1. 32

    There’s a “troll” flag specifically for comments like this. Please don’t take this responsibility upon yourself. If there’s even a chance that the comment was made in good faith, mods should stay far away from it.

    1. 10

      I disagree. It’s too easy for hatred to snowball. If widely hated technology X comes up, comments hating on it will get highly upvoted. Even though I dislike the trend, I am tempted to participate, because often I also don’t like widely hated technology X and I want to vent my frustration too. But venting frustration isn’t actually productive, it just puts me in a sour mood.

      The question is, do we want to allow communal bitching, or try to foster a more positive environment? I try to fill my life with positivity and happiness, so I leave communities with even a moderate proportion of complaining, like HN and slashdot. Lobsters has traditionally been quite positive and pleasant. For me that’s it’s greatest feature.

      I recall when I first joined I rarely had a negative reaction to any user comments. But lately I’m seeing more and more negative content. And I admit I’m guilty too, I have lashed out at (what I perceive to be?) negative attitudes, which only fuels the flames of negativity.

      I’m 100% for negativity moderation. If I’m being an asshole and my comment gets deleted for it, then good riddance. I will appreciate the reminder that It’s better to be kind, thoughtful, and considerate. I will rephrase my comment to be more productive, or let it lie if I never had anything positive to contribute in the first place.

      Actually, that makes me think of a potential moderation strategy: comment hidden until rephrased without hostility. What do you think @pushcx? Or what about a “request non-hostile / productive rephrasing” flag, separate from upvoting and downvoting. Feedback from peers is preferable to moderation, but I don’t think votes are expressive enough. If someone makes a great point, I want to upvote. But if they’re an asshole, I want to downvote. So instead I do nothing, and the situation doesn’t improve.

      1. 8

        If I’m being an asshole and my comment gets deleted for it, then good riddance. I will appreciate the reminder that It’s better to be kind, thoughtful, and considerate.

        I doubt that you will appreciate it when you will not agree that you’ve been an asshole. Especially in the case of that deleted comment where not only author but also some group of users considered it surprising that it was removed.

        Since that rules of commenting here are vague at best, moderation should be limited only to comments that are clearly and strongly harmful to the community.

        1. 5

          Since that rules of commenting here are vague at best, moderation should be limited only to comments that are clearly and strongly harmful to the community.

          So it’s okay if comments only mildly harmful to the community are allowed to become the norm, and we end up with a shoddy community?

          1. 7

            The most likely way for lobsters to become shitty is if we start having activist mods. We’re fine without censorship, thank you.

            1. 7

              I disagree. I agree with what pushcx said in this post:

              Communities like Usenet, 4chan, and YouTube with little to no human moderation sink into useless garbage.

              Moderators exist to keep discussion civil. If you believe active moderation is inherently fascist, then how do you propose maintaining civility?

              1. 5

                By being a small invitation based tech community mostly.

                1. 5

                  We’re not. We’ve got 8k+ users now.

                  1. 6

                    8k+ users now.

                    Yes, out of that only 3448 has more than 0 karma, and 725 that have more than 100. I don’t know… this doesn’t look to me like a huge number of active/posting users.

                    In my opinion this site is still quite small.

                    1. 2

                      The example communities get millions of uniques a month, even HN does. I think I regularly recognize the majority of posters in a given thread.

                  2. 2

                    Civil is one thing, but banning posts that point out something new would be considered an abomination by the long beards is not fair. It’s a policy that actively benefits anything new, regardless of it’s characteristics.

                    SystemD, too, had it hard. Why protect Electron?

                    1. 3

                      Explain to me how “ugh I hate Electron / systemd” is a novel or interesting idea.

                      1. 3

                        Your post is neither novel nor interesting, but I don’t support it being deleted.

                        1. 3

                          But my post is not negative / hateful. I specifically addressed hateful comments of negligible value, a key component of my argument that you’ve blatantly ignored. And I do not recall suggesting censoring criticism of Electron, or systemd, or anything else. Only moderation to encourage civil and productive discourse. I even suggested moderation alternatives to deletion, which you’ve also ignored.

                    2. 2

                      False dichotomy. We’re not asking for little to no human moderation, we’re asking for moderation at the behest of the community at large. If the community asks for a lot of moderation, use a lot of moderation.

                      1. 1

                        It is a false dichotomy, because I was pointing out the false equivalency of moderation == censorship. Perhaps I was reading into it too much, but the characterization of moderation as censorship implied a desire for no moderation, to me anyway.

                        1. 1

                          That’s not the sense that I got.

                  3. 1

                    By ‘moderation’ I was thinking of deletion of comments - sorry if that wasn’t clear.

                    1. 2

                      I also suggested hiding until rephrasing, or a specific avenue for feedback on tone. What do you think of those?

                      And your doubt is unfounded, I do not ever disagree that I have been an asshole. That judgement is not mine to make, as I cannot disagree with how someone else feels. If I believe I haven’t said anything wrong then I instead assume there was a miscommunication. That’s part of why I suggested enforced rephrasing rather than deletion.

                      And if the group of people is surprised my comment got deleted because they believe I have a right to be an asshole, then I disagree with them.

                      1. 1

                        Edit: dupe

                        1. 0

                          I’m not really willing to subscribe to the lowest common denominator definition of asshole. I’d probably just leave if posts I didn’t think were bad were getting deleted regularly (mine or anyone elses).

                          I think just downvoting them into the grey realm is plenty.

                          1. 2

                            Since you have nothing to say about my alternative to deletion, and instead are continuing to fear monger about mods deleting posts regularly when directly presented with an alternative, I will assume that you have no interest in a real discussion and would prefer to complain endlessly.

