1. 5

    There was an update to this work in 2012.

    1. 2

      A small UX suggestion: please let me type out the values for memory/cpu.

      1. 1

        Noted. Thanks for sharing

        1. 1

          This. f*ck’n sliders.

          Really great web page, thank you!

        1. 38

          I would like a CalDav protocol which isn’t tied to WebDav.

          1. 3

            Same, now that you mention it.

            1. 2

              Please! This would be fantastic!

              1. 9

                Not exactly what you’re asking for, but have you seen the JMAP protocol?

                https://datatracker.ietf.org/doc/html/draft-ietf-jmap-calendars

              2. 1

                Without XML and one that everbody complies with too :)

                1. 2

                  For access rights, I would strongly suggest converting everything over to SAML. If you have GSuite, you already have a SAML IDP included in your purchase.

                  For everything else, I would set up a shared spreadsheet with finance/accounts receivable. It’s also worth starting a shared drive between ops, legal and finance where you keep all of the executed contracts. When you need them, its really important they are quickly located.

                  1. 1

                    Great advice - thanks!

                  1. 3

                    The worst part of gRPC is its crappy protobuf notation. This tool doesn’t address anything about that.

                    I’m wondering why I got banned when I tried to promote another RPC tool with a throwaway account.

                    1. 24

                      I’m wondering why I got banned when I tried to promote another RPC tool with a throwaway account.

                      Sockpuppeting on Lobsters is heavily frowned upon.

                      1. 13

                        promote … with a throwaway account.

                        That. Don’t use throwaway accounts and shill projects.

                        1. 4

                          Do you mean the service definitions being .proto files? If so, DRPC has a very modular design, and all of the functionality is implemented by referring to only the interfaces defined in the main module. Because of that, you can effectively manually write out the code generated glue, or generate it in some other way. Here’s an example of that: https://play.golang.org/p/JQcS2A9S8QX

                          1. 1

                            I’m wondering why I got banned when I tried to promote another RPC tool with a throwaway account.

                            Which tool were you trying to promote?

                            1. 6

                              He got banned again so we may never know

                              1. 13

                                Who thinks it’s a good idea to tell everybody they’re a spammer?

                                1. 2

                                  Growth hackers.

                              2. 4

                                The moderation log answers your question, fwiw.

                                1. 4

                                  You can check the moderation log for timestamp 2021-04-17 12:40 -0500

                                  1. 1

                                    click through to their username, which includes a ban reason.

                                1. 1

                                  What parts of the UI are running Elm? Having been a customer, it would be really nice to get an understanding of how Elm is driving the experience.

                                  1. 3

                                    All of the product (not the marketing website) is written in Elm, for instance the search and dashboard pages. The charts were rendered with Highcharts or Vega (depending on when you used it) through JS and webcomponents. I’m not sure what you wish to know about how Elm is driving the experience though :)

                                  1. 11

                                    Most lists of “weird programming languages” get bogged down in brainfuck and brainfuck skins. I like that this one doesn’t!

                                    1. 11

                                      I agree. Although I feel that APL and especially Lisp don’t really fit with the rest of the list - those are languages that (some) people really do want to program in.

                                      1. 7

                                        I think a listicle like this about unusual languages people actually use would be really interesting. Probably something like

                                        • Forth
                                        • APL/J/K
                                        • Inform7
                                        • Orca
                                        • Golfscript (stretching it, I know)

                                        Damn I’ve heard of so many bizarre languages

                                        1. 10

                                          PostScript.

                                          1. 2

                                            Any good resources on PS? I’ve heard… rumors, but never investigated myself.

                                            1. 7

                                              I’m dead tired and can’t find the docs before sleep, but PostScript is an awesome concatenative language and sincerely my favorite in the genre other than Factor. It’s not hard. I’ll find links to the guides in the morning. You can literally code in the GhostScript REPL meanwhile if you want to play.

                                              1. 3

                                                I really like what I’ve read of Bill Casselman’s Mathematical Illustrations which covers PostScript and some fun geometry.

                                                1. 1

                                                  Back when I had to use PostScript for work, the language reference was the best document I was able to find.

                                                  1. 1

                                                    Unfortunately no, like so many of my opinions I’ve gotten it from The Internet.

                                                    I believe my primary memory of PostScript being used for programming is from this comment by JWZ: http://regex.info/blog/2006-09-15/247#comment-3085

                                                2. 3

                                                  And there’s INRAC (used for at least two, possibly three, commercial products that I know of) where flow control is non-deterministic.

                                                  1. 2

                                                    I saw you mention INRAC on the alien languages ask, which to my eternal shame I didn’t notice until two weeks later. What are some resources for learning about it as an outsider? Sounds really interesting!

