of not a "f** off contact page" - why? I think such forms are a direct downgrade from providing an email address. - Responding to the submissions likely requires email anyway - Impersonation/spam is even less difficult - Sender isn't guaranteed to get a record of sending the message - A faceless form with unknown machinery feels like sending messages in a bottle
I often find myself in the bizarre situation of backing out of a suppliers website to google their contact number. A bit like when you want pricing on something without falling into a sales funnel.
I'm not sure I've ever seen a contact page that wasn't like this. I always felt it was basically reasonable. if you can direct someone to an answer without having to waste money/time/compute on provide custom service, then that seems basically reasonable to me. yes it's annoying, but it's not a pattern I've ever felt was particularly dark. I'm perfectly happy with "speaking to a human" being the last port of call to fix a problem. as long as it is available somewhere
It really depends on how hard they make it to actually make a support request.
As someone that works on this space, with the kind of products that want this kind of contact pages, they forgot to mention that even behind login walls, in some products you only get to create a support ticket if there are enough developers with the right level of certifications and partnership.
The rise of AI has a lot to do with how these pages keep inventing new ways to avoid offering real support. And along with it comes their close cousin: the “go-away” chat agent—full of useless answers and designed specifically to prevent you from reaching an actual human.
I love this site it’s so cute and interesting
Wow, that's website theme is awesome. windows XP like, breath of nostalgia. Thank you for that !
This whole post is coming of a bit naive to me... I highly doubt this client is just an inspirational design meeting away from changing their offering and make a massive investment in customer support. I also don't get why a web-development consultant would feel so responsible for a pretty typical business decision.
I doubt the client is wanting to make a massive investment in customer support, but they're probably also not wanting to be actively hostile to anyone who wants that support. It wouldn't surprise me if the client's older support page was little more than a phone number and/or an email address, and the only reason they moved away from that is because of spam. Maybe they're another step removed from that again, but they're not the 16 steps removed that the Fuck Off page is. If the client's intent is to provide as little support as possible, that would probably have come up during the conversation where they said they wanted that design, but it seems that they like that design for other reasons (it's a decent way to seem bigger than you actually are, seems more professional maybe?).
If you're a web dev who has had past clients not pay up due to going broke/cashflow issues, then you have a bit of vested interest in seeing them succeed (and then pay you properly).
> I also don't get why a web-development consultant would feel so responsible for a pretty typical business decision by their client. Because they are an expert in their field and the client, presumably, isn't? I can't imagine another field—hairdressing, construction, financial advice—where the client would reject the paid expert's viewpoint so readily and firmly.
The expertise offered here is "how to build a website". If the client is insisting that the dev use a specific javascript library, that would be odd. The client here is just requesting specific content on their website , similar to someone requesting a granite countertop in their kitchen; that seems fine, even if its not particularly classy or aesthetically pleasing to the contractor.
Do we know that for a fact? You described them as a "web development consultant", but I couldn't tell for certain what their exact role on this project was. Their services page ( https://www.nicchan.me/services/ ) lists both "Web Application front-ends" and "translate your designs into a scalable system", so I think they offer a range.
Both of those sound like expertise in building a website, and not like expertise in business strategy. To be clear, I would personally have a similar view to the author here. I'm just surprised that they think their opinion on the strategy side matters so much to their client!
very nice website !
That with its pixel art is styled so beautifully and so hard to read at the same time. Couldn't read it at all. (It's not an eye vision problem, reading pixel fonts just is quite taxing on the brain).
Goes to show the difference in preferences people have. I found the pixel font quite nice, but loathe having to read any serif font, even on paper.
I found it hard too. Perhaps the difference with the other people responding is the size the font is rendered. On my screen, the distance between the top of a "d" and the bottom of a "y" in the body text is 7mm. That corresponds to font size 18 in Word, or 22px in the browser, so basically a chapter heading.
Yeah I started to read the article, went into the CSS, disabled the custom font, and continued reading. Then I went on HN to read the comments, and found out there is a toggle to get an anti-aliased font…
I went in and just… read it? Don’t see the issue with the thing.
I think it will vary considerably depending on the size, resolution, and quality of your display.