                            1. 2

                              downvoting them into the grey realm is plenty

                              That is your answer right there - which answers your question to me from few post back.

                              To be honest your last post is great example of post devoid of any value. You could have just leave this particular thread but instead decided to insult other user…

                              1. 2

                                Actually, that answer specifically makes no sense as a reply to my comments. From my first comment:

                                It’s too easy for hatred to snowball. If widely hated technology X comes up, comments hating on it will get highly upvoted.

                                And the rest of the comment doesn’t track with anything I’ve said either, which I felt was valuable to emphasize as my motivation for not replying further. Perhaps the value was minimal, but I really do not think downvoting is enough and didn’t want to leave it without a response. You’re right though, I was a little rude. I personally consider it rude when puts me on the spot to consider their ideas while flagrantly ignoring mine. Rudeness snowballs easily, and I’ve just fallen into that trap. This would be a good situation for a peer-suggested rephrasing feature, since I could easily rephrase my comment to avoid being rude and provide more value.

                  4. 5

                    The question is, do we want to allow communal bitching, or try to foster a more positive environment?

                    I’d lean strongly towards allowing communal bitching, especially if the alternative is forcing positivity. I gravitate to less positive communities because I want harsher feedback. I regularly make things that simply aren’t very good. If someone doesn’t feel like they can just say that without moderator interference, this harms me. I lose valuable discussion, and I worry if people dislike what I’m building but aren’t telling me because it wouldn’t be seen as “positive”.

                    Therefore, I see force-fed positivity as an anti-goal. I want a community with carefully thought out positions, where statements are supported, arguments make sense, and people back up what they say. I don’t want them to shy away from telling me that I did something dumb.

                    1. 8

                      I think there’s a difference between bitching and being critical. Compare the thing that was deleted (“daily electron hate post”) with [this] in the same thread. The latter comment by @qbit gets the same idea across (‘electron is heavyweight’) but does it in a way that’s comprehensive and informative.

                      1. 1

                        I think there’s a difference between bitching and being critical.

                        I agree. But he comment I was responding to was pushing for ‘negativity moderation’.

                        For bitching vs being critical – we generally don’t need heavy moderation to enforce it, especially when that moderation has a stated goal of enforcing positivity. Downvotes are mostly sufficient. An account that posts nothing but thowaway comments should probably skip directly to a warning and then a ban.

                        1. 6

                          Choose which reply to your comment you would prefer. One is non-negative, one is negative, both have the same meaning.

                          Reply 1: By negativity moderation, I don’t mean enforced positivity in all things. Constructive criticism is valuable, and can certainly be accomplished without negative tones like hostility, superiority, derision, and plain old pointless complaining. “This sucks” style comments aren’t useful criticism, just useless negativity. There is no reason criticism and feedback can’t be provided in a positive way or neutral way. Yes neutral, because neutral is non-negative.

                          Reply 2: Have you heard of constructive criticism? I don’t appreciate you reducing the nuance of my argument to the point of stupidity, unless you really are dumb enough to conflate non-negativity with enforced positivity. Is it really too complicated for you to criticize without being an asshole? Cause if you can’t sort out how to convey the same meaning in different tones, go back to your “less positive” communities for those with an inadequate grasp of the English language. If you had actually read my comment properly you would see that I specifically don’t like unproductive communal bitching, like basic “this sucks” comments with no real value.

                          I would prefer a community that fosters reply 1 and shuns reply 2. I believe we all have the capacity to choose our tone, thus my idea of enforced or suggested rephrasing rather than outright deletion.

                          1. 4

                            I concur with this. pyon’s reply to me in another thread is a good example of a “Reply 2”-style post that diminishes my desire to participate in the site.

                            1. 2

                              Except the question at hand is whether you’d prefer

                              Reply 1: Constructive criticism

                              Reply 2: [Comment deleted]

                              1. 1

                                There are other strategies for moderation, as I pointed out in my original comment.

                              2. 2

                                I prefer interacting with people who are willing/able give me reply 2. It doesn’t leave me guessing, and I’m not good at guessing. I’ve recently been involved in a few of emails with Theo De Raadt, and it’s been rather refreshing to have bad ideas immediately called “bullshit” (in one case, in the same email that was telling me how the work was appreciated.)

                                There’s clearly a lot of variation in how people prefer to interact, and your preferences aren’t universal. Edit: And, I don’t think that moderating your preferences is going to have a good effect.

                                1. 3

                                  De Raadt and Linus control large projects that people want to participate in and contribute to. There’s a “carrot” there that makes it possible to overcome the “stick,” for some people, even if it’s distasteful. Lobste.rs is a discussion site. I am here only because I like to talk about tech, and I like to read tech material. It’s a small carrot. If people are assholes here, it makes it less rewarding to participate, and reduces my opinion of the people involved. I would rather people be more circumspect, take a bit longer to consider how another person might receive the message they’re typing, and what it might contribute to the site.

                                  1. 3

                                    Okay. Since you prefer a rude style I will reply in a rude style, just for you.

                                    I have no fucking clue how reply 1 was in any way less clear than reply 2. If anything I think reply 1 is more clear, since my actual reasoning isn’t obscured or diluted by insults. Can you really not tell I think you’re full of shit from reply 1? “Constructive criticism […] can certainly be accomplished without negative tones.” Does the word certainly mean something different to you? Undoubtedly; definitely; surely. “There is no reason criticism and feedback can’t be provided in a positive way or neutral way.” No reason. As in literally zero reasons. When the amount of valid reasons is zero, your reason is not included. I consider your idea that rudeness enhances criticism absolutely incorrect. Ergo I think your idea is bullshit.