                                                    1. 4

                                                      Unfortunately, there isn’t much available and most of the references I’ve come across just mention INRAC. I think, aside from the original creator of INRAC (William Chamberlain) I think I’ve inadvertently became an INRAC expert:

                                                      Deconstruction Racter

                                                      The Psychotherapy of Racter, or The Descent Into Madness of Sean Conner

                                                      The Psychotherapy of Racter, or The Further Descent Into Madness of Sean Conner

                                                      INRAC, the mind bending implementation language of Racter

                                                      WTF INRAC?

                                                      So how do you determine undefined behavior in a language you are reverse engineering?

                                                  2. 2

                                                    Hey, if the software historian / archeologist hasn’t heard of it…

                                                    For that hypothetical listicle, I’d consider adding one or two of your modelling languages - like, TLA+ looks pretty magical to people who are not you ;-). Also, I’d consider - LaTeX is not actually that uncommon, but very different from other languages in both appearance and semantics. (Maybe TikZ, but I’m not sure that counts as a programming language.)

                                                    Something like Haskell is probably too common, but Prolog might make the list?

                                                    [Quick EDIT: also, maybe assembly for the original MIPS CPUs, where you could apparently read the old value of a register if you manage to execute the instruction before the previous instruction has actually written the new value? It doesn’t look too evil, but…]

                                                    … do people use Orca?

                                                    1. 3

                                                      … do people use Orca?

                                                      @rwhaling introduced me to it and was using it for his synth music, so at least one person uses it :P

                                                      1. 2

                                                        Re MIPS, you may be thinking of https://en.m.wikipedia.org/wiki/Delay_slots. For some reason this is still being taught in introductory computing classes at university.

                                                        1. 2

                                                          [Quick EDIT: also, maybe assembly for the original MIPS CPUs, where you could apparently read the old value of a register if you manage to execute the instruction before the previous instruction has actually written the new value? It doesn’t look too evil, but…]

                                                          Were you thinking of the divide and multiply instructions? Some instruction sequences give unpredictable results.

                                                          1. 2

                                                            I was thinking of https://retrocomputing.stackexchange.com/questions/17598/did-any-cpu-ever-expose-load-delays. (kameliya’s Wikipedia page is a little less informative; note that sufficiently-embedded processors may be able to ensure that an interrupt doesn’t happen. Which would allow one to write rather mind-bending code.)

                                                        2. 2

                                                          SQL is based around relationships (in the mathematical sense) and is the most popular goofy programming language no one thinks about.

                                                          Lex/Yacc let you write half your program as a cfg and the rest in C, a language/tool chain that again no one thinks of in these lists.

                                                          Wolfram is based on term rewriting and is somewhat popular and extensively used in physics.

                                                          Erlang is based around a distributed model that is again something few other languages support naively.

                                                          Most of the ‘esoteric’ language lists are list of ‘languages that do the same thing as C but poorly’.

                                                          1. 1

                                                            MiniZinc is also worth an include on that list.

                                                            1. 1

                                                              Factor is a really nice forth dialect.

                                                              1. 1

                                                                Yes, I was also just about to suggest Inform 7. It’s fantastic.

                                                                1. 1

                                                                  Golfscript (stretching it, I know)

                                                                  No you’re not. I want to write an implementation that is not Ruby

                                                                  1. 1

                                                                    Prolog, MUMPS

                                                                    1. 1

                                                                      Mumps, RPG…

                                                                    2. 1

                                                                      TBH I interpreted the inclusion of CL on this list as a trolling attempt toward lispers.

                                                                  1. 13

                                                                    The code was written back when the site was hosted using MariaDB not MySQL. If the underlying databases pushes predicates down the performance is fine.

                                                                    The two fixes are either:

                                                                    • Shift the site to Postgres and deal with the sister site downstream issues
                                                                    • Migrate off of DigitalOcean’s hosted MySQL and into a MariaDB instance we self manage
                                                                    1. 4

                                                                      I’m shocked that in this day and age any host is still offering paying customers MySQL that is not mariadb. That just smacks of irresponsability on the part of DigitalOcean.

                                                                      What is the main overhead for “self manage” going to be here? Backups?

                                                                      1. 2

                                                                        MySQL is still actively developed, right? Although I’m not sure what the MySQL vs. MariaDB status is these days, and MariaDB definitely seems to have bigger mindshare.

                                                                        1. 9

                                                                          MySQL is still actively developed, by Oracle. Guess the rest. MariaDB took most of the community developers with them.

                                                                        2. 1

                                                                          Sounds like DO is optimizing for billable use …

                                                                        3. 1

                                                                          Perhaps it would be an option to ask the oster, whether they have plans to offer other hosted DBs in the future?

                                                                          1. 1

                                                                            I could ask in my hackerspace regarding hosting.

