Threads for Halkcyon

  1. 2

    This is for people who need to administer a handful of machines, all fairly different from each other and all Very Important. Those systems are not Cattle! They’re actually a bit more than Pets. They’re almost Family. For example: a laptop, workstation, and that personal tiny server in Sweden. They are all named after something dear.

    They’re almost Family

    Sounds like a good motivation to murder them personally and replace with Cattle provisioning.

    1. 23

      Cattle techniques aren’t really worth it until you have somewhere between 30 and 100

      1. 12

        Or you have 1 machine that when it dies will take you a week to recreate

        1. 2

          Such a machine should have backups in place, no?

          1. 6

            Backups are great, until you want to upgrade to a new version of $software or $os. Then the backup needs to be applied, but are you sure each part needs to be there? Or that you didn’t miss something?

            Additive configuration, like we use for cattle, will work when you change something underlying, like the OS.

            1. 1

              FreeBSD and NixOS both let you keep the last old version around and reboot into it whenever you want. Others may or may not.

        2. 4

          disagree, cattle techniques don’t mean you can’t have extensible config management

          although Chef isn’t easy to learn for a lot of folks, i’m glad i already know it, it’s easier to see when you have exactly as much extensibility as you need in your config management and not more than that… just like writing good software

          1. 4

            Slight disagree on the idea and completely disagree on the threshold. In my experience, cattle management is extremely worth it on anything above 1. Otherwise at some point a change will be made to one of the hosts but not the other, or multiple things will change out of order. It’s basically inevitable with enough employees and time.

            For the idea itself, I’m finding it worth it to manage everything that way. After a disk failure I could rebuild my home server in minutes from the NixOS description, rather than trying to recover backups and figure out exactly how things were configured.

            1. 1

              I’ve embraced this strategy as well now for at least the last decade, just swapping out nix for a config management system.

              I keep backups of data (ex. Fileserver), but not system/program state. I could never go back, it feels wasteful of time and disk space now.

            2. 1

              Maaaaaybe. Ansible does pretty well for me with about 4 pets of various kinds. Some effort goes into making sure they are all quite similar though: all run Debian, they’re all within one version of each other, all have the same copy of my home dir on it even if they only need a few bits of it, etc. Each just has their own little config file that layers atop that general setup.

            3. 18

              Not everything has to efficient on an industrial scale.

              1. 5

                Hard agree. And that’s what I like about this post. But I think having systems that are very easily replaceable pays off even at small scale. Like someone offering me 3 free months of hosting for my lone cloud server if I move to their platform.

              2. 10

                Mental note: Never letting you take care of my cat. :-P

                1. 2

                  Good thing we’re not relatives. /s :)

                  I’d also rather use the larger ops tools: if only because you’ve got more chances to encounter them elsewhere, and that’s knowledge you’ll be able to reuse. Pets would not work for me, but I’m sure it’ll be useful to someone else. I’ll stick to ansible playbooks for now.

                  1. 1

                    Yeah, even if it’s one app, I’d rather make a terraform / ansible deployment strategy because I’ll be able to recreate it when requirements inevitably start requiring redundancy or what have you.

                1. 73

                  The article starts with “your team hates your functional code” and goes into ways you can sneak FP past your team. It never mentions the objectively correct thing to do, which is “have a frank discussion with your team about if there’s a role for FP in the project.”

                  I think the problem with the article’s approach is neatly summarized by how it describes the team lead’s concerns:

                  You can’t write code that you know to be inferior. The way that you used to write code was more error-prone, complex, and muddled. … But that seems to be what the senior wants… or at least, what they can cope with.

                  They don’t consider the possibility that the senior could be right and your code isn’t better just because it’s “FP”.

                  1. 19

                    TBH, I think I read this post in a more charitable way: here’s how you can retain properties or stylistic elements that you enjoy while making the code more palatable to others. The line you quoted doesn’t feel great, but I thought the article attempted (<< operable word) to find a practical middle ground. Fundamentally, it seems to be about working together as a team with people who may be actively yucking your yum. It’s not surprising that there might be a sense of frustration or projection in that context.

                    1. 7

                      I think there’s an additional frustration you can find in the workplace (and life in general) where people just don’t want to change. For those of us who embrace change, these folks are sources of extreme frustration because even given evidence, they’d rather stay in their box.

