1. 21

    Waiting for the birth of my first baby, so it’s hard to concentrate on work :)

    Other than that developing beta code redemption flows for our product. Should be interesting.

    1. 4

      May be a bit late for this advice, but it seems to me to be the big difference between being a happy parent and an unhappy one: prepare yourself emotionally for a great harrowing of the self that will last years and may never fully abate. If you go into parenthood expecting to maintain your lifestyle at all, particularly in the first 5 years, you will make yourself miserable with disappointment.

      When my kid was born I fully prepared myself to achieve nothing of value beyond caring for my child for ~2 years and this has proven to be, in some respects, an optimistic projection.

      On the other hand, taking care of my child is literally the only non-alienating work I have ever undertaken beyond purely academic or artistic pursuits. It is a priceless experience but you must accept it as such and expect the rest of your life to make way for it.

      1. 4

        Congrats! All the best for the new family member!

        1. 1

          Congratulations! It will be frightening and the best thing ever at the same time :)

        1. 8

          Choosing a random order is not a good idea, because there is a chance that both possibilities would eventually get inserted, and what would that mean?

          We are just now going into the development of this very feature. And I have a feeling we have not taken this into the consideration. Thank you for saving us hours!

          1. 2

            haha awesome. Please share your experience with the schema that you decide on, later on when you’ve got some.

            1. 2

              You can use a cryptographic operation like the one described in this recent post: https://lobste.rs/s/ousoal/how_play_poker_by_mail_without_trusting

              Basically, there is a single row, single column model too. I don’t think it’s performance would be good for anything but pairwise friend testing. Basically any operation with the commutative property and a wide enough range to avoid collisions works. “Sort them and make them a tuple” is just an intuitive function with the commutative property that implicitly has the range needed.

            1. 2

              I love this. OpenBSD is the epitome of security through simplicity and transparency, and this single-page startup description is exemplary of that fact. If only it were more widely supported on the desktop.

              1. 2

                If only it were more widely supported on the desktop.

                There are amazing people ready to help you get OpenBSD running over at misc(a)openbsd.org. I was able to run OpenBSD on everything I threw it at.

              1. 11

                Can’t we just do all those good things, without getting into the mindset that we might quit or be fired at any time?

                (I don’t think they’re all good things actually, but, in general most points are sensible.)

                “this will make you a better engineer” - maybe, but I don’t think it’s very healthy.

                1. 4

                  I don’t think they’re all good things actually

                  Which ones are not sitting right with you?

                  1. 11

                    Identify and train your replacement. In the same vein as training others, to switch roles you’ll need to replace yourself. Identify who that replacement might be and actively and continuously coach them.

                    I think it’s great to provide training to people around you, and (if they’re interested) then enable people to gain the skills that could be used to replace you, but actively targeting someone as a replacement and treating them that way all the time seems unhealthy.

                    Do not make yourself the point of contact. Establish mailing lists or other forms of communication that can accommodate other people, and then grow those groups. (The exception is when management needs names for accountability.)

                    In general I agree that it’s unwise to volunteer as the contact for too many things, and it’s preferable to use open channels of communication. But as a blanket rule I don’t think it’s good advice.

                    1. 5

                      I think it’s great to provide training to people around you, and (if they’re interested) then enable people to gain the skills that could be used to replace you, but actively targeting someone as a replacement and treating them that way all the time seems unhealthy.

                      I agree.

                      In general I agree that it’s unwise to volunteer as the contact for too many things, and it’s preferable to use open channels of communication. But as a blanket rule I don’t think it’s good advice.

                      When I read that my first thought was instead of having people coming to me about the internal lib I’ve made - make a Slack channel for the lib support.

                      1. 7

                        When I read that my first thought was instead of having people coming to me about the internal lib I’ve made - make a Slack channel for the lib support.

                        Yeah! This seems like a good idea. Keeping communication open and transparent has tons of other benefits: you’re not the single point of failure, other people can find out context around a situation, it fosters a sense of community, people are less likely to become the defacto decision-maker, etc etc.

                        It’s just that having a rule of “I won’t be point of contact unless management specifically ask me to be” feels like a bad attitude to have.

                        1. 2

                          IMHO, if your management asks you to be the point of contact, they may not be good management. Volunteer to set up the group channels of communication, and have a good attitude about it! The problem with being a point of contact is that you can’t go on vacation, etc, without handing off the baton. The handing of the baton creates overhead for the team. Overhead creates drag, which makes the team less effective. I am in the middle of leaving my current position, and I try to follow most of the rules in the the linked article. The things that are painful, are the places where those rules were not followed. Also, it’s my understanding that if you ever have to do ISO27001, it will help to have responsibilities delegated to roles instead of individual points-of-contact.

                1. 9

                  I never use code completion. If the editor provides it, I disable it.