                                                                            How much space/CPU/bandwidth do you need?

                                                                            1. 0

                                                                              I‘m not familiar with Ruby, but wouldn‘t it be the best solution to use an ORM to make the implementation vendor independent? Something like SQLAlchemy for Ruby.

                                                                              1. 17

                                                                                That tends to be a good way to add performance problems, not remove them.

                                                                                1. 6

                                                                                  Rails comes with ActiveRecord, which is “SQLAlchemy for Ruby” (or rather, it’s probably the reverse: SQLAlchemy is “ActiveRecord for Python”).

                                                                                  These kind of complex queries don’t tend to do well in AR though. There’s a reason it offers a “raw SQL escape hatch”.

                                                                                  1. 2

                                                                                    SQLAlchemy isn’t really an active record pattern ORM though – it’s not nearly that broken.

                                                                              1. 2
                                                                                1. If you try to encrypt a message longer than 256 bytes with a 2048-bit RSA public key, it will fail. (Bytes matter here, not characters, even for English speakers–because emoji.)
                                                                                2. This design completely lacks forward secrecy. This is the same reason that PGP encryption sucks.

                                                                                Could these tradeoffs be worth it if it means the system is really simple and easy to understand?

                                                                                1. 12

                                                                                  The first one, no. Breaking on large messages is a serious usability pain-point, and doing a hybrid public key encryption is 100% worth the additional complexity.

                                                                                  The second one, YES! If you make the threat model clear, then eliminating forward secrecy greatly simplifies your protocol. (Implementing X3DH requires an online server to hand out “one-time pre-keys” to be totally safe.) At worst, you’re as bad off as PGP encryption (except, if you follow the advice in my blog, you’re probably going to end up using an authenticated encryption construction rather than CAST5-YOLO).

                                                                                  1. 1

                                                                                    The first one, no. Breaking on large messages is a serious usability pain-point, and doing a hybrid public key encryption is 100% worth the additional complexity.

                                                                                    Isn’t it something people are quite used to though? Both SMS and tweets have a character limit.

                                                                                    But let’s say we do want to go with the simplest secure model, without forward secrecy but no character limit. So hybrid encryption but not X3DH. What library functions would the smart developer use?

                                                                                    1. 5

                                                                                      If they’re using libsodium? crypto_box_seal() and crypto_box_seal_open(). Problem solved for them.

                                                                                      If they’re using OpenSSL (or one of the native wrappers), something like this:

                                                                                      type SealedMessage = {cipher: Buffer, tag: Buffer, wrappedKey: buffer};
                                                                                      const DOMAIN_SEPARATION_AES = Buffer.from('AES-256-CTR');
                                                                                      const DOMAIN_SEPARATION_HMAC = Buffer.from('HMAC-SHA256');
                                                                                      
                                                                                      function hmacSha256(msg: string|Buffer, key: Buffer): Buffer {
                                                                                          const hmac = crypto.createHmac('sha256', key);
                                                                                          hmac.update(msg);
                                                                                          return hmac.digest();
                                                                                      }
                                                                                      
                                                                                      function seal(msg: string|Buffer, recipientPublicKey: Buffer): SealedMessage {
                                                                                          // Generate and wrap the primary key 
                                                                                          // (which is split into two keys: one for AES, one for HMAC)
                                                                                          const key = crypto.randomBytes(32);
                                                                                          const aesKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_AES]), key);
                                                                                          const macKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_HMAC]), key);
                                                                                          const rsaCiphertext = crypto.publicEncrypt(
                                                                                              {
                                                                                                  key: recipientPublicKey,
                                                                                                  padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
                                                                                                  oaepHash: "sha256",
                                                                                              },
                                                                                              key
                                                                                          );
                                                                                          
                                                                                          // Encrypt the data
                                                                                          const nonce = crypto.randomBytes(16);
                                                                                          const aes = crypto.createCipheriv('aes-256-ctr', aesKey, nonce);
                                                                                          const ciphertext = Buffer.concat([
                                                                                              nonce, 
                                                                                              aes.update(Buffer.from(string)), 
                                                                                              aes.finish()
                                                                                          ]);
                                                                                          
                                                                                          // Authenticate the data
                                                                                          const tag = hmacSha256(ciphertext, macKey);
                                                                                          
                                                                                          return {
                                                                                              cipher: ciphertext,
                                                                                              tag: tag,
                                                                                              wrappedKey: rsaCiphertext
                                                                                          };
                                                                                      }
                                                                                      