                      1. 3

                        It’s exhausting to accept change in all things at all times. For some folks, their current concerns lie outside of their professional lives and they’re not willing to strain their bandwidth given whatever else they’re dealing with. I sympathize with that.

                    2. 7

                      I would particularly be interested in why the senior dev on my team is hesitant. In a functioning organization, they are senior because they have experienced these kinds of things before, and can speak not just to New Hotness, but boring old stuff like fitness for purpose, using their hard-earned knowledge of what has and hasn’t worked before. One of the things that your senior hopefully has is wisdom and more context. They might be a Java Head, but if they really are senior, they’ve Seen Things, and it behooves you, as a less senior member of the team, to give that weight in the decision making process.

                      1. 7

                        Alternatively, they’re Senior because they have the magical arbitrary-years industry experience which means they come with a certain wage and title regardless of their ability or actual responsibilities/growth.

                        1. 2

                          This is distressingly the case, more often these days, yes.

                    1. 6

                      This sort of advice also permeates throughout the community, and can also be harmful if the people running these commands don’t fully understand them. For example, many Ubuntu troubleshooting forums are full of comments like, ‘I copy-pasted this command and it worked, just try running it’. And who can blame them, if this is how more experienced users troubleshoot issues for newbies?

                      1. 3
                        curl $dead_url | sudo sh
                        

                        works for me! Thanks, denvercoder!

                      1. 7

                        I think this article is flawed by only considering the billing and not the people / on-site work you suddenly need when you’re not “cloud” anymore and how much harder that labor is getting to find because we need less of it.

                        1. 29

                          There’s a lot of options between “the cloud” and “we literally own the land, the DC, the genset and the racks for our servers” - those options have been available for at least the last two decades, and have only gotten better in that time.

                          For example, plenty of places will happily colo your owned or long-term leased hardware, providing power, connectivity and remote hands when needed; your existing team of ops who were fighting with the Amazon Rube Goldberg machine can now be used to manage your machines using whatever orchestration and resource management approach works for your needs.

                          1. 3

                            We fit somewhere on that spectrum more towards the “we literally own everything” side, but not quite.

                            We do have our own location, generator, PDUs, CRAC units, etc. but you can pay vendors to do a lot of the work. Fan goes out on a PDU? Email the vendor and hold the DC door open for them.

                            I don’t know the exact cost of all this stuff, but a lot of that stuff will last you a long time.

                          2. 12

                            I don’t think it fails to consider the people/on-site work you need at all.

                            They say:

                            Now the argument always goes: Sure, but you have to manage these machines! The cloud is so much simpler! The savings will all be there in labor costs! Except no. Anyone who thinks running a major service like HEY or Basecamp in the cloud is “simple” has clearly never tried. Some things are simpler, others more complex, but on the whole, I’ve yet to hear of organizations at our scale being able to materially shrink their operations team, just because they moved to the cloud.

                            It sounds to me like they thought about it and concluded that they’re spending just as much on labor to manage AWS as they would to manage servers in a colo.

                            1. 10

                              I’ve yet to hear of organizations at our scale being able to materially shrink their operations team, just because they moved to the cloud.

                              I think this quote is intended to address it. Especially since “own hardware” presumably doesn’t mean “a stack of machines in our office”, nor “we do everything ourselves”. (Now does that math indeed work out like that for them? shrug)

                            1. 6

                              I take issue with the statement that you need a relational database, and not just because my day job is at a document-database company (Couchbase.) Saying “most data is naturally relational” is misleading. Most data includes relationships, links, between records, yes. That does not mean the same thing as the specific mathematical formalism of relations implemented in relational databases.

                              For example, the linked-to article about switching from MongoDB talks about the social network Diaspora. Social network data sets are practically poster children for graph databases, another type of non-relational DB. The key reason Diaspora switched from MongoDB turns out to be:

                              What’s missing from MongoDB is a SQL-style join operation, which is the ability to write one query that mashes together the activity stream and all the users that the stream references. Because MongoDB doesn’t have this ability, you end up manually doing that mashup in your application code, instead.

                              Ouch. That is a problem with MongoDB, not with document databases themselves. As a counterexample, Couchbase’s N1QL query language definitely has joins (it’s roughly a superset of SQL) and there are other document DBs I’m less familiar with that do joins too. Joins are not something limited to relational databases. (And they’re of course the bread and butter of graph DBs.)

