Hacker News new | past | comments | ask | show | jobs | submit | andyjpb's comments login

I've longed for a window manager that can assign different virtual desktops to different screens. Of course, there are compositing, scaling and resolution issues to overcome, but it'd be really neat to have a palette of virtual desktops that could be called up on whichever monitor was most convenient.

...and it'd make screen mirroring during presentations a breeze!


Maybe I'm not understanding what you want exactly, but it sounds like what i3 and Sway already do. Workspaces are created as needed and are specific to that monitor, so if workspace 3 is on the right monitor, you can jump to it with super-3 even if you're on the left monitor. You'd be looking at workspace 3 on the right monitor plus another workspace like 1 or 2 on the left. Each monitor displays a separate workspace which can be changed without affecting the other.

You can also define rules in the config so that certain programs will open in certain workspaces every time, and you can move the whole workspace to the other monitor (not a default keybind iirc) if desired. Good in a portrait+landscape monitor setup for if you need your browser to be wider for a little bit.


Being able to select desktops/workspaces per screen is half the solution.

The other half is allowing the selection to come from a pool of desktops/workspaces common to all screens. i.e. the opposite of what i3 and Sway do.

So given desktops/workspaces a, b and c and screens 1 and 2, the following combinations are possible:

1: a; 2: b

1: a; 2: a

1: c; 2: a

...


You can absolutely do this in i3 or sway. There aren't default keybindings for doing it, but it is easy to set up your own. I set $mod+equals to 'move workspace to output up' in i3 (or something like that -- I'm not on that machine to check). This works for me since I set up my external display to be above the laptop screen, so it effectively means 'move this workspace to the other output'. You could also specify a specific output to move to, or change what the direction is.


That's not quite what's being asked for. I think it's more like super+1 for "move workspace 1 to the current monitor". I haven't quite figured out how to do that in sway, although I'm pretty new with it.


In my scheme that move is just two key combos away, which seems fine to me, especially since it is rarely what I want. You could make it one key combo if you want, too, in a script if not in a single line.


I used to do stuff like this back in the day with Fvwm2, but less at the desktop level and more at the application level. You can set applications (windows really, and by title or id) to either be sticky to desktop or screen, etc. I had my mail client follow me no matter the virtual desktop I was on, but let other windows be anchored to the virtual desktop.

Honestly, I often miss Fvwm2 and my config in its power and simplicity, but Windows long ago became "good enough" and since the heavy apps I really care about (mail client, browser, maybe an IDE if I'm not using vim for the project) are cross platform (which they all are), as long as there's a good SSH client I'm good, and Windows Terminal plus built in OpenSSH shipped with windows works fairly well.


I basically want to have real multi user. I want my dev/project to be an isolated user, also bc of software supply chain security. I want to map it to a (virtual) screen. I want to be able to share the clipboard.

I think the closest is running multiple OS X/Linux in VMs


You could also achieve this with pure X server and several system users: X controls your display and inputs (kb/mouse), and you let different X clients from different system users display on that server (eg. set the DISPLAY env var properly, configure X server permissions with xhost utility).

Then, you use a configurable tiling manager to control which windows go where (I am sure you can even go by the user somehow, but maybe you'll need to "decorate" the client run with an env var too).


what i do for work is very close to what you want and its pretty easy to achieve with using lightdm and the dm-tool with the add-nested-seat command. It will start a new Xephyr X server local to your current user and attach the session manager to it. from there you just login and have the second user session in a window just like you wanted... however, i did not get clipboard sharing to work but i actually like this extra bit of isolation.... its not even hackish and performance is exactly as native because it is... its a bit harder to get sound working concurrently, but not impossible, although i never really tried. However, i use pipewires pulseaudio interface to stream audio to a remote AV receiver in the room and this should work fine in the second user session too, although as said i never bothered to try...


Sway has multiseat, maybe it would be a match for your use-case, check manual for sway-input.


Check out Total Spaces (https://totalspaces.binaryage.com/) for Mac. I use this with dual monitors and love that each monitor can have its own virtual desktop.

I have my left monitor as a communications hub. It has only one virtual screen. I also keep my browser there.

I have a 3x3 grid on the right hand monitor.