                                                                                      function unseal(sealed: SealedMessage, secretKey: Buffer): Buffer {
                                                                                          const key = crypto.privateDecrypt(
                                                                                              {
                                                                                                  key: secretKey,
                                                                                                  padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
                                                                                                  oaepHash: "sha256"
                                                                                              },
                                                                                              sealed.wrappedKey
                                                                                          );
                                                                                          const aesKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_AES]), key);
                                                                                          const macKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_HMAC]), key);
                                                                                          const nonce = sealed.cipher.slice(0, 16); // AES-CTR nonce size
                                                                                          const ciphertext = sealed.cipher.slice(16);
                                                                                          if (!crypto.timingSafeEqual(sealed.tag, hmacSha256(ciphertext, macKey)) {
                                                                                              throw new Error("Integrity check failed");
                                                                                          }
                                                                                          const aes = crypto.createDecipheriv('aes-256-ctr', aesKey, nonce);
                                                                                          return Buffer.concat([aes.update(ciphertext), aes.final()]);
                                                                                      }
                                                                                      

                                                                                      (This is why “just use libsodium” is so much better.)

                                                                                      1. 1

                                                                                        Please consider using Pastebin for code; Lobsters renders code in a larger-appearing font than text in its comment section and doesn’t seem to fold it away properly, creating a wall of text that makes it harder to scroll through comments.

                                                                                        1. 1

                                                                                          I somewhat agree, but I don’t think that there’s a good pastebin which is free to Lobsters without signup and also allows posts to persist. (The Reputation Problem disincentivizes such a service; it would be open to abuse.) It would be cool if Lobsters had the ability to click to expand/hide long code snippets.

                                                                                          1. 1

                                                                                            Definitely the best solution would be for Lobsters to fix code rendering in comments.

                                                                                            1. 4

                                                                                              We have an issue tracking this if anyone wants to pick up the work

                                                                                          2. 1

                                                                                            For what it’s worth, that comment looks ok to me (Chrome on Windows).

                                                                                    2. 2

                                                                                      If you are okay with giving up on security (e.g. for educational purposes) then it could be worth it.

                                                                                      In practice absolutely not.

                                                                                      1. 1

                                                                                        Giving up on security is too vague, sorry. Can eve read my messages? No? Then I think I’m pretty safe.

                                                                                        1. 2

                                                                                          Maybe bfiedler refers to the second point, meaning if Eve compromises Alice’s private key, then Eve can read past, present and future messages. My personal opinion is that this should be default for any secure messaging system.

                                                                                    1. 4

                                                                                      I feel the problem with adding a tag to filter out these kinds of posts is that it also promotes the content as acceptable to new users. We already see on IRC a number of new users trying to self post content and run into the 70 “new domain” rule.

                                                                                      Instead of adding a new tag, we explicitly add a story vote reason of “Product Placement” or something similar?

                                                                                      1. 1

                                                                                        I have heard that response already but the posts are here, they are numerous and, for some reason, some are highly upvoted (some even had 30+, which is unheard of even for some of the best written articles out there.)

                                                                                        Flagging is a lot of work while tagging goes around that. If the community doesn’t reject those posts, at least let us filter them out.

                                                                                      1. 13

                                                                                        During the host migration we moved off of MariaDB to managed MySQL. That introduced a change in our query plans which is causing most of the slowness.

                                                                                        1. 2

                                                                                          The biggest thing I notice is that sometimes where’s a 20 to 50 second delay in loading something. For example, when I loaded the frontpage just now it took about 30 seconds. I also had it when loading some stories the other day (I loaded two in a tab, both took this long). The browser is just waiting on a reply from the server. Everything else seems unchanged, and this is just occasionally (it’s okay now).

                                                                                          I don’t know if that’s related to the SQL query plan issues, but my first instinct would be to say it’s not(?)

                                                                                        1. 4

                                                                                          In the ruby space, scientist touches on some of the ideas you are talking about. While its not property based, GitHub has been able to use it to pull off a few refactors.

                                                                                          1. 5

                                                                                            I’ve used Vector in a lot of places and have been super happy with it. Compared to Filebeat, the in process stream processing features (like the lua module ) have really come in handy when I’ve needed to get data cleaned up before sending.

                                                                                            1. 7

                                                                                              I’ve found that a big “saving grace” for YAML is that anything that is valid JSON is also valid YAML. My go-to fix for having to work with large amounts of YAML has been to generate JSON via jsonnet and use that instead.

                                                                                              1. 3

                                                                                                If anyone is interested in contributing to Lobste.rs for Hacktoberfest, we have a curated list of good first issues.

                                                                                                1. 7

                                                                                                  …why am I getting a loading circle for a text page?

                                                                                                  1. 8

                                                                                                    They turned c2 into an SPA, because they could.

                                                                                                    1. 31

                                                                                                      Always happy to help. It was a whole lot of fun working with you.

                                                                                                      1. 1

                                                                                                        I’ve used 1.1.1.1’s API to use SRV records.