                              In my own projects I’ve found document databases very useful during prototyping and development because their schemas are much more flexible. You can more easily apply YAGNI to your schema because, when you do need to add a property/column/relation, you don’t have to build migrations or upgrade databases or throw out existing data. You just start using the new property where you need it. (This is an even bigger boon in a distributed system where migrating every instance in lockstep can be infeasible.)

                              1. 7

                                very useful during prototyping and development because their schemas are much more flexible

                                Prototypes always become production systems. That flexibility makes them hell to work with (ask me how I know). I feel MongoDB is the document DB to most devs, and I’ll share my experience has been miserable in every. single. instance.

                                1. 1

                                  My experience differs, I think the way the data is structured brings a lot of pain - it leeway - later on.

                                  The problem I’ve seen often with both SQL and document-based solutions are not always obviously similar, but often fall into the same general category.

                                  But yeah, working with low level SQL be low level mongodb usually has more pitfalls.

                              1. 2

                                Adding an additional page including a salt, hash or scrypt brcrypt algorithm would be really good.

                                1. 5

                                  BLAKE2 is probably a good choice, given it’s in th standard library and easy enough to use. It would require an extra column to store the salt, naturally.

                                  The method for producing the salted hash in the first place is:

                                  from hashlib import blake2b
                                  import os
                                  
                                  # ...
                                  
                                  salt = os.urandom(blake2b.SALT_SIZE)
                                  hash = blake2b(pwd, salt=salt).hexdigest()
                                  

                                  You can then use either hmac.compare_digest() or secrets.compare_digest() (they’re the same function) to do the comparison securely without any timing information leaking out.

                                  1. 3

                                    It’s a shame the standard library has no “password” module with an “hash password(password, version)” function that returns an opaque string blob that contains the hash, salt and version you can then use with “compare password(stored_hash, input)”. You should never have to type the name of some crypto algo name, even less be expected to know how to safely generate, store and compare hash. A generic “safe-enough” standard module would cover 99% of developers need.

                                    1. 3

                                      There’s a middle ground between “developer must manually roll their own” and “standard library does everything”, and it’s “third-party libraries/frameworks implement this, with knowledge of their domain”. Which is really where people ought to be.

                                      The standard library provides the constant-time comparison utility, but beyond that does not move fast enough, have enough ability to do hard compatibility breaks, or have enough context to make the choice of the One True KDF For All Use Cases Everywhere. Third-party libraries/frameworks can move fast enough, do have extra context from being closer to specific use cases, and can provide migration paths as needed.

                                      1. 2

                                        Sounds like secrets

                                  1. 5

                                    Was the article title written by a Forth programmer?

                                    1. 2

                                      Hard to say. Niko did work for IBM for a while.

                                    1. 2

                                      Is Ada a good choice for domain modeling? It is it better suited for lower level components?

                                      1. 12

                                        You can use it for pretty much anything of course, but I’d generally consider it a systems programming language. Definitely check out the formally-verifiable SPARK-subset (in different levels). The papers on their website blew my mind when I first studied them, especially this one as an overview.

                                        To just give a few pointers, with SPARK you can catch data-races at compile time (!). Ada had a memory-ownership-model long before Rust came along, and different from Rust Ada is actually legible.

                                        1. 4

                                          you can catch data-races at compile time

                                          Like Rust? I’m curious, though, when did SPARK arise?

                                          Ada is actually legible

                                          😂 Look, I think Ada is cool, but I definitely wouldn’t consider it any more readable than Rust

                                          1. 9

                                            SPARK can guarantee much more than Rust.

                                            Readability is of course a subjective matter, but I don’t think that your opinion is that of the majority.

                                            1. 5

                                              I don’t think that your opinion is that of the majority.

                                              Correct, the majority probably finds Ada and Rust unreadable as they’re Java and Python devs.

                                              1. 4

                                                For what it’s worth, rust has curly brackets, which a lot of people find more readable than Wirth-style begin/end, simply because that’s what they’re used to. I think it’s a matter of taste but I doubt most people would find Ada to be particularly readable. For a start, it’s extremely verbose.

                                        1. 9

                                          On Rust’s “diversity numbers being terrible” and worse than the industry – is it worse than open source? For example, I think the last time anyone checked, there were many fewer women open source programmers vs. paid career programmers.

