The idea that this is was "just a packaging bug" is damage control by Bitwarden. It was a deliberate change, per the CTO's comment on https://github.com/bitwarden/sdk/issues/898 and elsewhere. They slowly worked their way towards adding this SDK dependency to every client, and the SDK was intentionally not open-source. The public outrage is the only reason Bitwarden is GPLv3 again.
Yeah - they've always used an open-core licensing model with like a few features (used only by business users/applications) behind a proprietary license. They just ended up mixing the code in a way such that the (theoretically open-source) app ended up having some utility functions for the business version mixed in. Since the client apps don't use that functionality, they split the repository so that you can build the app without using any proprietary code.
Since Dec wraps around to Jan, you can fold the left and right to make a tube.
Since 23:59 wraps to 00:00 you can fold the top and bottom of the tube, making a torus (a donut).
For a fixed lat/long, each point on the torus corresponds to the sunlight observed at a particular time throughout the year. Why bother with a torus? The shape itself embeds the continuity of time across days/years that is otherwise left implicit in the typical 2D plot.
I've wanted to plot this in 3D or have it printed on a ring, but never got round to it.
There's two toruses in the clip, one with the daylight on the inside, one with the daylight on the outside.
One thought I had while making this is that you could visualize multiple years, or even someone's whole life, as a string winding a long spiraling path down the length of a helix.
It'd also be nice if the colour was not just day/night, but the actual predicted daylight at the time of day, which would result in a continuously changing colour.
This is disappointing. I use gopass for my personal passwords, but had moved family passwords to Bitwarden, and selected that hosted provide becauser it was open source.
I will continue to vote with my wallet, with other open-first solutions like ente and etesync.
Part of why I do this is so that if the company changes direction, the community can potentially fill in.
With the momentum behind vaultgarden, maybe open clients will flourish too.
In spite of its wider adoption issues, it's valuable for my personal infrastructure: each of my services/machine has an IPv6 globally routable address.
Why bother, when I could just do TLS SNI reverse proxying via nginx?
* Some services don't use TLS, or even TCP.
* A reverse proxy is yet another intermediary in the chain.
* Plain IPv6 routing is simpler than reverse proxying, and I already need a network layer anyway.
There are downsides:
* some software doesn't support IPv6. I haven't experienced this on the Linux servers I run.
* If I'm in another country then I often don't have IPv6 connectivity. In this case I use any VPN that offers IPv6 (and have one available via my home, via Wireguard).
* Learning IPv6 takes time, but not much. It's one-off. It's not more complex than IPv4, but it is different. If anything, it's simpler. (SLAAC rather than DHCPv4; IP reachability rather than NAT/port forwarding).
The "n" obscures the notional reference to "lua". "Lua" is two syllables, but "luan" is just one. The name makes me think 乱, not an element you'd want to include in the name of most projects.
> This seems like such a contrived scenario with a solution that only works for gov uk sites. Why not teach users how to switch or close tabs with keyboard shortcuts?
+1. "Close tab" is more robust, well-supported and well-known.
It seems more likely a user will load an inoccuous page as a decoy, than learn triple-shift is a quick exit.
Still, interesting read, to hear the reasoning. Would like to see empirical evidence/user testing.
I understand the happy case. When it works, great.
My critiques were on the sad cases:
* Presses <Ctrl><Ctrl><Ctrl>. Wait why isnt this working? Too late.
* Presses <Shift><Shift><Shift> on another sensitive site that doesn't implement this. Too late.
* Presses <Shift><Shift><Shift> on a poorly supported browser, or after the functionality is removed, or after it conflicts with OS-level (it might not today, but who knows about future OS updates)
Absolutely. This would solve the above problems, plus any problems involving JavaScript bugs that would render the whole thing inactive. Just a shortcut to go to the root of the site seems appropriate. Or maybe sites could configure themselves for a "safe site" equivalent if their whole content is a risk.
Either the abuser walked in while the person was still on the page with the big red button or not. It is not faster to press the big red button or shift 3 times than it is to close a tab.
Surely Ctrl+W (with a 2nd decoy tab already there and at BBC Weather) is 10x faster than finding and clicking a button on the page you're reading?
EDIT: another issue with the Exit This Page as implemented on eg https://www.camden.gov.uk/planning-to-leave-an-abuser - if you open it in a private browsing session, and click it, it sends you to Google, but of course there the first thing you get is the massive cookies pop-up. So wouldn't that be a bit of a red flag to whoever just walked in? :/
Or, perhaps even more likely, abuser stealthily enters the room and silently observes the victim to try to extract more damning information before admonishing (or rather, attacking) them.
I think the point is learning to have two tabs open, one incognito, will work everywhere for all resources, whereas this bespoke interaction needs to be memorised just for this websites.
> I think the point is learning to have two tabs open, one incognito, will work everywhere for all resources, whereas this bespoke interaction needs to be memorised just for this websites.
No, it’s telling people how they should behave, as you can see. It makes no attempt to step into the shoes of the user.
It wouldn't be the desktop, would it? Wouldn't it be an 'empty' browser window? Still just as suspicious, of course, but I wonder if some/all browsers do something special in that case—e.g. default to the home page. They certainly could, as could a plugin.
Chrome closes the window on the last tab. It's splitting hairs, however. As you said, it's still raises suspicion which, to a person in a domestic violence situation, is not what they want.
I don't have a lot of context on the issue.
Is it clear it was just a packaging bug, rather than a move towards partially proprietary?