                                    I think it’s utterly ridiculous that you need someone to be rude to jostle your brain into parsing English correctly. And it’s irresponsible to pretend your inadequacy is an acceptable justification for encouraging people to act like assholes. You know full well that vitriol turns people away from communities, and discourages contribution. If you somehow don’t know that, then grow the fuck up and clue in to reality because that’s a pretty fucking basic instinct that most humans develop as children.

                                    I don’t think that moderating your preferences is going to have a good effect.

                                    Then consider actually reading my comment, and you may notice my suggestion for user feedback on tone as an alternative to moderation.

                                    I did not want to be rude, but you quite literally asked me to be rude. I hope it has helped you understand my position, and doesn’t “leave you guessing.”

                                    1. 1

                                      Okay. Since you prefer a rude style I will reply in a rude style, just for you.

                                      Your first paragraph confuses ‘poorly written’ and ‘rude’. Formatting may have helped. The second one, however, is excellent. I appreciate that.

                                      Can you really not tell I think you’re full of shit from reply 1?

                                      It does take more effort for me to parse, yes. I’m not sure why you find this surprising, given that in the second message you are crystal clear about that. Then again, you’re talking to a person who has been accused of being “not human”, so… shrug, make of it what you will.

                                      I think it’s utterly ridiculous that you need someone to be rude to jostle your brain into parsing English correctly.

                                      And yet, here I am, ridiculous in my inadequacy.

                                      Then consider actually reading my comment, and you may notice my suggestion for user feedback on tone as an alternative to moderation.

                                      Which, as I said, removes a lot of dynamic range in the conversation. Hopefully, vitriol is used relatively rarely, but adding a layer of policing is not an improvement, for reasons I already stated. In any case, it seems like your idea of a pleasant community is one that I find unpleasant. I’ve happily wandered away from groups like that in the past, because I just didn’t find anything that interested me the culture.

                                      Anyways, for now, I’ll just remain happy that you’re not a moderator on this site, and move on. I usually avoid this kind of discussion, and I’m eager to get back to that state.

                                      1. 2

                                        I don’t propose to outright ban anything. But after a certain topic has generated a couple of “lets jump on the hate bandwagon” threads, I’d probably start axing comments doing nothing but trying to start another one. If a comment has genuine criticism, that’s different.

                                        User feedback doesn’t mean banning certain tones either. If the community finds a vitriolic comment acceptable in context, then there’s no problem. That is different from the hate bandwagon situation, and perhaps I didn’t provide adequate distinction.

                                        Feedback from peers also isn’t moderation, it’s just a suggestion. I’ve read many comments where my reaction is “you’re right, but you’re also a total douchebag so I’m not going to up vote you unless you rephrase.” If there was a simple anonymous mechanism to enable that exchange, I would use it, and the author would have the option of rephrasing or not. From a moderator, enforcement should only be used in more extreme cases, or cases where the comment is purely vitriolic with no useful feedback.

                                        Another possible mod tool is a private warning. A mod flags a comment, and the next time the flagged author hits reply in the thread it reminds them they have been issued a warning for hostility, and to keep their next comment more civil or it may be deleted / blocked awaiting revision for civility.

                                        There’s no reason to get totalitarian about this, a little encouragement towards civility can go a long way.

                          2. 2

                            Where would you draw the line between bitching and commiseration over a commonly acknowledged criticism?

                            1. 1

                              Hostility and bitterness mostly. “I hate Electron it’s awful” and “Electron causes a lot of problems for me” are pretty different. It’s a hard line to draw precisely but I think certain comments obviously only exist to express hatred.

                          3. 2

                            We also had a handy thread exploring how to use votes correctly. :)

                          1. 27

                            I appreciate the detailed response and very thankful for the code changes regarding how thread deletion works. I do believe that having the ability to remove pin-pointed comments without whole threads is a better mechanism.

                            I am concerned how and where moderation is going. I asked yesterday on IRC:

                            21:16 < mulander> pushcx: is this your site or do we curate content as a community?
                            21:16 < mulander> if it's your site and your content than I have nothing more to say than to step down
                            21:16 < mulander> and just shut up.
                            21:17 < mulander> if we are moderating as a community then sometimes the moderation has to accept that a large portion of the userbase wants some content present
                            

                            to which you replied:

                            21:17 < pushcx> mulander: It's both.
                            

                            I don’t think ‘both’ works. With the last mod action we as a community exercised moderation transparency and I think that worked out fine as it did many times before. I do believe a site needs moderation but it should always be the last resort and I hope this site will not end up with yet another pamphlet that I will have to cross reference before posting an article or a comment.

                            1. 16

                              I do believe a site needs moderation but it should always be the last resort and I hope this site will not end up with yet another pamphlet that I will have to cross reference before posting an article or a comment.

                              “Moderation as a last resort” is - in my opinion - something that comes from a very narrow view of what moderation is. Moderation that only applies at the very last moment is bad moderation. It’s an ongoing process, which only rarely shows in technical moderator action like deleting complete or parts of posts.

                              It can definitely be both. In the end, pushcx is the person willing to keep the lights on and to deal with all ramifications of running this site. I’m fine with that person being the final instance. That can definitely be both - there’s interactions between the person running the site and those willing to support, and in that interaction lies a lot of potential.

