As a greybeard still running Blosxom, I love seeing the resurgence on HN lately around RSS feeds.
My setup:
1. https://feedhq.org/ for syncing between mobile and desktop or reading via web browser. $12/year or grab the source and host it yourself. Easily import/export OPML, so you're in charge of your subscriptions.
3. Inspired by Slow Feeds (recently renamed as Web Subscriber http://zoziapps.ch/web-subscriber-5-0/ ), I added a new "Slow" folder with all of the high-quality, low-frequency feeds. Made my daily reading far more pleasant.
I love seeing the resurgence too. I wish the HN site would give some more love to their RSS options. /rss is OK but I'd like to see a separate feed for everything in /lists and a feed that will allow me to monitor responses to comments, by user or by specific comment, like what /threads?id= shows, so I don't have to constantly rescan that to see if anyone has replied.
Seems nice but, for me, a major benefit of RSS is not having to give out personal information or creating a new account. I've been activley deleting accounts anywhere I find RSS can replace it, like YouTube.
Let me pitch you a different way of doing it. I use TinyTinyRSS https://tt-rss.org/ as a backend to synchronize what I've already read but I don't like the UI so I wrote a desktop app as a front end: https://github.com/jeena/feedthemonkey
I sometimes read my feeds on the phone too, there I just use one of the many apps compatible with TTRSS.
Never tried tt-rss but have tried Freshness and ended up settling on Miniflux as my preferred reader.
Miniflux:
+ Single binary, no Cron jobs
+ Easy to run in a container - nothing is stored to a file - everything in the DB
+ Supports Let's Encrypt out of the box
+ Simple fast UI
+ Fever API support, good readers exist for iOS, less Android (working on that though)
- No web push notifications
- No PubSubHubbub support (though I couldn't make that work with FreshRSS either)
- No maintained Android clients (if in wrong please tell me!)
- Only supports PostgreSQL
FreshRSS:
+ Richer feature set
+ Push notifications
+ PubSubHubbub
+ Android apps, though they aren't perfect
- More moving parts, needs Cron, PHP
- Harder to run in a container
- Web UI is worse on mobile
I just recently started using tt-rss. I use the web version (with the feedly theme) occasionally but usually use it from newsboat. What mobile apps would you recommend?
Why is there a limit at all? When you hash the password, it should be a fixed size no matter the password length. Make sure you're not just storing the password on its own.
I recently discovered that some password hashes take time proportional to the length of the password times the number of rounds. E.g. if bcrypt work factor is set to 16 and you have a 1M byte password then the time is proportional to `1000000 * 2^16`
Why it doesn't first hash the password so it's `1000000 + len(hash) * 2^16` is beyond me, and something a crypto expert will have to answer.
In practice this means that setting an arbitrarily high limit on password size would open you up to a DOS attack via (effectively) quadratic time password hashing.
Thank you for that. Note: the trouble is that if you use a password manager it will create arbitrarily long and very secure passwords for you that _far_ exceed what you would expect for a "normal" limit.
5.1.1.2: "Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length." [1]
I use a common password manager and its max generated password length is 64, so it's in agreement with NIST. That said I am able to manually add characters to increase beyond 64.
Yeah, you should be storing the password hashes in the DB, not the passwords. The hashes are going to be the same length regardless of the password's length.
If you wanted to get real fancy, hash the password once on the client side (reducing it to a known length), then again on the server. You should also be using a per-user salt to prevent a rainbow table from being generated if your DB is leaked.
Your ToS starts off by stating "This agreement is a legal contract between you and us.", but there's no definition of who "us" is, there's no page that I can find identifying who you are or what your registered address is in case of a dispute.
Edit: I'm looking at your web page (I don't have any Apple products, so I can't see what your app has).
Your website is pretty good as is; works well on the phone. Not sure why would I install an app. I particularly like the fact that some of the pay walled stories open up fine within your site (not sure for how long you'd be able to do this - minus the WSJ). The only missing piece sometimes, is the name of the author, if it is an opinion piece.