That won’t work. I just want separation. Between applications. I can run multiple instances of chrome, but the is has trouble figuring out where to put what.

I’ve tried routing VNC though an ssh tunnel (doesn’t accept connection to localhost), but it’s all pretty shit.

And I really don’t like carrying 2 MacBooks around


i3* does that. You specify a set of workspaces and their screens. Personally I go a step further and set programs to specific workspaces as well.

This works really nice with a docked/undocked setup. When the additional monitors are disconnected, all workspaces move to the main(laptop) display.

eg, I have workspaces 1,2,5,9 on monitor 1 and screens 3,4,6,7,8,10 on monitor 2. When undocked all 10 workspaces move to the laptop screen.

* https://i3wm.org


That's exactly how xmonad works


I don’t think you can have the same desktop on both screens, but otherwise herbstluftwm allows this.

Also monitors are virtual so you can have multiple virtual monitors on one physical monitor. I want to one day try this with a 4K tv to have multiple monitor layouts.


If using windows, Ultramon works very well,

It also works well within virtual pc's and licensing is per machine so you can use it on multiple virtual pc's at the same time as the main host, so you can multiple virtual pc's running, subject to hw abilities, and it works instantly and seemlessly, also high customisable and you can do your own commands to work with things like nVidia's mosaic.

https://www.realtimesoft.com/ultramon/

If you have the professional line of nVidia graphics cards aka Quadro, nVidia do a command line tool for configuring a multi monitoring system upto 16 4K monitors, so you can do things like tv walls or special effects in a theme park, or just fancy desktop setups for city traders or coders. https://www.nvidia.com/en-us/design-visualization/solutions/... https://www.nvidia.com/en-gb/drivers/mosaic-utility/

I cant remember if it also does tilting like that described in this post or not, but you can certainly do a lot with mosaic run it all from shortcuts so you can instantly switch to different resolutions and layouts and the shortcuts can be used in Ultramon, for seamless operations, ie switch between 2 physical monitors and 3 monitors, all called from within ultramon. Ultramon then detects the physical monitor changes and acts accordingly.

If you are looking for a nice 3 monitor setup, I can recommended this, the Ergotron HX triple box with the HX desk mounted floating arm. https://www.ergotron.com/en-gb/products/product-details/98-0... https://www.ergotron.com/en-gb/products/product-details/45-4...

You can spend hours in front of one these, get perfectly comfortable without taking up your desk space as it clamps to the back of your desk, and when you have to do paperwork, you can push the monitors to the back of the desk.

However this gaming chair manufacturer has caught my eye, like this one, https://allimperatorworks.com/scorpion-gaming-chair-setup/

but if they ever added some batteries and motors so it can drive around, I'd get one of these for my mobile solution as it can still do 3 monitors. :-) https://allimperatorworks.com/product/iw-j20-pro/


Hi,

This reply is a bit late because someone pointed me at it and suggested it was worth answering. ...so I hope that this is useful!

I have experience using Chicken Scheme in production both on knodium.com and registers.app

Both times it has gone well.

There's an HTTP implementation ( https://api.call-cc.org/5/doc/intarweb ), a webserver (https://api.call-cc.org/5/doc/spiffy that supports SSL) and an HTTP client ( https://api.call-cc.org/5/doc/http-client ). There's also an "app server" that tries to be like other app servers you might already know ( https://api.call-cc.org/5/doc/awful ).

We had to write a lot of our own stuff but it fits fairly neatly into the scheme-way of doing things: you can get a remarkable amount done with just a few simple lines of code.

I'd probably want to write about as much in any other language as a lot of what we built were domain level abstractions.

Knodium is now long gone but there's a video of what it looked like here: https://www.youtube.com/watch?v=gOPuWi-dbQg

We had a very talented web designer and we also built a "Widgets and forms" toolkit. I gave a talk at FrOSCon quite early in the development and it was saved for posterity: https://media.ccc.de/v/c116_lisp_-_2013-08-25_11:15_-_buildi... The first few minutes of audio are broken but it sorts itself out.

I built a bunch of things along the way and released as many of them as I could as open source: http://wiki.call-cc.org/users/andyjpb

We're currently doing https://registers.app with a similar stack so I'd be pleased to talk more if anyone has any questions.