                                          That is, I think all open source projects have this issue (and lobste.rs and HN seem to as well :-/ )

                                          1. 4

                                            My impression is that Rust’s gender ratio number is in fact worse than open source. One possible reason is that compiler is a field gender-coded to be masculine. That is, I think Rust-the-project’s number is worse than Rust ecosystem (e.g. bodil, the maintainer of im crate, is a woman) but similar to, say, LLVM.

                                          1. 10

                                            Signal Desktop similarly stores its auth token in plaintext: https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/

                                            The response from Signal was:

                                            The core premise of the article is completely mistaken. The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.

                                            1. 2

                                              Yikes. Disk encryption covers the “dude swiped my laptop” attack vector but not the malicious npm package (or whatever) attack vector. Isn’t this terrifyingly short-sighted of Signal?

                                              1. 8

                                                What would you propose as a fix for the problem? Whatever you can come up: As long as the key is stored somewhere, it’s available for malware to get it. Is it in the OS keychain? Inject code into the signal binary and query for it. Is it on disk? Read it from there. Is it encrypted on disk? Take the key from the signal binary and decrypt it. Is it in memory of the signal app? Take it from there.

                                                Whatever you can come up can possibly be classified as “defense in depth”, but there’s nothing (short of having to manually authenticate whenever the app does any network request / access to stored data) that can be done to protect secrets in light of malware attacks.

                                                1. 3

                                                  I don’t know about windows and Linux, but on macOS keychain material is encrypted by the SEP, and access to the data requires user authentication and if set correctly, requires it on a case by case basis.

                                                  By requires I mean it is not possible for any software at any privilege level to bypass it.

                                                  1. 2

                                                    I understand that there doesn’t exist perfect security in the face of arbitrary malware but we have OS key stores for good reason.

                                                    If I told someone it would be extremely trivial to write a malicious npm package that stole all of their Signal messages, most people would be very surprised and some would perhaps be less likely to use Signal Desktop for very sensitive conversations. (There is no analogous attack on iOS, right?)

                                                2. 0

                                                  Welcome to the dumpster fire that is Electron

                                                  1. 9

                                                    This isn’t related to Electron at all.

                                                    1. 3

                                                      yeah, especially given electron provides what looks to be a fairly trivial api for secure storage.

                                                      There a lots of things that make electron apps a bad experience, but this is not one of them.

                                                      1. 1

                                                        While I agree that Electron isn’t to blame, I will say in my experience Electron apps for networked applications rarely seem to use a proper secure storage system.

                                                        For accessibility purposes I use a hacked together terminal Slack client for most of my Slack usage. Originally I followed the advice of most 3rd party Slack clients on how to get a better token to use with 3rd party clients, but realized why bother when I can just write something that constantly scrapes various IndexedDB, Session/Local Storage databases.

                                                        I have a script that runs finds my Slack workspaces’ tokens, validates them, then shoves them into a secret store(org.freedesktop.secrets) and sends my slack client a signal to reload the secrets from the secret store. I do run the client for audio calls frequently enough that my local creds stay refreshed.

                                                        I’ve lost track of how many networked electron apps that I’ve encountered that I’ve been able to abuse the local storage being unencrypted to gain api credentials for scripting purposes.

                                                        This seems to be a side-effect of how many of these apps are fairly simple wrappers around their web versions and they don’t do the due-diligence on securing that data as they are used to browsers being in charge of protecting their data.

                                                        1. 1

                                                          While I agree that Electron isn’t to blame, I will say in my experience Electron apps for networked applications rarely seem to use a proper secure storage system.

                                                          Yeah, I’d agree here. But I feel that a lot of electron apps half ass pretty much anything that isn’t absolutely core to the app.

                                                          This seems to be a side-effect of how many of these apps are fairly simple wrappers around their web versions and they don’t do the due-diligence on securing that data as they are used to browsers being in charge of protecting their data.

                                                          Yeah, many seem like low effort “we made an App!” that is just a multi-hundred meg wrapper around a web page, but without doing any of the work an actual browser does (even chrome) to protect user data and privacy

                                                1. 1

                                                  Not sure what the author means by “the ecosystem is essentially a microcosm of the US political landscape” but it sounds awful. I never got much into Scala. I loved Haskell and liked Java but the hybrid form wasn’t for me. It seemed to me, at the time, that either you were worried about Java integration, or you weren’t, in which case you got to use ScalaZ.