Off topic but love the site design
Not a fan personally, but I do recognize its uniqueness and would love to see more pearls like these!
Yeah! It's unique, has a personal charm and also everything seems to fit together nicely. Fun to discover such pages, reminds me of the old days, haha!
"You will get less leads with the 'enterprise style' contact page. You don't have enough leads right now. You don't have low value self-serve users you want to turn away. Your BDR team is not overflowing with leads you need to turn away. You can make money from having more leads. Less leads will generate less revenue. Here are some potential metrics from the two styles of contact pages. Here is how these metrics tie into revenue." I think an honest message like this, at least communicated via email to the budget owners would abscond... or at least absolve one of any guilt. Also, thank you for having the option to toggle the font. I wrote a css rule, but found it later.
Where’s the font option? I hate playing games to make a site readable.
Bottom-right. (Very few sites have this feature, so the one in question gets big bonus points from me)
Thanks. Turns out reader mode works fine too. I thought it wouldn’t but I was mistaken.
You have to judge it client by client though. Some are amenable to and grateful for a flatly stated analysis and recommendation, even if it goes against their ideas. Some will feel belittled and undermined. You need both sorts to pay their invoices and refer their peers, so you pick your battles.
> Some will feel belittled and undermined. This has always frustrated me. You wouldn't go to a doctor, hear that you need an appendix removed, and feel "belittled and undermined"! The 'problem' (it's a problem from my pov) is that clients simply think they know better when it comes to digital/computer/online stuff. They're used to browsing the web, so they think they know what a good website is. They know how to write a letter in MS Word, so they think they can write good web copy. Etc.
A lot of it is internal politics. As a consultant, you see the tip of the iceberg. There may be rational reasons for seemingly irrational decisions that you're not privy to. Your contact's boss wants it done some particular way, so your contact insists on doing it that way. Or your contact has recommended doing it some way internally, and they don't want to be made to look a fool by an outside consultant. Etc.
Scolding your clients like theyre kids will definitely sour the relationship
I think the last point combined with some real data or case studies would prompt introspection. Anecdotally I stick to companies with good customer support like glue, even if their product is inferior. It's an absolute wonder to be taken seriously by a company, to have feedback integrated into future products, or just have small issues taken care of without hassle.
You're going to laugh, but this is why I stick with AWS. They've twice helped me with billing issues on my personal account - as in an actual human helping me. They have no idea I manage large (not huge) AWS deployments at my day job. They just demonstrate great customer service to me as a small client. So they have me as a loyal customer. And advocate, it seems.
AWS support is extremely good. I have had the same experience in personal projects and in turn have quadrupled down on our leverage of their support at my work.
Absolutely. I've communicated with product teams at AWS in my day job, which is pretty sweet as I've worked for some large organisations, but I've also been put in contact with product teams in my personal projects when I encountered bugs with the AWS SSO, for example. It's annoying that they actually solve my problems because it would be so easy to hate them as the 900 lb gorilla.
Applets Are Officially Gone, but Java in the Browser Is Better (frequal.com)
+1 TeaVM is crazily good. Comparing to GWT it has faster build time and better exports to javascript. I've built so many games using libGDX + TeaVM and quite happy with the workflow and results. Here's one of many: https://ookigame.com/game/flappy-bug/
It doesn't run the JVM. It's an ahead-of-time compiler that converts Java bytecode to wasm.
Oh, if you want a full fat JVM, then you want CheerpJ https://cheerpjdemos.leaningtech.com/SwingDemo.html#demo Takes a few seconds longer to load because it loads all of Java Spring, but it still performs just fine on my phone (though the lack of on screen keyboard activation makes it rather unfortunate for use in modern web apps).
Of course, eliminating buffer overflows is orthogonal to using a virtual machine.
You also got a language easier to use and learn than C/C++. With universities almost immediately jumping to Java as an introductory language you got way more potential employees.
No, it's not? Using a VM is one way of preventing buffer overflows, it's not orthogonal.