                              1. 7

                                “Moderation as a last resort” doesn’t preclude moderator intervention, it’s about having a gradient for how problem behavior is dealt with. I’ve been able to keep the number of people I had to ban in #haskell-beginners on Freenode IRC very low (only a couple occurrences) despite building a constructive, focused, and friendly community because I was present and responded to problems in ways other than banning people. It’s now one of the more peaceful and helpful IRC channels I’ve ever had the pleasure of participating in and it’s not so because I resorted to the banhammer every-time someone said something I felt was out of step with my goals for the community.

                                1. 3

                                  Sure. The whole point of my post is that moderation is so much more then wielding the banhammer. “Moderation as a last resort” excludes that viewpoint, though, by focusing on only the technical details.

                              2. 17

                                Thank you sharing your concerns. And for bringing up this conversation, because I think there’s more worth talking about.

                                I said “It’s both” because neither perspective can give a full understanding of Lobsters alone (or of any social site). I especially think it’s not only the first because no one can exercise dictatorial power over a voluntary community, everyone is free to leave at any time. And people have left in Lobsters’ history over the near-absence of moderation, mostly quietly. But there’s some maintenance and moderation that need a single person. I’ve been debugging log rotation and backups for the last week, I can’t post root’s ssh key for the community to take over the task. And less frequently, that means deliberately setting norms and expectations for the community, like that we need to prefer substantive counterpoints to dismissive repartee.

                                I think aside from the confusing moderation log message I wrote, the biggest problem with that action was that it was unpredictable. Predictability is vital for effective moderation, and it’s clear from the reaction that I wasn’t. I’ve been working on updating the about page that has not seen much updating since Lobsters was much, much smaller and being vague was a virtue that led to the community experimenting and defining itself. I haven’t rushed to finish because I’m trying to take my time and think hard about what Lobsters has grown into the last five and a half years, and the challenges it faces as it continues to grow, rather than slap something up. Which… is what I did with a thoughtless moderation log entry.

                                I agree and disagree with the idea that moderation should be a last resort. In a large community the little nudges I wrote about in this post are useful for avoiding Eternal September. But the large actions like banning users absolutely need to be a last resort after every other option has failed.

                                And I share your fear of a site where opinions are so constrained that there might as well be a list of orthodox positions. We’ve had some wonderful conversations where people have disagreed about technical and even political topics, which is rare and valuable on the web. I hope to preserve and expand our ability to have those conversations. A pamphlet of required opinions would be an abject failure.

                                1. 17

                                  And less frequently, that means deliberately setting norms and expectations for the community, like that we need to prefer substantive counterpoints to dismissive repartee.

                                  With the utmost respect for the work you put in and your contributions to the site, please do not use your moderator powers to try and shape the norms of the community.

                                  1. 11

                                    Could you point to communities where you think this has worked out particularly well? In the last few weeks I’ve been analyzing all the communities I’ve participated in or read substantially, and they’ve either been so small that everyone knows everyone or have moderators doing exactly this. (And it’s certainly been the case on the ones I’ve moderated.) But this could totally be personal style of what I think is a healthy community causing selection bias, and I’d love to break out of it if that’s the case.

                                    1. 12

                                      I could, but you might not agree with what I believe to be successful communities. That is why I ask that you don’t use your moderator powers to try and shape the community.

                                      You are already very influential within the community, so I feel that a lead-by-example approach is more appropriate and effective than trying to tailor the content of the site to what you feel the community wants.

                                      1. 15

                                        So, let’s just state an obvious examples of a “successful” community with low moderation: 4chan.

                                        A large part of Internet shibboleths come directly from there. A lot of really influential art and music and even code originated there.

                                        But, is it really worth it to wade through all of the garbage every day? Is it worth skipping every third post from some /pol/ idiot blathering on about white-supremacy? Do you really want to see yet another low-quality bait post about intel and AMD?

                                        Similarly, HN used to be fairly lightly moderated (and the current system has its flaws, Lord knows!). But a lot of just plain spam and garbage became cultural norms there: product posts, trivial tech news, politics, whatever.

                                        When reflecting on this problem, my advice would be: don’t only consider what moderation would censor, consider what no moderation would allow.

                                      2. 5

                                        https://lobste.rs/s/kmpizq/deleting_comments_instead_threads#c_uh4my1

                                        I successfully shaped the norms of #haskell-beginners without wielding a banhammer. Only a couple problem people have had to get banned in the channel since it started in May 2014.

                                        1. 4

                                          One thing to consider is the different audience sizes between a Haskell beginners IRC channel and a general technology link sharing website. What works for one might very well not work for the other.

                                          We’ve witnessed time and time again how the quality of gathering places went to shit as the audience size increased and TBH, I would love to find a place where this doesn’t eventually happen. If heavy moderation is a way to get there (these various other places always felt like places where only little to no moderation was happening), so be it.

                                      3. 1

                                        With the utmost respect for the work you put in and your contributions to the site, please do not use your moderator powers to try and shape the norms of the community.

                                        I don’t see where that was implied.

                                        1. 2

                                          I stated it pretty explicitly:

                                          And less frequently, that means deliberately setting norms and expectations for the community, like that we need to prefer substantive counterpoints to dismissive repartee.

                                          1. 3

                                            I was more at miss with the “using moderator powers” part. There’s so many more ways to shape norms.

                                            1. 4

                                              I could’ve been clearer there. I was specifically referring to shaping the norms of the community by means that are not available to every other user - such as removing content.

                                    2. 4

                                      I hope this site will not end up with yet another pamphlet that I will have to cross reference before posting an article or a comment.

                                      I seriously doubt that will happen, and agree that I don’t want it to happen.

                                      And I think ‘both’ does work.

