Fwiw I think this is the right approach. The trade-off between stability across OS updates vs tracking performance is a no-brainer for me - the absolute last thing that I would want is a deluge of bug reports with no other information than "it stopped working" when Apple pushes out an update
As a developer I would interpret that as "try it in the new OS and you will immediately see what is wrong so there is no reason for me to write a tedious and unnecessary message to you".
Very nice idea, thank you for developing it. With an M1 iMac, though the window border lags the position of the window quite a lot if you drag it around, so probably not usable for me.
Some lag is probably going to be unavoidable with a third-party app. The only way to have perfect synchronization of window dragging/resizing and the border is for macOS to implement this as a first-party feature.
Good sleuthing, but the missing port number is simpler than that. I just blacked it out of the screenshot. I know very well that running sshd on a non-standard port has no benefits security-wise, but it does lessen the length of my log files from dumb script kiddies. I redacted the port in the screenshot for that reason.
>I know very well that running sshd on a non-standard port has no benefits security-wise
I don't know if Mac OS is different but on other unices ports above 1024 are not privileged, meaning that anybody can bind them. Now it increases the attack surface only a tiny bit (you have to have your sshd offline, and the attacker have local access, and them bind a fake sshd to your port in order to MitM. And even then they won't be able to spoof the server key unless it's not chmoded correctly).
Still, better safe than sorry IMO, I also use a non-standard sshd port but I keep it in the low range. In my experience it's more than sufficient to get rid of 99% of dumb attacks that generally don't bother looking beyond port 22.
I think using a non-standard port is a good layer of security, among other layers.
My personal suggestion though is to use 1022 because it's below 1024. This means only root is allowed to bind to it. Preventing possible connection jacking attacks if an attacker is able to crash your own server and run theirs to harvest your passwords.
Have you tried running ssh in lldb/gdb and dumping a stacktrace when it hangs? Might have to copy the ssh binary to a temp dir to avoid SIP denying ptrace.
The verbose output didn't seem to point out the exact system call or libc call that got stuck. A lldb/gdb bt stacktrace could pinpoint what's hanging (for example, some people mentioned parsing /etc/services). I don't think this has been resolved yet?
Yeah, it's a $5/month DigitalOcean box with only my blog on it and nothing else. All assets come off a CDN and Varnish is sitting in front of WP, but looks like that still wasn't enough this time. It worked fine for my previous two HN'ings earlier this year.
I wouldn’t trip at all. There are great folks on HN, and you can tell from comments who are the sour ones just because. I personally enjoy reading your posts. I worked at Apple for a long time, loved it. I still use their products and want to understand what bugs exist. I use SSH daily for many things.
The post was excellent, I’ve been locked away from Catalina updates now that my work mac is my primary Mac so I like keeping abreast of all the little gotchas I might be hitting. And it’s a great debugging chain for something that is truly weird. Sorry you’ve had bad past experiences here, the quote gave me quite a chuckle
Hey, not sure if this is a side-effect of you taking this post down but I was interested in reading another of your posts about B2 vs S3 Glacier and am getting "Error establishing a database connection".
One important thing to always remember is that unless someone posted their article to Hacker News themselves they might have had absolutely no expectation that a huge audience was about to descend and dissect everything they wrote. They might have just been talking off the cuff, mentally noodling around or even just using the process of writing stuff down as a means to sort their thoughts. Far too often HN commenters work from the assumption that an author is intending to make A Big Point and very uncharitably deconstruct every sentence the author wrote.
It's only a matter of time before we see a reply along the lines of "OBVIOUSLY 10.15.4 did NOT break SSH, the author just didn't do X Y and Z to fix a very OBVIOUS mistake in their SSH config".
> Why would you take down the post as it’s probably useful to others?
More broadly, Tyler doesn't owe the world anything in this regard. If he wants to post it, cool. If he wants to remove it, cool.
This is so true, I wish I could upvote this twice. I've been on the receiving end of this too, where something I wrote in the moment without much thought ended up at the top of HN with a whole lot of criticism.
OP here. I think we're aiming for the same thing - though with slightly different priorities.
Of your list of minimums that DefaultApp omits:
Not every app adheres to a Document-based pattern. The apps I personally build typically fall into a "shoebox" style where explicit documents aren't used.
And there are other data layers than CoreData, which is why I didn't add that - especially since even with CoreData everyone has their own favorite library/framework. So that's easy enough to drop-in for those who want it. (That said: probably 95% of the apps I write use CoreData, so )
A customized NSToolbar would be great, but, again, there are so many implementations out there, which one would you pick that would satisfy the majority of apps/developers?
Anyway, like the accompanying blog post says, this project is "highly opinionated". It's just what I've cobbled together over the years. I'm not going to die on a hill for any of my particular choices. Do what works best for you.
OP here. I never installed Catalina (or any recent beta software in years) on my primary machine that I get work done on. My Catalina testing this Summer was explicitly kept to an old laptop and virtual machines.
My "simpler" comment was about my mistake in signing into iCloud on those test devices. I learned my lesson and either stayed logged out or used a test iCloud account for the rest of the Summer.
And, overall, my post and comments in general are about running Catalina now that it's publicly released. Not about issues I experienced as a beta user.
sigh I switched back to WordPress literally five days ago and haven't yet gotten around to installing a caching plugin. My bad. I've turned Cloudflare caching on in the meantime.
Been running WP for god knows how long for my personal site, while my company website is built with Jekyll.
In June I migrated to Ghost simply to try it and learn more about Node. It was _fine_, but never really fit my mental model of how a blog should operate or a web app should be structured. For better or worse, I'm an ex-Yahoo and a PHP guy through and through.