Note that the default settings of PrivacyBadger breaks your app by not letting load anything outside of the Home feed (clicking on the other feeds just refreshed the Home feed).
In the spirit of not being tracked by someone like Facebook, he means that he doesn't want to be identified by an email and therefore have a possible profile built on him based on what he subscribes, reads, saves, etc.
That's definitely fair, but like the OP is saying, how is that the entire point of using RSS? RSS itself stands for Really Simple Syndication, there's nothing saying that clients can't provide extra convenience and features behind a login/profile. I don't think people use RSS feeds to have more privacy.
I completely agree, which is why I will never use any kind of RSS reader "service".
Instead I use Newsbeuter[1], a great standalone RSS client. It runs completely on my own machine. I don't have to give out my email address to anyone else nor do I have to tell the owners of any service what I read or what my interests are. That's completely my own business.
>> I’m not giving my email address to an RSS reader. Thats kind of the whole point.
> What? How is that 'the whole point' of an RSS reader?
To be able to subscribe to information sources without having to give away any personal data, start getting spammed, etc. Seems especially relevant in light of all the recent (if belated) privacy concerns surrounding social media.
You've missed the point: users should get privacy by default and make choices to preserve their privacy, not have to dodge service requests (like getting another email address) to keep their privacy. The point isn't technical, it's ethical.
Services you should handle yourself on your own computer (like RSS feed reading) can be done for you but when they're done for you they become "Service as a Software Substitute" or "SaaSS" (see https://www.gnu.org/philosophy/who-does-that-server-really-s... for more on that).
A SaaSS RSS feed reader grants others power over what you're allowed to read, when you're allowed to read it, and that choice also empowers others to track you in your reading. If you don't value your privacy you'll lose it and then you'll likely come to regret losing it after it's too late and you've given trackers enough information to predict your habits.
I bookmarked Telescope.surf when it was first announced here.
I've grown to like it a lot. In fact, just this morning I bookmarked on my iPhone too. I like the idea of a "app", but the web site works fine and I don't put many apps on my phone but I'll just keep using it as is in Safari.
It's especially nice since Apple mucked up their "News" app in their last upgrade and I've not used it near as much since.
You can follow http://www.pxlet.com if you don't want to get lost in all the different sources and it comes with bunch of other features. I check this one everyday now.
The initial checkboxes (where you select news sources) are really slow. There's a half second lag for me between touching the screen and seeing the checkbox get checked in the UI.
Are you rendering the checkbox as checked only after a server trip returns?
I'm using rss2email with multiple categories on a dedicated IMAP account + sieve to organize into IMAP folders (using + email separator) and discard / filter topics I don't care about.
It is available in all countries actually. May be your language settings is limiting the app? It’s only in English for now. Or App Store takes time to index the app in all countries. Please check back in that case. Sorry for trouble.
I apologize, it is there. I assumed it wasn't because the search "Telescope" showed some apps ending with "scope", then some astronomy apps and after that a bunch of non-related games. Thanks.
Can you elaborate on that? Currently the social feature I have is that you can upvote the posts and your feed is compiled based on the upvotes it received across the Telescope community.
I would be cautious about adding any features that would lead to trolling, but I think it would be valuable to be able to “follow” my friends and see what article they have read and Think are “valuable”. The only “commenting” I would enable would be private DMs, and Even then I would encourage that to be via email or SMS.
My setup:
1. https://feedhq.org/ for syncing between mobile and desktop or reading via web browser. $12/year or grab the source and host it yourself. Easily import/export OPML, so you're in charge of your subscriptions.
2. http://reederapp.com/ for reading on iOS and macOS
3. Inspired by Slow Feeds (recently renamed as Web Subscriber http://zoziapps.ch/web-subscriber-5-0/ ), I added a new "Slow" folder with all of the high-quality, low-frequency feeds. Made my daily reading far more pleasant.