You can prevent buffer overflows even when you don't use a VM. Eg it's perfectly legal for your C compiler to insert checks. But there are also languages like Rust or Haskell that demand an absence of buffer overflows. You can design a VM that still allows for buffer overflows. Eg you can compile C via the low-level-virtual-machine, and still get buffer overflows. Any combination of VM (Yes/No) and buffer-overflows (Yes/No) is possible. I agree that using a VM is one possible way to prevent buffer overflows.
> In the 2000's, politics interfered and browser vendors removed plug-in support, instead preferring their own walled gardens and restricted sandboxes That's one way to say it. The more common way was that users got tired of crappy plugins crashing their browsers, and browser devs got tired of endless complaints from their users. It wasn't "politics" of any sort that made browsers sandbox everything. It was the insane number of crashes, out-of-memories, pegged CPUs, and security vulnerabilities that pushed things over the edge. You can only sit through so many dozens of Adobe 0-days before it starts to grate.
For Flash vs iPhone case, it was indeed mostly politics. People were using Flash and other plugins in websites because there were no other alternative, say to add a video player or an animation. iPhone was released in 2007 and app store in 2008. iPhone and iPad did not support then popular Flash in their browsers. Web experience was limited and broken. HTML5 was first announced in 2008 but would be under development for many years. Not standardized yet and browser support was limited. Web apps were not a thing without Flash. Only alternative for the users was the App Store, the ultimate walled garden. There were native apps for everything, even for the simplest things. Flash ecosystem was the biggest competitor and threat for the App Store at that moment. Finally in 2010 Steve Jobs addressed the Flash issue and openly declared they will never support it. iPhone users stopped complaining and in 2011 Adobe stopped the development of mobile plugins. Adobe was in a unique position to dominate the apps era, but they failed spectacularly. They could have implemented payment/monetization options for their ecosystem, to build their own walled garden. Plugins were slow but this was mostly due to hardware at the time. This changed rapidly in the following years, but without control of the hardware, they had already lost the market.
It mostly was politics. Browser crashes and slowness were almost always traced down to microsoft own java plugin that strongarmed proper java plugin install out of the way every update and every now and then to be sure, with a semi compatible runtime and a classloarlder that insisted fronting the dow load of all resources. It created so much uncertainty across the ecosystem even today people repeat the "applet crashes browser line, god riddance" line But it was deliberate action by microsoft. So yeah 100% politics because without a court document in modern society we cannot call this anything else.
Yes I’m sure jobs went on stage calling out flash as the main source of Safari crashes because of Microsoft’s Java plugin.
I don't think Safari mattered much. Java was still used for things that wouldn't work on phones without massive redesigns anyway. I doubt you'd have been able to bootstrap Runescape in any form, even rewritten in native code, on the first iPhone to support apps. Applets worked fine on desktops and tablets which was what they were designed for. Browser vendors killed the API because when they looked at crashes, freezes, and performance opportunities, the Flash/Java/etc. API kept standing out. Multithreaded rendering became practical only after the old extension model was refactorerd and even then browsers were held down by the terrible plugin implementations they needed to work around.
> I don't think Safari mattered much. Apple was the first to publicly call out native plugins (jobs did so on stage) and outright refused to support them on iOS, then everyone else followed suit.
Because they’ve hired a bunch of Java devs that don’t know anything outside of Java?
Amusingly, we see the repeat of this in "desktop" apps that are just web technologies in a browser, wasting CPU time and RAM for "ease" of development. (I don't think it's easier at all - a mess of JS callbacks makes it difficult to see the initiator of anything).
GitHub Actions Has a Package Manager, and It Might Be the Worst (nesbitt.io)
While I hate defending GHA, the docs do include this: - Using the commit SHA of a released action version is the safest for stability and security. - If the action publishes major version tags, you should expect to receive critical fixes and security patches while still retaining compatibility. Note that this behavior is at the discretion of the action's author. So you can basically implement your own lock file, although it doesn't work for transitive deps unless those are specified by SHA as well, which is out of your control. And there is an inherent trade-off in terms of having to keep abreast if critical security fixes and updating your hashes, which might count as a charitable explanation for why using hashes is less prevalent.
- Using the commit SHA of a released action version is the safest for stability and security. This is not true for stability in practice: the action often depends on a specific Node version (which may not be supported by the runner at some point) and/or a versioned API that becomes unsupported. I've had better luck with @main.