                                    1. 16

                                      I don’t see “hate speech” the issue there.

                                      The most was just not on subject and derailing the subject towards something else. It was no discussion of the app at hand. The following thread needed 4 replies to get somewhat into the range of something usable. Also, I didn’t see it as a good critique of “minimal”, as that was pretty clearly referring to the user model of the app.

                                      I’m a bit split on outright removing it, but I’d be happy if that behavior were a little less popular here.

                                      1. 28

                                        I think pointing out a dependency or framework for a posted project should always be on topic. It’s definitely relevant to my decision to investigate further. If there are a lot of electron haters such that “electron; stay away” gets upvotes, then so be it. It’s not necessary for the electron lovers to engage in every such thread.

                                        1. 13

                                          It’s not worth anyone’s time to read a comment entirely consisting of “electron; stay away”. If people dislike it, fine, write a long criticism and link it, but a disdainful three-word brush-off is terrible rhetoric only useful for making newbies feel bad and starting flame wars.

                                          1. 26

                                            “It’s electron” is all the info I’m looking for. I don’t need a fully articulated 1000 word copy pasta for that.

                                            1. 1

                                              And I’d delete copypasta. I said link.

                                              1. 34

                                                With all due respect, I don’t think you should delete anything on this site until you gain more confidence of the community to exercise good judgment.

                                            2. 19

                                              I would find such a comment useful. I’m not remotely interested in using any electron-based software, so to find that out at the same time as I’m looking at the page means I can close the tab and move on faster.

                                              1. 8

                                                I think if a flamewar were to break out, that would be the time to delete the comment (and thread). Or preferrably put on your moderator hat and just ask to keep discussion constructive.

                                                I implore the moderation team to continue to use a light touch approach to removing content.

                                                1. 2

                                                  It’s not worth anyone’s time to read a comment entirely consisting of “electron; stay away”.

                                                  On the plus side, it only takes an instant to read it!

                                            1. 4

                                              Code that nobody else can understand is not the mark of a good developer. If people are describing your code as “very clever” then you’ve probably over complicated it.

                                              Real genius is being able to create simple solutions to complex problems.

                                              1. 9

                                                That might be case of different skill sets. Maybe that developer developed some “core functionality” which were really complex, and others were doing UI, auxiliary data processing, etc. Maybe other developers had less experience.

                                                For example, almost everyone who has basic understanding of computer graphics will say that Quake source code is clean, simple and easily readable but those who developed only web apps might say that it’s completely unreadable, and it even doesn’t have MVC architecture, classes, comprehensive tests and other “baseline best practices”.

                                              1. 12

                                                I disagree with this post. I’m also a professional and my time is valuable too. However, two of the three suggestions they made are taking significant time away from me and my team for evaluating a candidate that potentially can’t even write code to solve a simple task. Part of an interview process is to filter out people before it gets to that point, so we’re not wasting employees time.

                                                1. 10

                                                  I think coding challenges are optimised for candidates who are looking for a job. I’ve been in that boat once, and when you’re actually looking for a job your “valuable time” is of course bet spent trying to get said job (by doing coding challenge or whatever else).

                                                  Most of the time, though, I’m being recruited. I’m not going to do a coding challenge for a recruiter.

                                                  1. 1

                                                    Taking an entire day to work with them (unpaid) still strikes me as really weird.

                                                    1. 1

                                                      Think of it as a great way to find out if these are people you would want to work with every day before you actually have to do that.

                                                  2. 8

                                                    I disagree with this post. I’m also a professional and my time is valuable too.

                                                    I have the same problem with it as a hiring manager– how do I screen out socially capable but inept developers– and I share the author’s opinion when I’m the candidate– this tells me nothing about why I want to work for you. Each side wants the other to make an unequal commitment so it amounts to a single round game with that candidate. As a candidate with a choice of games, I don’t want to play this one and it signals disregard for/trivialization of the candidate’s investment and work history. For the hiring side, this plays out multiple times and there is investment in posting, screening, reviewing, etc. so regardless of this round my total investment is higher but not visible.

                                                    So what have I personally done? When I’m the candidate, I refuse to do the coding challenge and say, like the author, check my repos and talk to my references (unless the problem catches my interest, then I might). I have that luxury. When I’m the employer? Up front I explain how it works and what timeline they can expect as part of a 15-minute phone screen for basic info with someone technical. Then I arrange a round of 45-60 minute calls: a technical call with someone on the team and a social/technical call where I try to get them to talk with me about their work in detail and many of the non-code aspects of their job, habits, tools, designs, etc. They’ll probably have a call with my manager or another peer. Then, if I’m satisfied but not sure, I bring them in or have a video chat and they do a quick coding test. This wastes less of their time, makes my commitment visible, and seems to work but it is not a scalable process.

                                                    1. 7

                                                      I have a portfolio and some github projects. This is where most of my hiring emails come from. So when a company doesn’t spend the time to check that out, and they want me to implement some trivial thing that doesn’t generate value for them, I don’t have time for them either.

                                                      I’ve had companies pay me to be a consultant for a week before giving me an offer, which was a nice way to learn about who they are. On the other hand, sometimes companies give me job offers now before I know anything about them, and I have to pump the brakes and talk to more of them before I feel comfortable going into something long-term.

                                                      1. 1

                                                        …evaluating a candidate that potentially can’t even write code to solve a simple task.

                                                        In the post, they talk about how they have a blog, numerous GitHub repositories, etc. At that point it should be obvious they can code. The interview then should be more about “fit” or whatever, IMHO.