                                                  The dependency hell he’s describing, I think happens similarly with Java and Python anyway.

                                                  1. 2

                                                    I promise the dependency hell situation is worse in scala

                                                  1. 1

                                                    I wish the first half weren’t there. The piece is not off topic though because the second half brings some good ideas to consider when writing large social platforms

                                                    1. 1

                                                      Have you written a large social platform? If not, how do you know that the article’s advice is any good?

                                                      1. 1

                                                        I wish the first half weren’t there

                                                        Why?

                                                        1. 4

                                                          It is a political message that probably manages to not alienate, but seems to take a clear side of a political argument, instead of simply giving a justification and moving on to smarter ways of doing identity.

                                                          1. 16

                                                            instead of simply giving a justification and moving on to smarter ways of doing identity.

                                                            It is a justification. There are in fact many people in the world who would face physical violence or criminal prosecution or both for admitting openly to their sexual orientation or identity. This isn’t a “political message”, it’s a true and verifiable factual statement. And as a result, many such people feel an urgent need to avoid tying their “real identity” to anything having to do with their sexuality. Noting this also isn’t a “political message”, it’s a valid example of why “real name” policies have problems.

                                                            Nor is any of this a “dogwhistle” – there’s no hidden meaning or coded message that only a particular in-group is expected to pick up on.

                                                            The article appears to simply say what it means and mean what it says. There are, verifiably, many people for whom “real name” policies are a problem and for whom having their “real identity” “outed” in certain ways might expose them to anything from social to physical/legal punishment. The author simply seems to have picked an example with which they were familiar, and I’m not sure why that would be perceived as wrong or bad or inappropriate.

                                                            1. 4

                                                              Had the first half just been your first paragraph, I’d have no problems with it.

                                                              1. 15

                                                                I still don’t understand what the “problems with it” are.

                                                                1. 2

                                                                  I think based on responses and non-responses elsewhere the “problems with it” are clearly that considering LGBT people to be, you know, people. You, I, and multiple other people in this thread have provided multiple opportunities for @Vaelatern, @Hail_Spacecake, etc to explain what concept is political or otherwise a problem that is not “do all people get to be considered people” there isn’t really an alternate interpretation.

                                                                  To that group of homophobes, transphobes, etc: Many of the most horrific crimes in history came about as a result of some group deciding that another group of people were not human beings that have just as much right to exist as everyone else. You cannot say that “do this group get to exist?” is a political question unless you do not think that they are people.

                                                            2. 12

                                                              Observing that tech often ignores politics (and the people those policies impact) exist is exactly what is forming this author’s opinions on the technology argument. The first half is the “[simple] justification”.

                                                              1. 5

                                                                The problem is that actually engaging with the specific claims made by this article requires making strong political claims, and lobsters has a moderation policy of banning discussion the moderators judge to be too political. This is done for several reasons, not the least of which is that actually having a meaningful discussion about a politicized issue of computer technology often makes people extremely angry.

                                                                I agree with the author that it’s very important to build technologies that facilitate anonymous and pseuonymous online communication, and that the current landscape of large, privately-owned online communication platforms run by organizations that have an interest in enforcing a real-name policy is bad. In fact, I believe this more strongly than the author does - I think most of the ways in which he’s hedging against this point are invalid, and invalid for reasons that are strongly politicized in ways that lobsters moderators have historically banned discussion of. There are claims in this article that are flatly wrong, made for political reasons.

                                                                One method that might help is prohibiting amplifying any account in algorithmic feeds (e.g. Twitter, TikTok) unless identity is verified. You can follow anyone, but you won’t ever see a “suggestion” from a non-verified account, preventing their amplification effect.

                                                                What actually constitutes “helping” in the context of when and how to secure online (pseudo)anonymity is itself a political question. I don’t think a policy or technical solution that allows people to post (pseudo)anonymously but only allows posts by verified real-name humans to be amplified is a solution to any problem in this space I think is important. I might want to amplify specific posts from anonymous (or at least unverified) accounts myself, by sharing them with people i know or to anyone reading my content, and I would not want that sort of posting behavior to be curtailed by any platform requirement that anonymous accounts not be amplified.