This is making me feel quietly vindicated in pushing back on migrating our Jenkins/Ansible setup to GHA simply because corporate wanted the new shiny thing. Fortunately the "this will be a lot of work, i.e. cost" argument won. Mind you, CI does always involve a surprising amount of maintenance. Update churn is real. And Macs still are very much more fiddly to treat as "cattle" machines.
I checked out the linked GitHub repo https://github.com/ecosyste-ms/package-manager-resolvers and it appears to be just a README.md that collects summaries of different package managers? How do I know these weren't just LLM-generated?
You don't, but that's the wrong question. How do you know they're accurate?
I'm not sure I follow. If I write actions/setup-python@v1, I'm expecting the action to run with the v1 tag of that repository. If I rerun it, I expect it to run with the v1 tag of that repository...which I'm aware may not be the same if the tag was updated. If I instead use actions/setup-python@27b31702a0e7fc50959f5ad993c78deac1bdfc29 then I'm expecting the action to run with that specific commit. And if I run it again it will run with the same commit. So, whether you choose the tag or the commit depends on whether you trust the repository or not, and if you want automatic updates. The option is there...isn't it?
You specifying the top level hash doesn't do anything to pin transitive dependencies, and as the article points out, transitive dependencies - especially dependencies common to a lot of actions - would be the juciest target for a supply chain attack.
Ah, I see it now. Thanks!
To get something of a lockfile you can use the hash of the version you want to pin your dependencies: > actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
Transitive dependencies?
> The researchers identified four fundamental security properties that CI/CD systems need: admittance control, execution control, code control, and access to secrets. Why do CI/CD systems need access to secrets? I would argue need access to APIs and they need privileges to perform specific API calls. But there is absolutely nothing about calling an API that fundamentally requires that the caller know a secret. I would argue that a good CI/CD system should not support secrets as a first-class object at all. Instead steps may have privileges assigned. At most there should be an adapter, secure enclave style, that may hold a secret and give CI/CD steps the ability to do something with that secret, to be used for APIs that don’t support OIDC or some other mechanism to avoid secrets entirely.
How do you e.g. validate that a database product works with all the different cloud databases? Every time you change up SQL generation you're going to want to make sure the SQL parses and evaluates as expected on all supported platforms. Those tests will need creds to access third party database endpoints.
CI is arguable, but how do you intend to do deployments with no secrets?
AWS is great for this. IAM policies can allow IP Addresses or more safely just named EC2 instances. Our deploy server requires nothing.
CI shouldn't do deployments, deployment pipelines should run separately when a new release passes CI Of course the general purpose task runner that both run on does need to support secrets
We're iterating towards GHA for CI, AWS CodeBuild for the CD. At least on AWS projects. Mainly because managing IAM permissions to permit the github runner to do everything the deployment wants is an astonishingly large waste of time. But you need a secret to trigger one from the other.
You might want (or _need_) to sign your binary, for example. Or you might want to trigger a deployment. Github actually is doing something right here. You can set it up as a trusted identity provider in AWS, and then use Github to assume a role in your AWS account. And from there, you can get access to credentials stored in Secret Manager or SSM.
Yes, their oidc setup was probably their last good feature back when they were actually delivering features back in 2020ish. Everyone else copied it within a few months though.
Everyone is free to use alternative CI/CD workflow pipelines. These are often better than Github Actions. These include - https://circleci.com/ - https://www.travis-ci.com/ - Gitlab Open source: - https://concourse-ci.org/ (discussed in the context of Radicle here https://news.ycombinator.com/item?id=44658820 ) - Jenkins -etc. Anyone can complain as much as they want, but unless they put the money where their mouth is, it's just noise from lazy people.
I've used CircleCI quite a bit in the past; it was pretty good. Feels tough for them to compete with GHA though when you're getting GHA credits for free with your code hosting. I used Travis rather longer ago, it was not great. Circle was a massive step forward. I don't know if they have improved it since but it only felt useful for very simplistic workflows, as soon as you needed anything complex (including any software that didn't come out of the box) you were in a really awkward place.
