• 1 Post
  • 159 Comments
Joined 2 年前
cake
Cake day: 2024年3月28日

help-circle


  • Whoa. Thanks a lot for the in depth explanation! I really appreciate it. I do come from a time when HTML didn’t even have a semantic tag and CSS was still having difficulty of styling combo box across browser. Good ol times of PHP “SSR” as the modern development calls it. I moved to more backend development stuff with occasional hardware/firmware so that’s why I am so rusty when it comes to web front end stuff. However, I am now opening my own company and I want to understand the technology that I will actually use even if I will hand it off to a front end person eventually.


  • Thanks a lot. One follow up tho if I may. How do you determine the markup and styling if the layout changes significantly from browser to desktop? Do you ship 2 different versions of the HTML and style them accordingly? My struggle is often about how to make the HTML and CSS so I don’t repeat anything if possible. One example is having a list of navigation links in HTML once should be enough and show correctly on desktop and mobile via CSS only. But that is how a lot of UI frameworks usually do it. They have 2 different navigation markup. One for mobile as a drawer and one for desktop as a navbar. Only one is active at a time. The navigation link list is usually defined as a JS object but I don’t feel like that’s the way to do it properly.


  • Woah, that’s very generous of you. I have a question tho. I have a dual screen setup. What is in your opinion the best DX to develop for both mobile and desktop at the same time? My current approach is having an editor + docs + devtool on one screen, the website on the other with full screen. When I need to check how it looks on mobile I turn on the mobile mode thingy but I always felt it is kinda jank













  • Sure reviewing changes is easy. But the problem is that it is still a review. You need to have an understanding of what exactly is being done and to account for any oddities that may or may not be because of the quirks of upstream. That’s why I mentioned that AUR trust models should be made like pacman for most helper. We trust the maintainer of Arch so why can’t we trust other people too? Take PPA, the trust model is exactly that. You trust the maintainer. At the very least make it an option that you can choose on first run


  • All of that wouldn’t have any effect if the aur helper mimics the model of pacman. Trust the maintainer, not the build script. By requiring users to review PKGBUILD every time it changes, it encourages laziness. But by requiring the review only once then trusting the maintainer, it helps a lot because the only way an attack can be done is directly attacking infrastructure (pushing malicious script bypassing the auth) or hacking the account (author turning malicious). Both of those are hard with a properly configured system or not worth it because it requires a long game (like those of xz attack)