                                                                Another might be stronger “liveness” testing. Some proposals already exist to make this better than the current captcha system. This could also utilize the biometrics that modern devices provide.4

                                                                I’m all for a better alternative to captchas if possible; but what I don’t want is to have to prove that I am a specific human being in order to read information on websites. If biometric-verification systems for gating access to websites were widespread, I would be extremely interested in finding ways to bypass them precisely because I don’t want the people running the system to be able to figure out what websites I’m reading.

                                                                1. 3

                                                                  I could summarize it without the political dogwhistles it uses.

                                                                  1. 17

                                                                    Those aren’t dogwhistles (“use of coded or suggestive language … to garner support … without provoking opposition”) they’re just a normal, completely forthright, and explicit argument.

                                                                    1. -1

                                                                      This is getting off topic. It’s a dogwhistle, and I wish the first half of this article were not there, because until I had read the second half, I wanted to flag this as outright political.

                                                                      1. 12

                                                                        I don’t think you understand what dogwhistle means. It really doesn’t apply in this situation. The author is clear about the groups and policies discussed. There’s no wink, wink here.

                                                                        1. 1

                                                                          Then perhaps it’s comments that provoke outright opposition? The language use is clearly on one side of the political aisle.

                                                                        2. 8

                                                                          Repeating yourself isn’t a useful form of argument or comment here. And that’s literally all the above comment does. You’ve said you think that it contains dogwhistles in an earlier comment. You’ve said you wished the first half the article were not there in an earlier comment. You’ve said you view it as political message in an earlier comment.

                                                                          What you haven’t done is justify why you believe there are dog-whistles in it, despite that being what people are challenging you on. They quoted a definition, and said what they think it is instead - responding by repeating the claims without arguing why they are true isn’t a meaningful response. It comes across as just trying to badger the people disagreeing with you into not doing so, and I’ve flagged it as such. I’m leaving this comment primarily to explain why I’ve flagged it.

                                                                      2. 5

                                                                        I think you are misunderstanding what a “dog whistle” is

                                                                        which demonstrate why this would put marginalized people in physical danger, as I show below. Enforcing identity is great at reducing problems for you as long as you’re straight, white, male, and American. For others it’s not quite as clear cut. This has been extensively researched, and Jillian C. York maintains a list of a lot of that research.

                                                                        Is not a dog whistle. It stating clearly and explicitly the issue.

                                                                        A dog whistle is something like “urban youths” as a dog whistle for black people, “globalist” for jew, being “anti-family”, etc. The goal is to not use the known explicitly bad word so that way people can’t be quoted as saying something explicitly racist, anti-semitic, homophobic, etc. That’s what makes it a “dog whistle”: it has the message, but the message isn’t explicitly audible.

                                                                        1. 2

                                                                          Please do

                                                                      3. 4

                                                                        Are you suggesting that identifying types of vulnerable people so you can protect them or at least not harm them is political? Are you saying that acknowledging the types of malefactors who commit violence against vulnerable people is political?

                                                                        1. 1

                                                                          Yes this is profoundly political.

                                                                          1. 4

                                                                            In that case, I’d say that creating a service that lets malefactor users harm vulnerable users is also political.

                                                                            1. 1

                                                                              Yup - the question of what agents count as the malefactors, and what groups of people count as vulnerable in a meaningful way, are both very political. In the sense that different people will come to very different answers to them which will have mutually-incompatible implications about what software and software features should exist.

                                                                              1. 2

                                                                                This is a super easy question: which group of people is saying that another group of people are not actual people?

                                                                                What you are saying is that “should some people be considered property rather than people?” is a political viewpoint, “should some group of people be allowed to exist?” is a political question, “can we exterminate all people in this group?” is a political question.

                                                                                We need to be very clear here: it isn’t a “political” opinion if it denies the right of some group to exist, or have the same freedoms as others. If you say that the right of some group to exist is a political opinion, that means that you explicitly do not consider that group to be people.

                                                                            2. 2

                                                                              To be clear you are saying that you believe that the right of minorities to be free from abuse simply for existing is a political statement?

                                                                              You really need to be clearer in your comments here as you are making it sound like you think that “should lgbt people be considered people?” Is a political question.

                                                                          2. 1

                                                                            Where was the political content?