I mean, they do have a free plan with 6,000 minutes
I’d appreciate not being called lazy for mentioning a lack of investment on Microsoft’s side to secure their paid and fairly lucrative service that they bought a popular code hosting platform to integrate with.
Or roll your own
according to travis-ci, Microsoft uses that? Lol
An interesting things is that GitHub is an expensive service and my guess would be that MS makes good money on it. Our small company paid about 200+ USD monthly for GitHub, much larger cumulative cost than Windows licenses. My believe was that Windows is getting worse, because it is considered legacy business by MS in favor of new offerings such as GitHub subscriptions.
> My believe was that Windows is getting worse, because it is considered legacy business by MS in favor of new offerings such as GitHub subscriptions. What if GH actions is considered legacy business in favour of LLMs?
https://github.com/search?q=org%3Aactions+%22we+are+allocating+resources+towards+other+areas+of+Actions+and+are+not+taking+contributions+to+this+repository+at+this+time.%22&type=code i.e. from https://github.com/actions/cache/?tab=readme-ov-file#note Thank you for your interest in this GitHub repo, however, right now we are not taking contributions. We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.
That's insane, so they are basically dropping support on a core feature of GH Actions?
This is on the checkout action too, by the way. You know, the very first thing people put in their CI pipeline.
↙ time adjusted for second-chance
Jujutsu Worktrees Are Convenient (shaddy.dev)
> I’ve been using Jujutsu(jj for short) as my defactor git cli frontend for a while now. “de facto” please.
I consider git the best software ever written. I used to work with some other SVCs, and I cannot thinking on leaving git now. Somehow, I feel it like a limitation for my mind. I'm following this Jujutsu project, I'm genuinely curious to see what it can bring to the SVC scene.
> I consider git the best software ever written. How so? I worked with Git all my professional life and I can't deny its efficacy. However, I would not call it un-improvable given all types of corner case issues I have had with it over the years.
Palantir Could Be the Most Overvalued Company That Ever Existed (247wallst.com)
If they keep their shit together and ride the surveillance wave then I don't see what should keep them from increasing 15fold by 2050. Their technology is not at all dependent on AGI, which is why I don't understand why they are always thrown in together with OpenAI et al.
One illuminating factor as to why: watch their CEO Alex Carp overdose on cocaine while on stage in public. https://bsky.app/profile/ronfilipkowski.bsky.social/post/3m7ahzwf4mc2u
you haven't seen the real ontology yet https://x.com/justintrimble/status/1997733647223603259?s=20
It seems like he is just trying to make a point with his moving around about being "annoying" - which is what he is talking about.
> Many people invest for ideological reasons, myself included, and that's fine. It's fine if you don't mind losing your shirt. For us normal people, we invest to try and grow the money we've saved for the future (in my case, for my retirement), so investing in a company whose stock is insanely overvalued is a great way to blow up my pension pot. I don't understand the rationale behind "investing for ideological reasons", can you explain it?
Investment for ideological reasons is basically "I like what this company is doing and want to see it succeed/want to make my returns on investment via it", and that investment helps it succeed, to at least some degree. You also get the opposite: "I don't like what this company is doing and don't want it to succeed/don't want to make money from this activity, so I won't invest in it". ESG investments were largely built up from this (much as they generally turned into box-ticking exercises as opposed to a useful distinction). Of course this is generally going to make less money than "I just want to make money/predict winners in the marketplace", but that's not everything people want to do with their money.
The difference being not investing in something for ideological reasons won’t jeopardise your assets; whereas YOLOing your 401k on Palantir because “AI surveillance capitalism is dope lol” is potentially risking significant portions of your future. Can’t people just retweet Karp on X if they want to “support Palantir ideologically”? This is GME all over again.
>Palantir would need to grow its revenues roughly 15-fold (yes, 1,500%) over the next quarter century, implying sustained annual revenue growth in the 35% range over this time frame. That's actually a pretty reasonnable ask for a tech company, if you believe Palantir can grow to the level of FAANG.
Dumb analysis. Assumes that profit margin stays the same as revenue grows, which is particularly untrue for software.