                                                        1. 5

                                                          They aren’t the only candidate we would interview and in my opinion, it is better to have a consistent process. If every candidate had a similar level of public presence to evaluate then maybe that would be different.

                                                          1. 7

                                                            So, again IMHO, at that point you’re basically throwing out someone with passion and talent due to bureaucracy. If I come to you with decades of experience/conference talks/published papers/lots of open source software to review/whatever…and you ask me to spend 30 minutes doing trivial work, you’re basically implying that I’m lying to you and/or that your company cares more about process than people.

                                                            Again, this is IMHO.

                                                            1. 7

                                                              I’m saying that you’re not the only person applying for the job and I need to treat everyone the same, so we’re not giving preferential treatment.

                                                              1. 3

                                                                I know, but…maybe you should give preferential treatment to people who are obviously better candidates. :)

                                                                1. 9

                                                                  Some of the best engineers I know have zero public presence. Some of them are extremely humble and don’t like public flashiness. Some of them have families and maintain a strong work-life balance with non-tech stuff. Never assume those with a strong public presence are giving the world the whole picture. You still want to drill into the parts of their personality that they don’t highlight.

                                                                  1. 4

                                                                    Why does having a public portfolio make someone an obviously better candidate? What makes a candidate obviously better? Arbitrary social metrics? Ability to speak quickly about technical topics? Ability to talk bullshit without it sounding like bullshit?

                                                                    How do you know a candidate is obviously better without having them go through the same process and pipeline?

                                                                    1. 3

                                                                      How do you know a candidate is obviously better without having them go through the same process and pipeline?

                                                                      If the code in their GitHub account is as good or better than what would be tested by my coding test, why subject them to that? Ask harder questions, ask questions about the things that the coding test wouldn’t cover (including “soft” things that would judge a good fit), etc.

                                                                      Why does having a public portfolio make someone an obviously better candidate?

                                                                      Which surgeon would you rather have? The one nobody’s ever heard of, or the one who has published articles on the relevant surgical procedures, who goes to conferences to learn more about surgery, who obviously is passionate enough about medicine that they would study it even if they weren’t getting paid?

                                                                2. 8

                                                                  There are, unfortunately, a lot of liars out there. I won’t say that industry hiring practices are anywhere near ideal, but as an interviewer it was astonishing how many people with great optics were incapable of coding. Someone would speak with great passion about all their projects and yada yada, and id be fairly convinced they could do the job, then I’d ask the most basic question imaginable. Splat.

                                                                  I guess it helps if you choose to believe the test isn’t meant for you, but for all the other pretenders.

                                                                  1. 7

                                                                    Even more surprising to me is that people who can’t actually code are somehow able to sustain careers as developers. It started making a lot of sense to me why good developers are in such high demand after I had the opportunity to do some interviewing and found that a frustratingly large amount of applicants can’t actually code, even if they look great on paper and are currently employed as developers.

                                                                    I think it’s incredibly risky to hire a developer without seeing code that they have written, be it from open source contributions or a coding test if necessary.

                                                                    1. 3

                                                                      Onsite nerves can kick in. It sure as hell did for me. I hate white boarding and I lockup. Totally brain freeze. That said, if it’s a basic one like writing a loop…well, they somehow lied their way into the onsite. Thing is, a take home coding challenge can weed out those people pretty fast. If they do that and come in and fall flat on their face before the whiteboard I don’t totally discount them. Anyway, there’s no perfect solution. There is always the potential to hire someone that is great at coding interviews and then sucks at real world problems.

                                                                      1. 2

                                                                        This is exactly my company’s experience. Half of the candidates would just bomb out on the C++ test even though they have studied it at high school/college/university and worked with it at their job for 5-10 years. How?!? Because they were either doing Java, not C++, or they were actually managing a team that did C++ and never had to touch it themselves (Well since leaving school at least).

                                                                        1. 1

                                                                          What I don’t understand is why this is so hyper-specific to developers. You never hear UI designers talking about processes like this.

                                                                          1. 6

                                                                            Really? I’ve heard UI designers talk about it a lot.

                                                                1. 3
                                                                  1. Calculate total (USD) mining revenues
                                                                  2. Estimate what amount of revenue is spent on electricity (mining revenues * 0.6)
                                                                  3. Estimate how much miners pay per kWh (0.05 USD)
                                                                  4. Convert costs to consumption

                                                                  (https://digiconomist.net/wp-content/uploads/2017/08/infographic-bitcoin-energy-consumption.png)

                                                                  I suspected this method of estimation would be inaccurate, so I tried a different approach of:

                                                                  1. Take the current hashrate of the bitcoin network (https://blockchain.info/charts/hash-rate)
                                                                  2. Divide by hashrate of some mining ASIC hardware (https://shop.bitmain.com/specifications.htm?name=antminer_s9_asic_bitcoin_miner) to estimate number of devices mining.
                                                                  3. Multiply by wattage of that device
                                                                  4. Multiply by 24 (hours in a day) * 365 (days in a year)

                                                                  This gives you an alternative estimate of Bitcoin’s annual electricity consumption. The linked article estimates that it is 18.38 terawatt hours.

                                                                  My estimation approach varies wildly depending on the ASIC device you chose to estimate. The above example uses a very efficient ASIC and comes out at an annual consumption of just 7.65 terawatt hours (http://www.wolframalpha.com/input/?i=(((8,000,000+terahashes+per+second)+%2F+(11+terahashes+per+second))+*+1200+watt+hours+*+24+*+365)+to+terawatt+hours) - 41% of the article’s estimate.