                                                                      1. 11

                                                                        I had a sort of out-of-body experience reading (skimming) this article, as I realized that it’s been long enough since I was involved in java/scala that I don’t remember any of it, don’t care to, and am happier now for it. I guess I’m lucky I don’t have PTSD over it.

                                                                        1. 3

                                                                          I am very jealous. I’ve been writing Java for far too long and am longing for the day I can jump ship and work with / on more exciting languages. I had been writing Java for 8 years when they finally added local variable type inference.

                                                                          1. 1

                                                                            tfw started working on a new project at work, started in 2020, that’s still built for Java 7

                                                                        1. 9

                                                                          I don’t think the problems with Perl are that it has a lack of features like this article seems to imply… I have some older scripts at work that no one can read (or is unwilling to look into the abyss) from a decade ago but are mission critical. This isn’t one-off, it’s like that with almost all of the Perl code. I think we just have better languages, with better, more readable expressiveness where Perl isn’t needed anymore, in the same way that I don’t see people script in Lisp in real-world codebases.

                                                                          1. 2

                                                                            The learning curve point was very poignant for me. I’m dealing with a project at work where the maintainers don’t know anything about React lifecycles (or much JS at all) and so there are footguns everywhere with setState getting called in the wrong condition and causing infinite loops. Or how they use this.state for everything even if it’s not rendered because that’s what examples would lead you to believe, so they ignore the “don’t modify state directly” lints everywhere.

                                                                            I used to like React before this project, but now I see how much is relying on convention rather than enforced by the framework.

                                                                            1. 19

                                                                              This certainly puts a lot more weight behind https://lobste.rs/s/d0lh6w/we_want_make_nix_better, which, in typical lobste.rs fashion, was shot dead on arrival by a small subset of its userbase.

                                                                              1. 31

                                                                                Riff would’ve made an excellent first post.

                                                                                1. 4

                                                                                  “small subset” yet it has over 20 flags. That’s a lot of engagement in my experience here.

                                                                                  1. 1

                                                                                    I’m pretty sure that any group of Lobsters users is still a small subset of Nix’s user base. 🙂

                                                                                    1. 5

                                                                                      Sure, but that’s not the takeaway from the parent commenter. “in typical lobste.rs fashion, was shot dead on arrival by a small subset of [lobst.er’s] userbase”

                                                                                1. 8

                                                                                  Why, oh why did you have to include ligatures

                                                                                  1. 9

                                                                                    I kinda like ligatures. They look pretty. They don’t cause me problems. Tweaking your system for eye candy is fun, even if the eye candy is technically useless.

                                                                                    Should they be enabled by default? Probably not. Is there a reason to be angry at people who use them? Meh, I don’t think so. Just don’t enable them in your editor and they won’t affect you.

                                                                                    1. 5

                                                                                      The first point made by the author is:

                                                                                      They contradict Unicode

                                                                                      […] Are you looking at a != ligature that’s shaped like ≠? Or the actual Unicode character 0x2260, which also looks like ≠?

                                                                                      Yeah the ‘90s called, and yeah they want their charset back, but there are still editors out that that do not render unicode correctly, there are fonts that lack full unicode support. If you value universal readability, don’t use non-ascii code-points in identifiers or literals (use an escape sequence instead) in your program. If your code is being read or accessed in any way other than your own machine, don’t use non-ascii code points.

                                                                                      The second point made by the author is:

                                                                                      They’re guaranteed to be wrong sometimes.

                                                                                      The problem is that ligature substitution is “dumb” in the sense that it only considers whether certain characters appear in a certain order. It’s not aware of the semantic context.

                                                                                      Agreed, but this is not an objective reason to not use ligatures. I don’t mind imperfection if I can have nice arrows in my editor.

                                                                                      However, I do believe programming ligatures can be improved. Perhaps editors such as neovim that have syntactic understanding of code with tree-sitter can turn != into its ligatured version when present as the operator, and not when present inside strings or comments.

                                                                                      1. 5

                                                                                        Your arguments boils down to “but if you only have ASCII characters in your code files, it’s fine”. Newsflash: basically every sufficiently recent programming language supports Unicode characters in identifiers. Some languages even use them extensively. I’d much rather have support in languages to use the characters that ligatures imitate, and in editors to type those characters, than to live with the flawed solution of changing how your editor displays certain sequences.

                                                                                        Ligatures obscure the underlying text. They do not transparently improve the reading experience. They change it, obscuring the original text, by replacing parts of it.