↙ time adjusted for second-chance
Emacs is my new window manager (howardism.org)
A VM is displayed as a window on the host OS and Emacs is the window manager within that VM window. What's the difference from running emacs directly as an application on the host?
Last time I tried I felt like an old fart using emacs. None of the keys felt natural That said, i did not give it a fair shot. Does anyone have any good resources to get started? E.g lazygit has a good 15min vid to get u up to speed
Thanks for the recommendation!
Also check out the pull requests on that repo if there's something useful - in my case I've been using eat as single terminal instance for a while now - but for replacing stand alone terminals just opening multiple instances via multi-sh or similar isn't really helping for finding the terminals again. My solution was patching eat to allow buffer renames to the terminal title, and for ssh sessions, initially set the terminal title to the host I'm connecting to. Now I can easily find the terminals when switching buffers. On top of that I'm using eyebrowse to have multiple workspaces, and some hooks around buffer switching that switch to the workspace a buffer is on instead modifying the current workspace.
Thanks to EXWM (not mentioned here), emacs has been my literal X window manager for several years. I installed it as a lark, thinking there's no way this will work properly, and just never stopped using it. It's brilliant.
Me too. Only having issues with floating windows so far.
The drama was mostly over whether or not Wayland should have been the replacement. AFAIU, everyone agreed X11 development was effectively unsustainable or at least at a dead end.
Wayland is not a solution, just a name for some protocols... It's either KDE or Gnome (with it's weird quirks) or some alternative.
Socialist ends by market means: A history (lucasvance.github.io)
Someone's look to re-describe anarcho-capitalism?
Oh and I suggest you look at how advertising works. It’s classic 0 sum game. If you and I spend 0 on advertising, the outcome is the same as if we both spent $100 on advertising (assuming equivalent efficiency of conversion). However if you spend $100 and I spend 0 you capture the market. If you outspend 2:1 you’ll get 2/3 of the market (roughly). Obviously efficiency of the spend is also important, but it’s literally a 0 sum information war between competitors. If you didn’t think it mattered, you’d have to explain why companies spend hundreds of millions on advertising - that would be money more efficiently invested somewhere else.
> assuming equivalent efficiency of conversion Is there any case where this is remotely even true?! The way advertising budget is spent always has an enormous impact on the outcome. One competitor spends in print, another on TV. One competitor targets young professionals, another families with kids. One competitor goes to best and most famous agency but buys the cheapest package and fights any decision, another gets a genius kid at the beginning of his career to create a most brilliant TikTok ad. Etc... > I suggest you look at how advertising works A valuable advice, try following it sometimes.
where does profit come from? Simply trading items in a competitive market will not turn profits.
No profits == no business. Profits in very competitive markets might be low, but you still need them to survive. Walmart is under 6% of profit, but due to the enormous revenue it is still a lot.
I've been an employer. I didn't have any power over my employees. If there was anything they didn't like, they simply stopped coming to work. How was I supposed to make them show up? One embezzled a large amount of money and spent it on drugs. What was I supposed to do about that? He was broke, he couldn't pay the money back. All I could do was tell him to not come back. I've also been employed at minimum wage jobs, and salaried jobs. I never felt the employer had power over me. At my salaried jobs, my coworkers complained about all the power the company had over them. The company had no power over me, so I would ask them what the power was. After some long conversations, the problem was the coworkers spent every dime of their income. So not having a paycheck for a week was a catastrophe. The company, however, was unaware of these issues. I recommend saving up to 6 months of living expenses, and then the employer will have no leverage over you.
A lot of people forget that going hungry is the default state of not doing a thing. The super rich and socially progressive societies redistribute the taxes they levy on the productive people to help the people who can not (elderly, ill) or won't (lazy bastards) work. It might be a better deal for the society as a whole, to offset the cirme that would ensue if there isn't any social net. A lion in the plains of Africa is not entitled to a dinner, the farmer in not entitled to a crop yield. It is super rare that people can't do anything to better themselves and get more for their own skills or execution. Any buisness owner will gladly share a percentage of profit you generate for them if you can show them you're indeed generating such profit. If you're in DPRK or Cuba then you'd need to check your free-market priviledge of having a market for your skills.
 Top