                  Having worked on large code bases (500k+ loc) with a lot of models (20-30) I can’t imagine life with a good quality language server…

                  I’m not sure if I envy the author or if I’m afraid of them.

                  1. 5

                    It’s most likely they use tools like grep and find which easily work with any language, but yes, LSPs are significantly changing the usefulness of autocompletion.

                    1. 2

                      This is very true, and built tooling around it. My largest codebase was 10mm lines of code written in a Mainframe language, that couldn’t leave the clients hardware; so we wrote some simple tooling to help with finding things, and basically built a map around things.

                      Whilst I still don’t use an editor that provides those sorts of things, I do use tools like ssadump or go guru to help give me the lay of the land

                    2. 1

                      Having worked on large code bases

                      Having worked on small code bases I can’t imagine how much I’d have to be offered to agree to work on a codebase over 100kloc.

                    1. 41

                      I self host Bitwarden. Before that we’ve been thru Enpass and 1Password but nothing felt as secure. Just be sure to back up data regularly in either case!

                      The reason for going down self hosted solution was primarily privacy. The only drawback is that we can’t snyc without VPN (which we do not mind at all).

                      1. 7

                        I use pass as my standard password manger, but I’m thinking about switching to bitwarden, largely so that I can access passwords on my phone. I’m actually currently running self-hosted bitwarden-rs myself, although my instance only has a single test password in it so far. The main thing I’m concerned about is having access to my passwords if my self-hosted webserver goes down for whatever reason. I haven’t figured out if bitwarden-rs provides a convenient way to do this .

                        1. 8

                          I use bitwarden-rs. I have found that you generally have access to passwords on already-sync’d clients if the server is down. Sometimes, either due to elapsed time, or because the client has tried some operation that requires access to the server, the client will insist on a connection to the server before it will proceed. I haven’t yet cared enough to run this down; my existing clients are give access just fine for short server outages, and that’s the case I care about. (i.e. I never have to go fix a server in order to log in to something. I have had to go fix a server in order to set up a new browser, as you might expect.)

                          1. 6

                            If you’d like to stick with pass, you might want to take a look at the apps. For me, using the Android app with Syncthing is working very well. I especially like it because I only sync a subset of my passwords which are on the “phone” directory, these are configured to be encrypted with my GPG key as well as another created specifically for my phone.

                            This adds the syncthing dependency, which I didn’t mind because I was using it already for other data, so it was very easy to configure. However, you can also synchronize using Git (at least on Android).

                            1. 8

                              I use pass + git + GPG on my computers and Password Store (git built-in) + OpenKeychain on Android. The git repository is served from my server at home. No need for Syncthing, but in order to update any passwords I require being on my home network, however that is infrequent.

                              1. 3

                                You can use Syncthing in combination with git, by replacing the .git directory with a .git file with contents gitdir: /path/to/.git. Then the git index will be excluded from Syncthing sync. You get the best of both worlds.

                                1. 1

                                  I use syncthing to sync my bare git repos, and push to them from other folders on my macbine. Works pretty well.

                            2. 2

                              I don’t have access to home network/VPN on my laptop for at least 8 hours a day and no issues so far. Just note that you can’t save new passwords without a connection.

                              1. 1

                                I use VPN for editing. Access is OK with a cached version.

                            1. 1

                              Amazing, thank you for sharing.

                              1. 1

                                If I’m already running Nginx would it be enough to use this file? https://github.com/signalapp/Signal-TLS-Proxy/blob/master/data/nginx-relay/nginx.conf

                                1. 2

                                  A lot of stuff

                                  Wrote about it here https://0x7f.dev/infra.html but some parts changed since then.

                                  1. 2

                                    Looking forward trying Echo more. I’m still building/rebuilding a small utility to connect Spotify and Slack status.

                                    Also looking forward to stroller and car seat shopping!

                                    1. 1

                                      As an interested non-Go-user, could someone tell me what this offers that pkg.go.dev doesn’t? Forking and continuing an existing codebase that’s being put down by its original developers? Offering a third-party version of a service that isn’t controlled by Google? Something else?

                                      1. 5

                                        All of those. It’s also simpler and lighter weight than pkg.go.dev, and gives people a non-Google route to contribute (i.e. no CLA). The codebase is also cleaner and easier to deploy yourself, for example on an intranet, than pkg.go.dev is, and even more so than the original godoc.org codebase after our efforts to clean it up.

                                        1. 1

                                          and gives people a non-Google route to contribute (i.e. no CLA)

                                          Thank you so much for this.

                                        2. 5

                                          Compare https://pkg.go.dev/github.com/BurntSushi/xgbutil vs https://godocs.io/github.com/BurntSushi/xgbutil

                                          One has docs. The other doesn’t.

                                          (This is not an invitation to discuss licensing choices.)

                                        1. 1

                                          Starting on new features, and completing my documentation for old ones. Work is nice these days.