                                                                  Using a less generous assumption for average ASIC hardware (hashrate and wattage for Antminer S5 https://www.buybitcoinworldwide.com/mining/hardware/antminer-s5/), we get a whopping annual consumption of 35.64 terawatt hours (http://www.wolframalpha.com/input/?i=(((8,000,000+terahashes+per+second)+%2F+(1.16+terahashes+per+second))+*+590+watt+hours+*+24+*+365)+to+terawatt+hours) - 193% of the article’s estimate.

                                                                  Clicking on the wolfram alpha links will give you some interesting stats, like “Carbon dioxide mass generated by this amount of energy” and “percentage of all power produced by all nuclear power plants”

                                                                  Conclusion: Their estimate is a pretty wild stab in the dark, but is probably in the right ball park.

                                                                  1. 25

                                                                    In case anyone is curious, the startup being shamed but not named is deeplearning.ai - https://www.deeplearning.ai/careers

                                                                    1. 4

                                                                      Marking possible improvements (TODOs) in the code

                                                                      This one is a personal annoyance of mine. When in the history of software development has anyone browsed through a codebase and implemented a TODO that some other developer left?

                                                                      The two main cases I see TODO comments seem to be:

                                                                      1. The developer is acknowledging that they know the code could blow up under some circumstances, but are passing the buck of creating a more robust implementation to the poor sap who gets the bug report about it when it inevitably goes wrong.

                                                                      2. The developer intends to actually do the work in the coming days and is using the codebase as a work tracking system.

                                                                      1. 2

                                                                        When in the history of software development has anyone browsed through a codebase and implemented a TODO that some other developer left?

                                                                        Er, a month ago, when I did this. I was adding a new string to the translations JSON file for some component. In the section of strings for that component, I saw a TODO to reorganize them by grouping the strings better. While I was there, I did that reorganization and put my new string in the correct place for that new organization.

                                                                        I can’t say whether it was a good idea for that developer to leave that TODO there. Maybe they were being lazy, or maybe writing that comment was all they had time to do. But the comment did point me in the right direction by pointing out what area of code I might have trouble understanding, due to its bad organization. And that TODO did end up getting done, months later, thanks to that comment.

                                                                        1. 2

                                                                          Also, 3. The developer is passively-aggressively taking a potshot at someone else’s code that annoys them, but not enough to fix it.

                                                                        1. 5

                                                                          But how do I know that I’m downloading the bona fide tedu certificate? I’ve clicked through the HTTPS warnings, so all bets are off as to whether the content I’m being served has been manipulated by a 3rd party. In theory, an attacker could mitm the connection, spoof the certificate with his own and the change the content at https://www.tedunangst.com/ca-tedunangst-com.crt to download his own cert. How can I verify that this hasn’t happened? If the cert has been issued by a root CA and is valid for the page, I know that the content hasn’t been tampered with, assuming I trust the certificate issuer / the root CA selection process.

                                                                          I agree that implicitly trusting a group of organisations to not fuck up and/or act maliciously is not ideal, but I don’t think everybody using self-signed certs solves the problem either.

                                                                          1. 2

                                                                            So this gets back to the reasons why everybody needs https. We might consider the case of the naughty ISP that injects ads into http pages. This is fairly easy to do in a generic way for plaintext pages.

                                                                            To intercept traffic now, with a custom cert, they need to replace your download. Then they need to use that cert to sign the cert actually used for the web server. And they probably need to replace the sha256 on the home page or somebody might notice what’s up. So this gets pretty complicated and needs to be customized for every site.

                                                                            And then there’s the possibility that you’ve already downloaded the cert at some time in the past. Intercepting traffic now is a fairly risky gambit. The naughty ISP needs to commit to intercepting before they even know what file you’re downloading.

                                                                            As an exercise, consider the threat model to the interceptor. What conditions need to be met for them to avoid detection?

                                                                            1. 3

                                                                              To intercept traffic now, with a custom cert, they need to replace your download. Then they need to use that cert to sign the cert actually used for the web server. And they probably need to replace the sha256 on the home page or somebody might notice what’s up. So this gets pretty complicated and needs to be customized for every site.

                                                                              It’s as custom for the ISP as it is for the host and for the user. Any standardized way of doing this, the ISP can get a turnkey solution that will MITM for them. Any nonstandardized way of doing this is too tedious for the user to work with.

                                                                              And then there’s the possibility that you’ve already downloaded the cert at some time in the past. Intercepting traffic now is a fairly risky gambit. The naughty ISP needs to commit to intercepting before they even know what file you’re downloading.

                                                                              How is it a risk? The user sees a certificate with no connection to any known root, which could have been created by anyone. Someone between me and tedunangst.com is malicious, sure, there are a lot of malicious people on the internet, that’s not the ISP’s fault. There’s no accountability.

                                                                          1. 2

                                                                            What’s the approach to disclosure when a website is notified about a breach like this? All bets are off as to what information has been leaked, so I suppose you wouldn’t be able to guarantee that your users’ data hasn’t been compromised.

                                                                            1. 2

                                                                              Depending on the age of the file you might be able to just check logs for 200 responses to GET /core.

                                                                              1. 2

                                                                                This is a challenge you always have after you learned about a severe security vulnerability. What have you done after heartbleed? Or any other bug that has the potential to leak information?

                                                                                To be honest: In this case I’d say just fix it and move on. If you have logs you can check whether someone else has tried to access that file. (To the best of my knowledge this issue wasn’t discussed publicly before my blogpost and article today. However I don’t know if others knew it and used it for attacks.)