                                                                                        1. 9

                                                                                          I’ll leave this here for your amusement https://www.sansbullshitsans.com/

                                                                                          1. 1

                                                                                            Unfortunately, languages like C are not going to change to make if (a ≠ b) valid, so ligatures are the best we can do.

                                                                                            1. 1

                                                                                              And your argument boils down to “I don’t like it”

                                                                                            2. 1

                                                                                              Perhaps editors such as neovim that have syntactic understanding of code with tree-sitter can turn != into its ligatured version when present as the operator, and not when present inside strings or comments.

                                                                                              Xcode does this since it lets you use different fonts for different code elements. Doesn’t Neovim let you do that?

                                                                                              1. 2

                                                                                                Neovim has a “conceal” feature thah can do precisely this, but I’m pretty sure it’s not available only for the regex-based syntax highlighting, not Treesitter.

                                                                                          1. 15
                                                                                            c = 0; print([(c := c + x) for x in data])  # c = 14
                                                                                            

                                                                                            I would never allow this into my codebase. It has two nonstandard things: two statements on the same line, and side-effects inside a list comprehension.

                                                                                            When I see a list comprehension, I expect it to act like this:

                                                                                            [a, b, c, ...] -> (list comprehension) -> [f(a), f(b), f(c), ...] # possibly with some entries omitted because of the predicate clause
                                                                                            

                                                                                            That accumulating example instead does this:

                                                                                            [a, b, c, ...] -> (list comprehension) -> [f(a), f(a, b), f(a, b, c), ...]
                                                                                            

                                                                                            It may be valid code, but morally it’s not what comprehensions are for. It’s an abuse of notation. Just use an explicit loop for that, or itertools; don’t try to be clever for the sake of saving a few lines.

                                                                                            This is precisely the kind of mischief that made the walrus such a controversial addition.

                                                                                            1. 3

                                                                                              morally it’s not what comprehensions are for

                                                                                              There are morals in which features of a programming language you use now?

                                                                                              1. 2

                                                                                                “Morally” has a secondary meaning, something like “as a matter of practicality, experience, common sense”, often used to contrast a formal, theoretical, or pedantic judgement.

                                                                                                https://webstersdictionary1828.com/Dictionary/morally

                                                                                                1. According to the evidence of human reason or of probabilities, founded on facts or experience; according to the usual course of things and human judgment.

                                                                                                See also https://english.stackexchange.com/questions/116722/morally-speaking-11-2

                                                                                                1. 3

                                                                                                  I’ve never seen that use of it, appreciate the sources

                                                                                                2. 1

                                                                                                  Python pioneered having a Zen, an ordered list of design principles. So, yes, one could argue it is morally wrong.

                                                                                                  1. 2

                                                                                                    Python pioneered having a Zen

                                                                                                    Ah yes.. A list of platitudes. One look at str methods shows that was thrown out the window.

                                                                                              1. 3

                                                                                                Maybe I’m missing something here, but why would you want to expose your hobbyist web server directly to the internet, without fronting it with something like nginx?

                                                                                                1. 22

                                                                                                  You might just be exposing it to a local network.

                                                                                                  You might prefer to expose a server in a managed language, rather than nginx (C). The days of needing to be protected by Apache/Nginx are over.

                                                                                                  You might want to run your Nginx as a non-privileged user (without the complexity of a separate process doing the listening).

                                                                                                  1. 6
                                                                                                    • Since I switched from Apache to Nginx, I lost the ability to properly manage the accept-language header.
                                                                                                    • Configuring Apache or Nginx is a significant chore.
                                                                                                    • I like to keep things simple, and the most popular web servers out there are not so simple.

                                                                                                    The better question would be “why would you want to front your hobbyist web server with anything?”

                                                                                                    1. 1

                                                                                                      All about that .venv/bin/flask run life

                                                                                                      1. 1

                                                                                                        Can you decipher that for me? I have absolutely no clue what you’re hinting at.

                                                                                                  1. 2

                                                                                                    and there’s no comparable concept on Windows either.

                                                                                                    This is not true. You need elevated privileges to bind a privileged port in Windows (at least before a certain build # I can’t find documentation for). My home PC apparently binds without issue now (latest win10), but my work PC gives me a privilege error (Server 2016)