                                          On personal front I have to investigate why some of my containers go dead every few days and I’ll play with golang more. I’m making a service to connect your Slack status to Spotify.

                                          1. 1

                                            Rest in go is generally very easy and enjoyable. But if you haven’t already check out gin-gonic.

                                            1. 2

                                              Yes to that, it’s quite easy to start on with REST in go.Gin is great, but it lacks documentation, it does have a ton of examples. I personally prefer Echo or Mux for REST APIs.

                                              1. 1

                                                Echo looks amazing, thank you.

                                            1. 1

                                              The easiest way to handle free services is to offer a more capable paid service alongside it.

                                              This resonates with me. The more I use a service the more I want to pay for it and support. Migadu is a very good example of providing a good paid decentralized* email solution, they have an almost free account that is mostly paid by users using the platform for more mission critical stuff.

                                              1. 2

                                                When I was a young adult I acquired Adobe products on the high seas for several years but once I had an industry job I gladly paid for it.

                                                In today’s climate, it seems (the royal) we have forgotten the purchasing power of people. Why is “free” with caveats the norm? I think if a company can be successful without VC-influence, go for it.

                                                Also, Migadu looks like a great service, thanks for sharing!

                                              1. 6

                                                If folks are interested in this, a researcher from Trend Micro presented last year in Miami at S4 on a high fidelity, high interaction factory honeypot. There’s both a short intro video (about two minutes) and the full talk available online. I won’t spoil the results, but suffice it to say, they had some interest!

                                                1. 2

                                                  Great talk, thanks for the link.

                                                1. 3

                                                  desk

                                                  More or less standard setup:

                                                  • Dell XPS 13 running Windows 10 + WSL openSUSE 15.2
                                                  • Dell 27” monitor
                                                  • Pok3r keyboard (waiting on Anne Pro 2 so I can go full BT)
                                                  • Logitech MX Ergo
                                                  1. 3

                                                    Fiction: Snow by Orhan Pamuk

                                                    Non-fiction (non-technical): The Danish Way of Parenting by Jessica Joelle Alexander and iben Sandahl

                                                    Non-fiction (technical): Absolute FreeBSD by Michael W. Lucas

                                                    1. 2

                                                      Each package manager adds a layer of convenience. (…) But each layer here adds an element of required trust.

                                                      This fact is something that all developers and devops people should be aware of. The length that the author needed to go in order to verify just the top layer of everything is astronomically expensive.

                                                      1. 5

                                                        This is awesome but I noticed an error https://gist.github.com/prologic/5f6afe9c1b98016ca278f4d507e65510#structs here.

                                                        As far as I know, you can’t use : in structs https://golang.org/ref/spec#Struct_types

                                                        1. 6

                                                          Also typo in: func (a *Account) Dsposit.


                                                          The “Arrays and slices” section mixes up the two a bit; this is fine for colloquial usage (I do it all the time), but probably not a good idea for an introduction to Go. For example:

                                                          Arrays are created with [T]like this:
                                                          
                                                          var xs []int = []int{1, 2, 3, 4}
                                                          

                                                          This creates a slice, rather than an array. Okay, it also creates an array, but you don’t have access to that: just the slice. To create an array you’d use xs := [...]int{1, 2, 3, 4} or [4]int{1, 2, 3, 4}. Those []int and var are pretty superfluous by the way: xs := []int{1, 2, 3, 4} does the same.

                                                          It mentions that “Arrays can also be created and appended to”, but this isn’t the case: arrays are always fixed-length. You can append to slices, but this doesn’t really “grow” anything: it just increases the slice’s len and sets that value. If the array underlying a slice runs out of space (cap) then Go will allocate a new array (rather than resize the array).

                                                          There are a bunch of articles on the ‘net that go in to more details on this. It’s also interesting to look at the source for append(), which is pretty easy to follow.

                                                          Personally I’d probably just omit arrays entirely and mention just slices for such a short “learn in 5 minutes” introduction. There are some use cases for using arrays directly, but in the overwhelming majority of cases you’re dealing with slices.


                                                          Another thing I noticed is that there’s quite a lot of superfluous use of var; most of the time := and = should be fine, and var is only really needed in some cases (i.e. nil map or slice). I’ve seen a number of people new to Go (especially those used to JavaScript) use stuff like var x int = 1 because they read about var and think it’s needed like in JS. It’s another thing I would personally omit, or mention only as a footnote and not use in the rest of the article. The less there is to remember, the better.

                                                          1. 2

                                                            Thank you! These are all really good points! I write a lot of Go myself and very rarely use var, and you are right you almost never create arrays directly, mostly slices. I’m not sure how to rework that section yet, but I will have a think about it and rewrite it tonight (AEST) after work.

                                                            I also fixed up a few errors (things done mostly by hand) where I rushed this a bit (probably a bit too much).

                                                        1. 2

                                                          Integrating Twitch social login on our platform. They have amazing dev support on Discord. Very impressive.