                                                                              1. 3
                                                                                type Constructor<T> = new (...args: any[]) => T;
                                                                                type Constructable = Constructor<{}>;
                                                                                
                                                                                function Timestamped<TBase extends Constructable>(Base: TBase) {
                                                                                    return class extends Base {
                                                                                        timestamp = Date.now();
                                                                                    };
                                                                                }
                                                                                

                                                                                Hoo boy I was sure worried that ES5 was getting too hard to parse…thank god we’ve found ways of making code more readable and useful without giving in to architecture astronauting!

                                                                                EDIT:

                                                                                Just to be clear, the article is good @mariusschulz. :)

                                                                                I’m just annoyed at the ecosystem.

                                                                                1. 2

                                                                                  I’ll re-invite your response from our discussion on irc the other day and say: Web Assembly is a ray of hope!

                                                                                1. 4

                                                                                  Perhaps a bit ironic, but I feel the same way about most of the modern JavaScript around the web, as well as the mandatory https.

                                                                                  For example, it’s not possible to view Lobsters on slightly outdated browsers / platforms, because it now requires not just https, but also TLSv1.2 specifically. Why must I have TLSv1.2 in order to view tech news?

                                                                                  Kill https before it kills the web.

                                                                                  1. 10

                                                                                    Not supporting TLSv1.2 entails being more than “slightly” outdated. All major browsers have supported it for more than three years now; and while this is an unfortunate condemnation of the current state of the web, using a three-year-old browser release is tantamount to negligence. They are enormously complex edifices of software with serious vulnerabilities discovered all the time, whose sole purpose is to consume external, untrusted content.

                                                                                    1. 6

                                                                                      I wouldn’t use a 3-year-old version of a full-fledged graphical web browser like Firefox or Chrome, but it’s not especially dangerous to be using a 3-year-old lynx. I believe the last exploitable vulnerability in lynx was in 2010 (there’s been one CVE assigned since then, but it’s around password handling, not something remote-exploitable). And lobste.rs renders fine in lynx.

                                                                                      Now if you require https, then we’re talking about lynx+openssl, which has much more frequent vulnerabilities.

                                                                                      1. 7

                                                                                        Is anyone looking? Does lynx do the kind of testing that would catch vulnerabilities? Given the record of e.g. curl, I would assume lynx has exploitable vulnerabilities.

                                                                                      2. 2

                                                                                        “More than three years”? Are you kidding me?!

                                                                                        Isn’t it ironic that out of the bare minimum stack of software required to view Lobsters, the TLS stack is most certainly the only part that requires patching on a monthly basis?

                                                                                        And that apart from TLS, the site would certainly be backwards compatible for something like 16 years back, if not more?

                                                                                      3. 1

                                                                                        I’m fine with that policy in general, but it is kind of sad that I can’t write a web browser or even scraper from scratch any more with just sockets, I now need an SSL library too.

                                                                                      1. 8

                                                                                        Tag suggestion: Tag suggestions

                                                                                        1. 17

                                                                                          Everyone makes this joke. It’s called meta.

                                                                                          1. 6

                                                                                            I’m only half joking. While my comment was intended as tongue-in-cheek, I would genuinely filter tag suggestions if there was such a tag. I am interested in other meta discussion.

                                                                                            1. 1

                                                                                              I actually think the tag suggestions tag is a good idea, not joking at all.

                                                                                        1. 1

                                                                                          I agree with the author’s closing opinions, but I’m not convinced that a move to a new paradigm is necessary to strengthen convention and productivity. The REST-ish, rpc-over-http with JSON serialisation approach seems to be working pretty well. I’d argue that the tooling that author is suggesting is already available to most APIs that are using this approach, if the developers care to implement swagger and then use swagger-codegen to generate their client SDKs.

                                                                                          1. 2

                                                                                            Aggressive use of hypermedia pays too much in terms of traversal cost. Aggressive use of GraphQL would require the implementation of a graph database engine at the endpoint of every GraphQL-enabled service, bringing in even less tractable issues of traversal and query optimization in a situation where that’s really not what you need.

                                                                                            1. 3

                                                                                              you don’t need a graph database, PostgreSQL can do just fine

                                                                                              1. 1

                                                                                                Or you can have an intermediate tier that sources data from existing APIs (like Falcor). The data source is by-the-by as long as you have something that can parse and run GQL queries.

                                                                                                I’m not sure what the advantages are of creating a GQL api over creating a SQL api - which my gut feeling says would be a bad idea, but the two ideas seem functionally equivalent.

                                                                                                1. 1

                                                                                                  I don’t mean that you need to be running a literal graph database; instead, i mean that the queries that you can perform via GraphQL need the same optimizations and calculations that a graph database requires. I.e. if there are multiple paths to a target, you have to choose the optimal one, or else pay a sometimes-large performance penalty.

                                                                                              1. 5

                                                                                                It’s also used for lighting calculations because of the same properties that enable this kind of culling. You can almost see how this works in the author’s fish example (imagine the fish is a light source).

                                                                                                When the direction the light is shining and the surface normal are perfectly aligned, the dot product will be -1 or 1. As the surface normal rotates away from the light, the dot product begins to tend towards zero. Thus you can calculate the lit colour of a surface as something roughly like

                                                                                                lightAmount = abs(dot(surfaceNormal, lightPosition))

                                                                                                litColour = lerp(surfaceColour, lightColour, lightAmount)

                                                                                                1. 2

                                                                                                  I think this ignores difficulty. If it became unprofitable to mine because of expensive energy costs, then in theory the hashrate of the network would drop due to people pulling the plug. As the rate of newly minted blocks fell, the difficulty would fall too until mining became economically viable again.