I can't find any docs other than what's on the page but my reading suggests that the idea is that you can get/set values "in-band" using a regular lookup query to a resolver rather than the nsupdate style that you'd normally use to remotely configure zones.


There is still Hesiod support in GlibC / NSS, etc on most modern systems. When put together with Kerberos it's a nice way to provision auth on lots of machines automatically.

It's nice to have a dedicated and restricted resolver config so that the zone visibility can be restricted but that makes deployment a little more complex.


Encryption only helps if you can guarantee that your attacker can't get access to the layer below where the runtime decrypts things.

A cloud hack like the parent poster talks about assumes that you get access to the hypervisor layer and can look at the RAM of the guest machines.

This is not inconceivable. Rather, it seems quite reasonable given the complexity of hypervisors and the prevalence of CPU architecture bugs that makes these attacks easier.


can look at the RAM of the guest machines

This is what https://en.wikichip.org/wiki/x86/sme is for


If you have hypervisor access you can simply ask the guest to read the memory for you.


Mutually Assured Destruction relies on the victim knowing that they've been destroyed.

Lots of these so-called "Cyber weapons" are operated by actors who are very effective at leaving no trace.

It's been in the background before but in the reports about this SolarWinds issue the "leaves no trace" angle is starting to be emphasised much more.

Not knowing if or what has been compromised means that the attacker can choose when or how to use the information they obtained and the victim will be surprised, even a long time down the line.


I think this outlook is very much part of the reason that Britons are worried about Facebook's move to Californian terms.

In the UK we do have very well established "Consumer Law" which is there explicitly to protect the consumer and recognises that they are often not otherwise in a powerful position.

The most relevant stuff for Facebook is the data protection stuff, but another example, relevant to other online transactions, is the Distance Selling Regulations ( https://www.gov.uk/online-and-distance-selling-for-businesse... ). This gives the customer the right to cancel, without a reason, for up to 14 days after the goods are delivered. If the business doesn't explicitly tell you this then your right to cancel is extended to 12 months.


This will allow your program to be used as a vector to attack the things your program depends on.

It's true that those bits of eMail infrastructure are probably more robust but it's still strictly bad practice.

Even if you're "just" storing it in your database, you should sanitise it on the way in so that when someone does something "unexpected" with it, such as display it in a web browser UI, you're not going to suffer from injection attacks there either.


Relying on sanitization is bad practice. Your systems should work properly and securely even if every text field in your database is filled with Robert'); DROP TABLE Students;-- or <script>alert(document.cookie)</script> - if displaying them in web UI leads to an injection or XSS, then the web UI code is horribly broken and needs to be fixed, input sanitization is at best a temporary workaround.


You're not strictly wrong...

But what I'm trying to say is that what's in your database should be well defined. You shouldn't just put any old stuff in there. You should have a standard for exactly how everything is escaped (or not) so that your consumers have a spec to work to.

You'd do the same with, say, character encodings. One option is to convert everything to a single character set on the way in, such as UTF-8. Another option is to annotate everything with the character set it uses. You must chose one.

Relying on adhoc code spread across the codebase for the security properties of untrusted data leads to whack-a-mole security situations.

Being able to trust the data in your database is essential.

Note, that absolutely doesn't mean things like "Robert'); DROP TABLE Students;--" shouldn't appear in database fields.

It just means that if you define the type of a field to be "eMail address" then consumers of it really should be able to trust that it really is a legitimate and valid eMail address. What does "valid" mean in this context? Well, that's up to your spec. Perhaps just "legally structured". Perhaps "something that eMail can actually be delivered to". Perhaps "something that is known and assured to actually be associated with this particular user".

...but you must be explicit otherwise consumers have nothing to work from and you're building castles on the sand.


Yes!

http://wiki.call-cc.org/eggref/4/email-address

https://bitbucket.org/knodium/email-address/src/master/email...

It's a fair few lines of code but most of it comes directly from the RFC. It's also longer than it could be because it covers the entire RFC822 syntax, including groups, lists, routes, comments and To: header styles.


Facebook don't "sell ads". Well, literally, they do.

...but the product they're actually offering is "behaviour".

They sell access to the levers to influence behaviour.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: